HP 10500, 11900, 7500 Datasheet
Data sheet
HP 10500/11900/7500 20Gbps VPN Firewall
Module
Key features
• High-performance, 20Gbps firewall throughput
• Comprehensive security protection
• Rich VPN functions; IPSec/GRE/L2TP
• Advanced virtual firewall
• Low operating cost
Product overview
The HP 10500/11900/7500 20Gbps VPN Firewall Module is a high
performance, integrated network security that can deliver more than
20Gbps of throughput. The scalable stateful firewalls can be
aggregated in a single switch chassis (up to 16 modules), delivering up
to 400Gbps firewall throughput.
The firewalls unify the administration of the network and firewall,
enabling customers to have simplified management, and learn once
for administrating the network and firewall security. These advanced
features provide high return on investment as you will be taking
advantage of the existing switches for the blades.
The Firewall modules have the following features:
•Integrated security functions, including firewall, VPN, NAT, URL
filtering, and application layer filtering
•Application Specific Packet Filter (ASPF), used to detect application
layer connection state in real time, implementing security protection
from Layer 3 through Layer 7
•Operation logs, attack logs, stream logs, and network management
and monitoring functions
•Plug-and-play with great scalability, allowing for insertion of one
or more firewall modules into the network device
2
Features and benefits
Firewall
• High Performance
20 Gbps throughput secures traffic without compromising network
performance.Support for 2 million concurrent connections and
60,000 new connections per second enables high-volume networks
to remain secure under peak traffic
• Application Specific Packet Filter (ASPF)
Dynamically determines whether to forward or drop a packet by
checking its application layer protocol information (such as FTP,
HTTP, SMTP, RTSP and other application layer protocols based on
TCP/UDP) and monitoring the connection-based application layer
protocol status.
• Virtualization
Multi-core architecture enables both multiple zones and multiple
separate firewall instances to be created on the same device.
Support for 256 security zones, 256 virtual firewalls and 4,094
virtual LANs (VLANs) offers robust protection to all corners of your
network. Centralized deployment of a single device offering
multiple virtual firewalls lowers total cost of ownership through
streamlined training, simplified deployment and management and
reduced power consumption
• Zone-based access policies
groups virtual LANs (VLANs) logically into zones that share common
security policies; allows both unicast and multicast policy settings
by zones instead of by individual VLANs
• Application-level gateway (ALG)
discovers the IP address and service port information embedded in
the application data using deep packet inspection in the firewall;
firewall then dynamically opens appropriate connections for specific
applications
• NAT
Fully support of NAT applications including many-to-one,
many-to-many, static NAT, dual translation, easy IP and DNS
mapping. It supports NAT traversal with multiple protocols, and
delivers NAT ALG functions such as DNS, FTP, H.323, and NBT.
Virtual private network (VPN)
• IPSec
provides secure tunneling over an untrusted network such as the
Internet or a wireless network; offers data confidentiality,
authenticity, and integrity between two network endpoints
• Manual or automatic Internet Key Exchange (IKE)
provides both manual or automatic key exchange required for the
algorithms used in encryption or authentication; auto-IKE allows
automated management of the public key exchange, providing the
highest levels of encryption
Management
• Secure Web GUI
provides a secure, easy-to-use graphical interface for configuring
the module via HTTPS
• Command-line interface (CLI)
provides a secure, easy-to-use
SSH or a switch console; provides direct real-time session visibility
• SNMPv1, v2c, and v3
facilitate centralized discovery, monitoring, and secure
management of networking devices
• Complete session logging
provides detailed information for problem identification and
resolution
• Manager and operator privilege levels
provides read-only (operator) and read/write (manager) access on
CLI
• Remote monitoring (RMON)
uses standard SNMP to monitor essential network functions;
supports events, alarm, history, and statistics group plus a private
alarm extension group
• FTP, TFTP, and SFTP support
offers different mechanisms for configuration updates; FTP allows
bidirectional transfers over a TCP/IP network; trivial FTP (TFTP) is a
simpler method using User Datagram Protocol (UDP); Secure File
Transfer Protocol (SFTP) runs over an SSH tunnel to provide
additional security
and Web browser management interfaces
Layer 3 routing
• Static IP routing
provides manually configured routing; includes ECMP capability
• Routing Information Protocol (RIP)
provides RIPv1 and RIPv2 routing
• OSPF
includes host-based ECMP to provide link redundancy/scalable
bandwidth and NSSA
CLI
for configuring the module via
• Layer 2 Tunneling Protocol (L2TP)
an industry standard-based traffic encapsulation mechanism
supported by many common operating systems such as Windows®
XP and Windows Vista®; will tunnel the Point-to-Point Protocol
(PPP) traffic over the IP and non-IP networks; may use the IP/UDP
transport mechanism in IP networks
• Generic Routing Encapsulation (GRE)
transports Layer 2 connectivity over a Layer 3 path in a secured
way; enables the segregation of traffic from site to site
• Border Gateway Protocol 4 (BGP-4)
delivers an implementation of the Exterior Gateway Protocol (EGP)
utilizing path vectors; uses TCP for enhanced reliability for the route
discovery process; reduces bandwidth consumption by advertising
only incremental updates; supports extensive policies for increased
flexibility; scales to very large networks
• Dual IP stack
maintains separate stacks for IPv4 and IPv6 to ease the transition
from an IPv4-only network to an IPv6-only network design
3
• Policy routing
allows custom filters for increased performance and security;
supports ACLs, IP prefix, AS paths, community lists, and aggregate
policies
• Layer 3 IPv6 routing
provides routing of IPv6 at media speed; supports static routes,
RIPng, OSPFv3, BGP+,policy route and PIM-SM/DM
Security
• Defense against attacks
Firewall provides defense against various attacks, such as
DoS/DDoS, ARP spoofing, large ICMP packet, address/port scanning,
Tracert, IP packets with the Record Route option, static and dynamic
blacklists. It also supports binding of MAC address and IP address,
and supports intelligent defense of worm viruses.
• Application layer content filtering
Firewall supports mail filtering, based on SMTP mail address, titles,
attachments, and contents; supports Web page filtering including
HTTP URL and content filtering.
• Multiple security authentication services
Firewall supports RADIUS and HWTACACS authentications,
certificate-based (x.509 format) PKI/CA authentication, supports
user identity management (different users own different rights to
execute commands), supports levels of user views (users of
different levels have different management rights).
• Centralized management and auditing
Firewall provides logging, traffic statistics and analysis, events
monitoring and statistics, and mail notification of alarms.
Warranty and support
• Electronic and telephone support
limited electronic and business-hours telephone support is
available from HP for the entire warranty period; to reach our
support centers, refer to
www.hp.com/networking/contact-support
duration of support provided with your product purchase, refer to
www.hp.com/networking/warrantysummary
• Software releases
to find software for your product, refer to
www.hp.com/networking/support
releases available with your product purchase, refer to
www.hp.com/networking/warrantysummary
• 1-year warranty
advance hardware replacement with 10-calendar-day delivery
(available in most countries)
; for details on the
; for details on the software
Loading...