The
PRI-2000 firewall is a
next-generation firewall
which utilizes many up-to-date
network security technologies
to provide customers with
effective protection to
their network resources.
It combines powerful capabilities
of information analysis,
effective packet filtering,
and various anti-spoofing
measures. The system is
based on a modular architecture
and features intuitive
graphic user interface
(GUI) through which a user
can accomplish security
policy setup, user management,
audit and query, traffic
control etc.
Application
Widely
used in financial, government,
insurance, telecommunication,
post, and media institutions.
Feature
Secure
tunnel mechanism
The PRI-2000 firewall establishes secure tunnel using the
interface-to-interface
security policies, imposing
strict yet flexible control
over the route and direction
of data flow.
User-oriented
design
In contrast with conventional IP address-oriented firewalls,
the PRI-2000 firewall is
based on user-oriented
design, capable of authenticating,
authorizing and accounting.
User
identity authentication
The
PRI-2000 firewall supports
various methods of user
identity authentication
including user name and
password, one time password
(OTP), PAM, PAP/CHAP, MS-CHAP,
NT-domain, Radius, Kerberos,
LDAP etc. Other methods
of authentication can be
added according to user
requirement.
Anti
IP address spoofing
The PRI-2000 firewall can automatically detect how IP addresses
are being used. The system
provides the functionality
of IP-MAC address binding,
automatically searches
all MAC addresses corresponding
to existing IP addresses
within local LAN, effectively
preventing address spoofing.
Dynamic
filtering
The PRI-2000 firewall provides the capability of real-time
connection monitoring.
The device improves its
efficiency by combined
use of policy table and
connection state table.
With the high-efficiency dynamic filtering technology, the
system dynamically opens ports for authorized visitors and shut up them automatically
when connections are terminated.
Net
address translation (NAT)
The PRI-2000 firewall provides three kinds of NAT for any
network interfaces: source
address translation for
outbound packet, target
address translation for
inbound packet, source
address translation for
inbound packet. It also
provides static address
mapping, dynamic address
mapping, port translation
and traffic balancing.
No matter what mode the
firewall works in, be it
routing, transparent or
mixing, the NAT is effective.
Transparent
proxy
Using multi-thread, multi-session transparent proxy technique,
the PRI-2000 firewall can
manage a large number of
application-level connections
going through the firewall
with high speed. The proxy
is totally transparent
to users. The proxy imposes
a flexible yet strict control
over application-level
contents, e.g., application-level
command screening, ActiveX,
JAVA Applet, JavaScript
unsafe script filtering
and mail filtering.
URL
filtering
As compared to other firewall products whose URL filter can
only control user access
to website, the PRI-2000
firewall controls user
access to web page as well
as website. Even if the
user uses a third-party
proxy, the firewall still
can trace the final destination
and control the access
to it. This is a unique
technology of PRI-2000
firewall.
Multiple
working modes
The PRI-2000 firewall can work in routing, transparent or
mixing working mode. There
is no need to change the
topology of the network
when the firewall is installed
and works in mixing mode.
What mode firewall works
in make no difference to
functionalities of the
firewall. This feature
simplifies the installation
of firewall, making it
suit for complex networks
environment.
Powerful
intrusion detection system
(IDS)
The PRI-2000 firewall embeds intrusion detection capability
into its kernel. It can
effectively defend attacks
such as DOS attack. The
PRI-2000 firewall can also
work with a third-party
IDS to provide better protection
for customers.
SSL-based
centralized management
The PRI-2000 firewall supports remote configuration and management.
Managing client communicates
with firewall through SSL
link. All configuration
information is transmitted
in ciphertext format, preventing
it from eavesdropping by
malicious attackers with
network-monitoring tools.
Auditing
and alarming
The PRI-2000 firewall provides powerful auditing and alarming
capability. When defining
security policy, the system
administrator can decide
what activities on the
network are to be audited.
After that, the system
will automatically audit
when malicious attack or
suspicious activity occurs
and sends alarms to the
system administrator in
forms of sound, text box
or email.
Hot
standby
The PRI-2000 firewall supports hot standby. When there is
a problem with the active
firewall, the back up device
will automatically take
over the duty, thus improves
the availability.
QoS
bandwidth management
The QoS(quality of service) is a technique used to ensure
that reasonable bandwidth
is allocated to mission
critical applications when
network traffic is heavy.
All supported applications
are assigned different
priority levels by the
administrator in advance.
The PRI-2000 firewall monitors
traffics passing through
it in real time. When there
is a traffic congestion,
it automatically allocates
bandwidth to different
applications according
to their priority level.
Secure
operating system
The PRI-2000 firewall is based on a hardened Linux operating
system which provides a
secure platform for the
firewall system.
Hardware
Specifications
Height:
1U
Network
interface: four 10/100M
self-sensing NIC interface,
or 1 G NIC interface
Peripheral
interface: RS-232
Indicator:
LED power indicator, firewall
status indicator, NIC status
indicator
Size:
430mm×270.1mm×43.3mm
Weight:
3.2 kg (6.8 Pound)
Operating
temperature: 0-45℃
Humidity:
10-95%
Power
consumption: 200wt
Firewall