产品编号: 乌鸦 5700
RAVEN 下一代防火墙 - RAVEN 5700
1U 机架安装,6 个固定 FE/GE TX 端口和 4 个固定 100/1000M SFP 插槽,2 个扩展媒体模块插槽,冗余 PSU
-
上架时间:
亚太
-
状态:
有源
- 规格
规格
产品描述
|
类型 |
乌鸦 5700 |
|---|---|
|
名称 |
乌鸦 5700 |
|
描述 |
1U 机架安装,6 × 固定 FE/GE TX 端口和 4 × 固定 100/1000M SFP 插槽,2 个 × 扩展媒体模块插槽,冗余 PSU |
|
端口类型和数量 |
6 × 固定 FE/GE TX 端口,4 个 × 固定 100/1000M SFP 插槽,2 个 × USB,1 × RJ45 控制台端口 |
|
热辐射型 |
固定风扇 |
|
扩展插槽 |
2 × 扩展媒体模块插槽 |
|
储存 |
60G 固态硬盘 |
|
性能 |
60G(防火墙),23G(启用 NGFW) |
|
每秒连接数 |
320000/s(防火墙),89000/s(启用 NGFW) |
|
IPSec VPN 默认隧道 |
5000 |
|
虚拟固件 |
2/5 |
|
并发连接 |
3.2 百万 |
更多接口
|
电源 |
2 × 固定冗余电源 |
|---|
电源要求
|
工作电压 |
100-240VAC,47-63Hz,支持冗余 PSU |
|---|
环境条件
|
允许湿度(存储/运输) |
5% 至 95% |
|---|---|
|
工作温度 |
-5-+45 °C |
|
最低储存温度 |
-20°C 至 +70 °C |
|
相对湿度(无冷凝) |
5-85 % |
|
总宽度 |
435 mm |
|
总高度 |
44.5 mm |
|
深度 |
500 mm |
|
重量 |
13.2 kg |
|
安装类型 |
机架安装 |
软件规格
| Security | Access control | Access control based on network interface, security zones, source/destination IP, domain name, port, application and customer; support time-based policy. Support DPI identification in access control. |
| Support security policies pre-compile during committing configuration, complex security policies will not reduce chassis performance | ||
| Support default policy, permit all or deny all is available for all policies | ||
| Support logging for policy match, include flow and hitting | ||
| Support shadowing checking in security policies | ||
| Support session management for special security policy | ||
| Support group based security policies management | ||
| APT (Advanced Persistent Threat) protection | Chassis has another dedicated hardware based APT engine. Sandbox is used to detect malicious code. APT engine has abilities for protecting long-term detection attack and 0 DAY attack | |
| APT engine can process at least 20 types of files, such as exe, rtf, Office file, rar, zip, pdf and so forth. | ||
| Raven Eye cloud security protection | Raven can sync all system libraries from Raven Eye. Raven is able to prevent either known or unknown threaten when it is captured by Raven Eye in past 6 hours | |
| Support both IPv4 and IPv6 environment. | ||
| Support one-key process for captured host | ||
| IPS | Support flow based protocol analysis and protocol tree algorithm, support both IPv4 and IPv6 | |
| Attack sample library has more than 3600 entries, weekly update, and support online user manual | ||
| Support online, bypass and complex deployment | ||
| Anti-Virus | Based on Raven eye cloud security center, Raven has more than 36k virus samples, weekly update | |
| Support HTTP, FTP, POP3, IMAP and SMTP attachment scanning | ||
| Support customized scan template | ||
| Anti-virus policy can base on interface, security zone, address, user, service and time | ||
| Support online, bypass and complex deployment, support both IPv4 and IPv6 | ||
| Web application protection | Support protection for SQL injection and XSS script attack, support Web application security in IPv4/IPv6 protection | |
| DDoS | Support TCP flooding protection, include packet rate, source host packet rate and destination packet rate limitation. SYN cookie, dropping violation packets or only alarm are available protection actions | |
| Support UDP flooding protection, include packet rate, source host packet rate and destination packet rate. Dropping violation packets and only alarm are available protection actions | ||
| Support ICMP flooding protection, include packet rate, source host packet rate and destination packet rate. Dropping violation packets and only alarm are available protection actions | ||
| Support inhibition for malicious scanning, such as TCP scanning, UDP scanning and ICMP scanning | ||
| Support protection for Jolt2, Land-Base, Ping of death, Syn flag, Tear drop, Winnuke, Smurf | ||
| Session Control | Total connection control based on interface, address, user, application and time | |
| CPS control based on interface, address, user, application and time | ||
| Source total connection control based on interface, address, user, application and time | ||
| Source CPS suppression control based on interface, address, user, application and time | ||
| Destination total connection control based on interface, address, user, application and time | ||
| Destination CPS control based on interface, address, user, application and time | ||
| ARP protection | Support IP-MAC mapping protection and unique mapping validation | |
| Support protection of ARP spoofing. Raven support static MAC learning or reverse flooding to correct ARP to strike back the attacker | ||
| Support ARP suppression to defense ARP flooding | ||
| Deny List | Support IP based deny list, deny list up to 30K entries | |
| Support import/export operation for deny list | ||
| Application-based control | Application Identification | App ID engine based on DPI, DFI and network behavior analysis |
| Application control | Support application identification by classes, such as: IM, class-based URL management, social media, download tools, video application and so forth | |
| Email application control | Support deep email inspection based on parameters such as email title, email body, attachments and protocol commands | |
| Application library | Application library support at least 1000 applications | |
| Application library update | Application library update support both online and offline operation, weekly update | |
| IPv4/IPv6 support | Support application behavior management in IPv4/IPv6 | |
| Traffic control | Token bucket | Multi-level token bucket mechanism, minimum particle size 1K bps |
| Flexible QoS | Support QoS policy on physical interface and VLAN interface | |
| Application based QoS | QoS policy support application traffic inspection | |
| Hierarchical QoS | Support 4-level nesting HQoS, each level has 64 queue | |
| Per-user bandwidth control | Support assign per-user bandwidth schedule in customer communication for upstream traffic and downstream traffic | |
| Bandwidth reserve | Support to configure upstream bandwidth and downstream bandwidth | |
| Priority queue | Support priority queue | |
| Shaping | Support shaping | |
| Network | Deployment | Support routing mode and transparent mode firewall, support complex deployment |
| IPv4/IPv6 dual stack | Support IPv4/IPv6 dual stack, all functions can work both under IPv4 and IPv6 | |
| Physical interface | Support static IP address and DHCP client, support multiple addresses under interface | |
| 802.1Q VLAN | Support 4096 VLANs | |
| LAG | Support LACP and static LAG. Load balancing mode can be configured. | |
| GRE | Support GRE tunnel | |
| Static route | Support static route and ECMP under static route. Support various methods of static route health check | |
| Routing protocol | Support RIP, OSPF and BGP | |
| Policy based route | Support PBR based on ingress port, source IP, destination IP, port, service and domain name, multiple next-hops are also supported | |
| BFD | Support BFD function. | |
| Load balance in WAN | Support load balance for multiple WAN interface, include PPPoE | |
| Health check | Support link health check via ICMP, TCP, DNS and HTTP request | |
| Routing control | Support ECMP, PBR and link-load balance | |
| NAT | Support source NAT, destination NAT, static NAT and policy NAT. Support CG-NAT. | |
| NAT46/NAT64 | Support NAT between IPv4 and IPv6 | |
| ALG | NAT pin-hole support on application layer | |
| NAT address pool | Support multiple address pool and discontinuous address pool | |
| VPN | Support IPSec VPN and L2TP VPN | |
| Support SSLVPN in proxy mode and tunnel mode. Support nested access policy in SSLVPN | ||
| STP | Support STP protocol | |
| DHCP | Support DHCP server, support IP-MAC binding entry | |
| DNS Server | Support DNS server, Support DNS zone | |
| DNS record | Support DNS record, include A, AAA, NS, CNAME, TXT, MX and PTR | |
| DNS transparent agent | Support DNS transparent agent, support multiple algorithms for load balancing | |
| Virtualization | Hardware based virtualization | Raven support hardware based virtualization acceleration |
| Virtual FW configuration | Support full functional vFW deployment. vFW support different software, feature and HA policy | |
| Virtual FW management | Each vFW has private resource template and configuration | |
| HA | Hot-standby | Support active-active and active-backup mode |
| Backup node management | Backup node support OOB management | |
| VRRP | Support VRRP for gateway backup | |
| Multi-standard failure detection | Failure detection based on heart-beat detection, link flapping, remote failure. | |
| Session sync | Support session sync between nodes, failover will not interrupt service | |
| HA preempt | Support priority configuration for certain active node | |
| Monitoring | Threaten visualization | Support threaten visualization for attack. Visualization based on threat level, country and victim, include TOP10 table and diagram. |
| Application based traffic visualization | Support application visualization for TOP100 application. Diagram include traffic detail and per app/per user traffic statistics. | |
| User based traffic visualization | Support user based visualization for TOP100 users. Diagram include user traffic detail. | |
| Interface based traffic visualization | Support collecting detail information of interfaces, based on physical interface or virtual interface (VNI or GRE) | |
| System report | Support to generate system report in system usage. CPU usage, memory usage, concurrent connection, CPS field during real time, 1 hour, 1 day, 7 days and 1 month | |
| Logging | Local syslog | Support local storage for system log |
| Remote syslog | Support multiple syslog server | |
| Log level | Support standard level 0~7 | |
| Report | System can generate traffic report and threaten report. | |
| Email alarm | System alarm can trigger email to certain receivers. | |
| Address management | Address object management | Support address objects up to 8K, each object has address records up to 2K. Support domain name as address record. |
| Address object bulk operation | Support import/export address objects/record for bulk operation. | |
| Customized application | Support customized application | |
| System configuration | Web UI(HTTP/HTTPS) | Internationalization Web UI |
| Control/VTY | Support console port, SSH and telnet for remote CLI management | |
| SNMP | Support SNMP v1/v2/v3 | |
| User login management | Support local account, Radius and LDAP authentication | |
| User role management | Support different user roles to implement user management and operation audit. | |
| NTP | Support external NTP server | |
| System configuration backup/restore | Support export/import configuration file as plain text. | |
| Packet dump | Support WebUI for packet dumping |
机械稳定性
|
IEC 60068-2-6 振动 |
1 mm,2 Hz-13.2 Hz,90 分钟;0.7g,13.2 Hz-100 Hz,90 分钟;3.5 mm,3 Hz-9 Hz,10 个循环,1 个倍频程/分钟;1g,9 Hz-150 Hz,10 个循环,1 个倍频程/分钟 |
|---|---|
|
IEC 60068-2-27 冲击 |
15g,持续时间 11 ms,18 次冲击 |
EMC干扰耐受性
|
EN 61000-4-2 静电放电 (ESD) |
4kV 接触放电,8kV 空气放电 |
|---|---|
|
EN 61000-4-3 电磁场 |
10V/m(80-1000MHz),3V/m (1000-6000MHz) |
|
EN 61000-4-4 快速瞬变(突发) |
2kV 电源线,1kV 数据线 |
|
EN 61000-4-5 浪涌电压 |
电源线:2 kV(线/地)、1 kV(线/线)、1 kV 数据线 |
|
EN 61000-4-6 传导免疫 |
10 伏(150 千赫 -80 兆赫) |
|
EN 61000-4-8 工频磁场 |
30A/m |
|
EN 61000-4-11 电压骤降,短中断 |
0%(20ms), 40%(300ms), 70%(500ms), 0%(5s) |
EMC辐射抗扰度
|
EN 55032 |
EN 55032 A级 |
|---|---|
|
EN 61000-3-2 |
EN 61000-3-2 A级 |
|
EN 61000-3-3 |
EN 61000-3-3 |
|
FCC CFR47 第 15 部分 |
FCC 47CFR 第 15 部分,A 类 |
认证
|
FCC |
符合 |
|---|---|
|
中国网络接入证书 |
符合 |
|
RoHS合规 |
符合 RoHS ((EU) 2015/863) 和 RoHS (GB/T26572-2011) 标准 |
交付清单和配件
|
需单独订购配件 |
SFP、媒体模块 |
|---|---|
|
交付清单 |
1 × 设备、1 × 接地线、2 × 电源线、1 × 控制台电缆、1 × Cat5UTP 2M、1 × 安装包 |
历史
|
更新和修订 |
修订编号:0.16 修订日期:05-14-2024 |
|---|
信息
|
更新和修订 |
修订编号:0.16 修订日期:05-14-2024 |
|---|