No-system Core
Amaranten firewall is a product without a system core, that
is, without an operating system. Therefore, it has no leaks
in
its operating system and it ensures network security from the
firewall's base layer. An operating system requires
constant maintenance and updating, but this does not occur if
no operating system is present. Subsequent problems
which are caused during system updating or software patches
updating will thereby be avoided.
All hardware such as CPU, network adapter and buses etc. may
be managed following the firewall core startup. The
firewall core can, at the base, take over and process inbound
and outbound data from the hardware equipment, which
uses the hardware performance as much as possible and reduces
costs of the operating system at the same time.
Amaranten firewall processes data at the quickest speed to become
one of the quickest firewalls offering one of the
highest throughput and low latency products currently on
the market.
High Throughput and Low latency
As there is no operating system, Amaranten firewalls have great performance. They
all can meet the wire speed, whether it's 100Mbps products or
Gigabit products. Amaranten firewalls have the lowest latency
in market. Latency of Amaranten
products
is less than 19us, meeting the requirements for latency in actual
applications.
Support VLAN
Amaranten firewalls are completely compliant to Ethernet IEEE
802.1Q for the definition of a virtual local
network. Amaranten firewalls allow the routings in VLAN or VLAN
data traversal.
Multi-DMZ protection
Amaranten firewalls which is up F100 are multi-interfaces and
each interface can connect to internal net, external net or
DMZ. This includes Multi-DMZ protection or internal net division.
Support ADSL access
Amaranten firewalls support PPPOE protocol. ADSL will become
available upon entering the user name and password in
firewall manager. Then the user can translate IP addresses via
ADSL, manage VPNs.
PBR
Amaranten firewalls can define different routings based on different
policies in order to define different routings according to
the source addresses and services. It then makes it possible
to connect multiple ISPs and apply it in the environment
which has multiple network exits without other equipment. Furthermore,
it also supports WEB Cache (such as free Squid) via PBR for
URL filtering, proxy application with the free-charged software.
Meanwhile, it can be used as a virus-scan
server.
Support H.323
Amaranten firewalls support H.323. This function ensures audio/video
data (such as IP phone, multimedia meeting,
Netmeeting) successfully traversing and improving the network
security through managing the audio/video users ---
the important and prior audio/video information can pass through
the firewalls under bandwidth management settings.
Support SIP
SIP is a standard IP phone message protocol for future audio/video
messages. Amaranten firewalls support SIP protocol, which ensures
users' audio/video application in the future. Also, supporting
H.323, it ensures the security of SIP
application and the proper allocation of bandwidth for the settings
rules.
Support routing protocol
Amaranten firewalls support OSPF. We may put firewalls between
routers or between routers and the third layer
switches controlling the dynamic routing information communication
and ensuring the network security. We also can
limit the dynamic routing information traversal from those routers
via setting firewall rules.
Firewall and IDS linkage
Amaranten firewalls support the linkage action with IDS. When
IDS inspects the attacks, it will send a message to the
firewall. At almost the same time, the firewall will dynamically
add a rule with the IDS information to stem the attacks.
This will support a whole and dynamic network security.
DHCP Client
Amaranten firewalls also support DHCP. It can accept IP addresses
dynamically from its interfaces, which is very
convenient and flexible for users' access, especially for MAN
users.
DHCP Relay
Amaranten firewalls support DHCP traversal, i.e. we could connect DHCP Server and Client to different firewall interfaces --- this is a better protection to DHCP Server.
Support DHCP server
Amaranten firewalls can also support a DHCP Server. The firewalls
will allocate IP addresses dynamically in
networks, which will save network construction investment for
enterprises and make the network application and IP
addresses
management
much easier.
Support HA
Amaranten firewalls support the HA function, which means when
one firewall is frozen or encounters hardware and network malfunctions,
another firewall will automatically switch to active after 1
second. It ensures high stability and saves
the users' investment. Furthermore, you can choose any of the
Amaranten firewall models as HA backup.
Support port
and link backup
Amaranten firewalls also support link backup. When a link
to the firewalls is cut off or an interface is jammed, the
firewall can check it out and automatically switch to another
active firewall for ensuring network application.
QoS/CoS guarantee
Amaranten firewalls can manage the bandwidth of the data which
is based on IP, service, interface, group data, VLAN
and VPN links. The load balance can be implemented in pipes
so that it can ensure the service quality of those important
data. We could implement the underlying options via QoS/CoS
settings.
Bandwidth limits
Bandwidth ensure
PRI control
Dynamic flow balance
Unique firewall status inspection
Amaranten firewalls provide detailed statistics and diagrams
with the interface based on core, rules, QOS, interfaces,
RAM, Buffer, connections. We can then know the real-time status
about firewalls, network flow, and possible network
attacks. In the meantime, it can inspect several firewalls at
the same time to ensure the real-time inspection to
the entire network of firewalls.
Encrypted and Unencrypted VPN
Amaranten firewalls use built-in VPN models. It can establish
encrypted tunnels with VPN gateways and client software
and it also supports encrypted and unencrypted VPN tunnels,
NAT, X.509, multiple encryption authentication
algorithms
and ensures the data transfer between different places
for enterprises with VPNs.
Star topological VPN access
Amaranten VPNs support star topological VPN except peer-to-peer,
which is a suitable project for the incorporated
companies. Once this kind of topological VPN access is set up,
the data communication will get much easier. Each branch
just needs to establish VPN tunnels with headquarters, then
all branches can implement their communications via the
accessing headquarters.
Dynamic VPN access
Amaranten VPN supports IP addresses access. The users can access
Internet with ADSL or MAN and some other
access ways, and then apply for dynamic domains --- VPN appliances
will establish VPN tunnels via domains.
NAT traversal
VPN clients can establish tunnels in VPN gateways behind NAT
appliances or put NAT appliances into between VPN
appliances. This kind of access is highly flexible and user
friendly.
Multi-access mode
Amaranten firewalls can support these three access modes: transparent,
routing, and hybrid modes. It can make the
firewalls easy for distribution through the networks
Rich Log-analysis
Real-time show in firewalls;
The Log is stored in the Log server. There is no hard disk in firewalls;
There are three types of Logs which are stored in firewalls. They are: syslog, FWlog, SNMP;
The detailed Log-analysis can be determined using WebTrends.
Concentrative remote management
Amaranten firewall manager can manage multiple firewalls by
remote. It can also define the service, object names and
support uploading, downloading and policy modifying. With this
function, the common settings can be configured in the
group configuration. Every firewall needs to define its individual
configuration. This will simplify the management and
rules. All these aspects of management are implemented via
keys, the keys being established randomly. It ensures
the security of remote management.
Group-Policy manage
Amaranten firewalls can distribute multiple names with the same
attribute, such as IP addresses, service, and interface
etc as one group when configuring the rules. Configuring the
rules by groups will be more convenient as it decreases
the firewall rule amounts.
Long-distance Console control
Amaranten firewall has an analog remote Console controller.
It can simulate local Console to manage the firewalls by
remote. We can thereby acquire detailed firewall information
such as routing, interface status, ARP table etc. from
Console. |
