<< Назад на страницу выбора модели
| Throughput | Up to 960 Gbps |
| Throughput/slot | Up to 240 Gbps | |
| Mitigation rate/slot | Up to 60 Mpps | |
| Latency | 80 μs | |
| Expansion slot | 8 | |
| Expansion interface board | FW-LPUF-120, with two sub-slots FW-LPUF-240, with two sub-slots | |
| Expansion card | • 24 × GE (SFP) • 5 × 10 GE (SFP+) • 6 × 10 GE (SFP+) • 12 × 10 GE (SFP+) • 1 × 40 GE (CFP) • 1 × 100 GE (CFP) • 3 × 40 GE (QSPF+) | |
| Dimensions (W × D × H) | 442mm × 650mm × 620mm (14U) | |
| Weight | 43.2 kg (empty) or 112.9 kg (fully configured) | |
| Power supply | Rated input voltage: DC: -48 V AC: 175 V to 264 V; 50/60 Hz Maximum input voltage range: DC: -72 V to -38 V AC: 90 V to 264 V; 50/60 Hz | |
| Power consumption | 3 × FW-LPUF-240 + 5 × ADS-SPUD-B + 10 × ADS-SPC-80-01: DC: 4025 W (avg), 4823 W (max) AC: 4282 W (avg), 5132 W (max) | |
| Power redundancy | DC: 4 hot-swappable PEM modules AC: 4 PEM modules+1 external AC power chassis | |
| Security certifications | Electromagnetic compatibility (EMC) CB, RoHS, FCC, MET, C-Tick, and VCCI |
| Function | Description |
| Defense against the following protocol anomaly attacks: | Land, Fraggle, Smurf, WinNuke, Ping of Death, Teardrop, and TCP error flag attacks |
| DNS application protection against the following attacks: | DNS query flood, DNS reply flood, and DNS spoofing Source rate limiting and domain name rate limiting |
| Defense against the following network attacks: | SYN flood, ACK flood, FIN flood, RST flood, TCP fragment flood, UDP flood, UDP fragment flood, IP flood, ICMP flood, TCP connection flood, sockstress, TCP retransmission, and TCP empty connection attacks |
| SIP application protection against the following attacks: | SIP flood and SIP method flood attacks, including register flood, deregistration flood, authentication flood, and call flood attacks Source rate limiting |
| Defense against the following UDP-based reflection and amplification attacks: | NTP, DNS, SSDP, Chargen, TFTP, SNMP, NetBIOS, QOTD, Quake Network Protocol, Portmapper, Microsoft SQL Resolution Service, RIPv1, and Steam Protocol reflection and amplification attacks |
| Filters: | IP, TCP, UDP, ICMP, DNS, SIP, and HTTP packet filters |
| Attack signature databases: | RUDY, slowhttptest, slowloris, LOIC, AnonCannon, RefRef, ApacheKill, and ApacheBench attack signature databases, which are updated automatically each week |
| Location-based filtering: | Traffic is blocked or limited based on the location of the source IP address. |
| Web application protection against the following attacks: | • HTTP Get flood, HTTP Post flood, HTTP slow header, HTTP slow post, HTTPS flood, SSL (renegotiation) DoS/DDoS, WordPress amplification, RUDY, and LOIC attacks • Packet validity check |
| IP reputation: | • Most active zombies are tracked, and the IP reputation database is updated automatically on a daily basis to block attacks fast. • Local reputation records are automatically learned. • The learning of local access IP reputations creates dynamic IP reputation records based on local service sessions, helping to forward service access traffic quickly and enhance user experience. |
| Management functions: | • Account management and permission allocation • Defense policy configuration and reports based on Zones (tenants), at a scale of up to 100,000 Zones • Device performance monitoring • Source tracing and fingerprint extraction by capturing packets • Email, short message, and audio alarms • Log dumping • Dynamic baseline learning • Policy interworking and log interworking APIs |
| Report functions: | • Traffic comparison before and after cleaning • Top N traffic statistics • Application-layer traffic comparison and distribution • Protocol distribution • Traffic statistics based on the source location • Attack event details • Top N attack events (by duration or number of packets) • Distribution of attacks by category • Attack traffic trends • DNS resolution success ratio • Top N traffic statistics for the application layer (by source IP address, HTTP URI, HTTP HOST, and domain name) • Downloading of reports in HTML, PDF, or Excel format • Report pushing via email • Generation of daily, weekly, monthly, and yearly reports • Self-service portal for tenants • Creation, deletion, updating, and viewing of Zones, and addition and deletion of protected IP addresses • Creation and deletion of traffic diversion policies • Creation and deletion of blackhole routes • Traffic and attack logs for each IP address • Sending of logs in syslog format |
| Traffic diversion: | Manual traffic diversion and automatic PBR- or BGP-based traffic diversion |
| Traffic injection: | Static route, MPLS VPN, MPLS LSP, GRE tunnel, Layer 2, and PBR-based injection |