MSG4000-X1 (V1) Firewall
Maipu next-generation firewall is one high-performance firewall that can completely deal with the threats of the application layer. It can provide the valid application-layer integrated security protection for the user and help the user to provision the services safely and simplify the user network security structure by penetrating the user, application, and content in the network flow.
Maipu next-generation firewall can correctly identify hundreds of network applications, and provide the detailed application traffic analysis and flexible policy management and control. Combining with the user identification, application identification, and content identification, it can provide the visible and refined application security management for the user. Meanwhile, Maipu next-generation firewall is inbuilt with threat detection engine against various network attacks including viruses, Trojans, SQL injection, XSS, CC, XSS attack, protecting the user network health and web server security effectively.
Maipu next-generation firewall provides the complete application security protection and flexible expanding modes, and can be deployed in the sectors of government, finance, enterprise, and education, widely applicable to Internet export, data center, network and server security isolation and other application scenarios.
Self-developed hardware platform
The hardware platform of Maipu next-generation firewall adopts Maipu’s own hardware, integrating Maipu’s own design and manufacturing, shares Maipu’s 20-year router hardware manufacturing technology, and can get the good value guarantee in the product reliability and life circle continuing.
The hardware platform is reliable and stable: share Maipu’s 20-year router hardware manufacturing technology, tested by more than 250,000 routers on the market for 20 years, ensuring the stable and reliable operation of Maipu next-generation firewall.
The life circle of the product is controllable: Maipu next-generation firewall adopts Maipu’s own hardware, but not X86 IPC platform of the traditional security manufacturer. Compared with the X86 IPC platform of the traditional security manufacturer, it can be controllable better on the life circle.
Refined application access control
Maipu next-generation firewall supports the depth application identification technology. It can identify hundreds of network applications correctly according to the protocol features, activity features and association analysis, including tens of mobile terminal application. Based on this, Maipu next-generation firewall provides the refined and flexible application security access control for the user.
Integrated access control: Perform the integrated management, control and defense from the user, application, content, time, threat, and location. The defense of the content layer is combined with the application identification for integrated processing. For example, identify the Oracle traffic, so as to perform the intrusion prevention, more efficient and less misinformation.
Flexible application control: Based on the depth application identification and refined application selection, support flexible security control function, including policy blocking, session limitation, traffic control and management, application drainage, or time limitation, and so on.
Comprehensive security protection capability
Maipu next-generation firewall provides the intrusion defense technology based on the depth application identification, protocol detection and attack principle analysis, effectively filtering the viruses, Trojans, worms, spyware, vulnerability attacks, escape attacks and other security threats, providing the L2-L7 network security protection for the user.
Optimized attack identification algorithm: Effectively defending the SYN Flood, UDP Flood, HTTP Flood, and other DoS/DDoS attack, ensuring the security availability of the network and application system.
Professional web attack protection function: Support the SQL injection, cross site scripting, CC attack and other detection and filtering, preventing Web server from being attacked and damaged.
High-performance virus filtering function: Advanced detection engine based on the flow scanning technology can realize the low-delay high-performance filtering. Support killing the virus in HTTP, FTP, SMTP, POP3, IMAP, and other traffic and compressed files (zip, gzip, rar and so on). Support the URL filtering function of the ten thousand-class URL feature library, helping the network administrator realize the web browsing access control, avoiding the threat penetration from the malicious URL.
MPSec MSG4000-X1-AC (V1)
1 Console port
1 USB port
Connections per second
NAT concurrent connections
· Support the local user authentication
· Support the external server user authentication (RADIUS, TACACS+, LDAP, Active Directory)
· User identify and filtering
Static Routing Protocol, OSPF Routing Protocol, IP-subnet, ACL isolation, NAT
· Connection Stateful Inspection
· Trust/Un-Trust/DMZ Zone for District Isolation
· Access control based on the depth application identification
· Security policy based on the application/role
· Powerful NAT and ALG
· Source&Destination/IP/UDP/TCP/Port/Protocol Filtering
· User and data filtering
· Application status identify
· Application filtering
· PoP3 Mail filtering
Multiple malformed packet attack protection
SYN, Flood, IP, TCP, UDP, Flood, HTTP, Flood and other DoS/ DDoS attacks protection
Support ARP attack protection
Abnormal data automatic identify
Status-based correct high-performance attack detection and protection
Real-time attack source blocking, IP shielding, and attack event recording
Support the attack detection and protection for HTTP, SMTP, IMAP, POP3, and other protocol and applications
Support the detection and prevention of buffer overflow, support SQL injection and cross-site scripting attack
The attack detection and protection of more than 3000 features, the feature library supports the real-time updating of the network.
Flow-based virus filtering
Support scanning the compressed virus file
More and 2,000,000 virus feature library, virus library supports real-time updating of the network
malicious software filtering
Web access control
HTTP Web access control based on the role, time, priority, web type and other condition, URL filtering
Support customizing the URL type
Support the ten thousand-class URL feature library, the URL library supports the real-time updating of the network
Divide the tunnels according to the security domain, interface, address, user/user group, service/service group, application/application group, time and other information
Support four-layer tunnel nesting
Perform the maximum bandwidth limitation, minimum bandwidth guarantee, maximum bandwidth limitation and minimum bandwidth guarantee per IP or user for multi-layer tunnels
Differential service based on the time and priority, support bandwidth sharing policy
Abnormal traffic detection
Support standard IPSec VPN/PPTP/L2TP
Active/active (A/A) and active/standby mode
Support configuration, session synchronization
Support the URL log, NAT log, session log, threat log and so on
Support real-time traffic statistics and analysis function
Support the security event statistics function
HTTP/HTTPS, Telnet, SSH, FTP/TFTP, Proxy server management, etc.
MPSec MSG4000-X1-AC (V1)
MPSec MSG4000-X1-AC (V1), next generation firewall host, 10G next-generation firewall, configure 24Combo+2SFP+; built-in 500G hard disk, configure redundant AC power supply, 1U device
MSG4000-X1-IAA-1Y, next-generation firewall IAA module, MPSec MSG4000-X1-AC (V1) product intrusion prevention module, feature library upgrade, 1-year authorization product IPS, AV and AM three-in-one function module, feature library upgrade, 1-year authorization