maipu maipu

Security > Firewall > MSG4000-X1 (V1) Firewall

MSG4000-X1 (V1) Firewall

Maipu next-generation firewall is one high-performance firewall that can completely deal with the threats of the application layer. It can provide the valid application-layer integrated security protection for the user and help the user to provision the services safely and simplify the user network security structure by penetrating the user, application, and content in the network flow.

Maipu next-generation firewall can correctly identify hundreds of network applications, and provide the detailed application traffic analysis and flexible policy management and control. Combining with the user identification, application identification, and content identification, it can provide the visible and refined application security management for the user. Meanwhile, Maipu next-generation firewall is inbuilt with threat detection engine against various network attacks including viruses, Trojans, SQL injection, XSS, CC, XSS attack, protecting the user network health and web server security effectively.

Maipu next-generation firewall provides the complete application security protection and flexible expanding modes, and can be deployed in the sectors of government, finance, enterprise, and education, widely applicable to Internet export, data center, network and server security isolation and other application scenarios.

Product Features

    Self-developed hardware platform

    The hardware platform of Maipu next-generation firewall adopts Maipu’s own hardware, integrating Maipu’s own design and manufacturing, shares Maipu’s 20-year router hardware manufacturing technology, and can get the good value guarantee in the product reliability and life circle continuing.

    The hardware platform is reliable and stable: share Maipu’s 20-year router hardware manufacturing technology, tested by more than 250,000 routers on the market for 20 years, ensuring the stable and reliable operation of Maipu next-generation firewall.

    The life circle of the product is controllable: Maipu next-generation firewall adopts Maipu’s own hardware, but not X86 IPC platform of the traditional security manufacturer. Compared with the X86 IPC platform of the traditional security manufacturer, it can be controllable better on the life circle.

    Refined application access control

    Maipu next-generation firewall supports the depth application identification technology. It can identify hundreds of network applications correctly according to the protocol features, activity features and association analysis, including tens of mobile terminal application. Based on this, Maipu next-generation firewall provides the refined and flexible application security access control for the user.

    Integrated access control: Perform the integrated management, control and defense from the user, application, content, time, threat, and location. The defense of the content layer is combined with the application identification for integrated processing. For example, identify the Oracle traffic, so as to perform the intrusion prevention, more efficient and less misinformation.

    Flexible application control: Based on the depth application identification and refined application selection, support flexible security control function, including policy blocking, session limitation, traffic control and management, application drainage, or time limitation, and so on.

    Comprehensive security protection capability

    Maipu next-generation firewall provides the intrusion defense technology based on the depth application identification, protocol detection and attack principle analysis, effectively filtering the viruses, Trojans, worms, spyware, vulnerability attacks, escape attacks and other security threats, providing the L2-L7 network security protection for the user.

    Optimized attack identification algorithm: Effectively defending the SYN Flood, UDP Flood, HTTP Flood, and other DoS/DDoS attack, ensuring the security availability of the network and application system.

    Professional web attack protection function: Support the SQL injection, cross site scripting, CC attack and other detection and filtering, preventing Web server from being attacked and damaged.

    High-performance virus filtering function: Advanced detection engine based on the flow scanning technology can realize the low-delay high-performance filtering. Support killing the virus in HTTP, FTP, SMTP, POP3, IMAP, and other traffic and compressed files (zip, gzip, rar and so on). Support the URL filtering function of the ten thousand-class URL feature library, helping the network administrator realize the web browsing access control, avoiding the threat penetration from the malicious URL.

Product Specifications


Product   Models

MPSec MSG4000-X1-AC (V1)

Product   configuration




24*GE Combo+

2*1G/10G SFP+




1 Console port

1 USB port

Performance   parameters

Firewall Performance



Concurrent Connections


Connections   per second


NAT concurrent connections





User   authentication

·           Support the local user authentication

·           Support the external server user authentication (RADIUS, TACACS+, LDAP,   Active Directory)

·           User identify and filtering

Routing   Features

Static   Routing Protocol, OSPF Routing Protocol, IP-subnet, ACL isolation, NAT


·            Connection Stateful Inspection

·           Trust/Un-Trust/DMZ Zone for District Isolation

·           Access control based on the depth application identification

·           Security policy based on the application/role

·           Powerful NAT   and ALG

·           Source&Destination/IP/UDP/TCP/Port/Protocol   Filtering

·           User and data filtering

·           Application status identify

·           Application filtering

·           PoP3 Mail filtering

Attack defense

Multiple   malformed packet attack protection

SYN,   Flood, IP, TCP, UDP, Flood, HTTP, Flood and other DoS/ DDoS attacks   protection

Support   ARP attack protection

Abnormal   data automatic identify

Intrusion defense

Status-based   correct high-performance attack detection and protection

Real-time   attack source blocking, IP shielding, and attack event recording

Support   the attack detection and protection for HTTP, SMTP, IMAP, POP3, and other   protocol and applications

Support   the detection and prevention of buffer overflow, support SQL injection and cross-site   scripting attack

The   attack detection and protection of more than 3000 features, the feature   library supports the real-time updating of the network.

Virus   filtering

Flow-based   virus filtering

Support   scanning the compressed virus file

More   and 2,000,000 virus feature library, virus library supports real-time   updating of the network

malicious   software filtering

Web   access control

HTTP   Web access control based on the role, time, priority, web type and other   condition, URL filtering

Support   customizing the URL type

Support   the ten thousand-class URL feature library, the URL library supports the   real-time updating of the network

Bandwidth   management

Divide   the tunnels according to the security domain, interface, address, user/user   group, service/service group, application/application group, time and other     information

Support   four-layer tunnel nesting

Perform   the maximum bandwidth limitation, minimum bandwidth guarantee, maximum   bandwidth   limitation and minimum bandwidth guarantee per IP or user   for multi-layer tunnels

Differential   service based on the time and priority, support bandwidth sharing policy

Abnormal   traffic detection


Support standard IPSec   VPN/PPTP/L2TP


Active/active   (A/A) and active/standby mode

Support   configuration, session synchronization

Monitoring   statistics

Support   the URL log, NAT log, session log, threat log and so on

Support   real-time traffic statistics and analysis function

Support   the security event statistics function

HTTP/HTTPS,   Telnet, SSH, FTP/TFTP, Proxy server management, etc.

Power   supply

Power Supply

Dual Power


Power Range

AC100-240V 50/60Hz

Physical   index


Standard 1U

Environment   parameters

Work temperature


Work humidity


Order Information

Product Model


MPSec MSG4000-X1-AC  (V1)

MPSec MSG4000-X1-AC (V1), next generation firewall host, 10G next-generation firewall, configure 24Combo+2SFP+; built-in 500G hard disk, configure redundant AC power supply, 1U device


MSG4000-X1-IAA-1Y, next-generation firewall IAA module, MPSec MSG4000-X1-AC  (V1) product intrusion prevention module, feature library upgrade, 1-year authorization product IPS, AV and AM three-in-one function module, feature library upgrade, 1-year authorization