MPSec MSG4000-X4&X16 Series Firewall
MPSec MSG4000-X4&X6 series is a high-performance next-generation core firewall (NGFW), which can deeply analyze users, locations, traffic, applications, content, etc. in network traffic from multiple perspectives, deeply identify application-layer threats, and provide users with effective application-layer integration Security protection, protecting user borders and safe operation of business. The highly integrated multi-functional security module effectively reduces equipment stacking and simplifies user network architecture.
MPSec MSG4000 can accurately identify thousands of network applications, and provide detailed application traffic analysis and flexible policy control. Combined with user identification, application identification, and content identification, it can provide users with visualized and refined application security management. At the same time, MPSec MSG4000 has a built-in threat detection engine, which can resist various network attacks including viruses, Trojan horses, SQL injection, XSS cross-site scripting, and CC attacks, effectively protecting user network health and Web application server security.
MPSec MSG4000 provides comprehensive application security protection and flexible expansion methods. It can be deployed in various industries such as government, finance, enterprise, and education. It is widely used in Internet egress, intranet area boundaries, data centers, server area security isolation, VPN networking, and other application scenarios.
(Note: The product information may not be latest. For the latest, please contact overseas@maipu.com)
Product Features
l Independent and controllable hardware platform
The hardware platform of MPSec MSG4000 adopts Maipu's self-controllable hardware, integrates Maipu's independent design and manufacture, and shares Maipu's router hardware manufacturing process for more than 20 years. It can get good value guarantee in terms of product reliability and life cycle continuation.
v Stable and reliable hardware platform: Sharing Maipu’s decades of router hardware manufacturing process of Maipu, which has been in the market for tens of years, and the long-term verification of hundreds of thousands units ensures the stable and reliable operation of MPSec MSG4000.
v Controllable product life cycle: MPSec MSG4000 adopts Maipu's own ARM hardware architecture instead of the X86 industrial computer platform of traditional security manufacturers, and can better control the product life cycle.
l Refined application access control
MPSec MSG4000 supports in-depth application identification technology, which can accurately identify thousands of network applications, including hundreds of mobile terminal applications, based on protocol features, behavior features, and correlation analysis. On this basis, MPSec MSG4000 provides users with fine and flexible application security access control.
v Integrated access control: conduct integrated control and defense from users, applications, content, time, threats, and locations. The defense of the content layer is deeply combined with application identification, and it is processed in an integrated manner. For example: Oracle traffic is identified, and then corresponding intrusion prevention is carried out in a targeted manner, with higher efficiency and fewer false positives.
v Accurate application identification: Provides a refined application identification mechanism. Users can accurately filter out the types of applications they are interested in based on application names, application categories, risk levels, technologies used, application characteristics, etc., such as communication software with file transfer functions, or browser-based WEB video applications with known vulnerabilities, etc. etc., so as to realize refined application management and control.
v Flexible application control: Based on in-depth application identification and refined application screening, it supports flexible security control functions, including policy blocking, session restriction, traffic control, application diversion or time limit, etc.
l Comprehensive security defense capability
MPSec MSG4000 provides intrusion prevention technology based on in-depth application identification, protocol detection and attack principal analysis, which can effectively filter security threats such as viruses, Trojan horses, worms, spyware, vulnerability attacks, escape attacks, etc., and provide users with L2-L7 layer network security protection.
v Optimized attack identification algorithm. It can effectively resist denial-of-service attacks such as SYN Flood, UDP Flood, HTTP Flood, etc., and ensure the security and availability of the network and application system.
v Professional web attack protection function: Supports detection and filtering of SQL injection, cross-site scripting, CC attacks, etc., to protect web application servers from attack damage.
v High-performance virus filtering function: The leading detection engine based on flow scanning technology can realize low-latency high-performance filtering. Support for virus scanning in HTTP, FTP, SMTP, POP3, IMAP and other traffic and compressed files (zip, gzip, rar, etc.).
v Supports the URL filtering function of tens of millions of URL signature databases, which can help network administrators easily implement web browsing access control and avoid threat penetration caused by malicious URLs.
Product Specifications
|
Product Model |
MPSec MSG4000-X16 |
MPSec MSG4000-X4 |
|
|
Hardware Specification |
|||
|
Hardware |
Hardware Version |
V2 |
V3 |
|
CPU |
6-Core 2.6GHz |
4-Core 3.1GHz |
|
|
Memory |
32G |
16G |
|
|
Flash |
16G |
16G |
|
|
HDD Storage Extension Slot |
1 |
1 |
|
|
Expansion Slots |
8 |
4 |
|
|
Console Port |
1 |
1 |
|
|
USB Port |
2 |
2 |
|
|
Performance |
L2&L3 Firewall Throughput |
160Gbps |
42Gbps |
|
Max. Concurrent (Million) |
14M |
6M |
|
|
New Connection/Sec |
2.2M |
500K |
|
|
Recommend Users |
5-8K |
3-5K |
|
|
Max. IPSec Tunnels |
8000 |
5000 |
|
|
Max. IPSec Throughput |
4Gbps |
2.5Gbps |
|
|
Max. IPS Throughput |
35Gbps |
9Gbps |
|
|
Max. AV Throughput |
40Gbps |
12Gbps |
|
|
Max. NAT Policy |
4K |
4K |
|
|
Power Supply |
Power Supply |
Dual Fixed AC |
Dual Fixed AC |
|
Power Input |
100-240V/50-60HZ |
100-240V/50-60HZ |
|
|
Power Consumption |
≤760W |
≤300W |
|
|
Dimension |
W*D*H(mm) |
600*430*133mm |
560*430*90mm |
|
Environment |
Working Temperature |
0-45℃ |
0-45℃ |
|
Work environment humidity |
5%-90%, no-condensing |
5%-90%, no-condensing |
|
|
Storage environment temperature |
-25-70℃ |
-25-70℃ |
|
|
Storage environment humidity |
5%-90%, no-condensing |
5%-90%, no-condensing |
|
|
Software Specification |
|||
|
Basic Networking Capabilities |
Deployment Mode |
Support routing, transparent, switching, hybrid, bypass multi-mode deployment |
|
|
Routing Features |
Default routing, static routing, policy routing, support RIP, RIPng, OSPF, BGP and other dynamic routing |
||
|
Ip Protocol |
Support IPv4, IPv6 dual-stack |
||
|
NAT |
Support more than four conversion methods for source/destination address and port |
||
|
Load Balancing |
Support multi-link load balancing, support DNS traffic load balancing, support server IP-based load balancing; support IPSec VPN multi-link backup and load |
||
|
Network Service |
Support DHCP server, DNS transparent proxy, ARP proxy |
||
|
VPN |
IPSec VPN, L2TP VPN, PPTP VPN, GRE VPN |
||
|
Virtual System |
Support full isolation of virtual system routing, switching, monitoring, auditing, protection, etc. |
||
|
High Reliability |
Support dual-system hot backup function, support "master-standby" and "master-master" mode under routing and transparent mode, support interface linkage, link detection. |
||
|
Refined Access Control |
Access Control |
Supports access control based on security domains, VLANs, geographical regions, applications, etc., and one security policy can be configured with advanced access control functions including more than six security policies, realizing fast researching and analysis for security policies |
|
|
Application Identification |
It can identify 6000+ Internet applications and 900+ mobile applications. |
||
|
Behavior Management and Control |
Precisely control the abnormal behavior of SMTP, POP3, IMAP, FTP, TELNET, HTTP and other protocols |
||
|
User Authentication |
Support web authentication, third-party authentication linked with AD active directory, LDAP, RADIUS |
||
|
File Filtering |
Filter more than 30 commonly used document types in the three categories of document, compression and archiving |
||
|
Mail Filtering |
Supports filtering of e-mail senders and recipients, and supports anti-spam function |
||
|
URL Filtering |
Preset rich URL resource library, support offline/online update, support custom URL filtering policy |
||
|
Content Filtering |
Realize bidirectional content transmission filtering of five application protocols including HTTP, FTP, POP3, SMTP, and IMAP, and support predefined and customized sensitive information databases |
||
|
Bandwidth Management |
Support bandwidth management based on time, IP, user, service, application and other elements, support maximum bandwidth limit and minimum bandwidth guarantee |
||
|
Integrated Threat Protection |
Attack Protection |
Supported attack protection types include: SYN Flood, ICMP Flood, UDP Flood, IP Flood, DNS Flood, HTTP Flood, SYN Cookie, IP scanning attack, port scanning, IP spoofing, DHCP monitoring auxiliary inspection, Ping of Death, Teardrop, IP option , TCP exception, Smurf, Fraggle, Land, Winnuke, DNS exception, IP fragmentation, etc. |
|
|
Virus Protection |
Support virus cloud detection and killing technology for virus detection and killing of SMTP, POP3, IMAP, HTTP, FTP traffic |
||
|
Intrusion Prevention |
It can identify and block 5000+ vulnerabilities and spyware, and support generating dynamic policy |
||
|
Visual Intelligent Management |
Device Management |
Support device management through Http, Https, SSH, Console, CLI |
|
|
Management Authority |
Support separation of three powers, support custom administrators and authorities |
||
|
Network Analysis |
location, perform statistics and ranking through 5 dimensions of session, threat, content, URL, and byte count, displaying the current policy usage and network activity status, and locating abnormal behavior |
||
|
Threat Analysis |
The firewall presents advanced threat behaviors in the network based on hosts accessing malicious URLs and malicious domain names, combined with threat activity policies. In this way, it can be judged that there are compromised hosts in the intranet, or that the current security policy is not perfect |
||
|
Blocking Analysis |
Supports displaying blocking logs of users, applications, threats, content, URLs, etc. Administrators can judge malicious behaviors and potentially risky terminals in the network, and also judge whether normal behaviors have been blocked by mistake |
||
|
Log Output |
Support querying URL filtering logs, mail filtering logs, threat logs, domain name logs, behavior logs, and traffic logs, and support sending logs outside |
||
|
Statistics Analysis |
Supports the sorting of applications, IPs, users, etc. within a specified time range. Support historical statistics of new connections and concurrent connections. Support ranking statistics based on traffic in the network. Supports threat maps to help users understand the geographic location-based threat distribution in large networks. |
||
|
Monitoring Analysis |
Supports monitoring and analysis of system resources, users, assets, sessions, routes, etc. |
||
Order Information
|
MPSec MSG4000-X4 |
Description |
|
MPSec MSG4000-X4 |
MPSec MSG4000-X4 Firewall, 4*Expansion Slots, Fixed Dual Power Supply. (Including 1*1T Hard Disk and 32 IPsec VPN Tunnels License by default) |
|
MPSec-X4-4GET4GEF |
4-Port 1000M Base-T + 4-Port 1000M SFP interfaces Extension Module |
|
MPSec-X4-8GEF |
8-Port 1000M SFP interfaces Extension Module |
|
MPSec-X4-8GET |
8-Port 1000M Base-T interfaces Extension Module |
|
MPSec-X4-2XGEF |
2-Port 10G SFP+ interfaces Extension Module |
|
MPSec-X4-4XGEF |
4-Port 10G SFP+ interfaces Extension Module |
|
MPSec-X4-2QXGE |
2-Port 40G QSFP28 interfaces Extension Module |
|
License |
|
|
MSG4000-X4-IAA-1Y |
MSG4000-X1-IAA-1Y License upgrading service for one year, including application identification, URL identification, AV prevention, IPS prevention library |
|
MSG4000-IPSecVPN-50 |
50 IPSec VPN Tunnel License |
|
MSG4000-IPSecVPN-200 |
200 IPSec VPN Tunnel License |
|
MSG4000-IPSecVPN-1000 |
1000 IPSec VPN Tunnel License |
|
MSG4000-IPSecVPN-3000 |
3000 IPSec VPN Tunnel License |
|
MPSec MSG4000-X16 |
Description |
|
MPSec MSG4000-X16 |
MPSec MSG4000-X16 Firewall, 16*1000M Base-T, 4*1000M SFP, 4*10G SFP+ interfaces, 2*Expansion Slots, Dual Power Slots.(Including 1*1T Hard Disk and 64 IPsec VPN Tunnels License by default) |
|
MPSec-X16-8GET |
8-Port 1000M Base-T interfaces Extension Module |
|
MPSec-X16-8GEF |
8-Port 1000M SFP interfaces Extension Module |
|
MPSec-X16-2XGEF |
2-Port 10G SFP+ interfaces Extension Module |
|
MPSec-X16-4XGEF |
4-Port 10G SFP+ interfaces Extension Module |
|
MPSec-X16-2QXGE |
2-Port 40G QSFP28 interfaces Extension Module |
|
License |
|
|
MSG4000-X16-IAA-1Y |
MSG4000-X1-IAA-1Y License upgrading service for one year, including application identification, URL identification, AV prevention, IPS prevention library |
|
MSG4000-IPSecVPN-50 |
50 IPSec VPN Tunnel License |
|
MSG4000-IPSecVPN-200 |
200 IPSec VPN Tunnel License |
|
MSG4000-IPSecVPN-1000 |
1000 IPSec VPN Tunnel License |
|
MSG4000-IPSecVPN-3000 |
3000 IPSec VPN Tunnel License |
: