1U-Rackmontage, 6 × feste FE/GE TX-Ports und 4 × feste 100/1000M SFP-Steckplätze, 2 × erweiterte Medienmodulsteckplätze, redundantes Netzteil

Verfügbarkeit:

Asien-Pazifik
Status:

Aktiv

Zitieren

Technische Daten

Technische Daten

Expand All

Produktbeschreibung

Typ	RABE 5700
Name	RABE 5700
Beschreibung	1U-Rackmontage, 6 × feste FE/GE TX-Ports und 4 × feste 100/1000M SFP-Steckplätze, 2 × erweiterte Medienmodulsteckplätze, redundantes Netzteil
Port-Typ und Anzahl	6 × feste FE/GE TX-Ports, 4 × feste 100/1000M SFP-Steckplätze, 2 × USB, 1 × RJ45-Konsolenport
Art der Wärmestrahlung	Feste Lüftung
Erweiterter Steckplatz	2 × erweiterte Medienmodulsteckplätze
Lagerung	60G SSD
Leistung	60G (Firewall), 23G (NGFW aktivieren)
Verbindungen pro Sekunde	320000/s (Firewall), 89000/s (NGFW aktivieren)
IPSec-VPN-Standardtunnel	5000
Virtuelle Firmware	2/5
Gleichzeitige Verbindungen	3.2 Millionen

Weitere Schnittstellen

Stromversorgung	2 × feste redundante Netzteile

Versorgung

Betriebsspannung	100–240 VAC, 47–63 Hz, redundantes Netzteil unterstützt

Umgebungsbedingungen

Zulässige Feuchtigkeit (Lagerung/Transport)	5 % bis 95 %
Betriebstemperatur	-5-+45 °C
Minimale Lagertemperatur	-20°C Zu +70 °C
Relative Luftfeuchte (nicht kondensierend)	5-85 %
Gesamtbreite	435 mm
Gesamthöhe	44.5 mm
Tiefe	500 mm
Gewicht	13.2 kg
Montage-Typ	Rackmontage

Software-Spezifikationen


Security	Access control	Access control based on network interface, security zones, source/destination IP, domain name, port, application and customer; support time-based policy. Support DPI identification in access control.
		Support security policies pre-compile during committing configuration, complex security policies will not reduce chassis performance
		Support default policy, permit all or deny all is available for all policies
		Support logging for policy match, include flow and hitting
		Support shadowing checking in security policies
		Support session management for special security policy
		Support group based security policies management
	APT (Advanced Persistent Threat) protection	Chassis has another dedicated hardware based APT engine. Sandbox is used to detect malicious code. APT engine has abilities for protecting long-term detection attack and 0 DAY attack
		APT engine can process at least 20 types of files, such as exe, rtf, Office file, rar, zip, pdf and so forth.
	Raven Eye cloud security protection	Raven can sync all system libraries from Raven Eye. Raven is able to prevent either known or unknown threaten when it is captured by Raven Eye in past 6 hours
		Support both IPv4 and IPv6 environment.
		Support one-key process for captured host
	IPS	Support flow based protocol analysis and protocol tree algorithm, support both IPv4 and IPv6
		Attack sample library has more than 3600 entries, weekly update, and support online user manual
		Support online, bypass and complex deployment
	Anti-Virus	Based on Raven eye cloud security center, Raven has more than 36k virus samples, weekly update
		Support HTTP, FTP, POP3, IMAP and SMTP attachment scanning
		Support customized scan template
		Anti-virus policy can base on interface, security zone, address, user, service and time
		Support online, bypass and complex deployment, support both IPv4 and IPv6
	Web application protection	Support protection for SQL injection and XSS script attack, support Web application security in IPv4/IPv6 protection
	DDoS	Support TCP flooding protection, include packet rate, source host packet rate and destination packet rate limitation. SYN cookie, dropping violation packets or only alarm are available protection actions
		Support UDP flooding protection, include packet rate, source host packet rate and destination packet rate. Dropping violation packets and only alarm are available protection actions
		Support ICMP flooding protection, include packet rate, source host packet rate and destination packet rate. Dropping violation packets and only alarm are available protection actions
		Support inhibition for malicious scanning, such as TCP scanning, UDP scanning and ICMP scanning
		Support protection for Jolt2, Land-Base, Ping of death, Syn flag, Tear drop, Winnuke, Smurf
	Session Control	Total connection control based on interface, address, user, application and time
		CPS control based on interface, address, user, application and time
		Source total connection control based on interface, address, user, application and time
		Source CPS suppression control based on interface, address, user, application and time
		Destination total connection control based on interface, address, user, application and time
		Destination CPS control based on interface, address, user, application and time
	ARP protection	Support IP-MAC mapping protection and unique mapping validation
		Support protection of ARP spoofing. Raven support static MAC learning or reverse flooding to correct ARP to strike back the attacker
		Support ARP suppression to defense ARP flooding
	Deny List	Support IP based deny list, deny list up to 30K entries
		Support import/export operation for deny list
Application-based control	Application Identification	App ID engine based on DPI, DFI and network behavior analysis
	Application control	Support application identification by classes, such as: IM, class-based URL management, social media, download tools, video application and so forth
	Email application control	Support deep email inspection based on parameters such as email title, email body, attachments and protocol commands
	Application library	Application library support at least 1000 applications
	Application library update	Application library update support both online and offline operation, weekly update
	IPv4/IPv6 support	Support application behavior management in IPv4/IPv6
Traffic control	Token bucket	Multi-level token bucket mechanism, minimum particle size 1K bps
	Flexible QoS	Support QoS policy on physical interface and VLAN interface
	Application based QoS	QoS policy support application traffic inspection
	Hierarchical QoS	Support 4-level nesting HQoS, each level has 64 queue
	Per-user bandwidth control	Support assign per-user bandwidth schedule in customer communication for upstream traffic and downstream traffic
	Bandwidth reserve	Support to configure upstream bandwidth and downstream bandwidth
	Priority queue	Support priority queue
	Shaping	Support shaping
Network	Deployment	Support routing mode and transparent mode firewall, support complex deployment
	IPv4/IPv6 dual stack	Support IPv4/IPv6 dual stack, all functions can work both under IPv4 and IPv6
	Physical interface	Support static IP address and DHCP client, support multiple addresses under interface
	802.1Q VLAN	Support 4096 VLANs
	LAG	Support LACP and static LAG. Load balancing mode can be configured.
	GRE	Support GRE tunnel
	Static route	Support static route and ECMP under static route. Support various methods of static route health check
	Routing protocol	Support RIP, OSPF and BGP
	Policy based route	Support PBR based on ingress port, source IP, destination IP, port, service and domain name, multiple next-hops are also supported
	BFD	Support BFD function.
	Load balance in WAN	Support load balance for multiple WAN interface, include PPPoE
	Health check	Support link health check via ICMP, TCP, DNS and HTTP request
	Routing control	Support ECMP, PBR and link-load balance
	NAT	Support source NAT, destination NAT, static NAT and policy NAT. Support CG-NAT.
	NAT46/NAT64	Support NAT between IPv4 and IPv6
	ALG	NAT pin-hole support on application layer
	NAT address pool	Support multiple address pool and discontinuous address pool
	VPN	Support IPSec VPN and L2TP VPN
		Support SSLVPN in proxy mode and tunnel mode. Support nested access policy in SSLVPN
	STP	Support STP protocol
	DHCP	Support DHCP server, support IP-MAC binding entry
	DNS Server	Support DNS server, Support DNS zone
	DNS record	Support DNS record, include A, AAA, NS, CNAME, TXT, MX and PTR
	DNS transparent agent	Support DNS transparent agent, support multiple algorithms for load balancing
Virtualization	Hardware based virtualization	Raven support hardware based virtualization acceleration
	Virtual FW configuration	Support full functional vFW deployment. vFW support different software, feature and HA policy
	Virtual FW management	Each vFW has private resource template and configuration
HA	Hot-standby	Support active-active and active-backup mode
	Backup node management	Backup node support OOB management
	VRRP	Support VRRP for gateway backup
	Multi-standard failure detection	Failure detection based on heart-beat detection, link flapping, remote failure.
	Session sync	Support session sync between nodes, failover will not interrupt service
	HA preempt	Support priority configuration for certain active node
Monitoring	Threaten visualization	Support threaten visualization for attack. Visualization based on threat level, country and victim, include TOP10 table and diagram.
	Application based traffic visualization	Support application visualization for TOP100 application. Diagram include traffic detail and per app/per user traffic statistics.
	User based traffic visualization	Support user based visualization for TOP100 users. Diagram include user traffic detail.
	Interface based traffic visualization	Support collecting detail information of interfaces, based on physical interface or virtual interface (VNI or GRE)
	System report	Support to generate system report in system usage. CPU usage, memory usage, concurrent connection, CPS field during real time, 1 hour, 1 day, 7 days and 1 month
Logging	Local syslog	Support local storage for system log
	Remote syslog	Support multiple syslog server
	Log level	Support standard level 0~7
	Report	System can generate traffic report and threaten report.
	Email alarm	System alarm can trigger email to certain receivers.
Address management	Address object management	Support address objects up to 8K, each object has address records up to 2K. Support domain name as address record.
	Address object bulk operation	Support import/export address objects/record for bulk operation.
	Customized application	Support customized application
System configuration	Web UI(HTTP/HTTPS)	Internationalization Web UI
	Control/VTY	Support console port, SSH and telnet for remote CLI management
	SNMP	Support SNMP v1/v2/v3
	User login management	Support local account, Radius and LDAP authentication
	User role management	Support different user roles to implement user management and operation audit.
	NTP	Support external NTP server
	System configuration backup/restore	Support export/import configuration file as plain text.
	Packet dump	Support WebUI for packet dumping

Mechanische Stabilität

IEC 60068-2-6 Vibration	1 mm, 2 Hz–13,2 Hz, 90 min.; 0,7 g, 13,2 Hz–100 Hz, 90 min.; 3.5 mm, 3 Hz–9 Hz, 10 Zyklen, 1 Oktave/Min.; 1 g, 9 Hz–150 Hz, 10 Zyklen, 1 Oktave/Min.
IEC 60068-2-27 Stoß	15 g, 11 ms Dauer, 18 Stöße

Immunität gegen EMC-Störung

EN 61000-4-2 elektrostatische Entladung (Electrostatic Discharge, ESD)	4 kV Kontaktentladung, 8 kV Luftentladung
EN 61000-4-3 elektromagnetisches Feld	10 V/m (80-1000 MHz), 3 V/m (1000-6000 MHz)
DE 61000-4-4 schnelle Transienten (Burst)	2 kV Stromleitung, 1 kV Datenleitung
DE 61000-4-5 Stoßspannung	Stromleitung: 2 kV (Ader/Erde), 1 kV (Ader/Ader), 1 kV Datenleitung
DE 61000-4-6 Leitungsgeführte Immunität	10 V (150 kHz bis 80 MHz)
EN 61000-4-8 Netzfrequenz Magnetfeld	30A/m
EN 61000-4-11 Spannungseinbrüche, Kurzunterbrechung	0 % (20 ms), 40 % (300 ms), 70 % (500 ms), 0 % (5 s)

Immunität gegen EMC

EN 55032	EN 55032 Klasse A
EN 61000-3-2	EN 61000-3-2 Klasse A
EN 61000-3-3	EN 61000-3-3
FCC CFR47 Teil 15	FCC 47CFR Teil 15, Klasse A

Zulassungen

FCC	Konform
China Network Access Certificate	Konform
RoHS-konform	Entspricht der Norm RoHS (EU 2015/863) und RoHS (GB/T26572-2011)

Lieferumfang und Zubehör

Zubehör gesondert zu bestellen	SFP, Medienmodul
Lieferumfang	1 × Gerät, 1 × Erdungskabel, 2 × Netzkabel, 1 × Konsolenkabel, 1 × Cat5UTP 2M, 1 × Installationspaket