0% found this document useful (0 votes)
208 views6 pages

Hillstone E-Pro Series EN 2

Uploaded by

Ayah Jasmine
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
208 views6 pages

Hillstone E-Pro Series EN 2

Uploaded by

Ayah Jasmine
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 6

E1100W / E1600 / E1606 / E1700

Hillstone E-Pro Series


Next-Generation Firewall

The Hillstone E-Pro Series Next Generation Firewall (NGFW) is designed for comprehensive
security with superior price performance. It provides granular visibility and control of applications.
Advanced system architecture and dedicated hardware acceleration capabilities allow the E-Pro
Series to secure all traffic with fine-grained control without compromising performance. The
Hillstone E-Pro Series NGFW incorporates advanced firewall features, offers excellent energy
efficiency, and a flexible, affordable and easy-to-manage solution that delivers comprehensive
threat protection and improved security posture.

Product Highlights
Multi-Dimensional Granular Control Comprehensive Threat Detection and Prevention
Hillstone’s E-Pro Series provides admins with rich security Hillstone’s E-Pro Series NGFW provides intrusion prevention
features and flexible controls. The E-Pro Series provides based on analysis of attacks and deep inspection of
precise identification and application-aware control through applications and protocols, which secures Layers 2-7 of
deep application inspection to intelligently and accurately the network by effectively filtering security threats such as
identify thousands of applications and help admins identify viruses, Trojan horses, worms, spyware, vulnerability attacks,
security risks across multiple dimensions. It supports a rich and evasion attacks. The E-Pro Series uses an optimized
set of user authentication methods, including local, TACACS+, attack identification algorithm to mitigate DoS/DDoS , which
RADIUS, LDAP, and authentication based on password, SMS, ensures the security of the network and the availability of
certificates, token or email. It allows fine-grained user control business applications. Hillstone’s NGFW offers advanced web
such as access control, application limits, and bandwidth attack protection, which not only prevents web attacks such
guarantees. The E-Pro Series NGFW can accurately identify as SQL injection and cross-site scripting, but also defends
the geographic location of the source/destination IP of an against web page tampering and similar exploits. The stream
attack, which enables access control to block attacks. The scanning based virus detection engine enables low-latency
E-Pro Series provides granular control of data in transit, and high-performance filtering in HTTP/HTTPS, FTP, SMB,
protecting organizations from the leakage of critical, sensitive, various mail transfer protocols and compressed files. URL
or confidential data and files. filtering can help network administrators easily control
browsing of malicious URLs. A variety of management and

www.HillstoneNet.com © 2021 Hillstone Networks All Rights Reserved. | 1


Hillstone E-Pro Series Firewall

Product Highlights (Continued)


controls can prevent malicious activities concealed in Full-concurrence and High-performance Architecture
SSL-encrypted traffic including email. Cloud Sandbox, an
Hillstone’s E-Pro Series NGFW delivers high performance with
advanced threat detection engine, can emulate the execution
a unique approach, allowing organizations to take advantage
environment and analyze all activities related to malicious
of its high throughput, low latency, and high concurrency.
files, identify advanced threats and provide comprehensive
Full-concurrence packet processing technology performs all
threat reports as well as rapid remediation.
security checks and analysis in a single pass, which reduces
processing overhead for complex security features, while
Advanced Networking Capabilities
delivering consistently high performance. The best-of-breed
Hillstone’s E-Pro Series NGFW integrates advanced architecture and proprietary algorithms of Hillstone’s StoneOS
network adaptability with consistent security enforcement optimize the session load across all CPU cores to take full
across diverse network environments. Dynamic detection advantage of multiple cores.
and inbound SmartDNS functions intelligently load balance
traffic across multiple links. It significantly improves link Unified and Centralized Management
utilization and delivers an improved user experience without
Hillstone’s E-Pro Series NGFW supports centralized
compromising security. The routing table can be dynamically
management via the Hillstone Security Management Platform
adjusted according to the network conditions with support of
(HSM). Unified policy management, device configuration
protocols such as RIP, OSPF and BGP. The E-Pro Series also
management, and real-time security monitoring simplifies
enables high VPN performance through the built-in hardware
deployment, reduces response time for security incidents,
acceleration capability for large-scale IPsec/SSL VPN
improves operational efficiency and reduces TCO. Hillstone’s
deployments.
E-Pro Series NGFW also supports the cloud-based Hillstone
CloudView security management and analytics platform,
which provides real-time monitoring, analysis and alarming of
hardware, traffic trends, ranking of apps and users, as well as
threat information via a unified web portal or mobile app.

www.HillstoneNet.com © 2021 Hillstone Networks All Rights Reserved. | 2


Hillstone E-Pro Series Firewall

Features
Network Services Attack Defense SSL Decryption
• Dynamic routing (OSPF, BGP, RIPv2) • Abnormal protocol attack defense • Application identification for SSL encrypted traffic
• Static and policy routing • Flood attack defense, including ICMP flood, UDP • IPS enablement for SSL encrypted traffic
• Route controlled by application flood, DNS query flood, recursive DNS query flood, • AV enablement for SSL encrypted traffic
DNS reply flood, SYN flood
• Built-in DHCP, NTP, DNS Server and DNS proxy • URL filter for SSL encrypted traffic
• ARP spoofing and ND spoofing defense
• Tap mode – connects to SPAN port • SSL encrypted traffic whitelist
• Scan and spoof defense, including IP address
• Interface modes: sniffer, port aggregated, • SSL proxy offload mode
spoof, IP address sweep, port scan
loopback, VLANS (802.1Q and Trunking) • Support application identification, DLP, IPS
• DoS/DDoS defense, including ping of death attack,
• L2/L3 switching & routing sandbox, AV for SSL proxy decrypted traffic of
teardrop attack, IP fragment, IP option, Smurf or
• Multicast(PIM-SSM) SMTPS/POP3S/IMAPS
Fragile attack, Land attack, large ICMP packet,
• Virtual wire (Layer 1) transparent inline WinNuke attack Endpoint Identification and Control
deployment • Allow list for destination IP address • Support to identify endpoint IP, endpoint quantity,
Firewall on-line time, off-line time, and on-line duration
URL Filtering
• Operating modes: NAT/route, transparent (bridge), • Support 10 operating systems including Windows,
• Flow-based web filtering inspection
and mixed mode iOS, Android, etc.
• Manually defined web filtering based on URL, web
• Policy objects: predefined, custom, aggregate • Support query based on IP, endpoint quantity,
content and MIME header
policy, object grouping control policy and status etc.
• Dynamic web filtering with cloud-based real-time
• Security policy based on application, role and • Support the identification of accessed endpoints
categorization database: over 140 million URLs
geo-location quantity across layer 3, logging and interference
with 64 categories (8 of which are security related)
on overrun IP
• Application Level Gateways and session support: • Additional web filtering features:
MSRCP, PPTP, RAS, RSH, SIP, FTP, TFTP, HTTP, • Redirect page display after custom interference
- Filter Java Applet, ActiveX or cookie operation
dcerpc, dns-tcp, dns-udp, H.245 0, H.245 1, H.323
- Block HTTP Post • Supports blocking operations on overrun IP
• NAT and ALG support: NAT46, NAT64, NAT444,
SNAT, DNAT, PAT, Full Cone NAT, STUN - Log search keywords • User identification and traffic control for remote
• NAT configuration: per policy and central NAT - Exempt scanning encrypted connections on desktop services of Windows Server
table certain categories for privacy
• Web filtering profile override: allows administrator Data Security
• VoIP: SIP/H.323/SCCP NAT traversal, RTP pin
holing to temporarily assign different profiles to user/ • File transfer control based on file type, size and
group/IP name
• Global policy management view
• Web filter local categories and category rating • File protocol identification, including HTTP, FTP,
• Security policy redundancy inspection, policy SMTP, POP3 and SMB
override
group, policy configuration rollback
• Support multi-language • File signature and suffix identification for over 100
• Policy Assistant for easy detailed policy file types
deployment Cloud-Sandbox • Content filtering for HTTP-GET, HTTP-POST, FTP
• Policy analyzing and invalid policy cleanup • Upload malicious files to cloud sandbox for and SMTP protocols
• Comprehensive DNS policy analysis • IM identification and network behavior audit
• Schedules: one-time and recurring • Support protocols including HTTP/HTTPS, POP3, • Filter files transmitted by HTTPS using SSL Proxy
IMAP, SMTP, FTP and SMB and SMB
Intrusion Prevention
• Support file types including PE, ZIP, RAR, Office,
• Protocol anomaly detection, rate-based detection, PDF, APK, JAR, SWF and Script Application Control
custom signatures, manual, automatic push or • Over 4,000 applications that can be filtered by
• File transfer direction and file size control
pull signature updates, integrated threat encyclo- name, category, subcategory, technology and risk
pedia • Provide complete behavior analysis report for
malicious files • Each application contains a description, risk
• IPS Actions: default, monitor, block, reset factors, dependencies, typical ports used, and
(attackers IP or victim IP, incoming interface) with • Global threat intelligence sharing, real-time threat
blocking URLs for additional reference
expiry time
• Support detection only mode without uploading • Actions: block, reset session, monitor, traffic
• Packet logging option shaping
files
• Filter Based Selection: severity, target, OS, appli- • Identify and control cloud applications in the cloud
cation or protocol • URL allow / block list configuration
• Provide multi-dimensional monitoring and
• IP exemption from specific IPS signatures Botnet C&C Prevention statistics for cloud applications, including risk
• IDS sniffer mode • Discover intranet botnet host by monitoring C&C category and characteristics
• IPv4 and IPv6 rate based DoS protection with connections and block further advanced threats
threshold settings against TCP Syn flood, TCP/ such as botnet and ransomware Quality of Service (QoS)
UDP/SCTP port scan, ICMP sweep, TCP/UDP/ • Regularly update the botnet server addresses • Max/guaranteed bandwidth tunnels or IP/user
SCIP/ICMP session flooding (source/destination) basis
• Prevention for C&C IP and domain
• Active bypass with bypass interfaces • Tunnel allocation based on security domain,
• Support TCP, HTTP, and DNS traffic detection interface, address, user/user group, server/server
• Predefined prevention configuration
• Allow and block list based on IP address or group, application/app group, TOS, VLAN
Antivirus domain name • Bandwidth allocated by time, priority, or equal
• Manual, automatic push or pull signature updates • Support DNS sinkhole and DNS tunneling bandwidth sharing
detection • Type of Service (TOS) and Differentiated Services
• Manually add or delete MD5 signature to the AV
database (DiffServ) support
IP Reputation
• MD5 signature support uploading to cloud • Prioritized allocation of remaining bandwidth
• Identify and filter traffic from risky IPs such as
sandbox, and manually add or delete on local botnet hosts, spammers, Tor nodes, breached • Maximum concurrent connections per IP
database hosts, and brute force attacks • Bandwidth allocation based on URL category
• Flow-based antivirus: protocols include HTTP, • Logging, dropping packets, or blocking for • Bandwidth limit by delaying access for user or IP
SMTP, POP3, IMAP, FTP/SFTP, SMB different types of risky IP traffic • Automatic expiration cleanup and manual cleanup
• Compressed file virus scanning • Periodical IP reputation signature database of user used traffic
upgrade

www.HillstoneNet.com © 2021 Hillstone Networks All Rights Reserved. | 3


Hillstone E-Pro Series Firewall

Features (Continued)
Server Load Balancing • View and manage IPsec and SSL VPN connec- • Use authentication synchronization based on
tions SSO-monitor
• Weighted hashing, weighted least-connection, and
weighted round-robin • PnPVPN • Support IP-based and MAC-based user authenti-
cation
• Session protection, session persistence and • VTEP for VxLAN static unicast tunnel
session status monitoring Administration
• Server health check, session monitoring and IPv6
• Management access: HTTP/HTTPS, SSH, telnet,
session protection • Management over IPv6, IPv6 logging and HA
console
• IPv6 tunneling: DNS64/NAT64, IPv6 ISATAP, IPv6
Link Load Balancing • Central Management: Hillstone Security Manager
GRE, IPv6 over IPv4 GRE
(HSM), web service APIs
• Bi-directional link load balancing • IPv6 routing including static routing, policy routing,
• System Integration: SNMP, syslog, alliance
• Outbound link load balancing: policy based routing ISIS, RIPng, OSPFv3 and BGP4+
partnerships
including ECMP, time, weighted, and embedded • IPS, Application identification, URL filtering,
ISP routing; Active and passive real-time link • Rapid deployment: USB auto-install, local and
Antivirus, Access control, ND attack defense, iQoS
quality detection and best path selection remote script execution
• IPv6 jumbo frame support
• Inbound link load balancing supports SmartDNS • Dynamic real-time dashboard status and drill-in
• IPv6 Radius support monitoring widgets
and dynamic detection
• IPv6 support on the following ALGs: TFTP, FTP, • Language support: English
• Automatic link switching based on bandwidth, RSH, HTTP, SIP
latency, jitter, connectivity, application etc.
• IPv6 support on distributed iQoS Logs & Reporting
• Link health inspection with ARP, PING, and DNS
• Track address detection • Logging facilities: local log storage with storage
VPN models for up to 6 months, multiple syslog
VSYS servers and multiple Hillstone Security Audit (HSA)
• IPsec VPN platforms
• System resource allocation to each VSYS
- IPsec Phase 1 mode: aggressive and main ID • Encrypted logging and log integrity with HSA
protection mode • CPU virtualization
• Non-root VSYS support firewall, IPsec VPN, scheduled batch log uploading
- Peer acceptance options: any ID, specific ID, ID in • Reliable logging using TCP option (RFC 3195)
dialup user group SSL VPN, IPS, URL filtering, app monitoring, IP
reputation, QoS • Detailed traffic logs: forwarded, violated sessions,
- Supports IKEv1 and IKEv2 (RFC 4306) local traffic, invalid packets, URL etc.
• VSYS monitoring and statistic, app monitoring, IP
- Authentication method: certificate and reputation, AV, QoS • Comprehensive event logs: system and adminis-
pre-shared key trative activity audits, routing & networking, VPN,
- IKE mode configuration support (as server or High Availability user authentications, WiFi related events
client) • Redundant heartbeat interfaces • IP and service port name resolution option
- DHCP over IPsec • Active/Active and Active/Passive mode • Brief traffic log format option
- Configurable IKE encryption key expiry, NAT • Standalone session synchronization • Three predefined reports: Security, Flow and
traversal keep alive frequency Network reports
• HA reserved management interface
- Phase 1/Phase 2 Proposal encryption: DES, • User defined reporting
• Failover:
3DES, AES128, AES192, AES256
- Port, local & remote link monitoring • Reports can be exported in PDF, Word and HTML
- Phase 1/Phase 2 Proposal authentication: via Email and FTP
MD5, SHA1, SHA256, SHA384, - Stateful failover
SHA512 - Sub-second failover Statistics and Monitoring
- IKEv1 support DH group 1,2,5,19,20,21,24 - Failure notification • Application, URL, threat events statistic and
- IKEv2 support DH group • Deployment options: monitoring
1,2,5,14,15,16,19,20,21,24 - HA with link aggregation • Real-time traffic statistic and analytics
- XAuth as server mode and for dialup users - Full mesh HA • System information such as concurrent session,
- Dead peer detection - Geographically dispersed HA CPU, memory and temperature
- Replay detection • iQOS traffic statistic and monitoring, link status
- Autokey keep-alive for Phase 2 SA Twin-mode HA (only available on E3960P and monitoring
• IPsec VPN realm support: allows multiple custom above models) • Support traffic information collection and
SSL VPN logins associated with user groups (URL • High availability mode among multiple devices forwarding via Netflow (v9.0)
paths, design) • Multiple HA deployment modes
CloudView
• IPsec VPN configuration options: route-based or • Configuration and session synchronization among
policy based multiple devices • Cloud-based security monitoring
• IPsec VPN deployment modes: gateway-to- • Dual HA data link ports • 24/7 access from web or mobile application
gateway, full mesh, hub-and-spoke, redundant • Device status, traffic and threat monitoring
tunnel, VPN termination in transparent mode User and Device Identity • Cloud-based log retention and reporting
• One time login prevents concurrent logins with the • Local user database
same username • Remote user authentication: TACACS+, LDAP, IoT Security
• SSL portal concurrent users limiting Radius, Active Directory • Identify IoT devices such as IP Cameras and
• SSL VPN port forwarding module encrypts client • Single-sign-on: Windows AD Network Video Recorders
data and sends the data to the application server • 2-factor authentication: 3rd party support, • Support query of monitoring results based on
• Supports clients that run iOS, Android, and integrated token server with physical and SMS filtering conditions, including device type, IP
Windows XP/Vista including 64-bit Windows OS address, status, etc.
• User and device-based policies
• Host integrity checking and OS checking prior to • Support customized whitelists
• User group synchronization based on AD and
SSL tunnel connections LDAP Wireless
• MAC host check per portal • Support for 802.1X, SSO Proxy • Multi-SSID and wireless traffic control (only on
• Cache cleaning option prior to ending SSL VPN • WebAuth: page customization, force crack E1600WP)
session prevention, IPv6 support
• L2TP client and server mode, L2TP over IPsec, • Interface based authentication
and GRE over IPsec
• Agentless ADSSO (AD Polling)

www.HillstoneNet.com © 2021 Hillstone Networks All Rights Reserved. | 4


Hillstone E-Pro Series Firewall

Specifications
SG-6000-E1600P SG-6000-E1600WP SG-6000-E1700P SG-6000-E2800P SG-6000-E3662P SG-6000-E3668P SG-6000-E3960P SG-6000-E3968P

FW Throughput (1) 4.7 Gbps 4.7 Gbps 4.75 Gbps 8 Gbps 10 Gbps 10 Gbps 10 Gbps 10 Gbps
IPsec
850 Mbps 850 Mbps 850 Mbps 3 Gbps 3 Gbps 3 Gbps 4 Gbps 4 Gbps
Throughput (2)
AV Throughput (3)
890 Mbps 890 Mbps 890 Mbps 2.1 Gbps 2.1 Gbps 2.1 Gbps 2.2 Gbps 2.2 Gbps
IPS Throughput (4) 1.2 Gbps 1.2 Gbps 1.2 Gbps 3.3 Gbps 3.3 Gbps 3.3 Gbps 3.9 Gbps 3.9 Gbps
IMIX Throughput (5) 1.7 Gbps 1.7 Gbps 1.7 Gbps 5.3 Gbps 5.3 Gbps 5.3 Gbps 7 Gbps 7 Gbps
NGFW
470 Mbps 470 Mbps 470 Mbps 1.25 Gbps 1.25 Gbps 1.25 Gbps 1.5 Gbps 1.5 Gbps
Throughput (6)
Threat Protection
360 Mbps 360 Mbps 400 Mbps 860 Mbps 900 Mbps 900 Mbps 1.1 Gbps 1.1 Gbps
Throughput (7)
New Sessions/s (8)
27,000 27,000 28,000 80,000 120,000 120,000 150,000 150,000
Maximum Concur-
0.2M 0.2M 0.6M 1M 3M 3M 3.2M 3.2M
rent Sessions (9)
IPsec Tunnel
512 512 2000 2000 6000 6000 6000 6000
Number
SSL VPN Users
8 / 128 8 / 128 8 / 500 8 / 1000 8 / 4000 8 / 4000 8 / 6000 8 / 6000
(Default/Max)
Virtual Systems
N/A N/A 1/5 1/5 1/ 50 1/ 50 1/ 100 1/ 100
(Default/Max)

Storage N/A N/A N/A N/A N/A 256G SSD N/A 256G SSD

1 x Console Port, 1 x Console Port, 1 x Console Port, 1 x Console Port,


1 x AUX Port, 1 x AUX Port, 1 x AUX Port, 1 x AUX Port,
1 x Console Port, 1 x Console Port, 1 x Console Port, 1 x Console Port,
Management Ports 1 x USB Port, 1 x USB Port, 1 x USB Port, 1 x USB Port,
1 x USB Port 1 x USB Port 1 x USB Port 1×USB port
1 x HA, 1 x HA, 1 x HA, 1 x HA,
1x MGT 1x MGT 1x MGT 1x MGT

6 x GE (1 bypass 6 x GE (1 bypass
Fixed I/O Ports 9 x GE 9 x GE 9 x GE 5 x GE, 4 x Combo 6 x GE, 4 x SFP 6 x GE, 4 x SFP pair), 4 x SFP, pair), 4 xSFP,
2 x SFP+ 2 x SFP+
Available Slots
for Expansion N/A N/A N/A N/A 2 x Generic Slot 2 x Generic Slot 2 x Generic Slot 2 x Generic Slot
Modules
IOC-4GE-B-P, IOC-4GE-B-P, IOC-4GE-B-P, IOC-4GE-B-P,
Expansion Module
N/A N/A N/A N/A IOC-8GE-P, IOC-8GE-P, IOC-8GE-P, IOC-8GE-P,
Option
IOC-8SFP-P IOC-8SFP-P IOC-8SFP-P IOC-8SFP-P
Twin-mode HA N/A N/A N/A N/A N/A N/A Yes Yes
45W, Dual AC 150W, Dual AC 150W, Dual AC 150W, Dual AC 150W, Dual AC
30W, Single AC 30W, Single AC 45W, Single AC
Power Redundant Redundant Redundant Redundant Redundant
AC 100-240 V AC 100-240 V AC 100-240 V
Specification AC 100-240 V AC 100-240 V AC 100-240 V AC 100-240 V AC 100-240 V
50/60 Hz 50/60 Hz 50/60 Hz
50/60 Hz 50/60 Hz 50/60 Hz 50/60 Hz 50/60 Hz
desktop desktop 1U 1U 1U 1U 1U 1U
Dimension
12.6×5.91×1.7 in 12.6×5.91×1.7 in 17.4x9.5x1.7 in 17.4x9.5x1.7 in 17.2x14.4x1.7 in 17.2x14.4x1.7 in 17.2x14.4x1.7 in 17.2x14.4x1.7 in
(W×D×H, mm)
(320×150×44 mm) (320×150×44 mm) (442x241x44 mm)  (442x241x44 mm) (436x366x44 mm) (436x366x44 mm) (436x366x44 mm) (436x366x44 mm)

Weight 3.3 lb (1.5 kg)  3.3 lb (1.5 kg)  5.5 lb (2.5 kg)  5.5 lb (2.5 kg)  12.3 lb (5.6 kg)  12.3 lb (5.6 kg)  12.3 lb (5.6 kg)  27.1 lb (11.8 kg) 
Temperature 32-104°F (0-40°C)  32-104°F (0-40°C)  32-104°F (0-40°C)  32-104°F (0-40°C)  32-104°F (0-40°C)  32-104°F (0-40°C)  32-104°F (0-40°C)  32-104°F (0-40°C) 
Relative Humidity 10-95% (no dew)  10-95% (no dew)  10-95% (no dew)  10-95% (no dew)  10-95% (no dew)  10-95% (no dew)  10-95% (no dew)  10-95% (no dew) 

Module Options
IOC-8GE-P IOC-8SFP-P IOC-4GE-B-P

Names 8GE Expansion Module  8SFP Expansion Module  4GE Bypass Expansion Module 
I/O Ports 8 x GE  8 x SFP, SFP module not included  4 x GE Bypass (2 pair bypass ports) 
Dimension ½U (Occupies 1 generic slot)  ½U (Occupies 1 generic slot)  ½U (Occupies 1 generic slot) 
Weight 1.8 lb (0.8 kg)  2.0 lb (0.9 kg)  1.8 lb (0.8 kg) 

www.HillstoneNet.com © 2021 Hillstone Networks All Rights Reserved. | 5


Hillstone E-Pro Series Firewall

Specifications
SG-6000-E5260P SG-6000-E5268P SG-6000-E5560P SG-6000-E5568P SG-6000-E5760P SG-6000-E5960P SG-6000-E6368P

FW Throughput (1) 20 Gbps 20 Gbps 20 Gbps 20 Gbps 40 Gbps 40 Gbps 90 Gbps


IPsec
8.4 Gbps 8.4 Gbps 12 Gbps 12 Gbps 18.8 Gbps 25.6 Gbps 64 Gbps
Throughput (2)
AV Throughput (3) 3.8 Gbps 3.8 Gbps 4.9 Gbps 4.9 Gbps 7.9 Gbps 14 Gbps 28 Gbps
IPS Throughput (4) 8.9 Gbps 8.9 Gbps 9.3 Gbps 9.3 Gbps 18.5 Gbps 18.8 Gbps 37 Gbps
IMIX Throughput (5) 15.5 Gbps 15.5 Gbps 20 Gbps 20 Gbps 36.5 Gbps 40 Gbps 90 Gbps
NGFW
3.9 Gbps 3.9 Gbps 5.6 Gbps 5.6 Gbps 8.9 Gbps 14 Gbps 26 Gbps
Throughput (6)

Threat Protection
2.2 Gbps 2.2 Gbps 3.1 Gbps 3.1 Gbps 5.2 Gbps 8.2 Gbps 18 Gbps
Throughput (7)
New Sessions/s (8) 200,000 200,000 300,000 300,000 500,000 600,000 1,100,000
Maximum Concur-
6M 6M 10M 10M 12M 15M 30M
rent Sessions (9)

IPsec Tunnel
20,000 20,000 20,000 20,000 20,000 20,000 20,000
Number

SSL VPN Users


8 / 10,000 8 / 10,000 8 / 10,000 8 / 10,000 8 / 10,000 8 / 10,000 8 / 10,000
(Default/Max)

Virtual Systems
1 / 250 1 / 250 1 / 250 1 / 250 1 / 250 1 / 250 1 / 500
(Default/Max)
Storage N/A 256G SSD N/A 256G SSD N/A N/A 512G SSD

1 x Console Port, 1 x Console Port, 1 x Console Port, 1 x Console Port, 1 x Console Port, 1 x Console Port, 1 x Console Port,
1 x AUX Port, 1 x AUX Port, 1 x AUX Port, 1 x AUX Port, 1 x AUX Port, 1 x AUX Port, 1 x AUX Port,
Management Ports 1 x USB Port, 1 x USB Port, 1 x USB Port, 1 x USB Port, 1 x USB Port, 1 x USB Port, 1 x USB Port,
1 x HA, 1 x HA, 1 x HA, 1 x HA, 1 x HA, 1 x HA, 1 x HA,
1x MGT 1x MGT 1x MGT 1x MGT 1x MGT 1x MGT 1x MGT

4 x GE (1 bypass pair), 4x GE (1 bypass pair), 4 x GE (1 bypass pair), 4 x GE (1 bypass pair),


2 x GE, 8 x SFP+,
Fixed I/O Ports 4 x SFP, 4 x SFP, 4 x SFP, 4 x SFP, 4 x GE, 4x SFP 4 x GE, 4x SFP 
2×QSFP+
2 x SFP+ 2 x SFP+ 2 x SFP+ 2 x SFP+
Available Slots for 2 x Generic Slot
4 x Generic Slot 4 x Generic Slot  4 x Generic Slot 4 x Generic Slot  4 x Generic Slot 4 x Generic Slot 
Expansion Modules 1 x Bypass Slot

IOC-4GE-B-P IOC-4GE-B-P IOC-4GE-B-P IOC-4GE-B-P IOC-4GE-B-P IOC-4GE-B-P


IOC-8GE-P IOC-8GE-P IOC-8GE-P IOC-8GE-P IOC-8GE-P IOC-8GE-P
Expansion Module IOC-8SFP-P IOC-8SFP-P IOC-8SFP-P IOC-8SFP-P IOC-8SFP-P IOC-8SFP-P IOC-8GE-P,
Option IOC-4SFP+-P IOC-4SFP+-P IOC-4SFP+-P IOC-4SFP+-P IOC-4SFP+-P IOC-4SFP+-P IOC-8SFP-P
IOC-8SFP+-P IOC-8SFP+-P IOC-8SFP+-P IOC-8SFP+-P IOC-8SFP+-P IOC-8SFP+-P
IOC-2SFP+-Lite-P IOC-2SFP+-Lite-P IOC-2SFP+-Lite-P IOC-2SFP+-Lite-P IOC-2SFP+-Lite-P IOC-2SFP+-Lite-P

Twin-mode HA Yes Yes Yes Yes Yes Yes Yes

450W, Dual AC Redun- 450W, Dual AC Redun- 450W, Dual AC Redun- 450W, Dual AC Redun- 450W, Dual AC Redun- 450W, Dual AC Redun- 450W, Dual AC Redun-
Power
dant, dant, dant, dant, dant, dant, dant,
Specification
AC 100-240 V 50/60 Hz AC 100-240 V 50/60 Hz AC 100-240 V 50/60 Hz AC 100-240 V 50/60 Hz AC 100-240 V 50/60 Hz AC 100-240 V 50/60 Hz AC 100-240 V 50/60 Hz

2U 2U 2U 2U 2U 2U 2.5U
Dimension
17.3x20.9x3.5 in 17.3x20.9x3.5 in 17.3x20.9x3.5 in 17.3x20.9x3.5 in 17.3x20.9x3.5 in 17.3x20.9x3.5 in 17.3×18.1×4.3 in
(W×D×H, mm)
(440x530x88 mm) (440x530x88 mm) (440x530x88 mm) (440x530x88 mm) (440x530x88 mm) (440x530x88 mm) (440×460×110 mm)
Weight 26.0 lb (11.8 kg) 26.0 lb (11.8 kg) 27.1 lb (12.3 kg) 27.1 lb (12.3 kg) 27.1 lb (12.3 kg) 27.1 lb (12.3 kg) 30.4 lb (13.8 kg)
Temperature 32-104°F (0-40°C)  32-104°F (0-40°C)  32-104°F (0-40°C)  32-104°F (0-40°C)  32-104°F (0-40°C)  32-104°F (0-40°C)  32-104°F (0-40°C) 
Relative Humidity 10-95% (no dew)  10-95% (no dew)  10-95% (no dew)  10-95% (no dew)  10-95% (no dew)  10-95% (no dew)  10-95% (no dew) 

Module Options
IOC-4GE-B-P IOC-8GE-P IOC-8SFP-P IOC-2SFP+-Lite-P IOC-4SFP+-P IOC-8SFP+-P

4GE Bypass Expansion


Names 8GE Expansion Module  8SFP Expansion Module  2SFP+ Expansion Module  4SFP+ Expansion Module 8SFP+ Expansion Module
Module 

4 x GE Bypass 8 x SFP, 2 x SFP+, 4 x SFP+, 8 x SFP+,


I/O Ports 8 x GE 
(2 pair bypass ports)  SFP module not included  SFP+ module not included  SFP+ module not included  SFP+ module not included 
Dimension ½U (Occupies 1 generic slot)  ½U (Occupies 1 generic slot)  ½U (Occupies 1 generic slot)  ½U (Occupies 1 generic slot)  1U (Occupies 2 generic slot)  1U (Occupies 2 generic slot) 
Weight 1.8 lbs (0.8 kg)  1.8 lbs (0.8 kg)  2.0 lbs (0.9 kg)  0.7 lbs (0.3 kg)  1.5lbs (0.9 kg) 1.5lbs (0.9 kg)

NOTES:
(1) FW throughput data is obtained under single-stack UDP traffic with 1518-byte packet size;
(2) IPsec throughput data is obtained under Preshare Key AES256+SHA-1 configuration and 1400-byte packet size;
(3) AV throughput data is obtained under HTTP traffic with file attachment;
(4) IPS throughput data is obtained under bi-direction HTTP traffic detection with all IPS rules being turned on;
(5) IMIX throughput data is obtained under UDP traffic mix (64 byte : 512 byte : 1518 byte =5:7:1);
(6) NGFW throughput data is obtained under 64 Kbytes HTTP traffic with application control and IPS enabled;
(7) Threat protection throughput data is obtained under 64 Kbytes HTTP traffic with application control, IPS, AV and URL filtering enabled;
(8) New sessions/s is obtained under TCP traffic;
(9) Maximum concurrent sessions is obtained under HTTP traffic.
Unless specified otherwise, all performance, capacity and functionality are based on StoneOS5.5R8. Results may vary based on StoneOS® version and deployment.

www.HillstoneNet.com
© 2021 Hillstone Networks All Rights Reserved.
Version: EX-08.01-NGFW-E-Pro-Series-5.5R8-0721-EN-01

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy