Next Generation Firewall

With the increase of Internet application types and the change of Internet application forms, there are plenty of security threats happening around us at every moment, and therefore traditional safety protection means must evolve to meet the challenge of various new security threats. In this case, as the core technology of border safety protection means, firewall is no longer the concept annotated for traditional firewall after having experienced repeated technical changes. In order to be distinguished from traditional firewall technology, the concept of next generation firewall arises. Besides the functions and characteristics of traditional firewall, Byzoro next generation firewall has the characteristics relating to "integrated IPS supporting linkage", "application control and visualization" and "intelligent linkage".

Functions and Characteristics

Product Characteristics:

Most Comprehensive Attack Prevention in Application Layer

Byzoro next generation firewall provides more than 3000 predefined attack features, and its feature library will be updated regularly in order to effectively prevent all kinds of network attacks in the industry, such as DDOS attacks, malicious packet attacks, malicious code attacks, etc., and ensure the application layer security of Internet users; provides simple and effective management for IPS module in the manners of hierarchical event and operation configuration, virtual patch, etc. to reduce the complexity of configuration and maintenance; thoroughly blocks off the hidden hazards such as website defacement, website malicious code, etc. through prior scan and active defense.

Most Effective Virus Protection

The virus protection of Byzoro next generation firewall has three characteristics:

  • Comprehensive Virus Removal: Byzoro next generation firewall provides a virus library which has more than 2 million virus features and can be updated on line at any time so as to ensure that the virus features are latest and most comprehensive; Byzoro next generation firewall supports virus removal in mainstream application protocols, such as HTTP/FTP/SMTP/POP3/IMAP, and has extensive application scenes; Trojan horse, worm, backdoor, spyware and malicious programs can be removed, and no kind of virus is omitted.
  • Deep Detection: Deep virus detection of files and mail attachments transmitted by IM software can be conducted to ensure instant messaging security; virus in encrypted VPN data stream can be detected to avoid VPN becoming a hotbed for nourishing inundated virus.
  • Accurate Identification: Byzoro next generation firewall supports virus detection for compressed files such as ZIP, GZIP and RAR, and therefore virus cannot hide in compressed files; the firewall also supports shelling of multiple packer algorithms, such as compressed shell, encrypted shell and deformed multiple shells, to thoroughly cut off the source of virus.

Most Powerful WEB Protection

Byzoro next generation firewall provides the functions of WEB attack prevention such as SQL injection prevention, cross-site scripting attack prevention and Web server vulnerability attack prevention, and can effectively block off most attacks to database and important servers.

Meanwhile, Byzoro next generation firewall can filter and audit the sensitive information, URL addresses and keywords of website accessed by Intranet users via content filtering technology so as to ensure comprehensive mastery and control of user behavior.

Most Abundant Access Authentication Modes

Byzoro next generation firewall supports local 802.1X authentication and Portal Web authentication as well as 802.1X authentication and Portal Web authentication linked with radius/LDAP/AD domain, and adapts to end-user admission authentication in most occasions. Different security control strategies are taken for different users on the basis of access authentication to truly realize people-oriented network construction.

Deepest Application Identification

Byzoro next generation firewall can identify hundreds of Internet applications such as IM software, P2P download software, streaming media applications, online game applications and stock software, and can realize the management behaviors such as blocking, auditing, speed limiting and file transmission control of the above-mentioned applications through application control function. The feature library for application control is updated regularly in time to ensure comprehensive mastery and control of applications in this industry.

Safest VPN Technology

Byzoro next generation firewall supports VPNs in the forms of IPSEC/SSL/L2TP, etc., and can provide safe remote access for branches, business travelers, etc. With respect to IPSEC VPN, Byzoro next generation firewall supports the up-to-date GMB algorithms SM2, SM3 and SM4, and supports the VPN characteristics of VPN track, reverse route injection, 3G VPN, etc., which ensures that the VPN has highest security and greatest flexibility.

Most Advanced System Architecture

Byzoro next generation firewall adopts the most advanced multi-core CPU which is based on MIPS64 architecture; this CPU can support up to 32 cores at present and can be further updated with the increasing requirements of safe computation. Compared with firewall with traditional X86 architecture and UTM products, Byzoro next generation firewall has the following advantages: 

Compromise between Function and Performance: Compared with traditional X86 architecture and UTM products, MIPS multi-core CPU can provide a fully parallel multi-core processing mode to make all cores concurrently process the services of system control, antivirus, IPS, Internet behavior, etc., which thoroughly alleviates the problem that the performance degrades to an unusable degree after all functions are enabled and achieves perfect balance between function and performance. 

Low Carbon and Energy Saving: Another effective economic benefit brought by multi-core architecture is low carbon and energy saving. For cloud computing security products, emission reduction and low power consumption are the main energy saving objectives to realize a "green data center". Byzoro next generation firewall reduces the complexity and energy consumption of an integral hardware board through the characteristics of collaborative work among multiple cores, security coprocessor hardware, etc. According to the contrast test of power consumption, the actual power consumption of a multi-core SoC hardware platform is only about 1/3 of that of an X86 platform in the same grade. 

High Stability: The highly integrated MIPS multi-core CPU reduces the overall complexity of the hardware platform, and the simplification of hardware enables the failure rate to decrease to lower than 1%, which reaches telecommunication level standard. 

Application Scenes

Preventing Intranet Users and Servers from Malicious Intrusion

Deploy Byzoro next generation firewall at network egress and enable the intrusion prevention function, thus Intranet users can be effectively protected against malicious vulnerability scanning, website Trojan horse intrusion, personal information hacking, etc. After virus protection function is enabled, Byzoro next generation firewall can effectively identify the malicious content such as virus, Trojan horse, backdoor program, etc. in the files downloaded from public networks by users, files transmitted by IM software and files in VPN data, prevent Intranet users from the intrusion of virus, and reduce the threats to enterprise information security. Deploy Byzoro next generation firewall at the edge of the safety domain of servers and enable the WAF function, thus malicious attacks to servers by malicious users, such as SQL injection, cross-site scripting attack and directory traversal attack, can be prevented, and the security of important servers can be guaranteed. 

Guaranteeing Network Security in the Trend of BYOD

When deployed in Internet, Byzoro next generation firewall conducts end-user admission authentication to all Internet users through local 802.1X or portal authentication or through 802.1X or portal authentication matched with radius/LDAP/AD domain, improves the management level from device-based to people-based by binding an identity to an account number uniquely, and avoids omission of mobile device such as emerging smart phones and IPAD during network management in order to achieve effective management whenever any device accesses Internet. 

Ensuring Flexible, Safe and Reliable Access for Remote Users

For a branch, secure data transmission can be conducted in a wide area network by constructing an IPSEC VPN with Byzoro next generation firewall. Byzoro next generation firewall adopts the up-to-date GMB algorithm SM4 to increase the security level for data transmission to the highest. Byzoro next generation firewall supports CDMA2000/WCDMA/TD-SCDMA, thus the reliability of network can be improved to the maximum by simultaneously deploying IPSEC VPNs in Internet lines and 3G lines, and switching time can be decreased to the minimum by utilizing DPD technology during switching. With the characteristics of reverse route injection, etc., Byzoro next generation firewall can adapt to the access environment of dynamic address such as ADSL, and can ensure highest flexibility of networking. 

For business travelers or home-based employees, SSL VPN or L2TP VPN can be used to access Intranet, and VPN end-user admission technology can be utilized to inspect the system processes, system patches and hard disk files of users, thus to ensure that remote users can access Intranet safely. 

Ensuring Public Opinion Security of Enterprises

With the content filtering and auditing techniques of Byzoro next generation firewall, the website accessed, content posted and IP address used by users, authenticated user names, etc. can be easily blocked off and audited to prevent users from releasing reactionary information or sensitive information and bringing public opinion risks to themselves. Meanwhile, if it is required to trace back to the content, such as posts and microblogs, released by an Intranet user at one time, the search function of Byzoro next generation firewall log can be used to search the content based on URL, keywords, release time, etc., thus to ensure that post audit is accurate to person and the public opinion risks are reduced to the minimum.  

Preventing Irrelevant Internet Behaviors from Affecting Working Efficiency

The Internet access authorization strategy of Byzoro next generation firewall based on users/user groups, application, time, etc. can precisely control all Internet behaviors not related to work, position user behaviors by controlling IM software, P2P download software, game applications, streaming media applications, stock software, etc., and limit the speed based on applications, thus to increase the working efficiency of enterprise employees. 

Welcome to contact us Contact us