#

ASG-8600

ASG-8600

Cumilon Series Firewall

ASG-8600

Systrome’s Next Generation firewall provides comprehensive security protection from layer 2 to layer 7 for the mobile internet era.
The new next generation security gateway is using x86 multi-core CPU architecture, combined with single path parallel processing mechanism to achieve user identification, application identification and other security detection.
Systrome NGF can achieve in-depth analysis of users, applications and content to provide users high performance, visualization, accurate and effective integration of application layer security protection system.



Over View

Systrome’s Next Generation Firewalls provides comprehensive security protection from layer 2 to layer 7 for the mobile Internet era. The new next generation security gateway is using x86 multi-core CPU architecture, combined with single path parallel processing mechanism to achieve user identification, application identification and other security detection. Systrome NGF can achieve in-depth analysis of users, applications and content to provide users high performance, visualization, accurate and effective integration of application layer security protection system.
Systrome next generation firewall support pipe based 4-level nested bandwidth management, in addition the firewall support link load balance technology to achieve comprehensive intelligent network management, combined with hot standby and VRRP technology to ensure high reliability. Systrome firewall can be flexibly deployed in transparent, NAT, VPN, multi-Link and other network environments, helping users conduct business and simplifying network security architecture.

◆High Performance:-


Systrome next generation firewall is using x86 multi-core architecture that expertise in complex business computing, combined with proprietary SystromeOS professional operating system to deliver high-speed, low-latency security system. Technologies like attack signatures, virus database storage tree, stream scanning process, zero copy parallel streams processing efficiency defence are using in SystromeOS, the whole resolution process only unpack once, ensure the effectiveness even after deploying multiple protective function.

◆Flexible virtualization extension:-


Systrome next generation firewall support virtualization technology, SystromeOS can be implemented in different virtual OS such as KVM, XEN, VMware, which realizes independent CPU, memory, interface, storage in the virtualization system achieving resource isolation and management isolation, the resource can be flexibly allocated according to resources to achieve performance improvements and platform extensions, which is the best security practices virtualization and cloud systems.

◆Unified security engine:-


Systrome next generation firewall provide customer user and application based unified security protection, providing user authentication and L4-L7 parallel processing engine to achieve multi-dimension, no-dead angle protection. Customer can setup IPS, anti-virus, web guard and content filter feature to prevent the Trojans, worms, SQL injection, XSS attacks and overflow attack to secure file transfer security, block bad sites and illegal links.

◆Accurate Internet behavior management and audit:-


Systrome next generation firewall takes user and application as core considerations of security protection utilizing advanced user and application identification technology to realize accurate management and audit of users and applications.
The system supports multiple identification modes such as IP/MAC binding, Radius, LDAP, Portal, SMS gateway. The system support almost 1000 Internet application identification and accurate control including major application, high-risk application and mobile applications, by application behavior and content in-depth analysis, customer can refine and precisely control network making network management closer to user expectations.

◆Comprehensive Intrusion Protection:-


After 10 years network security and accumulated precipitation in the field, Systrome team built up senior attack signatures and security service team, always concerned about the industry's latest discovered security vulnerabilities and attack signatures received from users worldwide, and provide updates in real time to improve the attack signature database, provide the timely, comprehensive intrusion prevention. The system supports more than 3000 kinds of predefined attack signatures that can be real-time updated online, which provide effectively protection for worms, SQL injection, overflow and other attacks to ensure network security, besides the system can provide hierarchical events management and configurations management delivering user-oriented network.

◆Intelligent Bandwidth Management:-

Systrome next generation firewall can fully identify common Internet applications, such as P2P download, IM instant messaging, online video, stocks, games and so on, which often results in Internet bandwidth abuse. By deploying firewall in the Internet, users can effectively curb various applications snatch valuable bandwidth and IT resources, thereby ensuring the rational allocation and quality of business-critical network resources, and significantly improve the overall performance of the network.

◆Independent VPN Module:-


Systrome firewall has built-in dedicated hardware VPN module that supports GRE, IPSec VPN and other business models. It supports multiple platforms mobile terminal VPN access. The firewall support VPN tunnel traffic management, which regulates online behaviour in the VPN tunnel management and eliminate blind spots. By configuring our cloud management software, VPN on scattered branches can be centralized managed, which achieves a unified configuration management, centralized alarm processing, unified log reporting, which reduced administrator workload.

◆Flexible Network Deploying:-


Systrome next generation firewall supports MCE\IPSEC, 802.1Q, GRE, VPN track and other network features, and support PPPoE, DHCP, VLAN, Trunk and other access methods. The firewall can be flexibly deployed in routing, transparent and mixed mode in network.
The system supports IPv4/IPv6 dual stack to support NAT64, NAT46, NAT66 and other NAT technology, which can be easily deployed in v6, v4 network boundaries to upgrade network security.

◆Simple Configuration & Management:-


Systrome next generation firewall supports security policies centralized display, stand-alone configuration, integration testing tool, which provides users clear and visible policy and greatly improves user configuration and viewing experience. Users can control according to different needs for different users to customize different management strategies, flexible convenient, simple maintenance, and clear, with good results, such as Forwarding, application control policies, audit policies, intrusion detection strategies, antivirus policy, VPN policy, traffic control policies showcase, and stand-alone configuration.

◆High Availability:-


Systrome next generation firewall supports state full failover, VRRP and hardware by-pass function, which prevents network bottleneck and failure point to ensure high network reliability. When the device CPU, memory and other parameters is above a certain threshold, the system will turn to automatic bypass mode, as a result the device becomes pure transparent forwarding without service interruption.