Secblade series firewall modules – H3C Technologies H3C SecPath F1000-E User Manual

4

Figure 4 Appearance of the F5000-A5

SecBlade series firewall modules

The H3C SecBlade series firewall modules are developed based on the Open Application Architecture

(OAA) for carrier-level customers.
A firewall module can be installed in the H3C S5800/S7500E/S9500E/S12500 Switch Series or an

SR6608/SR8800 router. A switch or router can be installed with multiple firewall modules to expand the

firewall processing capability for future use. The main network device (switch or router) and the firewall

modules together provide highly integrated network and security functions for large networks.
The SecBlade firewall modules support the following functions and features:

•

Traditional firewall functions

•

Virtual firewall, security zone, attack protection, URL filtering

•

Application Specific Packet Filter (ASPF), which can monitor connection processes and user
operations and provide dynamic packet filtering together with ACLs.

•

Multiple types of VPN services, such as IPsec VPN

•

RIP/OSPF/BGP routing

A SecBlade firewall module provides two GE ports and two GE combo interfaces., which can be used

as management ports and stateful failover ports. It is connected to the main network device through the

internal 10GE port. The H3C main network device's rear card has the line-speed forwarding capability,

ensuring fast data forwarding with the firewall module. The SecBlade firewall modules are equipped
with dedicated, multi-core processors and high-speed caches. They can process security services without

impacting performances of the main network devices.