Surfilter Firewall System

    This product not only provides the function of a traditional firewall, but also resolves serious limitations of traditional firewall in terms of application control, application content protection, application visualization, etc. At the same time, it breaks through the performance bottleneck caused by superposition of existing UTM devices and considers performance while prioritizing security. In addition, it can quickly and accurately locate network hazards through user identification technology, which is being regarded as the next-generation firewall model.

    Core Technology

    User Identification Technology(User ID)

    The system implements multiple user identification technologies, and it can be closely integrated with a variety of user databases to dramatically increase the visibility of online user activities by dynamically combining IP addresses with user and user group information.

    Application Identification Technology (Application ID)

    Using a unique traffic classification technology, the feature code is compared between the feature application library and the transmitted data content to ensure accuracy and efficiency.

    Content Identification Technology (Content ID)

    This system can easily limit unauthorized file transfer, detect and block numerous network security threats, as well as control and manage non-work-related web browsing.

    Single Parsing Engine System Architecture

    The system adopts advanced integrated single engine parsing system architecture, which greatly enhances the system's processing capacity and achieves 10-Gigabit processing performance when all application layer protection functions are enabled.

    Advanced Virus Engine

    The system uses an industry-leading antivirus engine and the local system has a large virus signature library, thereby ensuring  comprehensive three-dimensional protection of the user information system.

    Comprehensive Intrusion Prevention

    The system supports more than 3,000 predefined attack features and can be updated online in real time, effectively protecting against worms, SQL injection, overflow, and other attacks.

    Product Functionality

    Octuple policy deployment

    The system integrates user ID, application ID and content ID monitoring technologies, and can implement multiple security features such as IPS, AV, URL filtering, DOS/DDOS protection and application identification based on user identity.

    20 categories, over 2,300 network applications

    Comprehensively control P2P, IM, video, gaming software and stock trading software.

    Content-level in-depth filtering

    The system can restore data packets to the content-level for in-depth and comprehensive monitoring, and provide vulnerability protection, web application attack protection, and terminal threat content filtering.

    N+1 factor authentication system

    The integrated powerful security access control function enables SURF-NGSA next-generation firewall to implement user-based security protection policy deployment and visual management.

    Omnidirectional visualization

    The system provides multi-layer and multi-angle display modes from the network layer to the application layer and from the user to the entire network, enabling accurate positioning and real-time tracking of network applications and security event information for any internal host or even the entire network.

    Carrier-grade forwarding platform

    A fully functional high-performance firewall is realized by using multi-core parallel processing technology and single parsing engine system architecture, and this fully meets the requirements of a carrier network environment.

    3 major hierarchical redundancy reliability guarantee

    The system supports double hot backup function and supports Active/Active and Active/Passive modes to implement load balancing and service backup, providing users with carrier-class high reliability.

    Product Advantages

    Using multi-core parallel processing technology which combines time and space in parallel, the 64-byte packet throughput can reach 20Gbps. The system also provides IPS, DDoS acceleration, multicast acceleration and application layer security acceleration.

    Virtual Firewall—The SURF-NGSA physical device is divided into multiple logical devices, and a single SURF-NGSA can be divided into up to 500 virtual firewalls.

    The system provides reputation value ranking and computer reputation value, ensuring that the internal server does not suffer APT attacks.