Product Overview
- Overview
- Features
- Specifications
- Solutions
- Best Practice
To ensure reliable and robust operation, the series provides redundancy for core components, and offers stateful failover which is based on links and state. This series rigidly conforms to the EU Restriction of Hazardous Substances Directive (RoHS), therefore, it is the best choice for enterprises that want to choose a green and secure firewall.
The DPtech FW1000 series Firewall are the professional network security products that DPtech designs for medium and small businesses, large-scale enterprises and ISP. The DPtech FW1000 series Firewall integrate seamlessly the powerful security defense functions, professional VPN services and intelligent network features on one single hardware platform. The series products can provide extensive and in-depth security protection and security connection functions. In addition, they can reduce the Total Cost Ownership (TCO) and the deployment complexity related to security. They are an ideal option of network security solution. They have become the solid foundation of the IP self-adaptive security network.
The DPtech FW1000 series Firewall are new generation carrier-class firewall equipment of DPtech oriented to medium and small businesses, large-scale enterprises and ISP. The DPtech FW1000 series Firewall adopt the state-of-the-art hardware platform and architecture, achieving a leapfrog breakthrough of the firewall performance. It is able to support 24-port Gigabit Ethernet and 2-port 10Gigabit interfaces, which satisfies the requirements of carrier-class applications.
The products support such functions as external attack defense, intranet security, traffic policing, mail filtering, web page filtering and application layer filtering, effectively ensuring network security. It adopts state detecting technology, to detect the connectivity and abnormal commands. It provides multiple intelligent analyses and management means, supports mail alarm and multiple logs, and provides network management monitoring to assist the network administrator to complete network security management. It supports multiple VPN services, for example, GRE, L2TP and IPSec VPN, and is able to construct multiple forms of VPNs. It provides the basic routing capability, and supports RIP / OSPF / BGP / routing policy and policy routing. It supports diverse QoS features.
The DPtech FW1000 series Firewall takes full consideration of the requirements on high reliability by network applications. The service interface card supports hot swapping to fully satisfy the requirements on network maintenance, upgrade, and optimization. It supports dual-system state hot backup, and the Active/Active and Active/Passive work modes. It provides the temperature detecting function within the internal environment of the chassis, and supports the unified management by UMC (Unified Management Center).
Advanced Platform Architecture
• DPtech FW1000 series Firewall adopts the carrier-class hardware platform. It satisfies the requirement on the security equipment linear processing capability by the core enterprise users through the multi-core system and self-developing ASIC.
Leading Security Protection Function in the Market
• Enhanced state security filtering: Support the virtual firewall technology. Support the default access control between security zones. Support the basic, extended and interface-based state detecting packet filtering technology. Support filtering based on time segment. Support the maintenance and monitoring of each piece of connection state information and dynamically filter packets. Support the state monitoring of FTP, HTTP, SMTP, RTSP, and H.323 (including Q.931, H.245 and RTP/RTCP) application layer protocols. Support the state monitoring of TCP/UDP.
• Anti-attack defense capability:
• Include DoS / DDoS attack defense (CC, SYN flood and DNS Query Flood) and ARP spoofing defense.
- The following functions and features are provided:
- ARP active reverse lookup
- TCP packet illegal flag bit attack defense
- Super large ICMP packet attack defense
- Address/port scanning defense
- ICMP redirection or unreachable packet control function
- Tracert packet control function
- IP packet control function with routing record option
- Static and dynamic blacklist function
- MAC and IP binding function
• Application layer content filtering:
- Effectively identity and control applications in different P2P modes of the network, and take traffic limiting control measures for the applications to effectively protect network bandwidth.
- Able to identify and control the IM protocol, for example, QQ and MSN.
- Support mail filtering, and provide filtering by SMTP mail address, subject, attachment and content.
- Support web page filtering, and provide filtering by HTTP URL and content.
- Support application layer filtering and provide Java/ActiveX Blocking and SQL injection attack.
• Multiple security authentication services:
- Support RADIUS protocols and domain authentication.
- Support the authentication function of digital certificate (X.509 format) based on the PKI/CA system.
- Support user identity management. Users with different identities own different command execution rights.
- Support user view level division. Users at different levels are offered different management and configuration rights.
• Centralized management and audit:
- Provide different log functions, traffic statistics & analysis functions, monitoring and statistics function of different events, and mail alarm function.
• All-round NAT application support:
- Provide such NAT application modes as multiple-to-one, multiple-to-multiple, static network segment, bidirectional conversion, IP masquerade and DNS mapping.
- Support the correct traversing of multiple application protocols through NAT. Provide such NAT ALG functions as DNS, FTP, SIP, RSTP, H.323 and NBT.
- Support unlimited NAT conversion.
• Support GRE, L2TP, IPSec VPN and other multiple VPN service modes.
• Support real-time Anti-Virus which adopt Kaspersky's Anti-Virus engine to detect and remove codes of malicious attacks in time.
Intelligent Network Integration
• Support routing, transparent and hybrid operation modes.
• Support static routing protocol, routing policy and policy routing.
• Support RIP v1/2, OSPF, and BGP dynamic routing protocols.
• Support 802.1Q VLAN.
• Support DHCP Client/Server/Relay.
Carrier-Class High Equipment Reliability
• Dual-system state hot backup, Active/Active and Active/Passive work modes, and load sharing and service backup supported
• 36 years of Mean Time Between Failure (MTBF)
• The key components of the equipment adopt a redundant design.
• Support the automatic temperature detection of the internal environment. Able to collect alarm information automatically through the network management system.
Intelligent Graphic Management
• Support remote configuration management through the Web mode.
• Support the unified management of network and equipment through UMC.
Table 1 Lists the Hardware Features and Performance of DPtech FW1000-MS, MA and ME series Firewall
Item | FW1000-MS-N | FW1000-MA-N | FW1000-ME-N |
Interface | 1xConsole, 4xGE, 1xUSB | 1xConsole, 8xGE, 1xUSB | 1xConsole, 8xGE, 1xUSB |
Slot | 1 slot | 1 slot | 2 slot |
CF card | 1GB | 1GB | 1GB |
DDR SDRAM | 1GB | 1GB | 1GB |
Dimensions (W × D x H) | 430x261x44 mm | 430x261x44 mm | 430x261x44 mm |
Power Supply | 1 | 1 | 1 |
Rated Voltage Max Current | 100-240VAC; 1.5A | 100-240VAC; 1.5A | 100-240VAC;1.5A |
Max Power Consumption | 54 W | 54 W | 54 W |
MTBF | 36 years | 36 years | 36 years |
Operating Temperature | 0°C to 45°C (32 to 113°F) | 0°C to 45°C (32 to 113°F) | 0°C to 45°C (32 to 113°F) |
Relative Humidity | 10% to 95% | 10% to 95% | 10% to 95% |
Weight | 3.1 kg | 3.1 kg | 3.1 kg |
Firewall Latency (1518 bytes) | 10us | 10us | 10us |
Firewall Latency (64 bytes) | 5us | 5us | 5us |
IPSec Tunnel | 1, 000 | 1, 000 | 1, 000 |
L2TP Tunnel | 500 | 500 | 500 |
Max Policy | 10,000 | 10,000 | 10,000 |
Security Zones | 64 | 64 | 64 |
VLAN Number | 4096 | 4096 | 4096 |
Virtual Firewall | 64 | 64 | 64 |
Table 2 Lists the Hardware Features and Performance of DPtech FW1000-GC, GS and GM series Firewall
Item | FW1000-GC-N | FW1000-GS-N | FW1000-GM-N |
Interface | 1xConsole, 6xGE, 2xGE SFP, 1xUSB | 1xConsole, 6xGE, 2xGE SFP, 1x USB | 1xConsole, 6xGE, 2xGE SFP, 1xUSB |
Slot | 1 slot | 1 slot | 1 slot |
CF card | 1GB | 1GB | 1GB |
DDR SDRAM | 2GB | 2GB | 2GB |
Dimensions (W × D x H) | 430x261x44 mm | 430x261x44 mm | 430x261x44 mm |
Power Supply | 2 | 2 | 2 |
Rated Voltage Max Current | 100-240VAC; 1.5A | 100-240VAC; 1.5A | 100-240VAC; 1.5A |
Max Power Consumption | 54 W | 54 W | 54 W |
MTBF | 36 years | 36 years | 36 years |
Operating Temperature | 0°C to 45°C (32 to 113°F) | 0°C to 45°C (32 to 113°F) | 0°C to 45°C (32 to 113°F) |
Relative Humidity | 10% to 95% | 10% to 95% | 10% to 95% |
Weight | 3.1 kg | 3.1 kg | 3.1 kg |
Firewall Latency (1518 bytes) | 10us | 10us | 10us |
Firewall Latency (64 bytes) | 5us | 1us | 1us |
IPSec Tunnel | 8,000 | 8,000 | 8,000 |
L2TP Tunnel | 1,000 | 1,000 | 1,000 |
Max Policy | 10,000 | 10,000 | 10,000 |
Security Zones | 128 | 128 | 256 |
VLAN Number | 4096 | 4096 | 4096 |
Virtual Firewall | 128 | 128 | 256 |
Table 3 Lists the Hardware Features and Performance of DPtech FW1000-GA, GE and TS series Firewall
Item | FW1000-GA-E | FW1000-GE-N | FW1000-TS-E |
Interface | 1xConsole, 8xGE Combo, 16xGE SFP, 1x USB | 1xConsole, 14xGE, 12xGE SFP, 2x10GE, 1x USB | 1xConsole, 2xGE, 4xGE Combo, 4x10GE, 1xUSB |
Slot | -- | -- | 4 |
CF card | 2GB | 2GB | 2GB |
DDR SDRAM | 4GB | 2GB | 8GB |
Dimensions (W × D x H) | 436x360x44 mm | 436x470x88 mm | 436x510x88 mm |
Power Supply | 2 | 2 | 2 |
Rated Voltage Max Current | 100-240VAC; 1.8A | 100-240VAC; 4A | 100-240VAC; 4A |
Max Power Consumption | 400w | 300w | 300 W |
MTBF | 36 years | 36 years | 36 years |
Operating Temperature | 0°C to 45°C (32 to 113°F) | 0°C to 45°C (32 to 113°F) | 0°C to 45°C (32 to 113°F) |
Relative Humidity | 10% to 95% | 10% to 95% | 10% to 95% |
Weight | 5kg | 10kg | 22kg |
Firewall Latency (1518 bytes) | 10us | 10us | 10us |
Firewall Latency (64 bytes) | 1us | 1us | 1us |
IPSec Tunnel | 20,000 | 20,000 | 20,000 |
L2TP Tunnel | 2,000 | 2,000 | 2,000 |
Max Policy | 10,000 | 10,000 | 10,000 |
Security Zones | 256 | 512 | 1,024 |
VLAN Number | 4,096 | 4,096 | 4,096 |
Virtual Firewall | 64 | 512 | 1,024 |
Table 4 Lists the Hardware Features and Performance of DPtech FW1000-TM, TA and FW1000-Blade series Firewall
Item | FW1000-TM-E | FW1000-TA-N | FW1000-Blade-S |
Interface | 1xConsole, 2xGE, 4xGE Combo, 4x10GE, 1xUSB | -- | 1xConsole, 12xGE, 12xGE SFP, 1xUSB |
Slot | 4 | 5 | - |
CF card | 2GB | -- | 2GB |
DDR SDRAM | 8GB | -- | 8GB |
Dimensions (W × D x H) | 436x510x88 mm | 436x480x283 mm | Blade Type |
Power Supply | 2 | 2 | - |
Rated Voltage Max Current | 100-240VAC; 4A | 100-240VAC; 4A | - |
Max Power Consumption | 300 W | 650w | - |
MTBF | 36 years | 36 years | 36 years |
Operating Temperature | 0°C to 45°C (32 to 113°F) | 0°C to 45°C (32 to 113°F) | 0°C to 45°C (32 to 113°F) |
Relative Humidity | 10% to 95% | 10% to 95% | 10% to 95% |
Weight | 22kg | 45kg | - |
Firewall Latency (1518 bytes) | 10us | 10us | 10us |
Firewall Latency (64 bytes) | 1us | 1us | 1us |
IPSec Tunnel | 20,000 | 80,000 | 15,000 |
L2TP Tunnel | 2,000 | 8,000 | 2,000 |
Max Policy | 10,000 | 10,000 | 10,000 |
Security Zones | 1,024 | 1,024 | 1,024 |
VLAN Number | 4,096 | 4,096 | 4,096 |
Virtual Firewall | 1,024 | 1,024 | 1,024 |
Table 5 Lists the Hardware Features and Performance of DPtech SSLVPN-Blade-A.
Item | SSLVPN-Blade-A |
Interface | 1xConsole, 12xGE, 12xGE SFP, 2x10GE ,1xUSB |
Slot | - |
CF card | 2GB |
DDR SDRAM | 16GB |
Dimensions (W × D x H) | Blade Type |
Power Supply | - |
Rated Voltage Max Current | - |
Max Power Consumption | - |
MTBF | 36 years |
Operating Temperature | 0°C to 45°C (32 to 113°F) |
Relative Humidity | 10% to 95% |
Weight | - |
Max Number of Users | 30000 |
Table 6 Lists the Feature of DPtech FW1000 series Firewall
Attribute | Description | |
Operation Mode | •Routing mode | |
Network Security | AAA service | •RADIUS authentication •PKI /CA (X.509 format) authentication •Domain authentication •CHAP authentication •PAP authentication |
Firewall | •Packet filtering •Dynamic packet filtering •Full State Detecting •Application layer protocols: IM (QQ and MSN) FTP, HTTP, SMTP, POP3, RTSP, SIP, H.323 (Q.931, H.245, and RTP/RTCP) •Transmission layer protocols: TCP and UDP •Anti-attack feature •Land, Smurf, Fraggle, WinNuke, Ping of Death, Tear Drop, IP Spoofing, CC, SYN Flood, ICMP Flood, UDP Flood, and DNS Query Flood, SYN Cookie Proxy •ARP spoofing attack defense •ARP active reverse lookup •TCP packet illegal flag bit attack defense •Super large ICMP packet attack defense •Address/port scanning defense •DoS / DDoS attack defense •TCP Proxy function •ICMP redirection or unreachable packet control function •Tracert packet control function •IP packet control function with routing record option •Static and dynamic blacklist function •MAC and IP binding function •Transparent firewall •Support 802.1Q VLAN transparent transmission | |
Anti-Virus | •Virus definition-based detection •Library upgrading manually and automatically •Flow handing mode •Supporting protocols of HTTP, FTP, SMTP, and POP3. •Preventing virus types of Backdoor, Email-Worm, IM-Worm, P2P-Worm, Trojan, Ad Ware, Virus •Supporting virus logs and reports | |
Mail / Web Page / Application Layer Filtering | •Mail filtering •SMTP mail address filtering •Mail subject filtering •Mail content filtering •Mail attachment filtering •Web page filtering •HTTP URL filtering •HTTP content filtering •Application layer filtering •Java Blocking •ActiveX Blocking •SQL injection attack defense | |
Security Log and Statistics | •User behavior flow log •NAT conversion log •Attack real-time log •Blacklist log •Address binding log •Traffic alarm log •Traffic statistics and analysis function •Global/security domain based connection rate monitoring •Global/security domain based protocol packet percentage monitoring •Security event statistics function •E-MAIL mail real-time alarm function •E-MAIL mail periodical information release function | |
NAT | •Support the mapping of multiple internal addresses to a public network address •Support the mapping of multiple internal addresses to multiple public network addresses •Support the one-to-one mapping of internal address and public network address •Support the simultaneous conversion of source address and destination address •Support the access to an internal server by an external network host •Support the direct mapping of the internal address to the IP address of the interface public network •Support the DNS mapping function •Able to configure the valid time of address conversion •Support multiple NAT ALGs, including DNS, FTP, H.323, ILS, MSN, NBT, PPTP, and SIP. | |
IPSec/IKE | •Support AH and ESP protocols. •Support the automatic establishment of a security alliance manually or through IKE. •ESP supports DES, 3DES and AES algorithms. •Support MD5 and SHA-1 authentication algorithms. •Support the IKE main mode and aggressive mode. •Support NAT traversing. •Support DPD detection. | |
Network Interconnection | LAN Protocol | •Ethernet_II •Ethernet_SNAP •802.1q VLAN |
Layer-2 Protocol | •STP / RSTP / MSTP •Link Aggregation •VLAN partition based on ports, protocols, subnet and MAC | |
Network Protocol | IP Service | •ARP •Domain name resolution •DHCP Relay •DHCP Server •DHCP Client •DNS •PPPoE |
IP Routing | •Static routing •RIP v1/2 •RIPng •OSPFv1 / v2 / v3 •BGP / BGP4+ •Routing policy •Policy routing | |
| Multicast Protocol | •IGMP •IGMP snooping •MLD Snooping •PIM-DM / PIM-SM / PIM-SSM |
High Reliability | •Dual-system state hot backup, Active/Active and Active/Passive work modes, configurations, load sharing and service backup supported •WAN links load balancing •Backup VPN Peers •Key component redundancy design •Host swapping of interface module •Support VRRP •Automatic detection of chassis temperature | |
Quality of Service (QoS) | Traffic Policing | •Rate Limiting and Traffic Shaping •Support LLQ, WRR and CBWFQ •Support WRED and CAR |
Configuration Management | Command Line Interface | •Perform local configuration through the Console port. •Perform local or remote configuration through Telnet or SSH. •The leveled protection of the configuration command ensures that the unauthorized user cannot intrude the equipment. •The detailed debugging information helps to diagnose network faults. •Provide network test tools, for example, Tracert and Ping commands, to quickly diagnose whether the network is normal. •Execute the Telnet command directly to access and management other equipment. •FTP Server/Client can use FTP download and upload to configure files and software applications. •Support the upload/download of files through TFTP. •Support the log function. •File system management •User-interface configuration provides multiple modes of authentication and authorization functions of the users. |
•Support standard network management SNMPv3. Compatible with SNMP v2c and SNMP v1. •Support NTP time synchronization. | ||
•Perform remote configuration management through the Web mode. •Support HTTP / HTTPS management • Support IPv6 management •Support UMC(Unified Management Center) |
![]() |
IPSec VPN Solution | |
Information technology has further developed in various industries, such as e-government, enterprises, banking, securities, etc., which tends to demand higher for remote connection of branches. In building network,… | ||
![]() |
![]() |
SSL VPN Solution | |
As enterprise services expand and branches increase, requirements of SOHO office, mobile office and long-distance office also increase. Traditional access mode usually adopts IPSec VPN and access to intranet though… | ||
![]() |
![]() |
Enterprise Perimeter Security Solution | |
In network security, enterprise perimeter security has always been the most important security issue. The so-called enterprise perimeter is usually formed between different trust-level security zones after the network… | ||
![]() |
![]() |
Cloud Security Solution | |
As IT develops continuously, its application environments have changed a lot. On customer demands: big customers demand urgently for information development, yet hoping to obtain high performance with low-costs;… | ||
![]() |
- 2016-01-08
DPtech provides security protection and service optimization for NCAC’s regulation platform
- 2013-06-09
- 2013-06-08
- 2013-03-22
- 2013-03-22