Features And Benefits; Virtual Private Network (Vpn); Layer 3 Routing - HP 12500 Datasheet

Features and benefits

Firewall
• High Performance
20Gbps throughput secures traffic without compromising network
performance.Support for 4 million concurrent connections and
150,000 connections per second enables high-volume networks to
remain secure under peak traffic
• Application Specific Packet Filter (ASPF)
Dynamically determines whether to forward or drop a packet by
checking its application layer protocol information (such as FTP,
HTTP, SMTP, RTSP and other application layer protocols based on
TCP/UDP) and monitoring the connection-based application layer
protocol status.
• Virtualization
Multi-core architecture enables both multiple zones and multiple
separate firewall instances to be created on the same device.
Support for 256 security zones, 256 virtual firewalls and 4,094
virtual LANs (VLANs) offers robust protection to all corners of your
network. Centralized deployment of a single device offering
multiple virtual firewalls lowers total cost of ownership through
streamlined training, simplified deployment and management and
reduced power consumption
• Zone-based access policies
groups virtual LANs (VLANs) logically into zones that share common
security policies; allows both unicast and multicast policy settings
by zones instead of by individual VLANs
• Application-level gateway (ALG)
discovers the IP address and service port information embedded in
the application data using deep packet inspection in the firewall;
firewall then dynamically opens appropriate connections for specific
applications
• NAT
Fully support of NAT applications including many-to-one,
many-to-many, static NAT, dual translation, easy IP and DNS
mapping. It supports NAT traversal with multiple protocols, and
delivers NAT ALG functions such as DNS, FTP, H.323, and NBT.

Virtual private network (VPN)

• IPSec
provides secure tunneling over an untrusted network such as the
Internet or a wireless network; offers data confidentiality,
authenticity, and integrity between two network endpoints
• Layer 2 Tunneling Protocol (L2TP)
an industry standard-based traffic encapsulation mechanism
supported by many common operating systems such as Windows®
XP and Windows Vista®; will tunnel the Point-to-Point Protocol
(PPP) traffic over the IP and non-IP networks; may use the IP/UDP
transport mechanism in IP networks
• Generic Routing Encapsulation (GRE)
transports Layer 2 connectivity over a Layer 3 path in a secured
way; enables the segregation of traffic from site to site
2
• Manual or automatic Internet Key Exchange (IKE)
provides both manual or automatic key exchange required for the
algorithms used in encryption or authentication; auto-IKE allows
automated management of the public key exchange, providing the
highest levels of encryption
Management
• Secure Web GUI
provides a secure, easy-to-use graphical interface for configuring
the module via HTTPS
• Command-line interface (CLI)
provides a secure, easy-to-use CLI for configuring the module via
SSH or a switch console; provides direct real-time session visibility
• SNMPv1, v2c, and v3
facilitate centralized discovery, monitoring, and secure
management of networking devices
• Complete session logging
provides detailed information for problem identification and
resolution
• Manager and operator privilege levels
provides read-only (operator) and read/write (manager) access on
CLI and Web browser management interfaces
• Remote monitoring (RMON)
uses standard SNMP to monitor essential network functions;
supports events, alarm, history, and statistics group plus a private
alarm extension group
• FTP, TFTP, and SFTP support
offers different mechanisms for configuration updates; FTP allows
bidirectional transfers over a TCP/IP network; trivial FTP (TFTP) is a
simpler method using User Datagram Protocol (UDP); Secure File
Transfer Protocol (SFTP) runs over an SSH tunnel to provide
additional security

Layer 3 routing

• Static IP routing
provides manually configured routing; includes ECMP capability
• Routing Information Protocol (RIP)
provides RIPv1 and RIPv2 routing
• OSPF
includes host-based ECMP to provide link redundancy/scalable
bandwidth and NSSA
• Border Gateway Protocol 4 (BGP-4)
delivers an implementation of the Exterior Gateway Protocol (EGP)
utilizing path vectors; uses TCP for enhanced reliability for the route
discovery process; reduces bandwidth consumption by advertising
only incremental updates; supports extensive policies for increased
flexibility; scales to very large networks
• Dual IP stack
maintains separate stacks for IPv4 and IPv6 to ease the transition
from an IPv4-only network to an IPv6-only network design