Search By Category
Search By Keyword
High-order efficacy
Product Name
1U 10 PORT NG-UTM
Model
NGS 5752HF
Introduction
Maximum connections: 4,000,000 | New connections per second: 135,000 | Maximum processing speed: 8Gbps | VPN performance: 2,000Mbps | Anti-virus performance: 900Mbps | IPS performance: 870Mbps | Email scans / day: 5,500,000
 
IPS / WAF / UTM / FW
1 LAN / 9 definable PORT | All Giga Port (10/100 / 1000M)
Support VPN such as IPSEC / SSL / PPTP / L2TP (available for IOS)
Support 3G / 4G / LTE USB mobile wireless network card
Built-in anti-virus for 1 year, 3rd party application and 3rd party URL database control for 2 year
Optional items: Kaspersky Anti-Virus (from the 2nd year) / 3rd party application (from the 3rd year) / 3rd party URL database (from the 3rd year)
Data storage: SSD
 
Product Specification
The NGS 5752HF is a network security device that conforms to the Next Generation UTM specification. It features high operating efficiency, multiple security protection mechanisms, and layered authorization management. It is the preferred network security and management device for medium and large enterprises. The NGS 5752HF features the powerful capabilities of a new generation of firewalls, including Deep Packet Inspection (DPI)-based application identification and regulation, In-Line IPS, SSL resolution and blocking, Web Filtering, bandwidth management, antivirus, and spam filtering. Support for external authentication integration and other functions to prevent hackers from maliciously sneaking into attacks or unauthorized access to internal network resources. In addition, the NGS 5752HF also supports a two-machine backup mechanism (HA) to ensure continuous operation of the equipment.

NGS 5722HF is also a core switch supporting Layer 2-Layer 7, which can directly replace the traditional Layer 3 core switch and meet the requirements of the next generation Software Defined Network (SDN) core switch. Integrate the centralized management of wireless base stations and network-managed switches to create integrated wired and wireless security protection, allowing managers to take care of both inside and outside.
 
Balance performance and function
HERHSIANG NGS 5752HF, its hardware platform is carefully designed with X86 hardware equipment, so that enterprise users can fully appreciate the security protection provided by HERHSIANG Next Generation UTM. For customers with high connectivity requirements, provide high-performance security modules to improve connectivity and support USB fast restore mechanism.

IP v4 / v6 dual frequency technology
The IP v4 address is in short supply, and the IP v6 era is coming sooner or later, so HERHSIANG has integrated this trend when developing the next generation of UTM. The same network interface, whether it is defined as WAN or LAN, can be bound at the same time. The IP address of v4 or v6, so NGS 5752HF is the same whether it is in pure v4 environment, v4/v6 hybrid, pure v6 environment.

Support SDN controller
Support SDN controller, can make more than one Port group synthesize ZONE, directly managed by SDN controller, and ZONE and ZONE packet transmission, will also pass the NGS 5752HF packet detection. It also has the function of VLAN 802.1Q, which can cut the internal network into several independent subnet segments, each of which has independent operation and does not interfere with each other.
 

SSL encrypted connection detection
With the ability to detect SSL traffic, it can apply intrusion detection defense, gateway anti-virus, content filtering and application bandwidth management when faced with SSL-encrypted connection traffic.

Load balancing
Provides outbound and inbound load balancing, and provides multiple load balancing algorithms. When one of the lines is disconnected, all network packets will automatically switch to another normal line, ensuring that the internal user network is unblocked. When the line is restored, the packet is buffered. It will be automatically assigned. The enterprise can set the load balancing rules according to the requirements, and the network access can perform the network traffic load balancing guidance by referring to the set rules. The algorithms are: automatic allocation, manual allocation, source IP allocation, and destination IP allocation.




IPS intrusion prevention
IPS It checks the contents corresponding to layers 4 to 7 of the OSI model, whether there are malicious attack programs, viruses, hidden in the TCP/IP communication protocol, and after the detailed content check, the qualified signature will be Marked out, once it is discovered, it can block the packet immediately, so that these malicious packets passing through the firewall are invisible.

 
WAF (Web Application Firewall)
Web Application Firewall is a product that specifically protects web server applications by implementing a series of security policies for HTTP / HTTPS.
The work of WAF is to analyze the data of the Web application layer, to force multiple conversions of different encoding methods to restore the plaintext of the attack, and to combine the deformed characters and analyze them, which can be better than the combined attacks from the Web layer.
Provide application layer rules. WEB applications are usually customized. Traditional rules for known vulnerabilities are often not effective. WAF provides dedicated application layer rules and has the ability to detect deformation attacks, such as detection of mixed attacks in SSL encrypted traffic.


Threat detection defense
Providing the most complete defense-in-depth mechanism of the enterprise, the attack behavior of the current network cannot rely on single-point protection and requires complete defense in depth. With different levels of defense technology, it is possible to reduce the potential threat behavior that the enterprise may suffer. In addition to providing firewalls, intrusion detection systems (IPS) and anti-virus as the basis for enterprise security protection, Hexiang NGS 5752HF can enhance the detection of malicious programs for traffic, web pages and emails, and the related analysis of different security mechanisms. To play the role of defense in depth.

Mail gateway protection
The enterprise already has a mail host, but the spam filtering performance is not good. The NGS 5752HF can be used as a mail gateway mode to supplement the original mail server, such as spam filtering and virus letter filtering. After filtering the virus and advertising mail through NGS 5752HF, send the clean mail to the mail host.

Virus letter filtering
Clam AV anti-virus engine protection, free Clam AV anti-virus engine, can detect millions of viruses, worms, Trojans, automatically scan for viruses, and automatically update virus files every day through the Internet. And provide virus mail search conditions. The administrator can set the poisoning mail processing method, including the automatic deletion, the poisoned mail extension file name and the poison mail notification letter. Kabbah antivirus engine is also available.

Spam filtering
Internal mail or external mail can be filtered, and provide ST-IP network credit rating, Bayesian filtering method, Bayesian filtering automatic learning mechanism, automatic whitelisting mechanism, spam feature filtering and fingerprint identification, etc. , whitelist comparison and intelligent identification learning database (Auto-Learning), you can even set personalization rules, flexibly formulate filtering rules, handle spam, and ensure comprehensive protection without error, with an accuracy rate of over 95%. Mail filtering can perform actions such as forwarding, deleting, and blocking messages that match the filter conditions set by the administrator.

Abnormal IP analysis
Any network behavior, regardless of which software the user performs, is roughly divided into the number of connected and downloaded Connect Sessions, Flows, and Durations from the perspective of network packets. The combination of quantities estimates whether the user is using the network normally or has abnormal behavior. When an internal user's abnormal behavior is discovered, the administrator can take various strategies, such as blocking the Internet, immediately limiting its maximum bandwidth, enabling the collaborative defense mechanism to notify the switch to block it or notify the administrator.

Bandwidth Management (QoS)
Help network administrators control network traffic, effectively slow down corporate network congestion, improve serviceability and bandwidth usage. With QoS (Bandwidth Management), it can distribute limited bandwidth to all users. The difference with the general bandwidth manager is that the NGS 5752HF has a guaranteed bandwidth as well as maximum bandwidth and priority management. It also has a personalized bandwidth management design that allows for bandwidth management settings for individual users. If bandwidth management is used with personalized bandwidth management, the bandwidth reserved by the bandwidth management function can be allocated to users under the enterprise, which can effectively prevent the bandwidth from being exclusive to the user.

Content filtering
Provide Web Filter (Web Filter) to block inappropriate access to web pages (such as pornography, violence) and offensive web pages (such as hackers, viruses), and to set up filtering conditions to block inappropriate websites.

URL database management  [Optional 3rd party database (optional)]
The built-in "cloud URL database" automatically classifies web pages. Managers can easily control against harmful URLs. You can easily control them without having to enter the IP address and keywords of the website one by one. Any choice of harmful URLs is a source of sin. The best way to prevent blocking is to ban the use of the Internet. If it is not completely banned, using a constantly updated URL database is the best protection mechanism.

Online behavior record
Some employees of the company go online during work hours, do things that are not for work purposes, have small chats, and have a lot of secrets. In addition to limiting the permissions used by user-related applications, the NGS 5752HF can also record related online behaviors, including browsing web pages and email delivery. When a company has a leak, the information that has been saved is the best evidence used to prove it.

Traffic Analysis
Provides traffic analysis tools, whether it is the internal user computer on/off status, network traffic instant display, protocol assignment and traffic leaderboard, when the line is fully loaded, you can immediately find the traffic murderer.

Application management [Optional 3rd party database (optional)]
Various network application softwares are not only difficult to manage, but also easier to become the best conduit for data leakage and virus attacks. NGS 5752HF has built-in multiple application management functions, including instant messaging, audio and video services, file transfer, P2P software, remote control, browser, VOIP, online games, network protocols, etc., which can easily control employees to use application software. Permissions to protect corporate network security.

Graphical traffic report
Provides a flow report of the WEB interface, and draws the historical state of the system into a chart, so that the administrator can keep abreast of the current system operation status. NGS 5752HF provides system status chart (including CPU load map, memory load map, system load), network traffic graph (LAN traffic, WAN1~WAN9 traffic), and provides query conditions to quickly search each traffic status history. .
 

VPN function
Use IPSec, PPTP, L2TP, and SSL VPN to secure connection between Site to Site, Point to Site, and remote users. Through these VPN mechanisms, users can connect to different devices, such as laptops, branch offices, business offices, mobile devices or homes, from different locations, including home and external public information service stations and the Internet. …Wait.
Among them, SSL VPN is the most important long-distance secure transmission connection between most enterprises, customers and partners.


HERHSIANG Android SSLVPN APP

Definition of UTM

IDC's definition of UTM security hardware devices is: It includes multiple security functions integrated into a single hardware device, which must include network firewalls, network intrusion detection and defense, and gateway antivirus. It is not necessary to use all the functions on this device, but it must be built in, and individual components cannot be cut.

In order to test these devices, NSS Group more clearly defines UTM devices as a single device combination of firewall, VPN, IDS / IPS, anti-virus, anti-spam, URL filtering, content filtering and other functions. The detailed definitions are as follows:

* Firewall: Deployed at the network boundary, a strong stateful NAT firewall is required.

* VPN: It is often deployed in corporate WAN as a branch network solution, and basically needs to be able to establish a small number of secure VPN tunnels.

* IDS / IPS: The firewall can only enforce policies. If the policy allows inbound HTTP traffic to the web server in the DMZ zone, the firewall cannot prevent hackers from damaging the target web server from the HTTP protocol. The IPS function will detect and block intrusions that attempt to use network boundaries to prevent malicious network traffic from reaching the server. The IDS function can detect intrusions and issue alerts, but it cannot block malicious traffic.

* Anti-virus: Gateway anti-virus filtering can prevent inbound virus traffic at the network boundary, strengthen computer desktop security, and block them before they reach the desktop. The solution can also prevent internal computers from being infected by viruses from outside the corporate network. .

* Anti-Spam: Gateway Anti-Spam can mark incoming emails and allow further processing by computer-filtered solutions. The solution prevents internal hosts from sending spam to outside the enterprise.

* URL filtering: Using a constantly updated database of URL classifications, a gateway URL filtering solution prevents employees from accessing unpleasant or inappropriate websites from the corporate network.

* Content filtering: Scans specific content of web pages and email traffic. Gateway content filtering solutions can prevent unpleasant or inappropriate content from passing through or being sent out by corporate networks.

File Download

HERHSIANG Information Co., Ltd.
TEL: 886-7-3494097 FAX: 886-7-3596785
EMAIL: 
service@herhsiang.com

             service@herhsiang.com.tw

3F, No.5, Dinghe St., Sanmin District, Kaohsiung City Taiwan

Hours Monday~Friday 8:30 AM ~ 6:00 PM
Copyright © 2002~2020