Table of Contents

1. Introduction to Amaranten Company

Amaranten is a multinational IT company specializing in network security product development and services. A branch of Amaranten (International) Group in Asia. The group is headquartered in Sweden and has strong corporate strength and technical advantages. It has been committed to the research and development and services of network security products for many years, and has multiple R&D centers around the world. institutions and sales network to provide different customers with the most advanced and specialized security products and services. At present, Amaranten has established offices in Beijing, Xi'an, Nanjing, Guangzhou, Chengdu and other places, and has extended sales We have gone to various provinces and cities across the country and established a sales and service platform across the country. It has been widely used in finance, telecommunications, education, radio and television, electric power, manufacturing and government industries, and has received unanimous praise from customers and has been widely used in Marseille, Lenovo, and Saigon. The excellent test results of large domestic laboratories such as DI show the excellent quality of Amarant products and the company's strong technical strength.

Amrit people are willing to work with partners through unremitting efforts* **We will do our best to contribute to the development of China's network security. Amaranten's goal is to serve China's information security industry and provide users with world-leading security products and comprehensive services.

2. Amaranten firewall product line and performance

2.1 Amaranten firewall performance parameters

Performance

F50-NP

F100-NP

F100UP

F100Pro

F300Pro

F600-UP

F600Pro

p>

F60

F1800

F3000

F5000

F5000Pro

Number of concurrent connections

p>

4,000

16,000

128,000

200,000

320,000

512,000

1,000,000

1,000,000

2,000,000

3,000,000

5,000,000

80,000,000

Throughput (Mbps)

50*

100*

120

200

400

800

1,000

1,5000

2,000

3,000

4,000

p>

16,000

Delay (μs)

≤30

≤30

≤30

< p>≤30

≤25

≤25

≤25

≤25

≤19< /p>

≤19

≤19

≤19

Number of firewall interfaces

4+6

4+6

4

6

8

6-14

6-14

6-14

6-14

6-14

6-14

5-40

Number of users

Unlimited

Unlimited

Unlimited

Unlimited

< p>Unlimited

Unlimited

Unlimited

Unlimited

Unlimited

Unlimited< /p>

Unlimited

Unlimited

Number of VLANs

None

None

256

256

512

1,024

1,024

1,024

2,048

p><

p>4,096

4,096

32,768

Number of rules

500

1,000

1,000

1,000

2,000

8,000

16,000

16,000

16,000

32,000

32,000

250,000

Number of routes

64

128< /p>

128

128

512

1,024

2,048

2,048

2,048

4,096

4,096

32,768

Number of VPN tunnels

15

30

120

120

1,200

1,600

2,000

< p>2,000

2,000

2,000

2,000

400,000

MTBF(hour)

30000

30000

30000

30000

40000

40000

40000

40000

50000

50000

50000

50000

Specifications (length*width*height)

157*210*30

157*210*30

238*435*44

238*435*44

238*435*44

435*435*44

435*435*44

170* 255*40

435*435*88

435*435*44

435*435*88

435*435* 88

2.2 Comparison of SME level F50-NP performance parameters with products of the same grade

Company

Product model

Throughput

Concurrency

Number of interfaces

Number of users

VPN throughput

Number of VPN tunnels

Amaranten

F50-NP

*50M

4000

4+6

Unlimited

20M

25

NetScreen

NS-5XT

70

2,000

5

10

20M

10

NS-5GT

75

2,000

5

10

20M

10

NS-5GT_Ex

75

4,000

5

Unlimited

20M

25

Cisco

PIX-501-50

60M

7,500

2+4

50

6M

10

PIX-501-10

60M

7,500

2 +4

10

6M

10

Nokia

<

p>IP40-U

70M

3

Unlimited

15M

10

< p>*F50-NP throughput can be upgraded to 75M

2.3 SME level F100-NP&F100-UP performance parameters compared with products of the same grade

Company

Products Model

Throughput

Concurrency

Number of interfaces

Number of users

VPN throughput

Number of VPN tunnels

Amaranten

F100-NP

*100M

16,000

4+ 6

Unlimited

40M

100

F100-UP

120M

128,000

4

Unlimited

95M

120

NetScreen

NS- 25

100M

32,000

4

Unlimited

20M

125< /p>

Cisco

Pix-506E

100M

25,000

2

Unlimited< /p>

16M

25

Nokia

IP130

102M

100,000

3

Unlimited

13M

*F100-NP throughput can be upgraded to 200M

2.4 CorpXpres Series F100- Comparison of Pro performance parameters with products of the same grade

Company

Product model

Throughput

Concurrency

Interface Quantity

Number of users

VPN throughput

Number of VPN tunnels

Amaranten

F100-Pro

p>

200M

200,000

6

Unlimited

95M

120

NetScreen

NS-25

170M

64,000

4

Unlimited

45M

500

Cisco

Pix-515E-UR

188M

130,000

p>

2-6

Unlimited

63M

2,000

Nokia

Nokia does not have this Comparison of 2.5 CorpXpres series F300-Pro performance parameters with products of the same grade

Company

Product model

Throughput

p>

Concurrency

Number of interfaces

Number of users

VPN throughput

Number of VPN tunnels

Amaranten

F300-Pro

400M

320,000

8

Unlimited

130M

1,200

NetScreen

NS-204

400M

128,,000

4

Unlimited

200M

1,000

Cisco

Pix-525-UR

330M

280,000

2-6

Unlimited

145M

2,000

Nokia

IP350

400M

128,000

< p>4

Unlimited

60M

2,000

2.6 Comparison of performance parameters of EntXpress series F600-UP with products of the same grade

Company

Product model

Throughput

Concurrency

Number of interfaces

Number of users< /p>

VPN Throughput

Number of VPN Tunnels

Amaranten

F600-UP

800M

< p>512,000

6-14

Unlimited

600M

1,600

NetScreen

< p>NS-208

550M

128,000

8

Unlimited

200M

< p>1,000

NS-500

700M

250,000

12

Unlimited

< p>250M

5,000

Cisco

Cisco does not have this product

Nokia

IP530

507M

128,000

4

Unlimited

115M

2,000

< p>IP380

600M

128,000

6

Unlimited

90M

2,000

2.7 Comparison of EntXpress series F600-Pro&F60 performance parameters with products of the same grade

Company

Product model

Throughput

Concurrency

Number of interfaces

Number of users

VPN throughput

Number of VPN tunnels

Amaranten

F600-Pro

1,000M

1,000,000

6-14

Unlimited

800M

2,000

F60

1,500M

1,000,000

6-14

Unlimited

1,000M

2,000

NetScreen

ISG1000

1,000M

250,000

4 -8

Unlimited

1,000M

2,000

Cisco

p>

PIX-535-UR

1,700M

500,000

2-8

Unlimited

< p>440M

2,000

Nokia

IP710

1,300M

128,000

4

Unlimited

139M

2,000

2.8 TelcoXpress Series F18

00&F3000 performance parameters compared with products of the same grade

Company

Product model

Throughput

Concurrency

Interface Quantity

Number of users

VPN throughput

Number of VPN tunnels

Amaranten

F1800

2,000M

2,000,000

6-14

Unlimited

1,000M

2,000

p>

F3000

3,000M

3,000,000

6-14

Unlimited

1,000M

2,000

NetScreen

ISG2000

2,000M

512,000

8< /p>

Unlimited

1,000M

10,000

Cisco

Cisco does not have this product

Nokia

IP740

2,000M

500,000

4

Unlimited

139M

10,000

2.9 TelcoXpress series F5000 performance parameters compared with products of the same grade

Company

Product model

Throughput

Concurrency

Number of interfaces

Number of users

VPN throughput

Number of VPN tunnels< /p>

Amaranten

F5000

4,000M

5,000,000

6-14

Unlimited

1,000M

2,000

NetScreen

Netscreen does not have this product

Cisco

< p>Cisco does not have this product

Nokia

IP1260

4,200M

1,000,000

4

Unlimited

800M

Comparison of performance parameters of 2.10 super carrier-grade product F5000-Pro with products of the same grade

Company

Product model

Throughput

Concurrency

Number of interfaces

Number of users

VPN throughput

p>

Number of VPN tunnels

Amaranten

F5000-Pro

16,000M

5,000,000

5-40

Unlimited

16,000M

400,000

NetScreen

NS-5200

10,000M

1,000,000

8

Unlimited

5,000M

30,000

NetScreen

NS-5400

30,000M

1,000,000

24

Unlimited

15,000M

30,000

Cisco

FWSM module

5,000

1,000,000

100(VLAN)

Unlimited

n/a

n/a

Nokia

Nokia does not have this product

The 5000Pro firewall launched by Amaranten is today’s most popular firewall The world's fastest firewall. The product has been successfully applied in the networks of major telecom operators in Europe.

The following is its diagram:

Platform architecture

< p>Supports up to eight high-performance ASIC-accelerated boards

Each board supports 2G clear and secret throughput

Each board supports 4+1 One network port, four Gigabit ports, and one SFP

The management card is located on the backplane of the industrial computer and does not occupy a slot

The backplane also has a network port aggregation card, which can Supports eight 100M electrical ports, SFP, or 10G ports

Important technical parameters

Firewall open pass throughput 16Gbps

IPSEC secret pass throughput 16Gbps< /p>

80 million simultaneous connections

550,000 large package PPS

400,000 maximum number of VPN channels

Supports 32,768 VLAN interfaces

p>

Supports up to 8000 virtual routing systems

GAN compatible, supports 3G network security requirements

Fully supports IKEv2 and EIP-SIM

Three, Composition of Amaranten Firewall

3.1 Amaranten Firewall Hardware

Amaranten Firewall uses proprietary hardware, high-performance CPU and large-capacity memory guarantee High performance of hardware. Among them, Amaranten NP series adopts NP hardware architecture; products above 600UP adopt ASIC technology.

3.2 Amaranten Firewall Core

Amrit Ruite firewall is a "systemless kernel", that is, the firewall does not have an operating system, so there will be no vulnerabilities of general operating systems, thereby ensuring the security of the firewall at the bottom level; at the same time, because the operating system needs to be continuously maintained and upgraded, there is no need to The operating system does not have such problems, which also eliminates the problem of damage to the firewall function and performance due to system upgrades and patches.

After the Amaranten firewall kernel is started, it can directly manage all the hardware of the firewall. (CPU, network card, bus, etc.), it can take over and process the firewall data from the hardware device at the bottom layer, making use of all possible hardware performance, while reducing the operating system overhead, so it can process data as quickly as possible, so that It has become one of the fastest firewalls on the market.

3.3 Amaranten Firewall Manager

The function of Amaranten Firewall Manager is to manage the firewall , configuration, log query, and up to 30,000 firewalls can be centrally managed at the same time.

3.4 Amaranten Firewall Log Server

The role of Amaranten Firewall Log Server It is to receive and store firewall logs.

3.5 Introduction to other firewall hardware and kernels

Manufacturers

Introduction

Amaranten Firewall Advantages

Juniper

Juniper firewall uses a dedicated operating system platform and solidifies the operating system on a dedicated chip (ASIC).

Amaranten So far, the firewall kernel files are less than 2M, which is smaller than Juniper, so there is not much difference between the two in terms of performance; but it is better than Juniper in terms of flexibility and scalability.

Cisco

< p>Cisco PIX firewall uses a secure black box, non-UNIX system, and is an X86 structure.

Amaranten 600 series uses ASIC architecture, and NP series uses NP architecture.

Amaranten So far, the core files of Murite firewall are less than 2M, which is smaller than Cisco, so it is better than Cisco in terms of performance; it is better than Cisco in terms of functions and management convenience; and Cisco firewall is different in VPN encryption algorithm ( Such as DES and 3DES) require different licenses and different memory sizes to support them. Amaranten firewall does not have such restrictions.

NOKIA

NOKIA firewall uses NOKIA’s hardware platform. The software uses Check P

oint.

Amaranten firewall core files are smaller than 2M so far, which is much smaller than NOKIA firewall, so its performance and latency are better than NOKIA’s; its functions and management convenience are better than NOKIA’s. NOKIA is strong; while NOKIA firewalls are purchased according to interface type, number of interfaces, software and number of users, Amaranten firewalls have no such restrictions.

Four. Technical features of Amaranten firewalls

p>

In addition to being a professional firewall device, Amaranten Firewall also has powerful routing functions and professional-level bandwidth management functions. Its technical features are summarized as follows:

Full Fangbian Security Protection

Powerful routing function

Professional bandwidth management

Flexible network access

Rich VPN functions

p>

Convenient graphical management

Minute network logs

4.1 Comprehensive security protection

Block intruder attacks and protect users' networks Normal operation is the most basic responsibility of a firewall. Amaranten Firewall provides comprehensive security protection. For example:

4.1.1 Stateful Inspection Firewall

Amaranten Firewall All protocols can perform status detection and filtering, and directly process the data in the group; it has a complete status detection table to track the connection session status, and comprehensively determines whether to allow the data packet to pass based on the relationship between the previous and previous groups. Faster and more secure filtering through connection status. Therefore, it can prevent fake IP attacks, prevent abnormal connections and improve firewall efficiency.

4.1.2 Flexible access control

A The granularity that the Murite firewall can control is very fine, and it can control access to the following information:

Source and destination address

Source and destination interface

IP protocol number

TCP and UDP port number

Port range

ICMP message type

Options available in both IP and TCP Type

IP and TCP tag combination

VLAN information

Time

Interfaces of the firewall (including physical and logical interfaces)

Access content

Accessed file types

Access control can be said to be the basic function of the firewall. The difference is that Juniper, Nokia and PIX cannot support the firewall interface, IP and Options in TCP and user access file types are used for access control

4.1.3 User authentication

Amaranten Firewall supports local user database authentication, RADIUS authentication, and LDAP authentication.

p>

Juniper supports local user base authentication, RADIUS authentication, LDAP authentication, RSA, SecurIP.

Cisco supports local user base authentication, RADIUS authentication, TACACS.

NOKIA supports Local user database authentication, RADIUS authentication.

The difference is that when Amaranten Firewall performs user authentication, you can set multiple logins per user name, or you can set one login per user name. This function is as follows As shown in the figure:

4.1.4 Powerful ability to resist attacks

Amaranten Firewall provides powerful defense functions against hacker attacks:

Prevent hackers from attacking OS Fingerprinting and Firewalking attempts

Prevent hackers from TCP/UDP port scanning of the network

Prevent hackers from synchronous attacks on the network

Prevent hackers from ICMP attacks on the network flood attack

Prevent hackers from UDP flood attacks on the network

Prevent hackers from pinging attacks on the network

Prevent hackers from pinging IP addresses of the network Spoofing (IP spoofing) attack

Prevent hackers from port scanning the network (Port scan)

Prevent hackers from land attacks on the network (Land attack)

Prevent Tear drop at

tack)

Filter IP source route option to prevent hackers from attacking the network (Filter IP source route option)

Prevent hackers from IP address sweep attack on the network

p>

Prevent hackers from using WinNuke attack on the network

Prevent hackers from using Java/ActiveX/Zip/EXE on the network

Prevent hackers from rejecting the default packet of the network (Default packet deny) attacks

Prevent hackers from Dos & DDoS attacks on the network

User-defined bad URLs

Prevent hackers from per-source session limiting attacks on the network< /p>

Prevent syn fragments attacks by hackers on the network

Prevent syn and fin bit set attacks by hackers on the network

Prevent No flags in TCP attacks by hackers on the network< /p>

Prevent hackers from FIN with no ACK attacks on the network

Prevent hackers from ICMP fragment attacks on the network

Prevent hackers from using Large ICMP on the network

< p>Prevent hackers from accessing the network's IP source route

Prevent hackers from accessing the network's IP record route

Prevent hackers from accessing the network's IP security options

Prevent hackers from accessing the network's IP record route

Prevent hackers from accessing the network's IP record route

Prevent hackers from accessing the network's IP record route Network IP timestamp

Prevent hackers from attacking the network's IP stream

Prevent hackers from attacking the network's IP bad options

Prevent hackers from attacking the network's Unknown protocols

Resisting hacker attacks is also the basic function of a firewall, but Amaranten firewalls use different principles from other firewalls to resist attacks.

Other firewalls

Passed Set a threshold for attack prevention. For example, if each IP receives less than 2,000 SYN messages per second, it is considered normal, and if it exceeds it, it is considered an attack. Therefore, it is difficult to resist DDOS attacks chronically. (For example: many IPs receive 1,500 SYN attacks per second)

Relying on a general-purpose OS, the OS has insufficient resistance to attacks; and there must be overhead between the firewall software and the OS, consuming system resources

Amaranten Firewall

Using similar proxy technology for attack prevention, a connection must be established with the firewall first, and then the firewall will connect to the host. The attack will not reach the host through the firewall

Dedicated kernel, no OS overhead, improves itself Anti-attack ability

The design fully considers the system's ability to resist attacks and reserves firewall system resources. The CPU utilization will not reach 100% under any circumstances

4.1.5 URL Filtering

Amaranten Firewall supports URL filtering.

Juniper supports URL filtering.

NOKIA does not support URL filtering.

Cisco PIX Firewall URL filtering is provided with the NetPartners Websense product. PIX Firewall inspects outgoing URL requests against policies established on the Websense server, running on Windows NT or UNIX. Websensen version 4 is supported in PIX Firewall version 5.3 and later .

Based on the response from the NetPartners Websense server, PIX Firewall accepts or denies the connection. This server checks the requests to ensure that they do not have 17 Web site characteristics that are not suitable for commercial use. Because URL filtering is on a standalone platform Therefore, it will not bring any other performance burden to PIX Firewall.

4.2 Powerful routing function

The routing function of Amaranten Firewall is very powerful.

Yes, it can support up to 4096 static routes. In addition, it also supports policy routing, dynamic routing and virtual routing.

4.2.1 Policy routing

Amaranten firewall can be based on different Policies define different routes, so different routes can be defined based on source address, service, time, etc. This allows you to connect to multiple ISPs without the need for other devices and be applied to multiple exit environments. At the same time, you can control the routing direction of data packets. Make a selection. This function is shown in the figure below:

The difference is that policy routing can support WEB Cache (for example: free Squid) to achieve the purpose of using free software to implement URL filtering and application proxy. At the same time Can be used as a server to support virus scanning, etc.

Juniper supports policy routing, which only does source address, source IP, source port, destination address, destination IP, destination port. But it cannot route time or data packets direction for policy routing.

Cisco does not support policy routing.

NOKIA supports policy routing.

4.2.2 Route backup

Amaranten firewall can achieve redundancy between ports, which can ensure that business will not be interrupted due to the interruption of one link. This function is shown in the figure below:

4.2.3 support OSPF V2 Dynamic Routing

Amaranten Firewall fully supports the OSPF routing protocol and fully complies with the provisions of the RFC document for the OSPF protocol. Therefore, it can be comparable to the OSPF of professional routers, and at the same time supports the transparent launch of the OSPF protocol. OSPF OVER IPSEC, etc.

OSPF of Amaranten Firewall is defined according to RFC 2328, supports OSPF version 2, and can also support the earlier version RFC 1538. It can do OSPF with CISCO, Nortel and other equipment .

The difference is that the OSPF HELLO packet can be analyzed through the log software that comes with the Amaranten firewall; even if the firewall is working in transparent mode, the OSPF protocol can also be run; in a VPN network environment It also supports the operation of the OSPF protocol.

Juniper Firewall OSPF is enabled based on virtual routers. According to the definition of RFC 2328, it supports OSPF version 2 and can also support the earlier version RFC 1538. It is also supported in a VPN network environment. The operation of the OSPF protocol.

NOKIA supports the OSPF protocol. The standard adopted is RFC 2328 and does not support the earlier version RFC 1538.

Cisco PIX firewall does not support the OSPF protocol.

4.2.4 Support virtual router/system

Amaranten firewall supports virtual firewall function, which is implemented through loopback interface group. The firewall version is required to be above 8.5.

NOKIA supports the virtual firewall function.

Juniper virtual firewall logically divides multiple virtual systems to provide multi-client hosting services. Each virtual system (VSYS) is a unique security domain. And can have its own management source, administrators can set their own address book, user list, custom services, VPN, policies to personalize their own security. Virtual systems can be implemented in two ways: based on VLAN and based on IP. It is supported only if it is above 204. 5200 and 5400 can support up to 500.

Cisco PIX supports the virtual firewall function, but the firewall version is required to be 7.0 or above.

4.2.5 Support for VLAN

All models of Amaranten firewalls support VLAN.

Cisco firewalls must be model 515 or above to support VLAN.

Juniper The firewall must be above the 25 advanced version to support VLAN.

The NOKIA firewall must be above the 130 model to support VLAN.

4.3 Professional bandwidth management

In addition to comprehensive security protection and powerful routing functions, Amaranten Firewall also has professional bandwidth management functions.

Amaranten Firewall supports Amaranten Firewall can be based on IP, Based on server

Bandwidth management is based on services, based on interfaces, based on group information, based on VLAN information, VPN connections and other information. And the load balancing of data packets can be achieved within the pipeline to ensure the service quality of important data. Through QoS/CoS settings, you can perform:

· Bandwidth limit

· Bandwidth guarantee

· Priority control (0-7, 8 priority levels)

· Dynamic traffic balancing

This function is shown in the figure below:

In general, Amaranten Firewall has the following characteristics when performing bandwidth management:

Provides CoS/QoS functions by defining pipes

There is no limit on the number of pipes

The bandwidth management setting accuracy is 1Kbps

Bandwidth limitation and bandwidth guarantee are available , Dynamically balanced bandwidth

There is no "starvation" phenomenon when managing large differences in bandwidth

Bandwidth management can be performed separately for uploaded and downloaded data

Mingtong , all secretly communicated data can be managed for bandwidth

Bandwidth management can be based on interface, VLAN, IP address, service, time, etc.

Juniper, Cisco, and NOKIA firewalls cannot guarantee bandwidth. , dynamic traffic balancing. At the same time, the accuracy of bandwidth management is relatively rough (64kbps).

4.4 Flexible network access

Amaranten firewall is very flexible in network access , the specific features are as follows:

Transparent, routing, hybrid access

Transparent + routing under the same interface

Source address and destination address are converted at the same time

p>

Symmetric interface design

4.4.1 Routing, transparent and mixed working modes

Amaranten firewall supports routing, transparent and mixed working modes.< /p>

Juniper only supports routing and transparent modes.

Cisco only supports routing working mode and transparent mode (requires firewall version 7.0 or above).

NOKIA only Supports routing and transparent modes.

The difference is that Amaranten firewall can achieve the same functions in transparent mode as in routing mode, such as supporting NAT, VLAN, VPN, OSPF, HA in transparent mode and virtual firewall and other functions.

4.4.2 Transparent + Routing under the same interface

Amaranten Firewall supports transparent + NAT under the same network interface, as shown in the figure:< /p>

Firewall if2 is connected to 2 network segments, and if2 is also configured with addresses of 2 different network segments. One of the addresses of if1 and if2 is on the same network segment, and the other address is on a different network segment. In this way, if1 and if2 of the firewall are transparent + routing at the same time.

Juniper, Cisco and NOKIA do not support this function.

4.4.3 Symmetric interface design

The interfaces of Amaranten firewalls are all symmetrically designed, so any interface can be an intranet, an external network or a DMZ zone. Therefore, it can be used as multiple intranets, multiple external networks or multiple DMZ zones.

4.4.4 Access Mode

Amaranten firewall supports ADSL, DHCP Client, fixed IP address, multiple ADSL line dialing, and ADSL on-demand dialing. This function As shown in the figure below:

Juniper does not support multiple ADSL line dialing.

Cisco does not support multiple ADSL line dialing, ADSL dialing on demand.

NOKIA It does not support multiple ADSL line dialing, ADSL dialing on demand. But NOKIA supports FDDI, ISDN, Token Ring, Serial (X.35 and X.21), T1, E1, HSSI interface.

4.5 Rich VPN functions

Amaranten Firewall VPN has the following functions:

1. VPN__Client’s NAT device traversal

2. VPN__Client can dial up through DHCP The server dynamically obtains the address

3. VPN__Client can also dial up automatically.

I have manually set a virtual IP address, and can conduct two-way communication with intranet users

4. VPN__Client dial-up can not only authenticate through Pre-Share KEY, but also perform XAuth for username and password. Verification (via RADIUS database)

5. VPN__Client can also perform user authentication through certificates when dialing up, and supports certificates issued by the CA server or self-signed certificates generated by yourself

6 , VPN__Client can not only dial the external public IP address of the firewall to establish a VPN tunnel, but can also dial a dynamic domain name to establish a tunnel.

7. The VPN between sites supports Pre-Share KEY to verify identity. It can also support certificates issued by CA servers or self-signed certificates generated by yourself

8. VPN between sites. Supports star VPN interconnection

9. VPN between sites Supports traversal of NAT devices

10. VPN between sites supports the establishment of ADSL dynamic address VPN tunnels

11. VPN between sites supports fully open encryption protocols and Life cycle debugging, IKE proposal and IPSec encryption and transmission methods can be debugged, and VPN tunnels can be established with other VPN devices

12, fully supporting PPTP, L2TP and GRE encapsulated VPN technologies

13, supports the establishment of multiple VPN tunnels between two sites and achieves backup between tunnels

Juniper, Cisco and NOKIA do not support VPN between sites and support ADSL dynamic addresses Establishment of VPN tunnels.

Cisco and NOKIA do not support the establishment of multiple VPN tunnels between two sites, and backup between tunnels is achieved.

Cisco firewalls are sold in China The firewall encryption algorithm only supports DES and does not support 3DES, mainly because the US government does not allow it and requires a fee. However, firewalls sold in Europe support DES and 3DES, and they are free.