Family! It's almost the end of the year! Not only do the workers have to rush for their performance, but hackers have also begun to rush for their performance! The ICBC's subsidiary in the United States has been attacked by hackers, resulting in the interruption of some systems. Do you think hackers only attack large enterprises? No, a county hospital in Hubei Province was also attacked by large-scale hackers, and millions of important medical data disappeared directly.
The question is, in the face of extortion, do you pay the ransom or not? If you don't pay, important data will disappear and business will be suspended; pay, according to statistics, 80% of enterprises that pay ransom will be attacked by secondary extortion, falling into an endless loop.
In the face of such a large security risk, it is imperative to purchase a professional firewall, but as a small and medium-sized enterprise and small and micro enterprise, the cost is limited and the pocket is shy. Recently, my peers recommended two Xinhua three district and county security firewalls - H3C SecPath F1000-AK9120 and AK9150, which are safe, efficient, economical, and cost-effective.
Appearance: simple and elegant, exquisite and practical
From the point of view of appearance, AK9120 is 44 cm long, 23 cm wide, 1U high, the front panel from left to right is 1 console port, 1 USB interface, 2 Gigabit electrical port + 2 Gigabit optical port, 8 Gigabit electrical port, the left and right sides are honeycomb heat dissipation holes, and the power street is located on the rear panel of the whole machine.
AK9150 is a bit more complex than AK9120 design, 44 cm long, 36 cm wide, 1U high, the front panel from left to right are 2 hard disk expansion bits, 2 management network ports, 4 BYPASS ports, 18 Gigabit electrical ports, 8 combo ports, 2 10 Gigabit optical ports, 1 console port and 2 usb ports, the left and right sides are honeycomb heat dissipation holes, and the rear panel is equipped with two power ports.
AK9150 has one more power supply than AK9120, which can be switched to the standby power supply immediately when the main power supply fails, ensuring the normal operation of the equipment and the uninterrupted business; In addition, the AK9150 provides 8 electrical ports + 8 photoelectric multiplexing interfaces + 2 10 Gigabit optical interfaces on the basis of the AK9120, and configures 4 separate bypass ports to meet user interface and reliability requirements.
Performance: The throughput meets the daily needs and the security protection is more complete
Let's take a look at the parameters of the two firewalls, focusing on throughput, standby number, interfaces, storage, hard disks, and signature databases:
Let's look at the throughput first: throughput is the maximum ability of network equipment to process data packets in every second, we all know that the larger the throughput, the stronger the performance, AK9120 network layer throughput 1.5G, adaptive bandwidth 1G, which means that if there are 100 users surfing the Internet at the same time, each user can allocate 10Mbps bandwidth, and in actual work scenarios, 10Mbps bandwidth can almost meet the vast majority of employees' needs.
If you have 500 employees or more, or if the number of employees is small but the requirements for broadband are high, such as games or live broadcast companies, we recommend this AK9150, its network throughput is 3.5G, the adaptive bandwidth reaches 3G, and it can support more than 500 or even 800-1000 standby people.
In terms of storage, AK9120 has 2G memory, no separate hard disk, and this amount of memory is no problem at all to store the logs of small and medium-sized enterprises or institutions (when it is full, it will be overwritten, and it will meet compliance requirements with daily audits).
However, some enterprises or institutions have very high requirements for visual management, requiring long-term storage of massive log data, which requires hard disks, and it is best to have dual hard disks, which can form a RAID1 disk array, and RAID1 realizes data redundancy through hard disk data mirroring, improving read performance and data security.
Generally, 3U devices on the market can support dual hard disks, most 1U only support single hard disks, although AK9150 is a 1U device, but also do dual hard disks, which is very desirable.
Next, take a look at the signature database, the signature database is an important part of the firewall security protection system, the most concerned by enterprises or institutions is probably application identification, user identification, integrated intrusion prevention, security event analysis and other matters, in this regard, AK9120 and AK9150 have also been prepared;
Both products support AV anti-virus signature database, IPS intrusion prevention signature database, URL filtering signature database, TI threat intelligence, application identification, etc., with intrusion prevention reaching 20,000+, application identification 10,000+, antivirus 6 million+, and WAF library 5,000+. It can be said that the protection is in place, so that your data is invincible!
Cloud platform: Simple, easy to use and secure
After reading the hardware and parameters, the next step is to enter the operating system, which is the whole picture of the cloud platform, and the home page has a security center, an analysis center, a policy center, a configuration center, etc., let's expand them one by one.
Security Center: One-click processing of security threat events and traceability of risky hosts
Analysis center: For high-incidence security events such as mining and extortion, the cloud platform generates security event reports based on the security and audit logs reported by the gateway, through various threat analysis models such as association rules, machine learning Xi, threat intelligence, and UEBA.
Monitoring center: Real-time monitoring of device status, including device performance monitoring, uplink and downlink traffic monitoring, device interface monitoring, policy configuration rationality monitoring, etc., cloud experts periodically carry out intelligent inspection tasks, and output standardized inspection reports.
Policy Center: You can configure security policies for scheduled tasks, manage IPS, AV, VPN, and other policies, and deliver device configuration templates in a centralized manner.
Actual measurement: far beyond the industry average, the protection is more professional
After reading the shape, hardware, parameters and platform, what are the actual functions of these two firewalls, let's enter the actual testing link!
In the test, we conducted multiple rounds of stress testing and security defense tests on the two firewalls. The network throughput of the H3C SecPath F1000-AK9120 is nominal 1.5G, and the measured network throughput is 1.5G.
The network throughput of the H3C SecPath F1000-AK9150 is nominal 3.5G, and the measured network throughput can reach 3.7G.
In the new connection test, the nominal number of new connections on the AK9120 is 15,000, and the measured data is 16,000+. The nominal number of new connections on the AK9150 is 20,000, and the measured data is 24,000+.
In the concurrent connection test, the nominal number of concurrent connections of AK9120 is 1.1 million, and the measured data is 1.3 million+. The nominal concurrent connection digits of AK9150 are 2 million, and the measured data is 2.4 million+.
The results show that the H3C SecPath F1000-AK9120 and AK9150 perform very well in all tests, far exceeding the industry average in terms of network throughput and the number of new and concurrent connections.
In the actual virus protection test, we can see from the system logs in the background that both firewalls can automatically block and protect against viruses.
How to choose between the two products?
On the whole, these two products are specially developed by Xinhua 3 for the district and county markets, and do meet the needs of district and county market users (including but not limited to primary and secondary schools, city and county hospitals, district and county governments, enterprises, banks, hotels, communities and other industries).
Let's talk about the price that everyone is generally concerned about, AK9120 is suitable for branch enterprises or small and medium-sized enterprises or institutions with less than 300 people, its price is within 10,000 yuan, the specific price is slightly different according to the configuration, bank branches, catering enterprises, small chain stores use it to stand out!
In actual use, many enterprises use AK9120 as an exit firewall, fire departments use it to isolate internal and external networks, and some government agencies and residential areas use AK9120 to assume the function of information leakage prevention, which are all functions that users are already using.
AK9150 is relatively high-end, suitable for data-intensive enterprises or institutions with higher requirements for network performance and complex business, the price is less than 20,000 yuan, there are higher level of security requirements and conditions to engage in a tall one, AK9150 is recommended, it is definitely worth the money, and the sense of security is full.
In practice, some primary and secondary schools use AK9150 for campus network security coverage, district government affairs network for external network isolation, and hotels use AK9150 to upgrade firewalls and serve as network exits, with rich use scenarios.
epilogue
In short, whether it is an enterprise or institution that needs basic network security protection, or a growing user with high performance requirements for a large business volume, H3C firewall products can meet your needs and make the network security defense line more solid!