Family!It's almost the end of the year!Not only do workers have to rush performance, but hackers have also begun to rush performance!ICBC's U.S. subsidiary was hacked, resulting in some system disruptions. Do you think hackers only attack big businesses?No, a county hospital in Hubei was also attacked by large-scale hackers, and million-level important medical data disappeared directly.
The question arises, do you pay the ransom or not pay it in the face of blackmail?If you don't pay, important data will disappear and your business will be shut downAccording to statistics, 80 companies that pay ransom will be attacked by a second extortion, falling into an endless loop.
In the face of such a large security risk, it is imperative to purchase a professional firewall, but as a small and medium-sized enterprise and small and micro enterprise, the cost is limited and the pocket is shy. Recently, peers recommended two Xinhua three district and county security firewalls - H3C SecPath F1000-AK9120 and AK9150, said to be safe, efficient and economical, cost-effective, has been used by many users, today let's test!
Appearance: simple and elegant, exquisite and practical.
From the point of view of appearance, AK9120 is 44 cm long, 23 cm wide, 1U high, the front panel from left to right is 1 console port, 1 USB interface, 2 gigabit electrical port + 2 gigabit optical port, 8 gigabit electrical port, the left and right sides are honeycomb heat dissipation holes, and the power street entrance is in the rear panel position of the whole machine.
AK9150 is a bit more complex than AK9120 design, 44 cm long, 36 cm wide, 1U high, the front panel from left to right are 2 hard disk expansion bits, 2 management network ports, 4 bypass ports, 18 Gigabit electrical ports, 8 COMBO ports, 2 10 Gigabit optical ports, 1 console port and 2 USB ports, the left and right sides are honeycomb heat dissipation holes, and the rear panel is equipped with two power ports.
To put it simply, both products are very simple and practical design, both space-saving and beautiful, AK9150 has one more power supply than AK9120, when the main power supply fails, it can be immediately switched to the standby power supply, to ensure the normal operation of the equipment, business is not interrupted;In addition, the AK9150 provides 8 electrical ports + 8 photoelectric multiplexing interfaces + 2 10 Gigabit optical interfaces on the basis of AK9120, and is equipped with 4 separate bypass ports to meet user interface and reliability requirements.
Performance: The throughput meets the daily needs and the security protection is more complete.
Next, let's take a look at the parameters of the two firewalls, let's focus on throughput, standby number, interfaces, storage, hard disks, and signature databases
Let's look at the throughput first: throughput is the maximum ability of a network device to process packets in every second, we all know that the greater the throughput, the stronger the performance, AK9120 network layer throughput 15G, with an adaptive bandwidth of 1G, means that if 100 users access the Internet at the same time, each user can allocate 10Mbps of bandwidth, and the 10Mbps bandwidth can almost meet the vast majority of employees' needs in actual working scenarios.
If you have 500 employees or more, or if you have a small number of employees but have high broadband requirements, such as gaming or live streaming companies, we recommend this AK9150, which has a network throughput of 35G, with an adaptation bandwidth of 3G, can support more than 500 or even 800-1000 standby people.
In terms of storage, AK9120 has 2G memory, no separate hard disk, and this amount of memory is no problem for storing the logs of small and medium-sized enterprises or institutions (it is overwritten when it is full, and it meets compliance requirements with daily audits).
However, some enterprises or institutions have very high requirements for visual management and need long-term storage of massive log data, which requires hard disks, and it is best to have dual hard disks, which can form a RAID1 disk array, and RAID1 realizes data redundancy through hard disk data mirroring, improving read performance and data security.
Generally, 3U devices on the market can support dual hard disks, and most 1U only support single hard disks, although AK9150 is a 1U device, it also achieves dual hard disks, which is very desirable.
Next, take a look at the signature database, the signature database is an important part of the firewall security protection system, enterprises or institutions are most concerned about application identification, user identification, integrated intrusion prevention, security event analysis and other matters, in this regard, AK9120 and AK9150 have also been prepared;
Both products support ** anti-virus signature database, IPS intrusion prevention signature database, URL filtering signature database, TI threat intelligence, application identification, etc., with intrusion prevention reaching 20,000+, application identification 10,000+, antivirus 6 million+, and WAF library 5,000+. It can be said that the protection is in place, so that your data is invincible!
Cloud platform: Simple, easy to use and secure.
After reading the hardware and parameters, the next step is to enter the operating system, which is the whole picture of the cloud platform, and the home page has a security center, an analysis center, a policy center, a configuration center, etc., let's expand them one by one.
Security Center: One-click processing of security threat events and traceability of risky hosts.
Analysis Center: For high-incidence security events such as mining extortion, the cloud platform generates security incident reports based on security and audit logs reported by the gateway, through correlation rules, machine learning, threat intelligence, UEBA and other threat analysis models.
Monitoring center: Real-time monitoring of device status, including device performance monitoring, uplink and downlink traffic monitoring, device interface monitoring, policy configuration rationality monitoring, etc., cloud experts periodically carry out intelligent inspection tasks, and output standardized inspection reports.
Policy Center: You can set scheduled tasks for security policy configuration, manage policies such as IPS and VPN, and deliver device configuration templates in a centralized manner.
Actual measurement: far beyond the industry average, the protection is more professional.
After reading the shape, hardware, parameters and platform, what are the actual functions of these two firewalls, let's enter the actual testing link!
In the test, we conducted multiple rounds of stress testing and security defense tests on the two firewalls. Network throughput of the H3C SecPath F1000-AK9120 is nominal 15G, measured 15g。
Network throughput of H3C SecPath F1000-AK9150 is nominal 35G, the measured can reach 37g。
In the new connection test, the nominal number of new connections on the AK9120 is 15,000, and the measured data is 16,000+. The nominal number of new connections on AK9150 is 20,000, and the measured data is 24,000+.
In the concurrent connection test, the nominal number of concurrent connections of AK9120 is 1.1 million, and the measured data is 1.3 million+. The AK9150 has 2 million nominal concurrent connection digits, and the measured data is 2.4 million+.
The results show that the H3C SecPath F1000-AK9120 and AK9150 perform very well in all tests, far exceeding the industry average in terms of network throughput and the number of new connections and concurrent connections.
In the actual virus protection test, we can see from the system logs in the background that both firewalls can automatically block and protect against viruses.
How to choose two products?
On the whole, these two products are specially developed by Xinhua 3 for the district and county markets, and do meet the needs of district and county market users (including but not limited to primary and secondary schools, city and county hospitals, districts and counties, enterprises, banks, hotels, communities and other industries).
Let's talk about the general concern of the **, AK9120 is suitable for branch enterprises or small and medium-sized enterprises or institutions with less than 300 people, it's ** within 10,000 yuan, the specific ** according to the configuration is slightly different, bank branches, catering enterprises, small chain stores use it to achieve outstanding results!
In actual use, many enterprises use AK9120 as an exit firewall, the fire department is used to isolate the internal and external networks, and some institutions and residential areas use AK9120 to undertake the function of information leakage prevention, which are all functions that users have been using.
AK9150 is relatively high-end, suitable for data-intensive enterprises or institutions with higher requirements for network performance and complex business, **20,000 or less, there are higher level of security requirements and conditions to engage in a tall one, AK9150 is recommended, it is definitely worth the money, and the sense of security is full.
In actual use, some primary and secondary schools use AK9150 for campus network security coverage, district government affairs network for external network isolation, and hotels use AK9150 to realize firewall transformation and upgrading, serving as a network exit, with rich use scenarios.
Epilogue. In short, whether it is an enterprise or institution that needs basic network security protection, or a growth user with high performance requirements for a large business volume, H3C firewall products can meet your needs and make the network security defense line more solid!