NexG FW

Share this Post

NexG FW

Overview

NexG FW is a next generation firewall that delivers an unmatched level of protection with key security features such as rigorous application detection/management and user-based policy management, integrating the firewall, VPN, and IPS into one. NexG FW is registered on KONEPS, the Korea ON-line E-Procurement System.

Due to the rapidly developing mobile environment, web, and applications, existing firewall’s IP and port-based security systems no longer allow thorough protection against threats. To take proper measures against these threats, switching to a next-generation firewall is critical.
NexG FW delivers highly effective protection with load-balancing and other key security features such as application detection/control and user-based policy management.

Application & user recognizing security control

NexG FW adopted 7-tuple policies (5-tuple polices with application & user recognition) to allow granular and flexible policy publication. You can keep existing firewall policies while using NexG FW’s application and user control.

High performance achieved by load-balancing

NexG FW handles large-scale traffic safely without performance degradation by providing load balancing through DDR (Dynamic Distribute RSS (Receive Side Scaling)) and Off-Load. It delivers unmatched performance by dynamically distributing loads to multiple cores according to the network state’s change to prevent unbalanced loading.

Convenient user interface

Hansol NexG has developed a convenient UI by analyzing a number of UIs created by worldwide vendors. A number of convenient searching functions and drag-and-drop ability reduce the required effort and deliver an optimized interface for users.

up-bullet  Back to Top

Key Features

nexG_FW_Key Features

VPN

IKE v1, v2
Standard authentication∙encryption algorithm
xDSL multi-line Load balancing and Bonding to enhance line availability
Convenient VPN configuration enabled by multi-tunneling
Supports client VPNs on mobile (Android, iOS) and PC (Windows)

IPv6

IPv6 address-based policy management
Tunneling (6to4, ISATAP)
DAD (Duplicate Address Detection), RA (Router Advertisement)
IPv6 Routing
IPv6 IPsec
IPv6 IPS detection

DNS Server

Zone Transfer available
Split DNS available
Domain’s internal address leakage prevention

QoS

Traffic priority, restriction, guarantee, directivity
QoS for IP/Port/Protocol/Application/user policies
QoS for IPS profile patterns

HA (High Availability)

Without L4 Switch/Active-Active configuration available
VRRP-based N+M HA configuration
Easy HA configuration utilizing machine identification number and Cluster ID
Auto session/SA synchronization and many other configuration sync functions triggered by a state change

Management

Real-time monitoring on dashboard
Intuitive graphic data analysis and a variety of reports

up-bullet  Back to Top

Specs

NexG FW 600
Image NexG_FW_600
CPU 2 Core
Memory 4 GB
Storage HDD 500GB
SSD -
Flash 4GB
Network
Interface
10/100/1000 BASE-TX 8
1000 BASE-X -
10G Base-R -
Module Slot -
MGMT Ports -
Console 1 (RJ-45)
Firewall Throughput(MAX)  6G
VPN Tunnel(MAX) 10,000
Sessions(MAX) 1,500,000
Power Single
Dimensions(WxHxD mm) 438 x 44 x 292
Weight(kg) 4
Rack mountable YES
Temperature 0 ~ 40º C
Humidity 20~90%(non-condensing)
NexG FW 1600 R2
Image NexG_FW_1600
CPU 4 Core
Memory 8 GB
Storage HDD 1TB
SSD -
Flash 4GB
Network
Interface
10/100/1000 BASE-TX 8
1000 BASE-X 4
10G Base-R -
Module Slot -
MGMT Ports -
Console 1 (RJ-45)
Firewall Throughput(MAX)  10G
VPN Tunnel(MAX) 10,000
Sessions(MAX) 2,500,000
Power Single
Dimensions(WxHxD mm) 438 x 44 x 292
Weight(kg) 4
Rack mountable YES
Temperature 0 ~ 40º C
Humidity 20~90%(non-condensing)
NexG FW 2600
Image NexG_FW_2600
CPU 4 Core
Memory 12 GB
Storage HDD 2TB
SSD 256GB
Flash 4GB
Network
Interface
10/100/1000 BASE-TX MAX 16
1000 BASE-X MAX 8
10G Base-R -
Module Slot 2
MGMT Ports -
Console 1 (RJ-45)
Firewall Throughput(MAX)  16G
VPN Tunnel(MAX) 30,000
Sessions(MAX) 3,500,000
Power Redundant
Dimensions(WxHxD mm) 431 x 44 x 468
Weight(kg) 7
Rack mountable YES
Temperature 0 ~ 40º C
Humidity 5~90%(non-condensing)
NexG FW 3600
Image NexG_FW_3600
CPU 8 Core
Memory 16 GB
Storage HDD 2TB
SSD 256GB
Flash 4GB
Network
Interface
10/100/1000 BASE-TX MAX 32
1000 BASE-X MAX 32
10G Base-R MAX 8
Module Slot 4
MGMT Ports 1
Console 1 (RJ-45)
Firewall Throughput(MAX)  40G
VPN Tunnel(MAX) 50,000
Sessions(MAX) 7,000,000
Power Redundant
Dimensions(WxHxD mm) 438 x 44 x 580
Weight(kg) 16
Rack mountable YES
Temperature -
Humidity 5~90%(non-condensing)
NexG FW 4600
Image NexG_FW_4600
CPU 12 Core
Memory 32 GB
Storage HDD 2TB
SSD 256GB
Flash 4GB
Network
Interface
10/100/1000 BASE-TX MAX 64
1000 BASE-X MAX 64
10G Base-R MAX 16
Module Slot 8
MGMT Ports 1
Console 1 (RJ-45)
Firewall Throughput(MAX)  80G
VPN Tunnel(MAX) 70,000
Sessions(MAX) 10,000,000
Power Redundant
Dimensions(WxHxD mm) 444 x 87.7 x 600
Weight(kg) 25
Rack mountable YES
Temperature 0 ~ 40º C
Humidity 5~90%(non-condensing)
NexG FW 5600 R1
Image NexG_FW_5600
CPU 20 Core
Memory 64 GB
Storage HDD 2TB
SSD 256GB
Flash 4GB
Network
Interface
10/100/1000 BASE-TX MAX 64
1000 BASE-X MAX 64
10G Base-R MAX 16
Module Slot 8
MGMT Ports 1
Console 1 (RJ-45)
Firewall Throughput(MAX) 160G
VPN Tunnel(MAX) 90,000
Sessions(MAX) 20,000,000
Power Redundant
Dimensions(WxHxD mm) 444 x 87.7 x 600
Weight(kg) 25
Rack mountable YES
Temperature 0 ~ 40º C
Humidity 5~90%(non-condensing)

up-bullet  Back to Top

 

Key Functions

Firewall Stateful Inspection
7-Tuples
User-based security policies
Zone-based security policies
Domain-based security policies
GeoIP support
Policy changeability due to the interface/line status
User authentication support (Radius, AD, LDAP)
NAT Static, Dynamic NAT
Exclusive NAT
Port Address Translation
Application Application behavior control
Application traffic control
Instant Messenger control
Game, P2P, SNS control
Web Mail, Web Hard control
IPS & AV Signature-based protection
Behavior-based protection
Application, OS vulnerability protection
Flooding protection (TCP, UDP, ICMP)
Anti-Spyware
Anti-Evasion
User-defined signature
PCRE support
Utilizes Internet ratings DB by Korea Communication Standards Commission
URL reputation DB
User defined URL Filtering
File control (TYPE, extension, name, size)
Save detected packet
VPN Gateway to Gateway / Remote Access
IKE Version 1, 2
Transport /Tunnel Mode
Crypto Algorithm  (3DES/AES128/AES192/AES256/SEED/ARIA)
Integrity Algorithm (SHA1/SHA256/SHA384/SHA512)
Multi-tunnel
Bonding Tunnel
NAT Traversal
DPD(Dead Peer Detection)
IKE port change
Gateway to Gateway / Remote Access
IKE Version 1, 2
Network Router, Bridge Mode
802.3ad Link Aggregation
RIP, OSPF, BGP
Multicasting Routing Protocol
Policy based Routing
VoIP (H.323, SIP)
QoS (Guarantee, Restriction, Priorities)
VRRP
DHCP Server
DNS Server
IPv6 IPv6 Routing
IPv6 Firewall
IPv6 IPS
IPv6 Ipsec
IPv6 DHCP Server
6to4 , ISATAP
HA Active-Active / Active-Standby Without L4
Synchronization  (Session , VPN , Configuration, Policy, Profile)
Management Web UI , CLI
Dashboard
Administrator authentication and authority control
SNMP v1/v2/v3, Syslog transmission
Event alarm transmission
Log compression and back-up
Policy Export/Import
Unused policy and object search
Periodic statistics and report
Signature Auto/Manual Update
System configuration/Firmware backup and restoration

up-bullet  Back to Top