H3C Technologies H3C VMSG VFW1000 User Manual
Page 7

2
Item Description
Firewall
By default, no communication between devices in different security zones is
available.
Preventing attacks of Land, Smurf, Fraggle, Ping of Death, Tear Drop, IP spoofing,
IP fragmentation packets, ARP spoofing, abnormal flags of TCP, oversized ICMP
packers, address scanning, port scanning, SYN flood, UDP flood, and ICMP flood
Basic and advanced ACLs
Interface-based ACLs
Time-based ACLs
Dynamic packet filtering
ASPF application layer packet filtering
Static and dynamic blacklists
MAC address and IP address binding
MAC-address-based ACLs
Connection limit
NAT
Many-to-one NAT
Many-to-many NAT
One-to-one NAT
NAT for both source address and destination address
External hosts access to internal servers
Mapping an internal address to a public interface address
DNS mapping
Effective period for NAT
NAT ALG for DNS, FTP, TFTP, PPTP, H.323, SIP, RSH, ILS, MSN, and NBT
VPN
L2TP VPN
LNS connection initiation based on VPN complete usernames and domains
Address assignment for VPN users
LCP re-negotiation and CHAP re-authentication
IPSec/IKE
AH and ESP
Manual SA and IKE-negotiated SA
ESP support for DES, 3DES, and AES encryption algorithms.
MD5 and SHA-1 authentication algorithms
IKE main mode and aggressive mode
NAT traversal
Dead Peer Detection (DPD)
GRE VPN
N/A
Networking
LAN
Layer 3 Ethernet interfaces and subinterfaces
ARP
VLAN terminating
Data link
PPPoE client