H3C Technologies H3C VMSG VFW1000 User Manual

2

Item Description

Firewall

By default, no communication between devices in different security zones is
available.
Preventing attacks of Land, Smurf, Fraggle, Ping of Death, Tear Drop, IP spoofing,

IP fragmentation packets, ARP spoofing, abnormal flags of TCP, oversized ICMP
packers, address scanning, port scanning, SYN flood, UDP flood, and ICMP flood
Basic and advanced ACLs
Interface-based ACLs
Time-based ACLs
Dynamic packet filtering
ASPF application layer packet filtering
Static and dynamic blacklists
MAC address and IP address binding
MAC-address-based ACLs
Connection limit

NAT

Many-to-one NAT
Many-to-many NAT
One-to-one NAT
NAT for both source address and destination address
External hosts access to internal servers
Mapping an internal address to a public interface address
DNS mapping
Effective period for NAT
NAT ALG for DNS, FTP, TFTP, PPTP, H.323, SIP, RSH, ILS, MSN, and NBT

VPN

L2TP VPN

LNS connection initiation based on VPN complete usernames and domains
Address assignment for VPN users
LCP re-negotiation and CHAP re-authentication

IPSec/IKE

AH and ESP
Manual SA and IKE-negotiated SA
ESP support for DES, 3DES, and AES encryption algorithms.
MD5 and SHA-1 authentication algorithms
IKE main mode and aggressive mode
NAT traversal
Dead Peer Detection (DPD)

GRE VPN

N/A

Networking

LAN

Layer 3 Ethernet interfaces and subinterfaces
ARP
VLAN terminating

Data link

PPPoE client