SecPath F5080 High-Performance Next-Generation Firewall
The SecPath F5080 is a robust, enterprise-grade next-generation firewall (NGFW) engineered to deliver advanced network protection, high throughput, and intelligent traffic management for large-scale businesses and data centers. Designed for demanding environments, the F5080 integrates firewall, intrusion prevention, VPN, and application control into a single powerful platform.
With its high-speed multi-core processing architecture and optimized security algorithms, the SecPath F5080 ensures real-time threat detection and comprehensive defense against sophisticated cyber threats, including malware, ransomware, and DDoS attacks. Its modular design supports flexible interface expansion, enabling seamless scalability as your network grows.
- H3C SecPath F5080 Firewall Appliance
- Ports: 4xGE combo, 8xGE copper, 8xGE fiber, 8x10GE
- Expansion slots: 5
- Storage media: 2x480G SSD drives (optional)
- Operation modes: Route, transparent, and hybrid
- L4 FW throughput: 80Gbps
- Concurrent sessions: 80M
- New sessions per second: 600k
- SSL VPN concurrent users: 30k/20k
- SSL VPN throughput: 4.6Gbps
- IPSec VPN tunnels: 50k/25k
- IPSec throughput: 17Gbps
- Security policy: 50k
Key features
-
Superior Firewall Performance: High throughput for firewall, VPN, and IPS services without compromise.
-
Advanced Threat Protection: Integrated IPS, anti-virus, URL filtering, and application visibility.
-
Flexible Connectivity: Supports multiple 10GE/GE ports with modular expansion options.
-
Secure VPN Capabilities: High-performance IPSec and SSL VPN for secure site-to-site and remote connections.
-
Centralized Management: Streamlined configuration and monitoring through an intuitive management console.
-
High Availability: Redundancy features like hot standby (HA) to ensure maximum uptime and business continuity.
-
Energy-Efficient Operation: Designed for reduced power consumption and operational costs.
Tech Specifications: SecPath F5080
| Specifications | ||
| Ports | 4 × Gigabit combo interfaces | |
| 8 × Gigabit Ethernet copper ports | ||
| 8 × Gigabit Ethernet fiber ports | ||
| 8 × 10-Gigabit Ethernet ports | ||
| Expansion slots | 5 | |
| Storage media | 2 × 480G SSD drives (optional) | |
| AAA | Portal authentication. | |
| RADIUS authentication. | ||
| HWTACACS authentication. | ||
| PKI/CA (X.509 format) authentication. | ||
| Domain authentication. | ||
| CHAP authentication. | ||
| PAP authentication. | ||
| Firewall | Virtual firewall. | |
| Security zone. | ||
| Attack protection against malicious attacks, such as land, smurf, fraggle, ping of death, teardrop, IP spoofing, IP fragmentation, ARP spoofing, reverse ARP lookup, invalid TCP flag, large ICMP packet, address/port scanning, SYN flood, ICMP flood, UDP flood, and DNS query flood. | ||
| Basic and advanced ACLs. | ||
| Time range-based ACL. | ||
| User-based and application-based access control. | ||
| Dynamic packet filtering. | ||
| ASPF application layer packet filtering. | ||
| Static and dynamic blacklist function. | ||
| MAC-IP binding. | ||
| MAC-based ACL. | ||
| 802.1Q VLAN transparent transmission. | ||
| Load balancing | Link and server load balancing. | |
| Application- and ISP-based Intelligent route selection. | ||
| Health monitoring through ICMP, UDP, and TCP. | ||
| Port-, HTTP-, and SSL-based sticky methods to implement busy bandwidth and fault protection. | ||
| Antivirus | Signature-based virus detection. | |
| Manual and automatic upgrade for the signature database. | ||
| Stream-based processing | ||
| Virus detection based on HTTP, FTP, SMTP, and POP3 | ||
| Virus types include Backdoor, Email-Worm, IM-Worm, P2P-Worm, Trojan, AdWare, and Virus. | ||
| Virus logs and reports. | ||
| Deep intrusion prevention | Prevention against attacks such as hacker, worm/virus, Trojan, malicious code, spyware/adware, DoS/DDoS, buffer overflow, SQL injection, and IDS/IPS bypass. | |
| Attack signature categories (based on attack types and target systems) and severity levels (including high, medium, low, and notification) | ||
| Manual and automatic upgrade for the attack signature database (TFTP and HTTP). | ||
| P2P/IM traffic identification and control. | ||
| Email/webpage/application layer filtering | Email filtering | |
| SMTP email address filtering | ||
| Email subject/content/attachment filtering | ||
| Webpage filtering | ||
| HTTP URL/content filtering | ||
| Java blocking | ||
| ActiveX blocking | ||
| SQL injection attack prevention | ||
| Behavior and content audit | User-based content audit and tracking. | |
| File filtering | Identification of file types such as Word, Excel, PPT, PDF, ZIP, RAR, EXE, DLL, AVI, and MP4, and filtering of sensitive information in the files. | |
| URL filtering | Over 50 types of signature-based URL filtering rules, and discarding, reset, redirection, logging, and blacklisting of packets matching the rules. | |
| Application identification and control | Identification of various types of applications, and access control based on specific functions of an application. | |
| Combination of application identification and intrusion prevention, antivirus, and content filtering, improving detection performance and accuracy. | ||
| NAT | Many-to-one NAT, which maps multiple internal addresses to one public address. | |
| Many-to-many NAT, which maps multiple internal addresses to multiple public addresses. | ||
| One-to-one NAT, which maps one internal address to one public address. | ||
| NAT of both source address and destination address. | ||
| External hosts access to internal servers. | ||
| Internal address to public interface address mapping. | ||
| NAT support for DNS. | ||
| Setting effective period for NAT. | ||
| NAT ALGs for NAT ALG, including DNS, FTP, H.323, ILS, MSN, NBT, PPTP, and SIP. | ||
| VPN | L2TP VPN. | |
| IPsec VPN. | ||
| GRE VPN. | ||
| SSL VPN. | ||
| SM1 hardware encryption algorithm, SM2, SM3, and SM4 encryption algorithms. | ||
| Routing | Routing protocols such as RIP, OSPF, BGP, and IS-IS. | |
| VXLAN | VXLAN service chain. | |
| IPv6 | IPv6 status firewall. | |
| IPv6 attack protection. | ||
| IPv6 forwarding. | ||
| IPv6 protocols such as ICMPv6, PMTU, Ping6, DNS6, TraceRT6, Telnet6, DHCPv6 Client, and DHCPv6 Relay. | ||
| IPv6 routing: RIPng, OSPFv3, BGP4+, static routing, policy-based routing | ||
| IPv6 multicast: PIM-SM, and PIM-DM. | ||
| IPv6 transition techniques: NAT-PT, IPv6 tunneling, NAT64 (DNS64), and DS-LITE. | ||
| IPv6 security: NAT-PT, IPv6 tunnel, IPv6 packet filter, RADIUS, IPv6 zone pair policies, IPv6 connection limit. | ||
| High availability | SCF 2:1 virtualization | |
| Active/active and active/standby stateful failover. | ||
| Configuration synchronization of two firewalls | ||
| IKE state synchronization in IPsec VPN. | ||
| VRRP. | ||
| Built-in bypass module. | ||
| External bypass host. | ||
| Configuration management | Configuration management at the CLI. | |
| Remote management through Web. | ||
| Device management through H3C SSM. | ||
| SNMPv3, compatible with SNMPv2 and SNMPv1. | ||
| Intelligent security policy | ||
| Physical specifications | ||
| Operation modes | Route, transparent, and hybrid | |
| Ambient temperature | Operating: 0°C to 45°C (32°F to 113°F) | |
| Non operating: –40°C to +70°C (–40°F to +158°F) | ||
Application Scenarios
-
Enterprise Campus Network Aggregation/Core
-
Acts as a high-speed aggregation or core switch for medium to large enterprises.
-
Supports seamless connection between access and core layers.
-
-
Data Center Top-of-Rack (ToR) Switch
-
Serves as a high-density ToR switch with advanced virtualization and cloud integration capabilities.
-
Supports VXLAN to meet modern data center deployment needs.
-
-
High-Density 10GE Access Scenarios
-
Provides high-bandwidth access for departments with demanding workloads such as video conferencing, cloud services, and large file transfers.
-
-
Intelligent Service Awareness and Automation
-
Enables AI-based operations and telemetry for automatic fault identification and network performance optimization.
-
| View catalog” |
