Firewall / Network Behavior Management Controller

7005

Firewall Network Behavior Management Controller 7005 Multi-core 64-bit network-dedicated processor, 2.2GHz clock speed, 4GB DDR4 high-speed memory

Firewall Management Controller 7005 4 x 2.5G RJ45 ports, 8 x Gigabit RJ45 ports, 2 x 10G SFP+ ports, 1 hard drive interface (HDD/SSD)

User behavior visualization, traffic destination analysis, control analysis, access analysis, data leakage analysis, etc.

Supports configuration of security policies, audit policies, bandwidth policies, NAT policies, etc.

Supports scalable integrated DPI deep security (intrusion prevention, antivirus, file filtering, remote malicious domain query, application behavior control)

Supports rich policy objects (security zones, addresses, applications, blacklists/whitelists, security profiles, intrusion prevention, audit profiles, etc.)

Supports rich network functions, static routing, policy routing, intelligent load balancing, VPN (IPSec/PPTP/L2TP VPN), DDNS, etc.

Multiple administrator roles for fine-grained permission management

Supports first-packet application identification to improve application identification performance

Internet behavior audit bandwidth greater than 1000M

With redundant power supply (1+1 Redundancy)

Note: Antivirus (AV), Intrusion Prevention System (IPS), Malicious Domain Identification, Application Identification (APP), and Website Identification (URL) require a license purchase.

This Enhanced Firewall product supports multiple signature databases including antivirus, intrusion prevention, malicious domain identification, application identification, and website classification. It integrates firewall policies, attack protection, DPI deep security, security auditing, bandwidth management, and VPN functions, effectively mitigating network risks and providing comprehensive protection while simplifying operation and maintenance. It ensures the continuous and stable operation of core enterprise applications and businesses, suitable for enterprises, government agencies, industrial parks, chain hotels, and other scenarios.

Abundant Ports, Powerful Performance

Utilizing a professional multi-core 64-bit network processor with a 2.2GHz clock speed and 4GB DDR4 high-speed memory, it provides powerful packet processing capabilities.

It offers four 2.5G RJ45 ports, eight Gigabit RJ45 ports, two 10 Gigabit SFP+ ports, and one hard drive interface (HDD/SSD), satisfying high-speed data forwarding while facilitating system management and maintenance.

Precise control over network behavior ensures enterprise information security. It boasts rich user behavior analysis capabilities, including application/application group traffic statistics (traffic destination analysis, access tendency analysis, and risk analysis of data breaches), website access duration, ranking of user blocked actions, ranking of user-sent file sizes, distribution of accessed website types, and user traffic ranking, providing comprehensive auditing of user online behavior for more standardized, efficient, and secure office operations.

It possesses a large-scale application identification feature library, enabling one-click management of nearly 6,000 common domestic desktop and mobile internet applications across 36 categories, including video, social networking, shopping, and financial applications; it accurately identifies behaviors of popular applications such as WeChat, Weibo, and QQ, including text communication, voice and video calls, file transfers, and music playback, and provides refined control over these behaviors, selectively blocking or restricting them; it has a built-in database of over a dozen domestic website categories, allowing one-click restriction of employee access to corresponding websites; it supports blocking webpage submissions, restricting employees from logging into various web-based forums, Weibo, email, etc., and filtering email content to effectively prevent the leakage of sensitive corporate data; the application and website databases will be continuously updated and expanded.

First Packet Application Identification: Supports unique first packet application identification, recognizing applications from the very first packet to enable application routing and improve application identification performance.

Comprehensive Security Policies: Adopts the principle of least security, supporting security policies based on security zones, source IP addresses, destination IP addresses, source ports, destination ports, service groups, application groups, user groups, time periods, blacklists/whitelists, websites, internal server certificates, antivirus, URL filtering, file filtering, application behavior control, email content filtering, intrusion prevention, audit configuration files, and more. Users can customize combinations and set access rules for comprehensive control over internal and external network communication security. Comprehensive Attack Protection

Supports multiple internal/external network attack protection functions, effectively preventing various DoS attacks, scanning attacks, and suspicious packet attacks, such as: TCP Syn Flood, UDP Flood, ICMP Flood, IP scanning, port scanning, WinNuke attacks, fragmented packet attacks, WAN port ping, TCP Scan (Stealth FIN/Xmas/Null), IP spoofing, TearDrop, etc.

Supports ARP protection, such as ARP spoofing and ARP attacks, to avoid service interruptions and frequent network outages.

Supports IP and MAC address binding, allowing simultaneous binding of IP and MAC address information for hosts on both the LAN port (internal network) and WAN port (external network) to prevent ARP spoofing.

Supports MAC address filtering to block unauthorized host access.

Scalable and integrated DPI deep security:

Supports intrusion prevention, providing real-time access to the latest threat information and accurately detecting and defending against attacks targeting vulnerabilities;

Supports antivirus, quickly and accurately detecting and eliminating viruses and other malicious programs in network traffic, protecting against over 6 million viruses and Trojans;

Supports filtering file extension types, easily filtering various small files embedded in web pages to prevent viruses and Trojans from infiltrating enterprise networks and compromising Network Security;

Supports URL filtering and remote malicious domain lookup, effectively blocking phishing websites and intercepting Trojan attacks, hacker intrusions, and online fraud through a combination of local and cloud-based methods;

Supports application identification with accuracy down to the application behavior level. The combination of application identification with intrusion detection, antivirus, URL filtering, and file extension type filtering greatly improves detection performance and accuracy;

Provides a comprehensive and timely security signature database, keeping abreast of the latest developments in the network security field and ensuring timely and accurate updates to the signature database.

Comprehensive Security Audit Strategy

Detailed and Comprehensive Logging: Supports system logs, operation logs, policy hit logs, traffic logs, audit logs, threat logs, content logs, URL logs, and email filtering logs, recording detailed information related to firewall traffic and operation history to help administrators understand network status and quickly locate network problems;

Graphical Traffic Statistics: Enables traffic statistics across three dimensions: interface, IP, and security policy, presenting security policy traffic data in real-time graphical form for easy overview; traffic analysis reports can be output in PDF format to help administrators analyze historical traffic distribution;

Internet Behavior Auditing: Supports HTTP behavior auditing, FTP behavior auditing, email auditing, and IM auditing. Audit logs provide insights into employee internet behavior during work hours, including web browsing and app usage, making inappropriate internet activity traceable;

Security Audit System: Can be integrated with a security audit system for long-term, high-capacity log storage while outputting more detailed analytical reports.

Simplified Operation and Maintenance, Secure Management

A fully Chinese web interface with detailed and clear configuration guidance;

A graphical interface display, providing real-time monitoring of key resources such as CPU utilization, clear and intuitive;

Supports local/remote management, facilitating chain operations and remote assistance;

Supports password authentication/identity recognition, ensuring authorization security;

Supports multiple administrator roles for granular permission management;

Supports hard drive management and license management, with feature database upgrades;

Supports primary/standby failover and online testing, ensuring high-reliability device operation;

Provides a separate console management port for command-line management.

Flexible Bandwidth Management Policies

Offers flexible bandwidth management policies, controlling the bandwidth used by each IP in the network to ensure a good network experience for critical services and users. Management methods include: bidirectional bandwidth control, connection limit, and connection monitoring.

Rich Routing Features

Supports static routing, policy routing, intelligent load balancing, VPN (IPSec/PPTP/L2TP VPN), dynamic DNS (PeanutShell, Comai, 3322), and other functions.

Supports Multiple Deployment Modes

Layer 3 Router Gateway Mode: As a Layer 3 router gateway, the TL-NASG5007 replaces the original router in the network. Data communication between the internal and external networks is handled through NAT translation by the firewall. In this mode, the firewall's data packet processing mechanism is more sophisticated, resulting in stronger network security protection capabilities.

Layer 2 Transparent Bridge Mode: The TL-NASG5007 supports configuring some or all interfaces as bridges. These interfaces operate in a Layer 2 network; as long as data passes through the bridge interface, the network is protected by the firewall. In this mode, firewall deployment does not require changes to the original topology, making it more convenient and faster.

Router + Bridge Mode: In actual network deployment, some firewall interfaces can be configured as bridge interfaces, and others as routing interfaces, allowing for flexible combination of the two methods to achieve more economical and efficient network protection.

Hardware Specifications

Ports: 4 x 2.5G RJ45 ports

8 x Gigabit RJ45 ports

2 x 10 Gigabit SFP+ ports

1 x USB port

1 x Console port (Type-C)

1 x Hard Drive Interface (HDD/SSD)

Indicator Lights: Ports: Link/Act, Speed, OFL, USB

Device: PWR, SYS, CLOUD, HA

Dimensions: 440×420×44(mm)

Input Power: 100-240V~50/60Hz 2.5A

Cooling Method: Natural cooling

Operating Environment: Operating Temperature: 0℃～40℃, Operating Humidity: 10%～90%RH (Non-condensing)

Storage Temperature: -40℃～70℃, Storage Humidity: 5%～90%RH (Non-condensing)

Processor: Multi-core 64-bit network processor, 2.2GHz

Memory: 4GB DDR4

Storage: 32MB NOR + 8GB eMMC

Hard Drive Interface 1 x 2.5-inch HDD/SSD hard drive interface

FLASH 32MB NOR

Software Functions

User Behavior Statistics

Application Traffic Analysis

User Traffic Ranking

Website Visit Duration Ranking

Website Type Distribution

User Management Analysis

Outbound File Auditing

Latest Internet Behavior

Policy Configuration

Security Policies, Audit Policies

Detection Policies (Encrypted Traffic Detection)

Bandwidth Policies (Bandwidth Control, Connection Limitation, Connection Monitoring)

NAT Policies (NAPT, One-to-One NAT, Virtual Server, NAT-DMZ, UPnP)

ALG Policies (FTP ALG, H.323 ALG, PPTP ALG, SIP ALG)

Policy Objects

Security Zones, Addresses, Users, Services, Websites, Applications, Blacklists/Whitelists, Intrusion Prevention

Security Profiles (URL Filtering, File Filtering, Application Behavior Control, Email Content Filtering, Antivirus)

Audit Profiles (HTTP Behavior Auditing, FTP Behavior Auditing, Email Auditing, IM Auditing)

Attack Protection Supports ARP protection, such as ARP spoofing and ARP attacks.

Supports protection against various common attacks, such as DDoS attacks, network scanning, and suspicious packet attacks.

Supports MAC address filtering to block unauthorized host access. Integrated DPI deep security. Supports intrusion prevention. Supports antivirus. Supports remote querying of malicious domain names. Supports application behavior recognition. Supports filtering of file extension types. Network Functions: Static routing, policy routing. Intelligent load balancing. VPN (IPSec/PPTP/L2TP VPN). Dynamic DNS (Peanut Shell, Comai, 3322). System Management: Supports Chinese web management and remote management. Supports multiple management roles. Supports configuration backup and import. Supports system software upgrades. Supports various logs, reports, diagnostic center, and panel status. Supports CLI management, license management, and hard drive management. Supports signature database upgrades. Performance Parameters: Maximum concurrent connections: 600,000. New connection rate (CPS): 41406. Network layer throughput (1518/512/64 bytes, UDP): 19/12.1/1.9 Gbps. Application layer throughput (Mbps). 4250

Application Identification Throughput (Mbps) 1150

IPS Throughput (Mbps) 930

All Threat Throughput (Mbps) 550

IPSec Throughput (Mbps) 400

Parameter Description: These parameters were obtained from testing with a 128KB HTTP load capacity.

Compatible Hard Drives:

Western Digital WD5000LPCX

WD10SPZX

WD20SPZX

Seagate ST500LM030

ST1000LM048

ST2000LM015

Toshiba MQ01ABF050

MQ04ABF100

MQ04ABD200

License (TL-FW-LIS-ALL-E, all-in-one)

IPS Database: 1500+

AV Database: 3 million

Malicious Domain Database: 10000+

Applications: 6400+

Websites: 3 million

Parameter Description Targeted enhancements to certain feature libraries require separate license purchases.

License Authorization (Separate Authorization)

TL-FW-LIS-IPS 2800+

TL-FW-LIS-AV 7 million

TL-FW-LIS-URL Malicious: 10,000+ Cloud Search

TL-LIS-APP 6400+

TL-LIS-URL 10 million

Parameter Notes: Only one type of license will be effective with separate or multi-category authorizations. Please consult with pre-sales or after-sales service before purchasing.