Hillstone Networks’ X7180 data center firewall offers outstanding performance, reliability, and scalability, for high-speed service providers, large enterprises and carrier networks. It provides flexible firewall security for multi-tenant cloud-based security-as-a-service environments. The X7180 platform is based on Hillstone’s Elastic Security Architecture (ESA), which offers highly scalable virtual firewalls, exceptional firewall throughput, massive concurrent sessions and very high new sessions per second. The X7180 also supports Deep Packet Inspection (DPI), next generation application control and Quality of Service (QoS). The system delivers exceptional performance in a small form factor with low power requirements
Hillstone’s Elastic Security Architecture: A breakthrough technology for data centers
Streaming media, web-based applications, VoIP, peer-to-peer file sharing, mobile devices, cloud computing, and international presence are all contributing to accelerating data center traffic. As core network traffic increases, the need for high-speed network interfaces and high port densities becomes critical. Mobile device traffic also requires more emphasis since network security solutions can degrade significantly when the traffic shifts toward a large number of users and smaller packet size. As a result, datacenter firewalls must provide high throughput, large numbers of concurrent sessions and high numbers of new sessions per second. More importantly, they must respond to the usage patterns of its customers, which are often highly unpredictable. Consequently, data center firewalls must also provide rapid elasticity and on-demand security.
The X7180 data center firewall is built on Hillstone’s Elastic Security Architecture. It can support up to 1000 virtual firewalls and it can be provisioned as an on-demand service option complete with service level agreements (SLAs). Service providers can dynamically adjust resource allocation (CPU, sessions, policies and ports) for each virtual firewall in response to SLAs. Hillstone’s X7180 hardware is composed of multiple security and networking blades that provide scalability for future growth. It leverages a distributed multi-core architecture enabling wire-speed performance up to 680 Gbps throughput, 240 million concurrent sessions and 4.8 million new sessions per second. The chassis supports up to 68×10-GbE ports or 144x1GbE ports.
The X7180 provides carrier-grade reliability. It supports High Availability (HA) in both active/passive and active/active modes, ensuring 24×7 operation. It also has redundant and hot swappable power supplies, fans, System Control Modules (SCM), Security Service Modules (SSM) and I/O Modules (IOM). The X7180 also has a multi-mode and single-mode fiber bypass module, to ensure business continuity during power outages.
NAT and IPv6
The inevitable march to IPv6 is underway but service providers still need to deploy Carrier Grade NAT (CGN) and Large Scale NAT (LSN) to manage the IPv4 address shortage while the transition is underway. Hillstone’s X7180 supports a variety of transition technologies including Dual Stack, IPv6/IPv4 tunnels, DNS64/NAT64, NAT 444, full cone NAT, NAPT, etc. Session logging and address translation enable audit trails for record keeping and forensics.
The X7180 has slots front and rear, which saves rack space and facilitates cooling. It has a 5U form factor and a maximum power consumption of 1300W, which is 50–67% less power than other data center firewalls.
The X7180 provides visibility and control of over 3,000 web applications including 600 mobile applications and encrypted P2P applications. It allows fine grain control of applications, bandwidth, users, and user/groups. The X7180 prevents users from accessing malicious or inappropriate applications and the embedded Intrusion Prevention System (IPS) protects the network from malicious activity. The X7180 supports deep packet inspection and standard-based IPsec VPN, which uses hardware based crypto acceleration to provide third-generation SSL VPN. Hillstone also offers a unique Plug-and-Play VPN solution that makes branch office VPN deployment a simple task.
The X7180 platform can manage bandwidth based on applications, users, and time of day. The system provides fine-grained policy control including guaranteed bandwidth, bandwidth limit, traffic priority, and FlexQoS, which can dynamically adjust bandwidth based on utilization. These features, along with session limit, policy routing and link load balancing enable flexible bandwidth management.