Based on advanced OAA open application architecture of New H3C, secpath firewall can flexibly expand the hardware business modules such as virus prevention, network traffic monitoring and SSL VPN to realize the comprehensive security of 2-7 layers.

It can defend against DoS / DDoS attacks (such as CC, SYN Flood, DNS query flood, SYN Flood, UDP flood, etc.), ARP spoofing attacks, illegal TCP message flag attacks, large ICMP message attacks, address scanning attacks, port scanning attacks and other malicious attacks, and supports blacklist, MAC binding and other functions.

It provides various log functions, traffic statistics and analysis functions, various event monitoring and statistics functions, and email alarm functions.

It can effectively identify various P2P applications in the network, and take flow limiting control measures for these applications to effectively protect the network bandwidth; support mail filtering, provide SMTP mail address, title, attachment and content filtering; support web filtering, provide HTTP URL and content filtering.

Integrate various mature VPN access technologies such as IPSec, L2TP, GRE and SSL to ensure the safe and convenient access of mobile users, partners and branches.

It supports basic, extended and interface based state detection packet filtering technology; supports H3C specific ASPF application layer message filtering protocol, supports maintenance and monitoring of each connection state information and dynamic filtering of data packets, and supports state monitoring of application layer protocol.