ZXSG SVFW-Z | Security Introduction

ZXSG SVFW-Z Introduction

Rapid development of cloud computing and virtualization technologies tremendously change both data centers and networks. So besides old safety threats, customers today have to face lots of new security issues and challenges.

Traditional security devices incapable of performing automatic deployment and dynamic scale-in/out required by virtualization can hardly comply with massive requirements generated by new services, for instance, dynamic user creation, on-demand distribution, new identification methods for new services and new protection ways. Therefore, to process safe cloud computing and build reliable virtual networks, virtual firewalls (vFW) deployed on a cloud computing/virtual network for safe network communications now becomes a crucial security measure making the network and all sorts of resources safe and reliable.

Based on traditional security architecture, ZXSG SVFW-Z enables firewall abstraction and the pooling technology. Featuring elastic expanding and automatic on-demand deployment, ZXSG SVFW-Z can be extensively used to protect public cloud, enterprise networks(CPE), and small private cloud networks.

Products Advantages

High performance/Low latency

DPDK, SR-IOV and 40GE NIC
Latency of transferring < 100us
Latency for HA switchover <2s

Rich security services

Multiple sorts of protocol messages
Provide rich precaution services
Carrier-grade NAT

Easy operation and maintenance

Automatic Deployment
Elastic Scale-In/Out
Easy to Integrate

Major Function

High Performance/Low Latency
- Employs many technologies including SR-IOV, DPDK and separated control and forwarding to improve performance and reduce latency.
- By using the SR-IOV technology to share one PCI device with multiple VMs, the vFW enhances the utilization rate of I/O devices and shortens the network latency. The SR-IOV can work on GE/10GE/40GE interfaces.
- Employs the DPDK technology to enable more powerful system processing.
- Using different paths to separate control plane services (for example, protocol processing and dynamic generation of policy information) and user plane services (for instance data packet filtering, forwarding and processing), making data forwarding more efficient.
High Reliability
- Employs the enhanced VRRP protocol running on the HA path between the active and standby OMPs to ensure the firewall capable of working in the hot redundant mode.
- To keep the system reliable and away from data blocking, the vFW implements data synchronization and backup via multiple HA paths.
Easy operation and maintenance
- Automatic Deployment: The vFW can be deployed on a universal server automatically. When maintenance engineers finish making the vFW deployment blueprint, the entire deployment can be done rapidly, flexibly and automatically, which obviously makes the O&M much easier.
- Elastic Scale-In/Out: To enable simplified deployment and management, as well as more efficient resource utilization, the vFW enables user-defined Scale-In/Out policies.
- Easy to Integrate: The vFW can be easily integrated to different security protection scenarios. Related cloud management centers are responsible for the orchestration and management.
Rich Security Services
- In addition to detect and control multiple sorts of protocol messages, the vFW can also provide rich precaution services, for instance, the ACL-based packet filtering, status inspection, carrier-grade NAT, ASPF, inter-zone policies, DDoS, DPI, etc.

Simplified Network

Building efficient, intelligent, and open 5G Cloud & Network

ZXSG SVFW-Z Introduction

ZXSG SVFW-S

ZXUS vSeGW 9000

ZXUS vSTG 9000

ZXUS vCube 9000

VNF

Cloud Infrastructure

MANO

ICT Hardware

Integration

VNF

Cloud Infrastructure

MANO

MEC

Integration