Firewall / Network Behavior Management Controller

3005

Firewall Network Behavior Management Controller  This firewall product supports multiple signature databases including antivirus, intrusion prevention, malicious domain identification, application identification, and website classification. It integrates firewall policies, attack protection, DPI deep security, security auditing, bandwidth management, and VPN functions, effectively mitigating network risks and achieving comprehensive protection. Features include a multi-core 64-bit dedicated network processor, 2GB DDRIV high-speed memory, 5 gigabit RJ45 ports, user behavior visualization, traffic flow analysis, control analysis, access analysis, and data leakage analysis, a built-in database of over 10 million website categories and over 6000 application signature databases, configuration of security policies, audit policies, bandwidth policies, and NAT policies, and scalable integrated DPI deep security (intrusion prevention, antivirus, file filtering, remote malicious domain query, and application behavior control). It supports a rich set of policy objects (security zones, addresses, applications, blacklists/whitelists, security profiles, intrusion prevention, audit profiles, etc.) and rich network functions such as static routing, policy routing, intelligent load balancing, and VPN (IPSec/PPTP/L2TP). VPN, DDNS, and other multi-administrator roles for granular permission management. Supports first-packet application identification, improving application identification performance. Internet behavior auditing bandwidth greater than 100M.

The 3005 Firewall Management Controller is a comprehensive network behavior management controller, supporting visualized user behavior analysis. It features multiple feature libraries including antivirus, intrusion prevention, malicious domain identification, application identification, and website classification. It integrates user behavior analysis, firewall policies, attack protection, DPI deep security, security auditing, bandwidth management, and VPN functions, effectively auditing network user behavior, mitigating network risks, achieving comprehensive protection, simplifying operation and maintenance, and ensuring the continuous and stable operation of core enterprise applications and businesses. Suitable for enterprises, government agencies, industrial parks, chain hotels, and other scenarios.

Rich ports, powerful performance. Utilizes a professional multi-core 64-bit network processor and 2GB DDRIV high-speed memory, providing powerful packet processing capabilities.

Provides five gigabit RJ45 ports, ensuring high-speed data forwarding while facilitating system management and maintenance.

Precise control of network-wide behavior safeguards enterprise information security. It features comprehensive user behavior analysis capabilities, including application/application group traffic statistics (traffic destination analysis, access tendency analysis, and risk analysis of data breaches), website access duration, ranking of user blocked actions, ranking of user-sent file sizes, distribution of accessed website types, and user traffic rankings. This comprehensive auditing of user online behavior makes office work more standardized, efficient, and secure.

It possesses a large-scale application identification feature library, enabling one-click management of nearly 6,000 common domestic desktop and mobile internet applications across 36 categories, including video, social networking, shopping, and financial applications; it accurately identifies behaviors of popular applications such as WeChat, Weibo, and QQ, including text communication, voice and video calls, file transfers, and music playback, and provides refined control over these behaviors, selectively blocking or restricting them; it has a built-in database of over a dozen domestic website categories, allowing one-click restriction of employee access to corresponding websites; it supports blocking webpage submissions, restricting employees from logging into various web-based forums, Weibo, email, etc., and filtering email content to effectively prevent the leakage of sensitive corporate data; the application and website databases will be continuously updated and expanded.

First Packet Application Recognition

Supports TP-LINK's unique first packet application recognition feature, identifying applications from the very first packet, enabling application routing and improving application recognition performance.

Comprehensive Security Policies

Adopts the principle of least security, supporting security policies based on security zones, source IP addresses, destination IP addresses, source ports, destination ports, service groups, application groups, user groups, time periods, blacklists and whitelists, websites, internal server certificates, antivirus, URL filtering, file filtering, application behavior control, email content filtering, intrusion prevention, audit configuration files, and more. Users can customize combinations and set access rules for comprehensive control over internal and external network communication security.

Comprehensive Attack Protection

Supports multiple internal/external network attack protection functions, effectively preventing various DoS attacks, scanning attacks, and suspicious packet attacks, such as: TCP Syn Flood, UDP Flood, ICMP Flood, IP scanning, port scanning, WinNuke attacks, fragmented packet attacks, WAN port ping, TCP Scan (Stealth FIN/Xmas/Null), IP spoofing, TearDrop, etc.

Supports ARP protection, such as ARP spoofing and ARP attacks, to avoid service interruptions and frequent network outages.

Supports IP and MAC address binding, allowing simultaneous binding of IP and MAC address information for hosts on both the LAN port (internal network) and WAN port (external network) to prevent ARP spoofing.

Supports MAC address filtering to block unauthorized host access.

Scalable and integrated DPI deep security:

Supports intrusion prevention, providing real-time access to the latest threat information and accurately detecting and defending against attacks targeting vulnerabilities;

Supports antivirus, quickly and accurately detecting and eliminating viruses and other malicious programs in network traffic, protecting against over 6 million viruses and Trojans;

Supports filtering file extension types, easily filtering various small files embedded in web pages to prevent viruses and Trojans from infiltrating enterprise networks and compromising Network Security;

Supports URL filtering and remote malicious domain lookup, effectively blocking phishing websites and intercepting Trojan attacks, hacker intrusions, and online fraud through a combination of local and cloud-based methods;

Supports application identification with accuracy down to the application behavior level. The combination of application identification with intrusion detection, antivirus, URL filtering, and file extension type filtering greatly improves detection performance and accuracy;

Provides a comprehensive and timely security signature database, keeping abreast of the latest developments in the network security field and ensuring timely and accurate updates to the signature database.

Comprehensive Security Audit Strategy

Detailed and Comprehensive Logging: Supports system logs, operation logs, policy hit logs, traffic logs, audit logs, threat logs, content logs, URL logs, and email filtering logs, recording detailed information such as firewall-related traffic and operation history to help administrators understand network status and quickly locate network problems;

Graphical Traffic Statistics: Enables traffic statistics across three dimensions: interface, IP, and security policy, presenting security policy traffic data in real-time graphical form for easy overview; traffic analysis reports can be output in PDF format to help administrators analyze historical traffic distribution;

Internet Behavior Auditing: Supports HTTP behavior auditing, FTP behavior auditing, email auditing, and IM auditing. Audit logs provide insights into employee internet behavior during work hours, including web browsing and app usage, making inappropriate internet activity traceable;

TP-LINK Security Audit System: Can be used in conjunction with the TP-LINK Security Audit System for long-term, high-capacity log storage while outputting more detailed analytical reports.

Simplified Operation and Maintenance, Secure Management

A fully Chinese web interface with detailed and clear configuration guidance;

A graphical interface display, providing real-time monitoring of key resources such as CPU utilization, clear and intuitive;

Supports local/remote management, facilitating chain operations and remote assistance;

Supports password authentication/identity recognition, ensuring authorization security;

Supports multiple administrator roles for granular permission management;

Supports hard drive management and license management, with feature database upgrades;

Supports primary/standby failover and online testing, ensuring high-reliability device operation;

Provides a separate console management port for command-line management.

Flexible Bandwidth Management Policies

Offers flexible bandwidth management policies, controlling the bandwidth used by each IP in the network to ensure a good network experience for critical services and users. Management methods include: bidirectional bandwidth control, connection limit, and connection monitoring.

Rich Routing Features

Supports static routing, policy routing, intelligent load balancing, VPN (IPSec/PPTP/L2TP VPN), dynamic DNS (PeanutShell, Comai, 3322), and other functions.

Supports Multiple Deployment Modes

Layer 3 Router Gateway Mode: As a Layer 3 router gateway, it replaces the original router in the network. Data communication between the internal and external networks is handled by the firewall through NAT translation. In this mode, the firewall's data packet processing mechanism is more sophisticated, resulting in stronger network security protection capabilities.

Layer 2 Transparent Bridge Mode: Supports configuring some or all interfaces as bridges. These interfaces operate in a Layer 2 network. As long as data passes through the bridge interface, the network is protected by the firewall. In this mode, firewall deployment does not require changes to the original topology, making it more convenient and faster.

Router + Bridge Mode: In actual network deployment, some firewall interfaces can be configured as bridge interfaces, and others as routing interfaces, flexibly combining the two methods to achieve more economical and efficient network protection.

Hardware Specifications

Ports

5 x 10/100/1000M RJ45 ports

1 x Management port

1 x USB port

1 x Console port

1 x Micro SD card slot

Processor

Multi-core 64-bit ARM network processor

Memory

DDRIV 2GB

Storage

128MB NAND + 8GB eMMC

Indicator Lights

Ports: Link/Act, Speed, USB, Micro SD

Device: PWR, SYS

Dimensions

250(w) x 158(D) x 44(H) mm

Input Power

100～240V AC, 50/60Hz

Cooling Method

Natural cooling

Operating Environment

Operating Temperature: 0℃～40℃, Operating Humidity: 10%～90%RH (non-condensing)

Storage Temperature: -40℃～70℃, Storage Humidity: 5%～90%RH (non-condensing)

Software Functions

User Behavior Statistics Application Traffic Analysis

User Traffic Ranking

Website Visit Duration Ranking

Website Type Distribution

User Management Analysis

Outbound File Auditing

Latest Internet Behavior

Policy Configuration

Security Policies, Audit Policies

Detection Policies (Encrypted Traffic Detection)

Bandwidth Policies (Bandwidth Control, Connection Limitation, Connection Monitoring)

NAT Policies (NAPT, One-to-One NAT, Virtual Server, NAT-DMZ, UPnP)

ALG Policies (FTP ALG, H.323 ALG, PPTP ALG, SIP ALG)

Policy Objects

Security Zones, Addresses, Users, Services, Websites, Applications, Blacklists/Whitelists, Intrusion Prevention

Security Profiles (URL Filtering, File Filtering, Application Behavior Control, Email Content Filtering, Antivirus)

Audit Profiles (HTTP Behavior Auditing, FTP Behavior Auditing, Email Auditing, IM Auditing)

Attack Protection

Supports ARP protection, such as ARP spoofing and ARP attacks

Supports protection against various common attacks, such as DDoS attacks, network scanning, and suspicious packet attacks

Supports MAC address filtering to block unauthorized host access

Integrated DPI Deep Security Supports intrusion prevention

Supports antivirus

Supports remote malicious domain query

Supports application behavior recognition

Supports filtering of file extension types

Network Functions

Static routing, policy routing

Intelligent load balancing

VPN (IPSec/PPTP/L2TP VPN)

Dynamic DNS (Peanut Shell, Comai, 3322)

System Management

Supports Chinese web management, remote management

Supports multiple management roles

Supports configuration backup and import

Supports system software upgrades

Supports various logs, reports, diagnostic center, and panel status

Supports CLI management, license management, and hard drive management

Supports signature database upgrades

Performance Parameters

Maximum concurrent connections

150,000

New connection rate (cps)

13,086

Network layer throughput (1518/512/64 bytes, UDP)

2/2/1.6 Gbps

Application layer throughput (Mbps)

900

Application identification throughput (Mbps)

250

IPS throughput (Mbps)

200

Total threat throughput (application identification + IPS + AV + malicious domain) (Mbps) 130 Parameter Description

The relevant parameters were obtained from testing under a 128KB HTTP load capacity.

License Authorization (TL-FW-LIS-ALL, All-in-One)

IPS Library

1500+

AV Library

3 million

Malicious Domain Library

10000+

Application Library

6400+ Applications

Website Library

1 million Websites

Parameter Description

Specifically enhanced feature libraries require separate license purchase.

License Authorization (Separate Authorization)

TL-FW-LIS-IPS

2800+

TL-FW-LIS-AV

3 million

TL-FW-LIS-URL

Malicious: 10,000+ Cloud Search

TL-LIS-APP

6400+

TL-LIS-URL

10 million

Parameter Description

Only one type of license will be effective between separate and all-in-one authorizations. Please consult with pre-sales or after-sales service before purchasing.