ISCW10S06L01(IOS防火墙)

梭子鱼防火墙梭子鱼防火墙是一种网络安全设备，用于保护网络免受未经授权的访问、数据泄漏和恶意攻击。

它提供了一系列的安全功能，包括入侵检测系统（IDS）、入侵防御系统（IPS）、VPN（Virtual Private Network）以及各种安全策略和过滤规则。

本文将介绍梭子鱼防火墙的特点、工作原理以及在网络安全中的应用。

特点多层安全防护梭子鱼防火墙采用多层安全防护策略，包括网络层、传输层和应用层的安全控制。

它可以根据网络流量的来源、目的地和数据内容来进行细粒度的安全检查和过滤，确保网络安全。

入侵检测和入侵防御功能梭子鱼防火墙内置了入侵检测和入侵防御功能，可以实时监测和识别网络中的潜在威胁，并采取相应的防御措施。

它可以检测到各种入侵行为，如端口扫描、拒绝服务攻击等，并及时采取应对措施，提高网络的安全性。

VPN支持梭子鱼防火墙支持VPN功能，可以创建虚拟专用网络，将远程用户和外部网络安全地连接到内部网络。

这种加密连接可以提供更高的数据保密性和完整性，确保远程访问的安全性。

灵活的安全策略和过滤规则梭子鱼防火墙提供了灵活的安全策略和过滤规则的配置选项。

管理员可以根据自己的需求和网络环境，定义不同的安全策略和过滤规则，以适应不同的应用场景和安全需求。

这样可以更好地保护网络，避免潜在的安全威胁。

工作原理梭子鱼防火墙基于分组过滤技术和状态检测技术，通过对网络流量进行检查和过滤，实现安全控制。

它通常作为网络的边界设备，位于内部网络和外部网络之间，监控和管理网络流量。

当数据包通过梭子鱼防火墙时，防火墙会根据预先定义的安全策略和过滤规则来进行处理。

首先，防火墙会检查数据包的源地址和目的地址，判断是否允许这个数据包通过。

然后，防火墙会检查数据包的协议类型和端口号，并根据安全策略和过滤规则来判断是否允许这个数据包通过。

如果数据包通过了所有的安全检查，它将被允许进入内部网络或从内部网络发送出去。

否则，防火墙会阻止这个数据包，并根据设置的策略进行相应的处理。

目录1产品概述 (1)2产品特色 (2)2.1灵活的管理接口 (2)2.2管理员权限分权分立 (2)2.3安全隔离的虚拟系统 (3)2.3.1一机多用，节省投资 (3)2.3.2灵活配置，方便管理 (3)2.3.3业务隔离，互不影响 (3)2.4全面的IPv6Ready能力 (4)2.4.1IPv4/IPv6双栈 (4)2.4.2跨栈隧道方案 (5)2.5多层次可靠性保证，整机可靠性高 (7)2.5.1硬件可靠性 (7)2.5.2整机可靠性 (10)2.5.3系统可靠性 (16)2.5.4链路可靠性 (16)2.6智能DNS解析 (22)2.7地理位置识别（国内+国际） (22)2.8全面、智能的路由功能 (22)2.8.1全面的路由功能 (22)2.8.2精确的多出口ISP路由智能选路 (22)2.8.3对称路由保证来回路径一致 (23)2.8.4高适应性的路由负载均衡算法 (23)2.9一体化的安全策略 (23)2.10全面的SSL解密防护 (23)2.10.1SSL解密防护 (23)2.10.2SSL入站检查 (24)2.11丰富的VPN隧道类型 (24)2.12强大的动态QoS功能 (24)2.13持续关注重点应用/URL (24)2.14深度安全检测及DLP，保护网络安全 (25)2.14.1概述 (25)2.14.2全面的应用层攻击防护能力 (25)2.14.3先进的多维动态特征异常检测引擎 (26)2.14.4灵活的自定义漏洞/间谍软件特征功能 (26)2.14.5多维度的DLP数据防泄漏 (26)2.14.6强大的威胁情报渗透 (27)2.15多系统联动防护，构建立体式防护体系 (27)2.15.1防火墙和终端系统联动 (28)2.15.2防火墙和天眼系统联动 (29)2.15.3防火墙和NGSOC系统联动 (29)2.15.4防火墙和天御云系统联动 (30)2.15.5防火墙和ITS系统联动 (30)2.16应用及流量可视化，网络行为无所遁形 (32)2.16.1概述 (32)2.16.2大容量、多维度日志 (33)2.16.3多样化的日志检索方式 (33)2.16.4全方位风险信息展示及分析 (33)2.16.5强大的内容审计策略 (34)2.17自动化应急响应功能 (34)3技术优势 (35)3.1采用第四代SecOS系统 (35)3.2整体框架采用AMP+并行处理架构 (35)3.3优化的AMP+架构突破传统SMP架构瓶颈 (36)3.4更优化的网口数据收发处理 (38)3.5单引擎一次性数据处理技术 (39)3.6多级冗余架构提高防火墙可靠性 (39)3.7云端协同扩展精确定位威胁 (40)3.8基于NDR安全体系的未知威胁闭环防御 (40)4应用场景 (42)4.1企业互联网边界安全应用场景 (42)4.1.1典型场景 (42)4.1.2痛点和优势 (43)4.2行业专网网络安全应用场景 (44)4.2.1典型场景 (44)4.2.2痛点和优势 (45)4.3数据中心出口安全应用场景 (46)4.3.1典型场景 (46)4.3.2痛点和优势 (46)4.4多分支企业组网安全应用场景 (48)4.4.1典型场景 (48)4.4.2痛点和优势 (49)1产品概述随着信息化的飞速发展，网络形势正发生着日新月异的演变，层出不穷的新型威胁冲击着现有的安全防护体系。

产品简介随着机构的计算及业务资源逐渐向其数据中心高度集中，WEB成为普适平台，其上越来越多地承载了各类客户的核心业务。

金融机构、应用服务提供商、电子商务及政府单位对WEB应用性能的增强、WEB应用系统敏捷性的提高及成本控制等需求日益凸显。

对于各种机构的IT决策者来说，面临的最大挑战在于如何缓解针对WEB业务的各类安全威胁，优化业务资源，以及高效保障Web应用的可用性和可靠性，同时还需应对合规要求，如PCI DSS。

绿盟WEB应用防火墙（又称绿盟WEB应用防护系统，以下简称NSFOCUS WAF）针对各类机构的WEB业务系统，提供WEB安全和WEB应用交付的融合解决方案，确保WEB业务在安全和性能两方面的收益最大化：∙提供HTTP/S双向内容清洗：缓解来自Internet的各类安全威胁，如SQL注入、XSS、跨站伪造（CSRF）、Cookie篡改以及应用层DDoS 等，降低网页篡改及网页挂马等安全事件发生的概率，充分保障WEB应用的高可用性和业务的连续性。

同时，针对WEB服务器侧响应的出错信息、恶意内容及不合规内容进行在线清洗，避免敏感信息泄露，确保网站的公信度。

∙WEB应用交付方面，降低服务响应时间、显著改善终端用户体验，优化业务资源、提高应用系统敏捷性，提高数据中心的效率和服务器的投资回报率(ROI) 。

绿盟WAF将协助客户解决以下实际问题：网站安全∙整改代码较难实施的情况下，提供快速修补解决方案∙避免WEB应用直接暴露于Internet上，建立网站防线最高效率的架构∙提供完全透明的部署方式，在网络中即插即用∙整合DMZ区基础架构，增加安全性，降低复杂性、节约基本建设费用及后期维护成本∙优化服务端业务资源，显著改善最终用户体验合规∙避免用户敏感信息泄露∙达到PCI (支付卡) 应用安全规范要求自2008年1月国内首家推出以来，基于持续的技术创新及对客户WEB业务的深入理解，绿盟科技的WEB应用防火墙产品已获得运营商行业、金融行业、政府行业、能源行业及互联网企业等用户的广泛认可，为各类网站客户提供持续的安全保障。

Hillstone S-SeriesNetwork Intrusion Prevention System (NIPS)S600 / S1060 / S1560 / S1900 / S2100 / S2160 / S2700 / S2660 / S3560 / S3500 /S3860 / S3900 / S5500 /S5560As the threat landscape continues to evolve aggressively, an increasing number of network pro-tection technologies have quickly emerged. Among these various technologies, Intrusion Preven-tion System (IPS) remains one of the most widely deployed solutions, regardless of platform or form factor.Hillstone Network-based IPS (NIPS) appliance operates in-line, and at wire speed, performing deep packet inspection, and assembling inspection of all network traffic. It also applies rules based on several methodologies, including protocol anomaly analysis and signature analysis to block threats. Hillstone NIPS can be deployed in the network to inspect traffic left undetected by perimeter solutions, and is an integral part of network security systems for its high-performance, no compromise, best-of-breed protection capability and broad and flexible deployment scenarios.Product HighlightsUnparalleled Threat Protection without Performance CompromiseThe Hillstone NIPS platform has the most comprehensive high performance inspection engine, combined with the best-of-breed signature partnering with leading technology part-ners, providing customers the highest threat detection rate with the lowest total cost of ownership (TCO). Hillstone IPS engine has 99.6% blocking rate of static exploits and 98.325% blocking rate of live exploits (reported by NSS Labs).The Hillstone NIPS platform provides high throughput, low latency and maximum availability to maintain efficient secu -rity operations without compromising network performance. NIPS combines protocol analysis, threat reputation and other features that deliver threat protection from Layer 2 to Layer 7, including ARP attack, Dos/DDoS attack, abnormal protocols, malicious URLs, malwares and web attacks.Granular Reporting with User Targeted ViewpointsHillstone NIPS provides comprehensive visibility based on protocol, application, user and content. It can identify more than 4,000 applications, including hundreds of mobile and cloud applications.Bringing multiple sources together, the system can identify contextual information to make proper blocking decisions. With a granular and robust reporting function, it offers visibil-ity across different views:• Unique templates, based on whether you are a business system administrator, a security administrator or the CIO or executive.• Organized Threat Content – whether a security, system risk, network threat or traffic view – in order to help you clearly understand the risk and make the right decision.Product Highlights (Continued) FeaturesIntrusion Prevention• 12,700+ signatures, protocol anomaly detection, rate-based detection, custom signatures, manual, automatic push or pull signature updates, integrated threat encyclopedia• IPS Actions: monitor, block, reset (attackers IP or victim IP, incoming interface) with expiry time• Packet logging option• Filter based selection and review: severity, target, OS, application or protocol • IP exemption from specific IPS signatures• IDS sniffer mode• IPv4 and IPv6 rate based DoS protection with threshold settings against TCP Syn flood, TCP/UDP/SCTP port scan, ICMP sweep, TCP/UDP/SCIP/ICMP session flooding (source/destination)• Active bypass with bypass interfaces• Predefined prevention configuration• Support web server protection, including CC attack, external link attack, iframe, cross-site request forgery (CSRF) attack, etc.• Support protection of brute force attack including FTP, MSRPC, POP3, SMTP, SUNRPC and telnet• Support weak password detection for FTP, MSRPC, POP3, SMTP, SUNRPC and telnet• Threat Details support URI and Attack Data Decoding• Support MPLS frame inspectionThreat Correlation Analytics• Correlation among unknown threats, abnormal behavior and application behavior to discover potential threat or attacks• Multi-dimension correlation rules, automatic daily update from the cloud Advanced Threat Detection• Behavior-based advanced malware detection• Detection of more than 2000 known and unknown malware families including Virus, Worm, Trojan, Spyware, Overflow etc• Real-time, online, malware behavior model database updateAbnormal Behavior Detection• Behavior modeling based on L3-L7 baseline traffic to reveal anomalous network behavior, such as HTTP scanning, Spider, SPAM, SSH/FTP weak password, and spyware• Detection of DDoS including Flood, Sockstress, zip of death, reflect, DNS query, SSL DDos and application DDoS• Supports inspection of encrypted tunneling traffic for unknown applications • Real-time, online, abnormal behavior model database updateAntivirus• Manual, automatic push or pull signature updates• Flow-based antivirus: protocols include HTTP/HTTPS, SMTP, POP3, IMAP, FTP/ SFTP, SMB• Compressed file virus scanning Attack Defense• Abnormal protocol attack defense• Anti-DoS/DDoS, including SYN Flood, DNS Query Flood defense• ARP attack defense• IP scanning and port scanningURL Filtering• Flow-based web filtering inspection• Manually defined web filtering based on URL, web content and MIME header• Dynamic web filtering with cloud-based real-time categorization database: over 140 million URLs with 64 categories (8 of which are security related)• Additional web filtering features:- Filter Java Applet, ActiveX or cookie- Block HTTP Post- Log search keywords- Exempt scanning encrypted connections on certain categories for privacy• Web filtering profile override: allows administrator to temporarily assign different profiles to user/group/IP• Web filter local categories and category rating override• Support allow/block list• Customizable alarmAnti-Spam• Real-time spam classification and prevention• Confirmed spam, suspected spam, bulk spam, valid bulk• Protection regardless of the language, format, or content of the message• Support both SMTP and POP3 email protocols• Inbound and outbound detection• Whitelists to allow emails from trusted domain/email addresses• User-defined blacklistsCloud-Sandbox• Upload malicious files to cloud sandbox for analysis• Support protocols including HTTP/HTTPS, POP3, IMAP, SMTP and FTP• Support file types including PE, ZIP, RAR, Office, PDF, APK, JAR and SWF• File transfer direction and file size control• Provide complete behavior analysis report for malicious files• Global threat intelligence sharing, real-time threat blocking• Support detection only mode without uploading filesData Security• Web content filtering and file content filtering• Support file filtering with over 100 file formats• Support network behavior recordingEase of Deployment and Centralized Management Deploying and managing the Hillstone NIPS is simple, with minimum overhead. It can be deployed in the following modes to meet security requirements and ensure optimal network connectivity:• Active protection (intrusion prevention mode), real time monitoring and blocking.• Passive detection (intrusion detection mode), real time monitoring and alert.The Hillstone NIPS can be managed by the Hillstone Security Management Platform (HSM). Administrators can centrally register, monitor, and upgrade NIPS devices deployed in differ-ent branches or locations, with a unified management policy across the network for maximum efficiency.Features (Continued)Botnet C&C Prevention• Discover intranet botnet host by monitoring C&C connections and block further advanced threats such as botnet and ransomware• Regularly update the botnet server addresses• Prevention for C&C IP and domain• Support TCP, HTTP, and DNS traffic detection• IP and domain whitelistsIP Reputation• Identify and filter traffic from risky IPs such as botnet hosts, spammers, Tor nodes, breached hosts, and brute force attacks• Logging, dropping packets, or blocking for different types of risky IP traffic• Regular IP reputation signature database upgradeApplication Control• Over 4,000 applications that can be filtered by name, category, subcategory, technology and risk• Each application contains a description, risk factors, dependencies, typical ports used, and URLs for additional reference• Actions: block, monitor• Provide multi-dimensional monitoring and statistics for applications running in the cloud, including risk category and characteristics• Support encrypted applicationQuality of Service (QoS)• Support encrypted application• Max/guaranteed bandwidth tunnels or IP/user basis• Tunnel allocation based on security domain, interface, address, user/user group, server/server group, application/app group, TOS, VLAN• Bandwidth allocated by time, priority, or equal bandwidth sharing• Type of Service (TOS) and Differentiated Services (DiffServ) support• Prioritized allocation of remaining bandwidth• Maximum concurrent connections per IP• Bandwidth allocation based on URL category• Bandwidth limit by delaying access for user or IPIPv6• Management over IPv6, IPv6 logging and HA• IPv6 tunneling, DNS64/NAT64 etc• IPv6 routing protocols, static routing, policy routing, ISIS, RIPng, OSPFv3 and BGP4+• IPS, Application identification, Antivirus, Access control, ND attack defense VSYS• System resource allocation to each VSYS• CPU virtualization• Non-root VSYS support IPS, URL filtering, Policy, QoS, etc.• VSYS monitoring and statistics• Support backup of all VSYS configurations at onceSSL Proxy• SSL offload: SSL traffic decryption• SSL require/ exempt: SSL traffic allowed or block based on the policy rules without decryptionFlexible Traffic Analysis and Control• Support 3 operation modes: Route/NAT (layer 3) , Transparent (layer 2) with optional bypass interface, and TAP mode (IDS Mode) with Hillstone Firewall Integration• Traffic analysis and control based on policy rules by source/destination zone, source/destination IP address, users, service or applications High Availability• Redundant heartbeat interfaces• AP and peer mode• Standalone session synchronization• HA reserved management interface• Failover:- Port, local & remote link monitoring- Stateful failover- Sub-second failover- Failure notification• Deployment Options:- HA with link aggregation- Full mesh HA- Geographically dispersed HAVisible Administration• Management access: HTTP/HTTPS, SSH, telnet, console• Central Management: Hillstone Security Manager (HSM), web service APIs • Two-factor authentication: username/password, HTTPS certificates file• System Integration: SNMP, syslog, alliance partnerships• Rapid deployment: USB auto-install, local and remote script execution• Dynamic real-time dashboard status and drill-in monitoring widgets• Storage device management: storage space threshold customization and alarm, old data overlay, stop recording.• Language support: EnglishLogs and Reporting• Logging facilities: local storage for up to 6 months, multiple syslog servers and multiple Hillstone Security Audit (HSA) platforms• Encrypted logging and log integrity with HSA scheduled batch log uploading • Reliable logging using TCP option (RFC 3195)• Detailed traffic logs: forwarded, violated sessions, local traffic, invalid packets • Comprehensive event logs: system and administrative activity audits, routing & networking, VPN, user authentications, WiFi related events• Log aggregation: support aggregation of AV and C&C logs• IP and service port name resolution option• Brief traffic log format option• Granular Reporting with User Targeted Viewpoints- HA Management/C-level View- Business System Owner View- Network Security Administrator ViewStatistics and Monitoring• Application, URL, threat events statistic and monitoring• Real-time traffic statistic and analytics• System information such as concurrent session, CPU, Memory and temperature• iQOS traffic statistic and monitoring, link status monitoring• Support traffic information collection and forwarding via Netflow (v9.0)• Cloud-based threat intelligence push service• Geographical distribution of external network attacksCloudView• Cloud-based security monitoring• 24/7 access from web or mobile application• Device status, traffic and threat monitoring• Cloud-based log retention and reporting500 GB (optional)Dimension (W×D×H, mm)16.9 × 11.8 × 1.7 in(430×300×44mm)17.1×12.6×1.7 in(436x 320x 44mm)16.9 x 14.8 x 1.7 in(430x375x44mm)Weight14.3 lb (6.5 kg)14.33 lb (6.5kg)22.0 lb (10 kg)Temperature32-104°F (0-40°C)32-104°F (0-40°C)32-104°F (0-40°C) Relative Humidity5-85% (no dew)10%~95% (no dew)5-85% (no dew)14 GbpsConsumption 1 + 1 1 + 1 1 + 1Dimension (W×D×H, mm)16.9 × 19.7 × 3.5 in(430×500×88mm)16.9 × 19.7 × 3.5 in(430×500×88mm)17.1×21.3×1.7 in(436x542x44mm)Weight35.3 lb (16 kg)35.3 lb (16 kg)32.6 lb (14.8kg)Temperature32-104°F (0-40°C)32-104°F (0-40°C)32-104°F (0-40°C) Relative Humidity5-85% (no dew)5-85% (no dew)10%~95% (no dew)ModuleIOC-S-4GE-B-LIOC-S-4SFP-LIOC-S-4GE-BIOC-S-4SFPIOC-S-8SFPIOC-S-4GE-4SFPI/O Ports 4 x SFP Ports4 × SFP Ports 4 × GE and 4 × SFP Ports Dimension slot)1U (Occupies 1 generic slot)slot)1U (Occupies 1 generic slot)generic slot) 1U (Occupies 1 generic slot)Weight0.22 lb (0.1 kg)0.22 lb (0.1 kg)0.33 lb (0.15 kg)0.33 lb (0.15 kg)0.55 lb (0.25 kg)0.55 lb (0.25 kg)ModuleIOC-S-2SFP+IOC-S-4SFP+IOC-S-4SFP-BIOC-S-2SFP+-BIOC-S-4SFP+-BIOC-S-4GE-B-HIOC-S-4GE-4SFP-HI/O Ports 2 × SFP+ Ports 4 × SFP+ Ports 4 × SFP Bypass Ports 2 × SFP+ Bypass Ports 4 × SFP+ Bypass Ports 4 × GE Bypass Ports 4 × GE and 4 × SFP Ports Dimension 1U (Occupies 1 generic slot)1U (Occupies 1 generic slot)1U (Occupies 1 generic slot) Weight0.44 lb (0.2 kg)0.88 lb (0.4 kg)0.33 lb (0.15 kg)ModuleIOC-S-8GE-B-HIOC-S-8SFP-HIOC-S-4SFP-HIOC-S-2SFP+-HIOC-S-4SFP+-HIOC-S-4SFP-B-HIOC-S-2SFP+-B-HI/O Ports 8 × GE Bypass Ports 8 × SFP Ports 4 × SFP Ports 2 × SFP+ Ports 4 × SFP+ Ports 4 × SFP Bypass Ports 2 × SFP+ Bypass Ports Dimension 1U (Occupies 1 generic slot)1U (Occupies 1 generic slot)1U (Occupies 1 generic slot) Weight0.55 lb (0.25 kg)0.33 lb (0.15 kg)0.88 lb (0.4 kg)Module OptionsNOTES:(1) IPS throughput data is obtained under HTTP traffic with all IPS rules being turned on;(2) Maximum concurrent connections are obtained under TCP traffic; and it can be upgraded with Additional Enhanced License (AEL);(3) New sessions are obtained under TCP traffic.Unless specified otherwise, all performance, capacity and functionality are based on StoneOS5.5R5. Results may vary based on StoneOS ® version and deployment.ModuleIOC-S-4SFP+-AIOC-S-2MM-BE-AIOC-S-2SM-BE-AIOC-S-2QSFP+-AI/O Ports 4 × SFP , MM bypass (2 pairs of bypass ports) 2 × QSFP+Dimension 1U1UWeight2.09 lb (0.96 kg)2.09 lb (0.96 kg)2.09 lb (0.96 kg)2.09 lb (0.96 kg)。

瞻博网络公司集成安全网关(ISG)系列产品瞻博网络公司集成安全网关（ISG）适用于保护企业网络、运营商和数据中心环境的安全，在这些环境中，IP语音（VoIP）和流媒体等高级应用需要可扩展的一致性能。

瞻博网络公司的ISG 1000和ISG 2000 是专用的安全性解决方案，利用第四代安全ASIC（GigaScreen3）以及高速微处理器来提供无与伦比的防火墙和虚拟专网（VPN）性能。

ISG 1000 和ISG 2000 集成了最佳的防火墙，VPN 和可选的入侵检测与防护（IDP）功能，能够为关键的高流量网段提供安全可靠的连接以及网络和应用级保护。

产品描述瞻博网络公司的ISG 1000和ISG 2000是全面集成的防火墙/VPN 系统，提供：数千兆位的性能模块化架构丰富的虚拟化功能它们是面向大型企业、数据中心和电信运营商网络的理想解决方案。

基于ISG系列防火墙/VPN的系统提供入侵防护系统(IPS)、防垃圾邮件、Web过滤和互联网内容适配协议(ICAP)防病毒重定向支持等安全特性。

您可通过可选的集成IDP进一步扩展这个高级系统或将系统作为通用分组无线业务(GPRS)防火墙/VPN产品提供给移动网络电信运营商环境。

ISG系列防火墙/VPN 采用模块化架构，允许部署大量的铜线和光纤接口选件。

虚拟系统、虚拟局域网和安全区等高级特性允许灵活地分割并隔离属于不同可信级别的流量。

ISG 系列防火墙/VPN 允许对多个不同的防火墙实施检测或路由策略，以简化网络设计。

这将允许用户对流量流实施安全策略，不会对网络本身产生很大的影响–即便在极为复杂的环境中也不例外。

ISG系列的架构提供卓越的灵活性和高效性，在单一解决方案的三个不同的部署配置——防火墙/VPN、防火墙/VPN/IDP和IDP中均提供最先进的性能和最佳功能。

ISG 1000 最多支持两个安全模块，ISG 2000最多支持三个安全模块。

每个安全模块都有自己的专用处理资源和内存并提供旨在加速处理IDP数据包的技术，从而可减少所需的单独的安全产品和管理应用的数量，简化部署流程并降低网络复杂性，继而降低成本。

Version 2.8Copyright 2021 Hillstone Networks.All rights reserved.Information in this document is subject to change without notice. The software described in this document is furnished under a license agreement or nondisclosure agreement. The software may be used or copied only in accordance with the terms of those agreements. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or any means electronic or mechanical, including photocopying and recording for any purpose other than the purchaser's personal use without the written permission of Hillstone Networks.Hillstone Networks本文档禁止用于任何商业用途。

联系信息北京苏州地址：北京市海淀区宝盛南路1号院20号楼5层地址：苏州高新区科技城景润路181号邮编：100192 邮编：215000联系我们：https:///about/contact_Hillstone.html关于本手册本手册介绍山石网科公司的Web应用防火墙（W1060-GC）的硬件相关信息。

获得更多的文档资料，请访问：https://针对本文档的反馈，请发送邮件到：***********************山石网科https://TWNO: TW-HW-WAF(GC)-CN-V1.0-Y21M11产品中有毒有害物质或元素的名称及含量前言内容简介感谢您选用Hillstone Networks的Web应用安全产品-Web应用防火墙。