Home Page Services Fiber middle 6P+2P10G fiber IPS NG-UTM
Search By Category
Search By Keyword
Product Name
6P+2P10G fiber IPS NG-UTM
Maximum connections: 3,000,000 | New connections per second: 120,000 | Maximum processing speed: 15Gbps | VPN performance: 850Mbps | Antivirus performance: 700Mbps | IPS performance: 700Mbps |
IPS / WAF / UTM / FW / HA / Two-Factor Two-Stage Authentication
1 LAN(MGMT.) / 7 definable PORT | 6P RJ45 1G | 2P 10G GBIC (Fiber) slot (GBIC single-mode or multi-mode purchased separately)
Support IPSEC / SSL / PPTP / L2TP (IOS available) and other VPN / Support 3G / 4G / 5G LTE USB mobile wireless network card
Kabbah Antivirus 1 year, 3rd party application and 3rd party URL database control 2 years
Optional items:
Dedicated 10G GBIC: MGB-XM03 (multi-mode) / MGB-XS10 (single-mode) / MGB-RJ-10GT (to RJ45 30M) (the above can be mixed and matched)
Kaspersky Antivirus (2nd year onwards) / 3rd party applications (3rd party onwards) / 3rd party URL database (3rd party onwards)
Product Specification
Product Description

NGS 3542HTG is a network security device that complies with the Next Generation UTM specification. It features high operational efficiency, multiple security protection mechanisms and hierarchical authorization management. It is the network security and management device of choice for medium and large enterprises.

NGS 3542HTG has powerful functions of a new generation firewall, including application identification and control based on Deep Packet Inspection (DPI), In-Line IPS, SSL analysis and blocking, Web Filtering, bandwidth management, antivirus, spam filtering and It supports functions such as external authentication integration, which can prevent hackers from maliciously infiltrating attacks or unauthorized access to internal network resources. In addition, the NGS 3542HTG also supports dual backup mechanism (HA), which can ensure the continuous operation of the equipment.

feature of product

The NGS 3542HTG is also a core switch supporting Layer 2 - Layer 7, which can directly replace the traditional Layer 3 core switch and meets the requirements of the next-generation Software Defined Network (SDN) core switch.

Integrate the centralized management of wireless base stations and managed switches to create integrated wired and wireless security protection, allowing managers to take into account both internal and external factors, and can be used as a layer 2 intranet security firewall

Balancing performance and functionality

HERHSIANG NGS 3542HTG, its hardware platform is carefully designed, using X86 hardware devices, the purpose is to allow enterprise users to fully experience the security protection functions provided by the new generation of HERHSIANG UTM.

For customers with high connection capacity requirements, we provide high-performance security modules to improve connection capacity and support USB fast recovery mechanism.

Two-Factor Two-Stage Authentication
Unlike many previous network services that use single-factor password authentication by default, Two-Factor Authentication (2FA), which combines two different authentication methods, users need to pass two or more authentication mechanisms before they can get Authorize access to the system resources provided by the service provider. There are many ways to verify, such as PIN code/fingerprint/scanning QR code/or one-time code and other auxiliary verification, and the purpose is to provide higher security for the account. This The two-factor authentication function combined with Google Authenticator uses the mobile phone owned by the user as the second authentication factor to achieve auxiliary authentication. The function is disabled by default. After enabling this function, the system will prompt you to enter a password and a one-time code. Can access your account.
HERHSIANG NGS next-generation firewall has three parts, supports two-step verification: account management/Internet authentication/SSL VPN
IP v4/v6 Dual Band Technology           
There is a shortage of IP v4 addresses, and the age of IP v6 will come sooner or later, so HERHSIANG has integrated this trend when developing the next-generation UTM. The same network interface, whether it is defined as WAN or LAN, can be bound at the same time. The IP address of v4 or v6, so the NGS 3542HTG works equally well in pure v4 environment, mixed v4/v6, pure v6 environment.
Support SDN controller

Supporting SDN controller, more than one Port can be combined into a ZONE, which is directly managed by the SDN controller, and the packet transmission of ZONE and ZONE will also pass the packet inspection of NGS 3542HTG.

And with VLAN 802.1Q function, the internal network can be cut into several independent subnet segments, each segment operates independently without interfering with each other. .

SSL encrypted connection detection
With the ability to detect SSL traffic, when faced with traffic from SSL-encrypted connections, it can apply intrusion detection and prevention, gateway antivirus, content filtering, and application bandwidth control.
load balancing

Provide outbound and inbound load balancing, and provide a variety of load balancing algorithms. When one line is disconnected, all network packets will be automatically redirected to another normal line to ensure that the internal user network is smooth. When the line is restored, the packet will be automatically assigned again.

Enterprises can set their own load balancing rules according to their needs, and network access can refer to the set rules to implement network traffic load balancing guidance. Algorithms include: automatic allocation, manual allocation, allocation by source IP, and allocation by destination IP.           


IPS Intrusion Prevention
The IPS intrusion detection and prevention system provides more than 30,000 signatures, IPS It will check the content corresponding to layers 4 to 7 of the OSI model, whether there are malicious attack programs or viruses hidden in the TCP/IP communication protocol. Mark it out, once found, it can block the packet immediately, so that these malicious packets that pass through the firewall are invisible.

Threat Detection Defense

Provide the most complete defense-in-depth mechanism for enterprises. Today's network attacks cannot rely only on single-point protection and require complete defense-in-depth. Only through different levels of defense technology can we reduce the potential threat behavior that enterprises may suffer.

Hexiang NGS 3542HTG not only provides firewall, intrusion detection system (IPS), anti-virus as the basis for enterprise information security protection, but also strengthens the detection of malware for traffic, web pages and emails, through the correlation analysis of different security mechanisms , to play the role of defense in depth.

WAF ( Web Application Firewall )

Web Application Firewall is a product that provides protection for Web server applications by implementing a series of HTTP/HTTPS security policies.

The work of WAF is to parse the data of the web application layer, perform forced multiple conversions for different encoding methods and restore them to attack plaintext, and combine the deformed characters for analysis, which can be better than the combined attack from the web layer. Provide application layer rules Web applications are usually customized, traditional rules for known vulnerabilities are often not effective enough, WAF provides dedicated application layer rules, and has the ability to detect deformation attacks, such as detecting mixed attacks in SSL encrypted traffic

Mail Gateway Protection

The enterprise already has a mail host, but the spam filtering performance is not good. The NGS 3542HTG can be used as the mail gateway mode to make up for the insufficient functions of the original mail server, such as spam filtering and virus filtering.

After filtering viruses and advertisement emails by NGS 3542HTG, the clean emails are delivered to the mail host.

virus letter filter

The system provides Clam AV anti-virus engine free of charge, which can detect more than millions of viruses, worms, and Trojans, automatically scan emails for viruses, automatically update virus files through the Internet every day, and provide virus email search condition.

Administrators can set the processing method of poisoned emails, including automatic deletion, storage of poisoned email extensions and the subject of poisoned email notification letters. The new-generation UTM has a built-in Kaspersky anti-virus engine for one year, and customers can choose to renew and enjoy the leading Kaspersky anti-virus engine with the highest anti-virus rate and the strongest virus repair.

Spam filtering
Internal mail or external mail can be filtered, and provide ST-IP network credit rating, Bayesian filtering method, Bayesian filtering method automatic learning mechanism, automatic whitelist mechanism, spam feature filtering and fingerprint identification method, etc. , whitelist comparison and intelligent identification learning database (Auto-Learning), you can even set personalized rules, flexibly formulate filtering rules, deal with spam, and ensure comprehensive protection without misjudgment, with an accuracy rate of more than 95%. Mail filtering, which can perform actions such as forwarding, deleting, blocking, etc., for letters that meet the filtering conditions set by the administrator.
Abnormal IP Analysis

Any network behavior, no matter what kind of software the user runs, from the perspective of network packets, it is roughly divided into the number of upload and download connections (Connect Session), flow (Flow) and duration (Time), by detecting these A combination of numbers to estimate whether the user is using the Internet normally or has abnormal behavior.

When the abnormal behavior of internal users is found, the administrator can take various strategies, for example, block the Internet, limit its maximum bandwidth immediately, enable the cooperative defense mechanism to notify the switch to block it, or notify the administrator.

Bandwidth Management ( QoS )

Assist network administrators to control network traffic, effectively slow down corporate network congestion, improve service and bandwidth utilization.

With QoS (bandwidth management) function, the limited bandwidth can be distributed to all users.

The difference from general bandwidth managers is that in addition to providing maximum bandwidth and priority management, NGS 3542HTG also has a guaranteed bandwidth function. It also has the design of personalized bandwidth management, which can be set for individual users.

If bandwidth management is used with personalized bandwidth management, the bandwidth reserved by the bandwidth management function can be allocated to users under the enterprise, which can effectively prevent the phenomenon of bandwidth being monopolized by users.

Content filtering
Provides Web Filter (web filtering) function, which can block the access of inappropriate web pages (such as pornography, violence) and offensive web pages (such as hackers, viruses) at the work end, and can set its own filtering conditions to block inappropriate web sites.
Sandstorm Malware Filtering Mechanism

Advanced Sandstorm can effectively detect unknown advanced malware attachments, such as common Microsoft, Word, Excel, Power Point or PDF; or targeted phishing emails, and even compressed files, such as ZIP and RAR.

Before scanning emails for Spam or Virus, Sandstorm Defense compares suspicious attachments, isolates problematic emails, and exposes potential malicious programs to avoid affecting users' email reception.             

URL database management [Optional 3rd party database (optional)]

The built-in "cloud URL database" automatically classifies web pages. As long as the administrator can prevent and block harmful URL networks, it can be easily controlled. There is no need to enter website IP addresses, keywords.... to block them one by one.

Arbitrarily clicking on harmful URLs is the source of evil. The best way to prevent blocking is to prohibit the use of the Internet. If it cannot be completely prohibited, using the URL database updated from time to time is the best protection mechanism.

Full record of online behavior

Some corporate employees use the Internet during working hours to do things that are not for work purposes.

NGS 3542HTG can not only limit users' permission to use related applications, but also record related online behaviors, including web browsing and email sending. When a company leaks, the preserved information is the best evidence to use as evidence in court.

Traffic Analysis
Provides a traffic analysis tool, whether it is the internal user's computer on/off status, real-time display of network traffic, communication protocol allocation and traffic rankings, when the line is fully loaded, you can immediately find the traffic killer.
Application Management [Optional 3rd Party Database (Optional)]

Various network application software is not only difficult to manage, but also becomes the best channel for data leakage and virus attack.

NGS 3542HTG has built-in various application management functions, including instant messaging, video and audio services, file transfer, P2P software, remote control, browser, VOIP, online games, network protocols, etc., which can easily control employees' use of application software. Permissions to protect corporate network security.

Graphical flow meter           

Provides the flow meter of the WEB interface, and draws the historical status of the system into a chart, so that the administrator can grasp the current operating status of the system at any time.

NGS 3542HTG provides system status charts (including CPU load chart, memory load chart, system load), network traffic charts (LAN traffic, WAN1~WAN7 traffic), and provides query conditions to quickly search for the historical records of each traffic status.

Threat Intelligence Meter
Provide common threat statistics, APP analysis, mail analysis charts, IPS analysis, WEB analysis, defense analysis, real-time dynamic session analysis and reports.


Provide a variety of logs, such as log in/out log, system network settings, regulations and targets, network services, advanced protection, IPS, mail management, content logging, VPN, etc. and a detailed log search system.

It is used for debugging analysis, evaluation of system performance, and proof and tracing basis when it is illegally invaded.             

VPN function

Use IPSec, PPTP, L2TP, SSL VPN to securely connect between Site to Site, Point to Site and remote users.

Through these VPN mechanisms, users can connect to different devices such as laptops, branch offices, business offices, mobile communication devices or home from different locations, including home, external public information service stations, and the Internet. …Wait.

Among them, SSL VPN is currently the most important long-distance secure transmission connection between most enterprises, customers and partners.           


Definition of UTM

IDC's definition of UTM information security hardware device is: It contains multiple security functions integrated into a single hardware device, which must include network firewall, network intrusion detection and prevention, and gateway anti-virus. All functions on this device do not have to be fully utilized, but must be built in, and individual components cannot be cut.

In order to test these devices, NSS Group more clearly defines the UTM device as a single device combining firewall, VPN, IDS/IPS, anti-virus, anti-spam, URL filtering, content filtering and other functions. The detailed definitions are as follows:

* Firewall: Deployed at the network boundary, a strong stateful NAT firewall is required.

* VPN: It is often deployed in the enterprise wide area network as a branch network solution, and basically needs to be able to establish a small number of secure VPN tunnels.

* IDS/IPS: Firewall can only enforce policy, if policy allows incoming HTTP traffic to web server in DMZ zone, firewall cannot prevent hackers from destroying target web server from HTTP protocol. The IPS function will detect and block intrusions like these that attempt to exploit the network perimeter, preventing malicious network traffic from reaching the server. The IDS function can detect intrusions and issue alerts, but cannot block malicious traffic.

* Anti-virus: Gateway anti-virus filtering can prevent inbound virus traffic at the network boundary, strengthen the security of computer desktops, block them before they reach the desktop, and the solution can also prevent internal computers from being infected by viruses from outside the corporate network. .

* Anti-spam: Gateway Anti-spam can flag incoming e-mail, allowing further processing by computer filtering solutions. Solutions to prevent internal hosts from sending spam outside the enterprise.

* URL Filtering: Using a continuously updated database of URL classifications, a gateway URL filtering solution prevents employees from accessing unpleasant or inappropriate websites from the corporate network.

* Content Filtering: Scanning web and email traffic for specific content, gateway content filtering solutions prevent objectionable or inappropriate content from passing through or emanating from the corporate network.         

File Download

HERHSIANG Information Co., Ltd. (Uniform number: 13167798)

 88673494097  88673596785  service@herhsiang.com

 3F, No.5, Dinghe St., Sanmin District, Kaohsiung City Taiwan  

Business hours: Monday ~ Friday 8:30 ~ 12:00 / 13:30 ~ 1800 

(Except holidays and national holidays)
Copyright © 2002~2024