The ICG 2000D information and communication gateway is a new generation of information and communication gateway equipment launched by H3C based on new technologies and innovative achievements. It can easily deploy multiple businesses on the same node in the context of constantly enriching enterprise network applications. It not only avoids the problem of complex and heterogeneous multiple devices in the network to the greatest extent, but also greatly reduces the initial investment and long-term operation and maintenance costs of enterprise network construction.
Advanced technological support
Adopting H3C's mature Comware network operating system, it provides a more intelligent business scheduling and management mechanism, supports business modular loose coupling, and can dynamically load processes and patches
Excellent high-performance multi-core CPU processor, greatly enhancing the concurrent processing capability of multiple businesses
The independently innovated intelligent link engine CUBE technology not only improves the bus bandwidth of SIC cards, but also automatically and flexibly allocates interface resources
Powerful security features
Business Security
Message filtering function, supporting status filtering, MAC address filtering, IP and port number filtering, time period filtering, etc
Support real-time analysis of business traffic, etc
Network Security
Diversified VPN technologies, including IPsec
L2TP、GRE、MPLS VPN,
And the combined use of multiple VPN technologies
Support security protection for routing protocols, support OSPF/RIP/IS-IS/BGP dynamic routing protocol authentication, support IPSec encryption for OSPFv3/RIPng/IS-ISv6/BGP, and support rich routing policy control functions
Terminal access security
Integrated terminal access binding authentication, including EAD security check authentication, 802.1x authentication, terminal MAC address authentication, web-based Portal authentication, terminal access static binding, MAC automatic learning binding
ARP attack prevention, supporting fixed source MAC address, ARP packet attack prevention, address conflict detection and protection, ARP port speed limit, ARP detection, ARP source MAC address consistency check, ARP source suppression, ARP active confirmation mechanism, etc
Equipment management security
Support role-based permission management, which enables resource allocation, user role correspondence, and two-dimensional permission allocation based on roles
Support control plane traffic restriction, support flow control and filtering based on protocol type, different queues, known protocol messages, specified protocol messages, etc
Remote security management, supporting SNMP v3, SSH, HTTPS remote management, etc
Management behavior control audit, supporting centralized authentication of AAA servers, execution of command line authorization, real-time reporting of operation records, etc
Refined business control
Through refined identification and control, achieve speed limit, bandwidth guarantee, filtering and other functions for application layer business, and guide network optimization through refined statistics
Supports Equivalent Link Load Sharing (ECMP) and Non Equivalent Link Load Sharing (UCMP), with UCMP supporting load sharing based on link bandwidth ratios;
