Enhanced Firewall

0095

Enhanced Firewall 0095 Multi-core 64-bit network-dedicated processor, 2.2GHz clock speed, 4GB DDR4 high-speed memory

4 x 2.5G RJ45 ports, 8 x Gigabit RJ45 ports, 2 x 10G SFP+ ports, 1 hard drive interface (HDD/SSD)

Supports configuration of security policies, audit policies, bandwidth policies, NAT policies, etc.

Supports scalable integrated DPI deep security (intrusion prevention, antivirus, file filtering, remote malicious domain query, application behavior control)

Supports rich policy objects (security zones, addresses, applications, blacklists/whitelists, security profiles, intrusion prevention, audit profiles, etc.)

Supports rich network functions, static routing, policy routing, intelligent load balancing, VPN (IPSec/PPTP/L2TP) VPN, DDNS, and other multi-administrator roles enable granular permission management. Supports first-packet application identification, improving application identification performance.

Note: Antivirus (AV), Intrusion Prevention (IPS), Malicious Domain Identification, Application Identification (APP), and Website Identification (URL) require license purchase. See the "Specifications" section on the official website for details on license compatibility.

The Firewall 0095 is an enhanced firewall product supporting multiple feature libraries including antivirus, intrusion prevention, malicious domain identification, application identification, and website classification. It integrates firewall policies, attack protection, DPI deep security, security auditing, bandwidth management, and VPN functions, effectively mitigating network risks and providing comprehensive protection while simplifying maintenance and ensuring the continuous and stable operation of core enterprise applications and businesses. Suitable for enterprises, government agencies, industrial parks, chain hotels, and other scenarios.

Rich ports and powerful performance. Utilizes a professional multi-core 64-bit network processor with a 2.2GHz clock speed and 4GB DDR4 high-speed memory, providing powerful packet processing capabilities.

It provides four 2.5G RJ45 ports, eight Gigabit RJ45 ports, two 10 Gigabit SFP+ ports, and one hard drive interface (HDD/SSD), satisfying high-speed data forwarding while facilitating system management and maintenance.

Comprehensive Security Policies: Security firewall Adopting the principle of minimum security, it supports security policies based on security zones, source IP addresses, destination IP addresses, source ports, destination ports, service groups, application groups, user groups, time periods, blacklists and whitelists, websites, internal server certificates, antivirus, URL filtering, file filtering, application behavior control, email content filtering, intrusion prevention, and audit configuration files. Users can customize combinations and set access rules for comprehensive control over internal and external network communication security.

Comprehensive Attack Protection

Supports multiple internal/external network attack protection functions, effectively preventing various DoS attacks, scanning attacks, and suspicious packet attacks, such as: TCP Syn Flood, UDP Flood, ICMP Flood, IP scanning, port scanning, WinNuke attacks, fragmented packet attacks, WAN port ping, TCP Scan (Stealth FIN/Xmas/Null), IP spoofing, TearDrop, etc.

Supports ARP protection, such as ARP spoofing and ARP attacks, to avoid service interruptions and frequent network outages.

Supports IP and MAC address binding, allowing simultaneous binding of IP and MAC address information for hosts on both the LAN port (internal network) and WAN port (external network) to prevent ARP spoofing.

Supports MAC address filtering to block unauthorized host access.

Scalable and integrated DPI deep security:

Supports intrusion prevention, providing real-time access to the latest threat information and accurately detecting and defending against attacks targeting vulnerabilities;

Supports antivirus, quickly and accurately detecting and eliminating viruses and other malicious programs in network traffic, protecting against over 6 million viruses and Trojans;

Supports filtering file extension types, easily filtering various small files embedded in web pages to prevent viruses and Trojans from infiltrating enterprise networks and compromising Network Security;

Supports URL filtering and remote malicious domain lookup, effectively blocking phishing websites and intercepting Trojan attacks, hacker intrusions, and online fraud through a combination of local and cloud-based methods;

Supports application identification with accuracy down to the application behavior level. The combination of application identification with intrusion detection, antivirus, URL filtering, and file extension type filtering greatly improves detection performance and accuracy;

Provides a comprehensive and timely security signature database, keeping abreast of the latest developments in the network security field and ensuring timely and accurate updates to the signature database.

Refined Internet Behavior Identification and Control

Possesses a large-scale application identification feature database, enabling one-click control of nearly 6,000 common domestic desktop and mobile internet applications across 36 categories, including video, social networking, shopping, and financial applications;

Accurately identifies behaviors in popular applications such as WeChat, Weibo, and QQ, including text communication, voice and video calls, file transfers, and music playback, and provides refined control over these behaviors, selectively blocking or restricting them;

Built-in database of over a dozen domestic website categories, allowing one-click restriction of employee access to corresponding websites;

Supports disabling webpage submissions, restricting employee access to various web-based forums, Weibo, email, etc., and filtering email content to effectively prevent the leakage of sensitive corporate data;**

The application and website database will be continuously updated and expanded.

Comprehensive Security Audit Strategy

Detailed and Comprehensive Logging: Supports system logs, operation logs, policy hit logs, traffic logs, audit logs, threat logs, content logs, URL logs, and email filtering logs, recording detailed information such as firewall-related traffic and operation history to help administrators understand network status and quickly locate network problems;

Graphical Traffic Statistics: Enables traffic statistics across three dimensions: interface, IP, and security policy, presenting security policy traffic data in real-time graphical form for easy overview; traffic analysis reports can be output in PDF format to help administrators analyze historical traffic distribution;

Internet Behavior Auditing: Supports HTTP behavior auditing, FTP behavior auditing, email auditing, and IM auditing. Audit logs provide insights into employee internet behavior during work hours, including web browsing and app usage, making inappropriate internet activity traceable;

TP-LINK Security Audit System: Can be used in conjunction with the TP-LINK Security Audit System for long-term, high-capacity log storage while outputting more detailed analytical reports.

Simplified Operation and Maintenance, Secure Management

A fully Chinese web interface with detailed and clear configuration guidance;

A graphical interface display, providing real-time monitoring of key resources such as CPU utilization, clear and intuitive;

Supports local/remote management, facilitating chain operations and remote assistance;

Supports password authentication/identity recognition, ensuring authorization security;

Supports multiple administrator roles for granular permission management;

Supports hard drive management and license management, with feature database upgrades;

Supports primary/standby failover and online testing, ensuring high-reliability device operation;

Provides a separate console management port for command-line management.

Flexible Bandwidth Management Policies

Offers flexible bandwidth management policies, controlling the bandwidth used by each IP in the network to ensure a good network experience for critical services and users. Management methods include: bidirectional bandwidth control, connection limit, and connection monitoring.

Rich Routing Features

Supports static routing, policy routing, intelligent load balancing, VPN (IPSec/PPTP/L2TP VPN), dynamic DNS (PeanutShell, Comai, 3322), and other functions.

Supports Multiple Deployment Modes

Layer 3 Router Gateway Mode: As a Layer 3 router gateway, the 0095 replaces the original router in the network. Data communication between the internal and external networks is handled through NAT translation via the firewall. In this mode, the firewall's data packet processing mechanism is more sophisticated, resulting in stronger network security protection capabilities.

Layer 2 Transparent Bridge Mode: Supports configuring some or all interfaces as bridges. These interfaces operate in a Layer 2 network. As long as data passes through the bridge interface, the network is protected by the firewall. In this mode, firewall deployment does not require changes to the original topology, making it more convenient and faster.

Router + Bridge Mode: In actual network deployment, some firewall interfaces can be configured as bridge interfaces, and others as routing interfaces, flexibly combining the two methods to achieve more economical and efficient network protection.

Hardware Specifications

Ports

4 x 2.5G RJ45 ports

8 x Gigabit RJ45 ports

2 x 10 Gigabit SFP+ ports

1 x USB port

1 x Console port (Type-C)

1 x Hard Drive Interface (HDD/SSD)

Indicator Lights

Ports: Link/Act, Speed, OFL, USB

Device: PWR, SYS, CLOUD, HA

Dimensions

440×420×44(mm)

Input Power

100-240V~50/60Hz 2.5A

Cooling Method

Natural cooling

Operating Environment

Operating Temperature: 0℃～40℃, Operating Humidity: 10%～90%RH (Non-condensing)

Storage Temperature: -40℃～70℃, Storage Humidity: 5%～90%RH (Non-condensing)

Processor

Multi-core 64-bit network processor, 2.2GHz

Memory

4GB DDR4

Hard Drive Interface 1 x 2.5-inch HDD/SSD hard drive interface

FLASH

32MB NOR + 8GB eMMC

Software Functions

Policy Configuration

Security Policy, Audit Policy

Detection Policy (Encrypted Traffic Detection)

Bandwidth Policy (Bandwidth Control, Connection Limit, Connection Monitoring)

NAT Policy (NAPT, One-to-One NAT, Virtual Server, NAT-DMZ, UPnP)

ALG Policy (FTP ALG, H.323 ALG, PPTP ALG, SIP ALG)

Policy Objects

Security Zone, Address, User, Service, Website, Application, Blacklist/Whitelist, Intrusion Prevention

Security Profiles (URL Filtering, File Filtering, Application Behavior Control, Email Content Filtering, Antivirus)

Audit Profiles (HTTP Behavior Auditing, FTP Behavior Auditing, Email Auditing, IM Auditing)

Attack Protection

Supports ARP protection, such as ARP spoofing and ARP attacks

Supports protection against various common attacks, such as DDoS attacks, network scanning, and suspicious packet attacks

Supports MAC address filtering to block unauthorized host access

Integrated DPI Deep Security Supports intrusion prevention

Supports antivirus

Supports remote malicious domain query

Supports application behavior recognition

Supports filtering of file extension types

Network Functions

Static routing, policy routing

Intelligent load balancing

VPN (IPSec/PPTP/L2TP VPN)

Dynamic DNS (Peanut Shell, Comai, 3322)

System Management

Supports Chinese web management, remote management

Supports multiple management roles

Supports configuration backup and import

Supports system software upgrades

Supports various logs, reports, diagnostic center, and panel status

Supports CLI management, license management, and disk management

Supports signature database upgrades

Performance Parameters*

Maximum concurrent connections

800K

New connection rate (Connections/s)

38477.2

Network layer throughput (1518/512/64 bytes, UDP)

19/12.1/1.9 Gbps

Application layer throughput (Mbps)

3968

Application identification throughput (Mbps)

922

IPS throughput (Mbps) 782 Total Threat Throughput (Application Identification + IPS + AV + Malicious Domains) (Mbps)

738 *Parameter Description

Unless otherwise specified, the parameters are obtained from testing at a 128KB HTTP load capacity.

Compatible Hard Drives

Western Digital

WD5000LPCX

WD10SPZX

WD20SPZX

Seagate

ST500LM030

ST1000LM048

ST2000LM015

Toshiba

MQ01ABF050

MQ04ABF100

MQ04ABD200

License (TL-FW-LIS-ALL-E, All-in-One)*

IPS Library

1500+

AV Library

3 million

Malicious Domains Library

10000+

Application Library

6400+ Applications

Website Library

3 million websites

Parameter Description

Specifically enhanced feature libraries require separate license purchase.