NGFW products based NGTOS system architecture 10-year high crystal quality experience in the development of security products TOPSEC, using a number of breakthrough technologies. Based on a layered design, TOPSEC security through long-term product development experience, analysis of differences in a variety of security hardware platform technology, creatively put forward the introduction of hardware abstraction layer between the hardware and the operating system kernel level. Hardware abstraction technique, such NGTOS can adapt to various hardware system platform, and take advantage of the numerous advantages computing technology. Through the sound system design, so that other systems commonly used in the industry NGTOS comparison has the following characteristics:
Efficient and reliable base system
NGTOS efficient forwarding multitasking system provides control of the task using a preemptive priority (Preemptive Priority Scheduling) and round robin scheduling (Round-Robin Scheduling) mechanism, fully guarantee reliable real-time, so that the same hardware configuration to meet more real-time requirements, leaving more room for the development of applications. At the same time, the use of specially designed for packet forwarding system design and implementation, compared with general-purpose operating system, more streamlined content, stability, higher reliability.
Fine application security identification and control
NGTOS can accurately identify 12 categories, more than 400 kinds of common and popular in today's Internet network protocols, and identify these agreements, not like the traditional firewall dependent port numbers to distinguish simple application. Talent set up a professional protocol analysis team, closely tracking the dynamics of Internet application protocols, built-in time update device application protocol features library. In addition to the standard industry package single feature matching (the DPI), but also unique behavior recognition Talent (DFI), the relationship between the packet address, port number, length, number, and a plurality of sessions to identify various features are not obvious or protocol characteristics change frequently, such as some P2P applications and encryption protocols.
Content Security Policy perfect integration
because of the traditional firewall based access control mechanism quintuple unable to deal with complex network applications, therefore, NGTOS security policy integrates user identity, application identification and control, IPS, AV, URL filtering, spam mail filtering, traffic control, etc. a variety of security features in order to build a full three-dimensional security defense system. These security has achieved a single engine processing and interaction, such as intrusion prevention capabilities to detect threats can be automatically loaded into the firewall rules, we can block the advance at the network layer. Between them they have not only re-interactive relationship, but a whole.
High-performance platform
It is estimated that by 2015 than the current increase of 4 times the amount of data processing network, which put a higher demand on the performance of network devices. Talent NGTOS SmartAMP based on advanced parallel processing architecture, built-in processor dynamic load balancing patented technology, combined with unique SecDFA core acceleration algorithm to ensure that the case turned on the full features and all traffic in NGFW products, forwarding performance of the machine It not affected significantly. At the same time, Talent Through this collaboration with Intel, Intel data layer using the high-speed processing technology will quickly migrate to packet processing solutions on latest Intel architecture platforms to achieve optimal performance. Intel floor high-speed data processing is a set of database high-speed network data plane, one with Intel multi-core platform, obtain higher packet processing capabilities. Talent NGTOS by Intel data layer with high speed processing effective integration technology, so that a single series Talent NGFW security engine board network throughput performance up to 40Gbps, whereas in the multi-stage parallel Talent architectures deploying multiple security engine will NGFW flagship model of the machine throughput reached 320Gbps.