WayOS WFW-3000 10G optical next generation firewall features flexible scalability, high security performance, simple configuration, and cloud access management, safeguarding the networking of schools, enterprises, businesses, hospitals, governments, and data centers. The powerful firewall can be deployed as bridge, routing, bypass router, and bridge + routing Hybrid. The next-generation firewall supports multiple user authentication methods, in-depth application identification. The gigabit firewall provides user and application-based control policies, and L2-L7 security protection, and at the same time. The powerful firewall supports PPTP, L2TP, IPsec, SSL VPN. It offers visualization of user, traffic, security, statistics and monitoring. It is a high-performance firewall that can comprehensively deal with application layer threats. statistics and monitoring. With deep insight into users, applications and content in network traffic, it can provide users with effective integrated security protection at the application layer, help users conduct business safely and simplify their network security architecture.

Features 

  • Visualized Device Status
    The Device Status page contains seven items: Device Version, Device Resources, Real-time network traffic, Real-time rate distribution of the top ten services, Today's top nine server security rankings, Summary of today's security logs, and Log of the last five events.

  • Real-time Monitoring
    This is to view the real-time working status of the device, including Device Resources, Physical Interfaces, Service, Users, Online users, Anti Internet Access Sharing, Current blacklist.

  • Firewall
    Firewall covers 6 parts: Security policy, NAT rules, DOS/DDOS protection, ARP spoofing protection, Application layer gateway, and Accelerated aging.

  • Content Security
    Content security includes three parts: Application Control Policy, Application Content Filtering, and Anti-virus Policy.
    Application Control Policy combines various traffic flows based on parameters such as source address, destination address, service type, and time period of the message, which can be blocked or let through.
    Application Content Filtering is used to set the Internet access policy for intranet users. The Internet access policy object can be referenced by multiple user groups or users at the same time, so as to control the Internet access behavior of intranet users.
    Application Content Filtering includes: URL Filtering, Keyword Filtering, File Transfer Filtering, Email Filtering and SSL Management. Each policy object can set these 5 parts at the same time.
    Anti-virus Policies target the four commonly used protocols, HTTP, FTP, POP3 and SMTP, to protect the security of data passing through the device. It is generally used to protect intranet users from virus invasion.

  • IPS
    IPS (Intrusion Prevention System) relies on the inspection of packets to detect potential threats to intranet systems. IPS will examine incoming packets, determine the true purpose of such packets, and then, based on the user's configuration, decide whether or not to allow such packets to enter the target area network.

  • Server Protection
    Web application protection, specially used to protect web servers in the intranet. It can effectively prevent cross-site request forgery, SQL injection, XSS attacks, session hijacking, directory traversal, and other various attacks against WEB applications.

  • User Authentication
    User authentication include: Authentication Policy, Organization Structure, Authentication Options, Authentication Server, Organization Management, and Temporary Account Settings.
    SMS Authentication is supported. The authentication server authentication includes Radius server, AD server and LDAP server.

  • Traffic Control
    Traffic Control includes: Line Bandwidth Configuration, Policy Flow Control, User Flow Control, Black List Policy, and White List Policy.
    Line Bandwidth Configuration: Used to limit the total bandwidth of the egress (WAN port) line, such as restricting the WAN1 port to 100Mbps and the WAN2 port to 300Mbps.
    Policy Flow Control: Combine various traffic flows according to parameters such as source address, destination address, service type, time period of the message, etc., and can provide the functions of maximum bandwidth limitation, guaranteed bandwidth, and reserved bandwidth for these flows.
    User-Based Flow Control: Bandwidth limitation, session control, categorized service limitation, and time slot management for individual hosts.
    List Policy: Add blacklists to users who overuse network resources (traffic, bandwidth, sessions) and punish them.
    Whitelist Policy: All traffic contained in the user whose source address is added to the whitelist is released, not controlled by any policy, and not audited.

  • System Objects
    System Objects include IP Groups, Network Services, Time Schedules, URL Libraries, Keywords, File Types, and so on.
    IP Groups are used to define an IP address group containing certain IP addresses, which can be any combination of an IP, a segment of an IP, or a range of IPs.
    Network Services are divided into: Custom Common Services, Custom Feature Recognition, And Built-In Services. Built-In Services include Common Services, HTTP Services, FTP Applications, Video Site Browsing, WEB Video, P2P Downloads, Streaming Media, Online Games, Instant Messaging, and other services.
    Time Schedules are used to define time periods, which can then be referenced in [Network Configuration->Policy Routing], [Firewall->Security Policies], [Content Security], [Traffic Control], etc. to control the time when these policies come into effect or expire, so that a variety of policies can be managed in time periods.
    The URL Library includes built-in and customized URL libraries, which can be used in [Firewall->Security Policies], [Content Security->Application Content Filtering], and [Content Security->Application Control Policies] to filter URLs.
    Keywords are used to set keywords and group keywords together. These keyword groups can be used in [Content Security->Application Content Filtering->Keyword Filtering] to restrict searching and uploading of certain keywords.
    File Types are used to define file types and group file types together. These file types can be used in [Content Security->Apply Content Filtering->File Loss Filtering] to restrict uploads and downloads of these types of files.

  • System Log
    System Log contains: Command Log, Event Log, PPTP Log, IPSec Log, Log Server, Alarm Configuration, and System Debugging Information.

  • HA Configuration
    HA Configuration includes three parts: Basic Information, Dual-Machine Hot Standby and Configuration Synchronization. It supports two modes: master/standby and master/master It is mainly used in scenarios such as dual-machine work on firewalls, or two devices working in parallel.
    Basic Information is used to set the address of the local machine and the address of the opposite end. The Local Address can only be selected from the interface with HA tagged in the configuration. And this interface can only communicate with other firewall device interfaces for load balancing, for sending and receiving heartbeat packet information, interacting with configuration information and so on.
    Dual-Machine Hot Standby is used to set the parameters of HA master/standby election, link monitoring and interface monitoring to realize the functions of load balancing and backup.
    Configuration Synchronization is used to synchronize all the configurations on the master device except heartbeat port, service port and management port to the backup machine, so as not to affect other services after the master/backup switchover.

  • Report Center
    The Report Center includes two parts: Log Audit Policy and Built-In Report Center. The built-in report center provided by the device can realize the recording and querying functions of real-time monitoring, statistical analysis and behavioral analysis without installing an external report center. In the built-in report center, real-time monitoring, statistical analysis, application content filtering and other records of traffic are enabled by default. 

Specifications:

Model WFW-3000
Product Description 10G Optical Firewall L2-L7 security protection Cloud Management
Hardware
DDR DDR3 4GB (1600)
SSD 8GB
RJ45 Port 6*1000Mbps
Com Port 1
Optical Port 2*10G SFP+
USB Port 2*2.0 USB
Casing 2U+Aluminum Panel
Maximum concurrent connections 4M(100W)
New Session Rate 20000
Maximum WAN to LAN throughput 5G
Antivirus 820.0M
IPS 950.3M
WAF 160M
Antivirus +IPS+WAF 145M
Maximum Number of Users 2000
Applicable Network Layer Throughput 1G
Software
Deployment Modes Bridge Mode,
Route Mode,
Bypass Mode,
Hybrid Mode
Network Management Methods and Policy WEB Management,
SSH Management,
Console Management,
Network Management Policy
Network Function Network Features Static Routing,
Policy Routing,
Link Load Balancing,
Carrier Route Selection,
Persistent Routing,
Link Backup,
PPPOE Dialing,
DHCP Server,
DHCP Relay,
DHCP Client,
DNS Proxy,
DNS Cache,
Dynamic DNS Features,
VLANs
Safety Protection Basic firewall, NAT conversion
VPN PPTP VPN,
IPSec VPN,
L2TP VPN
IPS Anti-dns vulnerability attack,
Mail vulnerability attack,
Worm vulnerability attack,
TFTP vulnerability attack,
SNMP vulnerability attack,
FTP vulnerability attack,
Shellcode vulnerability attack,
RPC vulnerability attack,
Database vulnerability attack,
Web vulnerability attack,
System vulnerability attack,
Malware vulnerability attack,
Trojan vulnerability attack,
Telnet vulnerability attack,
Botnet vulnerability attack,
Web browse vulnerability attack,
Web ActiveX vulnerability attack,
Application Protocol Recognition Common protocols,
Custom Protocols,
Protocol Stripping
Flow Control Supports flow control based on terminal type, line, application, URL, file type, IP, user group, time period individual user, etc.
Real-time Traffic Monitoring Top 50 service traffic monitoring,
Service group traffic monitoring,
active service statistics,
all service statistics, etc.
Authentication Support SMS authentication,
RADIUS server, 
AD server, 
LDAP server,
WEB authentication
Internet Behavior Management Web Filtering,
Email Filtering,
Access Policy,
Policy Management,
Blacklist Management,
Internet Audit Management,
Whitelist Management
Reporting Center Support built-in report center, external report center
Statistical Analysis Device Resources,
Physical Interfaces,
User Stats,
User Group Stats,
Service Stats,
Service Type Stats,
Web Site Stats,
Web Site Type Stats,
Line Stats,
Web Site Visits Ranking, 
Web Page File Downloads Ranking
Self-security Protection High reliability (HA), 
Anti-DOS attack,
Anti-ARP spoofing session accelerated aging
Personal Behavior Statistics Support personal behavior statistics,
Personal web page records,
Personal instant messaging records,
Personal e-mail records,
Personal account login records,
Personal outgoing files records,
Export personal behavior records.
Other Parameters
Network Management Port Default: ETH0
Web Login Default: https:// 10.254.254.254:9090
Administrator Account admin
Administrator Password admin*PWD
Input Voltage Range AC100V-240V, 50/60Hz
Output Voltage 12V 2A
Power Consumption 24W
Operating Humidity 10% to 95% RH non-condensing
Operating Temperature  0℃~40℃
Storage Humidity 5% to 95% RH non-condensing
Storage Temperature -40℃~70℃