|
Throughput
|
Up to 5 Gbit/s
|
Up to 8 Gbit/s
|
|
Mitigation Rate
|
Up to 3 Mpps
|
Up to 7 Mpps
|
|
Latency
|
80 μs
|
80 μs
|
|
Standard Interfaces
|
8 x GE (RJ45) + 4 x GE (SFP)
|
16 x GE (RJ45) x 8 × GE (SFP) + 4 x 10 GE (SFP)
|
|
Expansion Slots
|
2 x WSIC
|
5 x WSIC
|
|
Expansion Interfaces
|
8 x GE (RJ45); 8 x GE (RJ45) + 2 x 10 GE (SFP+); 8 x GE (SFP); 4 x GE (RJ45) Bypass card
|
|
Deployment Modes
|
In-line; Out-of-path (static defense); Out-of-patch (dynamic defense)
|
|
Function
|
Options for detecting or cleaning
|
|
Defense against protocol abuse attacks
Defense against Land, Fraggle, Smurf, WinNuke, Ping of Death, Teardrop, and TCP error flag attacks
|
Web application protection
Defense against HTTP GET flood, HTTP POST flood, HTTP slow header, HTTP slow post, HTTPS flood, SSL DoS/DDoS, WordPress reflection amplification, RUDY, and LOIC attacks; packet validity check
|
|
Defense against scanning and sniffing attacks
Defense against address and port scanning attacks, and attacks using Tracert packets and IP options, such as IP source route, timestamp, and record route
|
DNS application protection
Defense against DNS query flood, DNS reply flood, and DNS cache poisoning attacks; source limit
|
|
Defense against network-type attacks
Defense against SYN flood, SYN-ACK flood, ACK flood, FIN flood, RST flood, TCP fragment flood, UDP flood, UDP fragment flood, IP flood, ICMP flood, TCP connection flood, sockstress, TCP retransmission, and TCP empty connection attacks
|
SIP application protection
Defense against SIP flood/SIP methods flood attacks, including Register, Deregistration, Authentication, and Call flood attacks; source limit
|
|
Defense against UDP-based reflection amplification attacks
Defense against NTP, DNS, SSDP, Chargen, TFTP, SNMP, NetBIOS, QOTD, Quake Network Protocol, Portmapper, Microsoft SQL Resolution Service, RIPv1, and Steam
Protocol reflection amplification attacks
|
Filter
IP, TCP, UDP, ICMP, DNS, SIP, and HTTP packet filters
|
|
Location-based filtering
Traffic block or limit based on the source IP address location
|
|
Attack signature database
RUDY, slowhttptest, slowloris, LOIC, AnonCannon, RefRef, ApacheKill, and ApacheBench attack signature databases; automatic weekly update of these signature databases
|
IP reputation
Tracking of most active 5 million zombies and automatic daily update of the IP reputation database to rapidly block attacks; local access IP reputation learning to create dynamic IP reputation based on local service sessions, rapidly forward service access traffic, and enhance user experiences
|
