Virtual Cloud Generation Firewall

2100

BLUEMAX NGF is Korea’s first next-generation firewall for virtual cloud network security and
provides an integrated security platform that detects and blocks all threats in the wired and wireless
IT infrastructure environment. It can operate multiple firewalls with a single product through the
virtualization function and provides all next-generation firewall functions, ranging from stable high-
performance and high-availability HW architecture, application recognition, device recognition, support
for SD-WAN environment, and security functions to respond to the latest threats of DNS/VPN.

SECURITY INTELLIGENCE PLATFORM

for All My Threat Management

●
Integrated security in public and ●
Real-time device compliance
private cloud environments Virtual Cloud Malware check, abnormal behavior and
●
Makes on-premise complex infection detection for preemptive
security configuration efficient
Security NETWORK Protection
threat detection and blocking
with Virtual System SECURITY
●
Ensures traffic visibility
with app control
●
Prevents unauthorized access
through user authentication

●
Automates security policy
●
STIC: Smart Update, global
settings by comprehensively
threat information service
Threat Security analyzing information on
●
CSOC: AI-based threat analysis,
Intelligence Automation collected threats, security logs,
remote control service
and vulnerability diagnosis results

02 BLUEMAX NGF Main Function

App Control User ID

Function to actively respond to attacks that are
difficult to handle using existing UTM by pre-defining
and analyzing applications to prevent increased
vulnerabilities and distribution of malware by domestic
and foreign applications
By recognizing user ID rather than IP, the same security
policy is applied no matter when and where the network
is accessed, ensuring user mobility and enabling the
user to view statistical data.

Enhanced VPN Security Domain Object

Equipped with the PQC algorithm, which is an Uses domain names instead of IPs as firewall objects,
internationally recognized next-generation collects up to 2,048 IPs per domain in real time and/or
encryption technology that can respond to attacks periodically considering the cloud environment (portals,
using quantum computers web hard drives).

Web Filter File Type Control

Uses a global database classified into more than 82 When using the application, controls files by type
categories and requests a cloud server to analyze (document, compressed file, image, multimedia, etc.)
unknown URL information for updates to quickly and direction to prevent unauthorized file transfers,
block malicious URL information. internal information leaks, and external threats.

SSL Inspection Open API

Automatically detects SSL sessions, decrypts
SSL packets, and applies them to various next-
generation network security functions. Improves
performance compared to existing products by
applying a hardware accelerator
Operates seamlessly with integrated security
management systems, vulnerability diagnosis systems,
and security policy analysis systems of domestic and
international vendors to implement Security Orchestration
& Automation.
03 Software Specification

User-based policy control Anti-Virus Anti-Virus Engine (File-based or Stream-based)

SECUI user authentication (captive portal) and SSO support & Realtime Blackhole List(RBL)
SaaS application control Anti-SPAM Limiting the number of recipients and bulk mail sending
NGFW Application/device-based policy control URL Filtering (Settings by Category)
AD setup wizard for linking with AD SSO Setting and editing warning pages
OT protocol recognition and access control URL expansion inspection (URL query inspection)
QoS per application and user ID Web Filter IP address domain blocking
Resource allocation per virtual system Global Categorized URL (Local/Cloud DB)
Virtual HTTP header control
Configuration of intuitive virtual network with topology maps
System
Independent operating environment for each administrator Block Anonymizer Server List
Provision of APT threat analysis function linked with sandbox HTTP/HTTPS, FTP/FTPS, SMTP/ SMTPS, POP3/POP3S, IMAP/IMAPS
Response equipment More than 39 universal file formats
to APT
Supports sharing system for detected threat information Control of information leakage through webmail
HTTPS, SMTPS, POP3S, IMAPS, FTPS DLP Compressed files (ZIP, TAR, GZIP, ALZIP, BZIP, RAR, 7ZIP)
SSL APP Control, IPS, DLP, Web Filter functions, and external Registration/inspection and blocking of resident registration
Inspection equipment linked with decrypted traffic number, card number
Hardware Acceleration Filter and save (archive)
Active-Active HA with L2/L3/L4 SSL VPN Client (Windows, Linux, Android, iOS)
Security policy group settings Provision of terminal security status information through
Domain Policy (URL Object) Device compliance check
Activation schedule by security policy control Anomaly detection, isolation, and deletion
Collection of terminal security information (update, security settings)
Legacy Inspection of redundant and unused (unreferenced) policies
Firewall VXLAN Packet Control Policy Collection of abnormal traffic, files, and URLs
LACP, VLAN, dynamic asset control
Policy-based NAT & Interface-based NAT
QoS (by IP, application, interface)
Detection of machine learning-based DNS threats
IPv6 transition (configurable tunneling, 6to4) &
Linking with policy setting screen and log inquiry/analysis functions
Translation (NAT64, DNS64), NAT46
Policy timeline management and rollback Network
Routing Protocol(IPv4-OSPF/RIP/
Signature Templates based on Profiles BGP, IPv6-OSPFv3/RIPng/BGP4+)
Multi-pattern detection function (parallel detection) DHCP, DHCPv6, and RA servers
IPS PCRE (regular expression) DNS, DDNS, Split DNS
Linking with vulnerability inspection tool, optimizing signature SNMP (v1, 2, 3), Syslog transmission
Customized signature verification function Report (Policy Details, Report Browser)
Application layer defense Monitoring DB-based log management (compression supported)
Anti
Smart pattern learning defense Traffic/session monitoring by application and user
DDoS
Behavior-based web attack defense, DRDoS (N:1) defense Warning alarm threshold setting
IKE(v1/v2), PKI(x509) Firmware Upgrade and Downgrade (Rollback)
Group VPN 기능 Administrator access such as LDAP/RADIUS/TACACS+/OTP
GRE/IPIP, L2TP, PPTP Tunneling Setup Wizard, Setting Multi R/W(Read/Write)
IPSec VPN Equipped with Post Quantum Cryptography (PQC) Algorithm Management
Administrator rights profile
Functions
3DES, AES, SEED, ARIA, LEA, CAST, Blowfish, MD5, CLI execution and Packet Capture on GUI
SHA-1, SHA-256, SHA-512, HAS160 etc. Linking with Open API, other external solution
SECUI line fault detection function Supporting security compliance self-inspection
Full Tunnel mode Application-based traffic route setting
FIDO biometric authentication ZTP(Zero Touch Provisioning)
SSL VPN SD-WAN
Multi-Factor Authentication Support (3rd Authentication) Line quality-based traffic route setting based on
PASS app-based convenient authentication (Scheduled for the second half of 2024)

04 Hardware Specification

CPU 20 Core
Memory 32/64GB
System 128/256GB
Storage
Log 1.92TB/RAID 2100
100GF -
40GF (max4)
Interface 10GF 2(max10)
1GF 8(max40)
1GC 8(max40)
Power Supply Redundant
Throughput 80Gbps

3-6F, 51 Jong-ro, Jongno-gu, Seoul (Jong-ro 2-ga, Jongno Tower)

www.secui.com Call +82-080-331-6600
Copyright® SECUI All Rights Reserved. Names and product names published in this catalog are registered trademarks of SECUI. Specifications
may change without notice for improvements.