Software Specification

User-based policy control Anti-Virus Anti-Virus Engine (File-based or Stream-based)

SECUI user authentication (captive portal) and SSO support
SaaS application control
NGFW Application/device-based policy control
AD setup wizard for linking with AD SSO
OT protocol recognition and access control
QoS per application and user ID
Resource allocation per virtual system
Virtual
Configuration of intuitive virtual network with topology maps
System
Independent operating environment for each administrator
Provision of APT threat analysis function linked with sandbox
Response equipment
to APT
Supports sharing system for detected threat information
HTTPS, SMTPS, POP3S, IMAPS, FTPS
SSL APP Control, IPS, DLP, Web Filter functions, and external
Inspection equipment linked with decrypted traffic
Hardware Acceleration
Active-Active HA with L2/L3/L4
Security policy group settings
Domain Policy (URL Object)
Activation schedule by security policy
Legacy Inspection of redundant and unused (unreferenced) policies
Firewall VXLAN Packet Control Policy
Policy-based NAT & Interface-based NAT
Detection of machine learning-based DNS threats
Linking with policy setting screen and log inquiry/analysis functions
Policy timeline management and rollback
Signature Templates based on Profiles
Multi-pattern detection function (parallel detection)
IPS PCRE (regular expression)
Linking with vulnerability inspection tool, optimizing signature
Customized signature verification function
Application layer defense
Anti
Smart pattern learning defense
DDoS
Behavior-based web attack defense, DRDoS (N:1) defense
IKE(v1/v2), PKI(x509)
Group VPN 기능
GRE/IPIP, L2TP, PPTP Tunneling
IPSec VPN Equipped with Post Quantum Cryptography (PQC) Algorithm
3DES, AES, SEED, ARIA, LEA, CAST, Blowfish, MD5,
SHA-1, SHA-256, SHA-512, HAS160 etc.
SECUI line fault detection function
Full Tunnel mode
FIDO biometric authentication
SSL VPN
Multi-Factor Authentication Support (3rd Authentication)
PASS app-based convenient authentication
& Realtime Blackhole List(RBL)
Anti-SPAM Limiting the number of recipients and bulk mail sending
URL Filtering (Settings by Category)
Setting and editing warning pages
URL expansion inspection (URL query inspection)
Web Filter IP address domain blocking
Global Categorized URL (Local/Cloud DB)
HTTP header control
Block Anonymizer Server List
HTTP/HTTPS, FTP/FTPS, SMTP/ SMTPS, POP3/POP3S, IMAP/IMAPS
More than 39 universal file formats
Control of information leakage through webmail
DLP Compressed files (ZIP, TAR, GZIP, ALZIP, BZIP, RAR, 7ZIP)
Registration/inspection and blocking of resident registration
number, card number
Filter and save (archive)
SSL VPN Client (Windows, Linux, Android, iOS)
Provision of terminal security status information through
Device compliance check
control Anomaly detection, isolation, and deletion
Collection of terminal security information (update, security settings)
Collection of abnormal traffic, files, and URLs
LACP, VLAN, dynamic asset control
QoS (by IP, application, interface)
IPv6 transition (configurable tunneling, 6to4) &
Translation (NAT64, DNS64), NAT46
Network
Routing Protocol(IPv4-OSPF/RIP/
BGP, IPv6-OSPFv3/RIPng/BGP4+)
DHCP, DHCPv6, and RA servers
DNS, DDNS, Split DNS
SNMP (v1, 2, 3), Syslog transmission
Report (Policy Details, Report Browser)
Monitoring DB-based log management (compression supported)
Traffic/session monitoring by application and user
Warning alarm threshold setting
Firmware Upgrade and Downgrade (Rollback)
Administrator access such as LDAP/RADIUS/TACACS+/OTP
Setup Wizard, Setting Multi R/W(Read/Write)
Management
Administrator rights profile
Functions
CLI execution and Packet Capture on GUI
Linking with Open API, other external solution
Supporting security compliance self-inspection
Application-based traffic route setting
ZTP(Zero Touch Provisioning)
SD-WAN
Line quality-based traffic route setting based on
(Scheduled for the second half of 2024)

Hardware Specification
BLUEMAX NGF 50 100 200 310 510 800 ED 1100 1300 1510 2100 5100 20000
CPU 2 Core 2 Core 4 Core 4 Core 8 Core 8 Core 4 Core 4 Core 10 Core 20 Core 32 Core 48 Core
Memory 4GB 4GB 4GB 8GB 8GB 8GB 8GB 8GB 16GB 32/64GB 64/128GB 96/288GB

System 16GB 16GB 32GB 64GB 128GB 128GB 128GB 256GB 256GB 128/256GB 128/512GB 128/512GB
Storage 1.92TB/ 1.92TB/ 1.92TB/
Log - - - 1TB 1TB 1TB 1TB 1TB 1TB
RAID RAID RAID
100GF - - - - - - - - - - (max2) (max4)
40GF - - - - - - - - - (max4) (max8) (max8)
Interface 10GF - - - - - - - (max4) (max4) 2(max10) 10(max26) 10(max26)
1GF - - - - 4 4 4(max8) 4(max8) 4(max8) 8(max40) 8(max40) 8(max40)
1GC 4 4+4 4+8 8 8 8 8 8 8 8(max40) 8(max40) 8(max40)
Power Supply Adapter Adapter Adapter Single Single Single Single Redundant Redundant Redundant Redundant Redundant

Throughput 1Gbps 2Gbps 4Gbps 8Gbps 12Gbps 14Gbps 16Gbps 18Gbps 40Gbps 80Gbps 160Gbps 320Gbps
 Virtual Cloud Generation Firewall

CERTIFICATION

Call +82-80-331-6600
3-6F, 51 Jong-ro, Jongno-gu, Seoul (Jong-ro 2-ga, Jongno Tower)
www.secui.com
Copyright® SECUI All Rights Reserved. Names and product names published in this catalog are registered trademarks of SECUI. Specifications may change without notice for improvements.
Security Intelligence Platform for All My Threat Management

Virtual Cloud Generation Firewall

 국내 최초 가상화, 클라우드 차세대 방화벽
Virtual Cloud Generation Firewall

BLUEMAX NGF is Korea’s first next-generation firewall for virtual cloud network security and
provides an integrated security platform that detects and blocks all threats in the wired and
wireless IT infrastructure environment.
It can operate multiple firewalls with a single product through the virtualization function and
provides all next-generation firewall functions, ranging from stable high-performance and
high-availability HW architecture, application recognition, device recognition, support for
SD-WAN environment, and security functions to respond to the latest threats of DNS/VPN.

SECURITY INTELLIGENCE PLATFORM

for All My Threat Management

●
Integrated security in public and ●
Real-time device compliance
private cloud environments
Virtual Cloud Malware check, abnormal behavior and
●
Makes on-premise complex
security configuration efficient Security NETWORK Protection infection detection for preemptive
threat detection and blocking
with Virtual System SECURITY
●
Ensures traffic visibility
with app control
●
Prevents unauthorized access
through user authentication

●
Automates security policy
●
STIC: Smart Update, global settings by comprehensively
threat information service Threat Security analyzing information on
●
CSOC: AI-based threat analysis, Intelligence Automation collected threats, security logs,
remote control service and vulnerability diagnosis results
 Response to new security threats

Simultaneous response to optimized networking and security threats with

Secure SD-WAN | next-generation firewall-based Secure SD-WAN

XDSL MPLS Settings Ability to respond Operating

Speed
to threats costs
management

Google Naver

Branch Branch
Office Office

Mail ERP

HQ/Data Center

Branch Policy settings Policy settings Branch

Office Office
Central controller

Zero Trust Network | Applies Zero Trust Network policy based on device security status, user ID, and app information

User ID User ID Authentication and LInking

PC Installation
Security of Essential
Settings SW

Device Security Status

SW
Security
Vulnerability
Internet Cloud Work
Updates DMZ System
Inspection
APP Application Analysis and Control

Inspection of Device and User Environment Zero Trust Network Access Control

DNS Security | Equipped with machine learning technology in firewalls to respond to unknown security threats

Machine Learning Pattern Analysis

DNS Packet Inspection DNS 패킷 검사
Malicious DNS Domain Packet Inspection

C&C DNS Server

Malicious DNS Query Requests

ML-based DNS
Technology
Internal Malware-Infected PC Normal DNS Server

SaaS Security | Web category-based application control and SaaS HTTP header control

SaaS Application HTTP Header Control

Enterprise Account
GET / HTTP/1.1
Host: login.microsoft.com
Access
Connection: keep-alive
Allow User-Agent: Mozilla/5.0 (Windows NT 10.0)
Restrict-Access-To-Tenants: secui.com

GET / HTTP/1.1
Host: login.microsoft.com
Access Connection: keep-alive
Personal Account
SaaS
Deny User-Agent: Mozilla/5.0 (Windows NT 10.0)
Restrict-Access-To-Tenants: gmail.com
 Main Function
App Control
Function to actively respond to attacks that are
difficult to handle using existing UTM by
pre-defining and analyzing applications to
prevent increased vulnerabilities and distribution
of malware by domestic and foreign applications
Enhanced VPN Security
Equipped with the PQC algorithm, which is an
internationally recognized next-generation
encryption technology that can respond to
attacks using quantum computers
Web Filter
Uses a global database classified into more
than 82 categories and requests a cloud
server to analyze unknown URL information
for updates to quickly block malicious URL
information.
SSL Inspection
Automatically detects SSL sessions, decrypts
SSL packets, and applies them to various
next-generation network security functions.
Improves performance compared to existing
products by applying a hardware accelerator
User ID
By recognizing user ID rather than IP,
the same security policy is applied no matter
when and where the network is accessed,
ensuring user mobility and enabling the user
to view statistical data.
Domain Object
Uses domain names instead of IPs as firewall objects,
collects up to 2,048 IPs per domain in real time and/or
periodically considering the cloud environment (portals,
web hard drives).
File Type Control
When using the application, controls files by type
(document, compressed file, image, multimedia, etc.)
and direction to prevent unauthorized file transfers,
internal information leaks, and external threats.
Open API
Operates seamlessly with integrated security
management systems, vulnerability diagnosis
systems, and security policy analysis systems of
domestic and international vendors to implement
Security Orchestration & Automation.