Home Home Services Products Company


TRY NOW Call: +852.2586.1100 Next Generation Firewall (NGFW) Functions Advantages Technologies Functions
Integrated layer 2 to layer 7 Security Protection
Enhanced Web Anti-attack
By combining the static validating and filtering rule with the dynamic intelligence against attack processes of hackers, SANGFOR NGFW’s comprehensive approach performs excellently in defending the top 10 mainstream security threats released by OWASP as well as other common web attacks. The WEB system entirely protects against SQL injection, XSS cross-site scripting, cross-site request forgery, malware, Trojans and other security issues.
Application Based Deep Intrusion Prevention System
Leveraging SANGFOR’s unique Six-Threat-Detection-Mechanisms (Signature based attack detection, Special attack detection, Correlation analysis, Abnormal traffic detection, Abnormal protocol detection, and Deep content analysis), NGFW enables the IT organization to consolidate its system security, and to identify attacks and high-risk security breaches, such as: buffer overflow attacks, vulnerability attacks, abnormal protocols, worms, Trojans, back door programs, DOS/DDOS attacks, scanning, spywares and other kinds of threats.
Comprehensive Anti-virus Detection
SANGFOR NGFW enables IT organization to detect viruses that originated from the well-known protocol (HTTP / FTP / SMTP / POP3) and deeply hidden into the compressed files (ZIP / RAR / GZIP), to ensure timely and precise response against viruses. By leveraging highly effective stream scanning technology, SANGFOR NGFW delivers great performance in application layer, which significantly distinguishes it from traditional methods that easily become the bottleneck of the whole network.
DOS/DDOS Attack Protection
Abnormal dataflow and DOS/DDOS attacks are detected and filtered by SANGFOR NGFW. Security and stability of the server are ensured. SANGFOR NGFW provides protection against DOS/DDOS attacks from layer 2 to layer 7, and ensures all the DOS attacks based on data packages, IPs, TCP and HTTP protocols being blocked.
Database updated by dedicated R&D team.
SANGFOR NGFW’s comprehensive signature database of 3,000+ vulnerabilities, 300,000 virus/Trojan/malware, and 2,000+ WEB application threats provides IT organization with great ability to defend threats in various layers. Partnered of MAPP (Microsoft Active Protections Program), SANGFOR’s vulnerability signature database is certified with compatibility certificate from CVE (Common Vulnerabilities and Exposures). SANGFOR provides best-in-quality of products and services
Intelligent Security Defense System
Complete Firewall Capabilities
Customers can migrate from their traditional firewalls to SANGFOR NGFW without compromise of any current networking functioning, such as ACL, NAT, router, VLAN. These functions are fully supported by NGFW. Smooth deployment and easy management from day one.
Integrated IPsec VPN Function
Leveraging SANGFOR’s integrated IPsec VPN function, more effective and secured wide area network can be built up with higher ROI.
Flexible Deployment Modes
SANGFOR NGFW supports several deployment modes such as gateway, bridge, bypass, virtual-wire and hybrid as well as multiple link aggregation and asymmetric routing function, which ensures a good adaptability to complex-networking environments.
DOS/DDOS Attack Protection
Abnormal dataflow and DOS/DDOS attacks are detected and filtered by SANGFOR NGFW. Security and stability of the server are ensured. SANGFOR NGFW provides protection against DOS/DDOS attacks from layer 2 to layer 7, and ensures all the DOS attacks based on data packages, IPs, TCP and HTTP protocols being blocked.
Cross-modules Intelligent Defense Strategy
Advanced Cross-modules Security Defense strategy can be generated automatically by active defense technology. For example, the FW can generate a new firewall rule to block a certain IP if dangerous dataflow or attacks are identified from this IP by other modules. It performances well against automatic attacks or tools and ensures system security with easy maintenance and management.
Bidirectional Contents Inspection
Webpage Protection against Tampering
Anti webpage tampering is a sub-function of NGFW, applying afterwards compensatory approach to protect the security of the website. That means even though the hacker had circumvented the security defense system and tampered the webpage, the modified webpage cannot be delivered to end users. By this method, the damage and economy loss can be reduced to the least. Meanwhile, the administrator will be informed at runtime by NGFW alarm service, allows the administrator to resolve the issue in time. Furthermore, NGFW provides redirection function that redirects end users to the backup server to ensure normal operation of the business.

Compared with the traditional approach of installing anti webpage tampering software, SANGFOR NGFW’s solution is more user-friendly and easy to maintain, no plugins required and no performance impact to the server.
User Defined Sensitive Info Leak Protection
SANGFOR NGFW can protect sensitive information defined by the user against leaks. The sensitive information can be identified, blocked and alarmed in different ways (SMS, E-MAIL … ) by SANGFOR NGFW, ensuring an entire security for data like user information / email accounts / MD5 encryption key / bank card / ID number / social security account /credit card / mobile phone number.
Application Protocol and Content Concealing
Auto response information from WEB, FTP, MAIL or other servers, which may turn out to be a guideline for hackers to process the attack, can be concealed by NGFW. For example, HTTP error page concealing, FTP information hiding.
Enhanced User Login Authentication Protection
NGFW is flexible and allows various levels of security priority on user-defined services or webpages. When accessing services or webpages of higher priorities, strict authentication rules are enforced, such as SMS token or other two-factor authentications. That means hackers cannot access the sensitive and important data or webpages even if they have your username and password.
Application Layer High Performance
Multi-core Parallel Processing
SANGFOR’s advanced multi-core parallel processing hardware architecture enables high performance computing in application layer, outperforms traditional NP or ASIC architecture. Furthermore, the Lock-free Parallel Processing technology is implemented to the computing process, produces real multi-core parallel processing, and significantly enhances system throughput.
Single-pass Analysis Algorithm
Unlike UTM, NGFW significantly enhances the performance in application layer processing with the advanced Single-pass Analysis Algorithm. Various threats are detected in single parsing without unpacking and packing the message repetitively as in UTM.
Hopping Scan Technology
Leveraging the application authentication technology that has been accumulated for years, all packages passing through the NGFW will be tagged with SANGFOR proprietary protocol during its core computing process. With the proprietary protocol, threats can be identified more efficiently and precisely during the content detecting process. For example, the FTP server-u related vulnerability that exists in the HTTP dataflow cannot generate threats to servers.
This is a guideline to optimize the algorithm and enhance the efficiency.