NGFW○R series products are based on NGTOS system architecture crystallized from Tianrongxin Company 10 years' experience in developing high-quality safety products, and adopt many breakthrough technologies. Based on the idea of hierarchical design, Tianrongxin Company has analyzed the differences of various security hardware platform technologies through long-term experience in security product research and development, and creatively proposed to introduce a hardware abstraction layer between hardware and operating system kernel layer. NGTOS is based on hardware abstraction technology, which can adapt to various hardware platforms and make full use of the advantages of various computing technologies. Through the perfect system structure design, compared with other systems commonly used in the industry, NGTOS has the following characteristics:
Efficient and reliable basic system
In the multi-task mechanism provided by NGTOS efficient forwarding system, priority scheduling and round robin scheduling are used to control tasks, which fully ensures reliable real-time performance, makes the same hardware configuration meet stronger real-time requirements, and leaves more room for application development. At the same time, compared with the general operating system, the system specially designed for message forwarding is more concise, stable and reliable.
Fine Identification and Control of Application Security
NGTOS can accurately identify 12, which is more than 400 common and popular network protocols in today's Internet, and the identification of these protocols is not as simple as distinguishing applications by port numbers in traditional firewalls. Tianrongxin has set up a professional protocol analysis team to closely track the changes of Internet application protocols and update the built-in application protocol feature library in time. In addition to the general single packet feature matching method (DPI) in the industry, Tianrongxin also pioneered the behavior identification method (DFI), which can identify many protocols whose features are not obvious or often change, such as some P2P applications and encryption protocols, through the address, port, length and number of messages and the correlation between multiple sessions.
Perfect integration of content security policy
Because the traditional access control mechanism of firewall based on quintuple can't cope with all kinds of complex network applications, the security policy in NGTOS integrates many security features such as user identity, application identification and control, IPS, AV, URL filtering, spam filtering, traffic control and so on, thus constructing an all-round and three-dimensional security defense system. However, these security systems have achieved single engine processing and linkage. For example, threats detected by intrusion prevention functions can be automatically loaded into firewall rules, which can be prevented in advance at the network layer. They are no longer just interacting, but a whole.
High performance platform
It is predicted that by 20 15, the amount of data processed through the network will increase by four times compared with the current one, which puts forward higher requirements for the performance of network equipment. Tianrongxin NGTOS is based on the advanced SmartAMP parallel processing architecture, built-in patented processor dynamic load balancing technology, and combined with the original SecDFA core acceleration algorithm to ensure that the forwarding performance of NGFW○R products will not be significantly affected when all functions and all traffic are turned on. At the same time, through this cooperation with Intel, Tianrongxin uses Intel data layer high-speed processing technology to quickly migrate the packet processing solution to the latest Intel architecture platform to obtain the best performance. Intel data layer high-speed processing technology is a set of data plane library for high-speed network, which can be combined with Intel multi-core platform to obtain higher data packet processing ability. Through the effective integration of Tianrongxin NGTOS and Intel data layer high-speed processing technology, the throughput of a single security engine board of Tianrongxin NGFW○R series products can reach 40Gbps, and the flagship model of NGFW○R deploys multiple security engines under Tianrongxin parallel multi-level hardware architecture, with a throughput of 320Gbps.