Enhanced 4G Firewall

4G-E0065 Firewall

Enhanced 4G Firewall 4G-E0065 5 x 10/100/1000M RJ45 ports, 1 x RJ45 Console port, 1 x SIM card slot, 1 x Micro SD card slot, 1 x USB 3.0 port. Two external detachable 4G antennas support simultaneous 4G/wired connections, dual-connection intelligent load balancing/redundancy backup. Suitable for chain stores and distributed office networks. Supports configuring security policies, audit policies, bandwidth policies, ALG policies, etc. Supports multiple security protection functions, defending against ARP spoofing, ARP attacks, DDoS attacks, network scanning, suspicious packet attacks, etc. Supports scalable integrated DPI deep security (intrusion prevention, antivirus, file filtering, malicious domain remote query, application behavior control). Supports rich policy objects (security zone, address, user, service, website, security profile, intrusion prevention, audit profile, etc.). Supports rich network functions, static routing, policy routing, intelligent load balancing, VPN (IPSec/PPTP/L2TP). VPN, DDNS, etc. Supports first-packet application identification, improving application identification performance.

Note: Antivirus (AV), Intrusion Prevention (IPS), Malicious Domain Identification, Application Identification (APP), and Website Identification (URL) require a license to use. See the "Specifications" section on the official product page for details on license compatibility.

The 4G-E0065 is an enhanced 4G firewall product that supports four signature databases: antivirus, intrusion prevention, malicious domain, and application identification. It integrates firewall policies, attack protection, DPI deep security, security auditing, bandwidth management, VPN, and other functions, effectively mitigating network risks and providing comprehensive protection while simplifying operation and maintenance. It ensures the continuous and stable operation of core enterprise applications and businesses, making it suitable for scenarios such as chain store operations and distributed enterprise offices.

Abundant Ports: Provides five 10/100/1000M RJ45 service ports, along with one management port and one RJ45 console port, one USB 3.0 storage port, one SIM card slot, and one Micro SD card slot, ensuring high-speed and stable data forwarding while facilitating system management and maintenance.

4G/Wired Dual Redundancy: Features two external detachable 4G antennas and one SIM card slot, supporting dual redundancy for both 4G and wired connections, offering greater flexibility and stability in network configuration.

Comprehensive Security Policies: Adopts the principle of minimum security, supporting security policies based on security zones, source IP addresses, destination IP addresses, source ports, destination ports, service groups, application groups, user groups, time periods, blacklists/whitelists, websites, antivirus, URL filtering, file filtering, application behavior control, email content filtering, intrusion prevention, and audit configuration files. Users can customize combinations and set access rules for comprehensive control over internal and external network communication security.

Comprehensive Attack Protection

Supports multiple internal/external network attack protection functions, effectively preventing various DoS attacks, scanning attacks, and suspicious packet attacks, such as: TCP Syn Flood, UDP Flood, ICMP Flood, IP scanning, port scanning, WinNuke attacks, fragmented packet attacks, WAN port ping, TCP Scan (Stealth FIN/Xmas/Null), IP spoofing, TearDrop, etc.

Supports ARP protection, such as ARP spoofing and ARP attacks, to avoid service interruptions and frequent network outages.

Supports IP and MAC address binding, allowing simultaneous binding of IP and MAC address information for hosts on both the LAN port (internal network) and WAN port (external network) to prevent ARP spoofing.

Supports MAC address filtering to block unauthorized host access.

Scalable and integrated DPI deep security:

Supports intrusion prevention, providing real-time access to the latest threat information and accurately detecting and defending against attacks targeting vulnerabilities;

Supports antivirus, quickly and accurately detecting and eliminating viruses and other malicious programs in network traffic, protecting against over 1 million viruses and Trojans;

Supports filtering file extension types, easily filtering various small files embedded in web pages to prevent viruses and Trojans from infiltrating enterprise networks and compromising Network Security;

Supports URL filtering and remote malicious domain lookup, effectively blocking phishing websites and intercepting Trojan attacks, hacker intrusions, and online fraud through a combination of local and cloud-based methods;

Supports application identification with accuracy down to the application behavior level. The combination of application identification with intrusion detection, antivirus, URL filtering, and file extension type filtering greatly improves detection performance and accuracy;

Provides a comprehensive and timely security signature database, keeping abreast of the latest developments in the network security field and ensuring timely and accurate updates to the signature database.

Refined Internet Behavior Identification and Control

Possesses a large-scale application identification feature database, enabling one-click control of over 500 common domestic desktop and mobile internet applications, including video, social networking, shopping, and financial applications;

Accurately identifies behaviors in popular applications such as WeChat, Weibo, and QQ, including text communication, voice and video calls, file transfers, and music playback, and provides refined control over these behaviors, selectively blocking or restricting them;

Built-in database of over a dozen domestic website categories, allowing one-click restriction of employee access to corresponding websites;

Supports disabling webpage submissions, restricting employee access to various web-based forums, Weibo, email, etc., and filtering email content to effectively prevent the leakage of sensitive corporate data;**

The application and website databases will be continuously updated and expanded.

Comprehensive Security Audit Strategy

Detailed and Comprehensive Logging: Supports system logs, operation logs, policy hit logs, traffic logs, audit logs, threat logs, content logs, URL logs, and email filtering logs, recording detailed information such as firewall-related traffic and operation history to help administrators understand network status and quickly locate network problems;

Graphical Traffic Statistics: Enables traffic statistics across three dimensions: interface, IP, and security policy, presenting security policy traffic data in real-time graphical form for easy overview; traffic analysis reports can be output in PDF format to help administrators analyze historical traffic distribution;

Internet Behavior Auditing: Supports HTTP behavior auditing, FTP behavior auditing, email auditing, and IM auditing. Audit logs provide insights into employee internet behavior during work hours, including web browsing and app usage, making inappropriate internet activity traceable;

TP-LINK Security Audit System: Can be used in conjunction with the TP-LINK Security Audit System for long-term, high-capacity log storage while outputting more detailed analytical reports.

Simplified Operation and Maintenance, Secure Management

A fully Chinese web interface with detailed and clear configuration guidance;

A graphical interface display, providing real-time monitoring of key resources such as CPU utilization, clear and intuitive;

Supports local/remote management, facilitating chain operations and remote assistance;

Supports password authentication/identity recognition, ensuring authorization security;

Supports multiple administrator roles for granular permission management;

Supports license management and signature database upgrades;

Supports primary/standby failover and online testing, ensuring high-reliability device operation;

Provides a dedicated console management port, allowing for device debugging via command line with the assistance of technical support personnel.

Flexible Bandwidth Management Policies

Offers flexible bandwidth management policies, controlling the bandwidth used by each IP in the network to ensure network experience for critical services and users. Management methods include: bidirectional bandwidth control, connection limit, and connection monitoring.

Rich Routing Features

Supports static routing, policy routing, intelligent load balancing, VPN (IPSec/PPTP/L2TP VPN), dynamic DNS (Peanut Shell, Comai, 3322), and other functions.

Selected Components, Enterprise-Grade Quality

Built-in industrial-grade high-quality power supply, adaptable to a wide voltage input range of 100V-240V, effectively resisting voltage fluctuations; Steel casing design provides better heat dissipation and shielding performance, stronger anti-interference capabilities, ensuring stable operation of the device in various environments.

Supports Multiple Deployment Modes

Layer 3 Router Gateway Mode: As a Layer 3 router gateway, it replaces the original router in the network. Data communication between the internal and external networks is handled by NAT translation through the firewall. In this mode, the firewall's data packet processing mechanism is more complete, and network security protection capabilities are stronger.

Layer 2 Transparent Bridge Mode: Supports setting some or all interfaces as bridges. These interfaces operate in a Layer 2 network. As long as data passes through the bridge interface, the network can be protected by the firewall. In this mode, firewall deployment does not require changes to the original topology, making it more convenient and faster.

Router + Bridge Mode: In actual network deployment, some firewall interfaces can be set as bridge interfaces and others as routing interfaces according to site requirements. The two methods can be flexibly combined to achieve more economical and efficient network protection.

Hardware Specifications

Ports

5 x 10/100/1000M RJ45 ports (including 1 x 10/100/1000M RJ45 management port)

1 x RJ45 Console port

1 x USB 3.0 port

1 x SIM card slot (4G full network compatibility)

1 x Micro SD card slot

Antennas

2 x External detachable 4G 4.8dBi antennas

Processor

Multi-core 64-bit network-dedicated processor

Memory

2GB DDRIV

Indicator Lights

Per port: Link/Act

Per device: PWR, SYS, USB, SD, LTE, CLOUD

Dimensions

250(w) x 158(D) x 44(H) mm

Input Power

100～240V, 50/60Hz 0.5A

Cooling Method

Thermal conductive silicone + natural cooling

Operating Environment

Operating Temperature: 0℃～40℃ Operating Humidity: 10%～90%RH, non-condensing

Storage Temperature: -40℃～70℃, Storage Humidity: 5%～90%RH, non-condensing

Software Functions

Policy Configuration

Security Zones, Addresses, Users, Services, Websites, Applications, Blacklists/Whitelists, Intrusion Prevention

Security Profiles (URL Filtering, File Filtering, Application Behavior Control, Email Content Filtering, Antivirus)

Audit Profiles (HTTP Behavior Auditing, FTP Behavior Auditing, Email Auditing, IM Auditing)

Attack Protection

Supports ARP protection, such as ARP spoofing and ARP attacks

Supports protection against various common attacks, such as DDoS attacks, network scanning, and suspicious packet attacks

Supports MAC address filtering to block unauthorized host access

Integrated DPI Deep Security

Supports Intrusion Prevention

Supports Antivirus

Supports Remote Malicious Domain Query

Supports Application Behavior Recognition

Supports Filtering File Extension Types

Network Functions

Static Routing, Policy Routing

Intelligent Load Balancing

VPN (IPSec/PPTP/L2TP VPN)

Dynamic DNS (Peanut Shell, Comai, 3322)

Application Control

Social Software: WeChat/QQ/Web QQ/Fetion/Aliwangwang/Tencent TM/YY/Enterprise QQ/Momo/Sina Weibo/Zhihu

Video Software: Tencent Video/PPStream/PPTV/Kuaibo/Funshion/Pipi/UUSee/CNTV/iQiyi/Douyu Live/Sohu Video/Youku Video

Music Software: Kugou Music/Kuwo Music/QQ Music/Baidu Music/NetEase Cloud Music

Shopping & Leisure Software: JD.com Mobile/Taobao

News & Information Software: ZAKER/Toutiao/NetEase News

P2P Software: Xunlei and... Thunderbolt Kankan/BitComet/eMule/QQ Xuanfeng/FlashGet

Financial Software: Tonghuashun/Dazhihui & Analyst/Qianlong/Compass/Securities Star/China Merchants Securities/Galaxy Securities/Guotai Junan Securities/Yimeng Trader/Eastmoney/Huatai Securities

Online Games: QQ Games/Thunderbolt Game Box/Lianzhong World/Haofang Platform/Fantasy Westward Journey/World of Warcraft/KartRider/QQ Farm

App Stores: PP Assistant/Wandoujia/App Store

Basic Applications: HTTP/HTTPS/MMS/RTSP

System Management Supports Chinese Web management and remote management.

Supports multiple management roles.

Supports configuration backup and import.

Supports system software upgrades.

Supports various logs, reports, diagnostic center, and panel status.

Supports license management.

Supports signature database upgrades.

Performance Parameters

Maximum Concurrent Connections

150,000

New Connection Rate (cps)

13,282

Application Layer Throughput (Mbps)

1,107

Application Identification Throughput (Mbps)

251

IPS Throughput (Mbps)

208

Total Threat Throughput (Application Identification + IPS + AV + Malicious Domains) (Mbps)

177

Parameter Description

The relevant parameters were obtained under a 128KB HTTP load capacity test.

License Authorization (TL-FW-LIS-ALL, all-in-one)

IPS Library

1,500+

AV Library

3 million+

Malicious Domains Library

10,000+

Application Library

6,400+

Website Library

1 million