Industrial NGFW(Industrial Next Generation Firewall)
Sunyainfo iNGFW is a professional security protection product developed for industrial Internet, covering network access control, application content security, in-depth analysis of industrial protocol data, industrial protocol command control and other functions. Sunyainfo iNGFW is based on the self-developed SunyaOS secure operating system, which can not only parse layer 2 and layer 3 network protocols, but also further parse them to the application layer, deeply analyze industrial control protocols such as Modbus, IEC104, MMS, S7, DNP3, ENIP, OPC, etc., and achieve protection for production processes and key industrial control equipment. In terms of hardware, a high-performance and high reliability dedicated hardware platform is adopted to ensure the continuous, safe, and stable operation of industrial systems, providing users with efficient and reliable security protection.
In depth analysis of industrial protocols
Sunyainfo iNGFW supports the recognition of various industrial protocols such as Modbus, IEC104, MMS, S7, DNP3, ENIP, OPC, etc., achieving deep parsing of industrial protocols and supporting flexible and precise deep detection and filtering of industrial protocols.
Multi mode deployment in industrial scenarios
Support three strategic working modes: intelligent learning mode, verification mode, and protection mode. Through intelligent learning of network business process capabilities, firewalls can automatically generate protection policies, and gradually enabling three modes can achieve the minimization of protection policies.
Powerful network capabilities
Sunyainfo iNGFW has multiple static, dynamic, and policy routes, providing intelligent routing based on users, applications, regions, and ISPs, supporting rich NAT functions, and also providing various VPNs such as IPSec, SSL, GRE, VXLAN, L2TP, etc., to meet the requirements of complex network applicability.
IPv6&IPv4 Dual Stack Fusion
Provide users with comprehensive IPv4 and IPv6 dual stack network support, and support comprehensive deep security protection based on IPv6, achieving synchronized security and network upgrades.
IT&OT Integrated Security
Based on independent innovation, the integrated security engine achieves one-time parsing of data packets, synchronously completing security functions such as industrial protocol parsing, intrusion detection, virus detection, and content filtering, comprehensively protecting against network threats. It can effectively block penetration attacks against industrial networks, ensure comprehensive industrial network security, and guarantee the continuous normal operation of production systems.
High availability architecture makes security more reliable
Adopting a high availability architecture design for software and hardware, seamless monitoring of key system components is achieved, and adaptive diversion technology effectively ensures the overall smooth operation of the system during peak business hours. Based on dedicated bypass protection hardware, it ensures instant network recovery and uninterrupted production operations in extreme situations.
Autonomous security, compliance, and controllability
Sunyainfo continues to develop independent innovation, secure and controllable product capabilities. Based on domestic operating systems, it covers domestically produced hardware such as Feiteng and Haiguang, and its security compliance is also more controllable, effectively safeguarding key facilities.
Production network boundary isolation and protection
Sunyainfo iNGFW are deployed at the exits of different control areas in a transparent, routed, or hybrid way, achieving logical isolation between different areas. Through industrial protocol deep filtering and protection technology, fine-grained access control is executed on instructions or operations issued from the production management layer to block abnormal data or illegal operations; At the same time, establish isolation barriers between various security domains and deny access to other security zones. Sunyainfo iNGFW supports multiple attack detection technologies, which can detect and resist real-time scanning or attacks on process monitoring networks, ensuring the security and stability of underlying business.
Key equipment protection
Sunyainfo iNGFW adopts a transparent, routed, or hybrid working mode, deployed at the front end of logical control devices, to achieve security protection for critical equipment. By implementing network layer based protection strategies, illegal hosts are effectively blocked from communicating with important devices. Combined with industrial protocol deep control strategies, illegal instructions and operations are effectively identified to avoid issuing incorrect instructions due to illegal or erroneous operations, ensuring the security of control devices or important devices.
High reliability deployment
Sunyainfo iNGFW is deployed in HA mode, with one device in business processing state and the other in standby state. The two devices perform online monitoring and data communication through heartbeat lines, and have the same configuration and data information. When the host fails, the standby machine can automatically take over the business, ensuring the continuous and reliable operation of production business.
