Product Number: RAVEN 5500

RAVEN Next Generation Firewall - RAVEN 5500

1U rack mount, 6 × fixed FE/GE TX ports, 2 × 100/1000M SFP ports, 2 × 1/10G SFP ports, 2 × extended media module slot, redundant PSU

  • Availability:
    Asia Pacific
  • Global inventory:
    Available
RAVEN 5500
  • RAVEN 5500
1 of 1
  • Specifications

Specifications

Report An Error

Type

RAVEN 5500

Name

RAVEN 5500

Description

1U rack mount, 6 × fixed FE/GE TX ports, 2 × 100/1000M SFP ports, 2 × 1/10G SFP ports, 2 × extended media module slot, redundant PSU

Port type and quantity

6 × fixed FE/GE TX ports, 2 × 100/1000M SFP ports, 2 × 1/10G SFP ports, 2 × USB, 1 × RJ45 console port

Heat Radiation Type

Fixed fan

Extended Slot

2 × extended media module slots

Storage

60G SSD

Performance

20G (Firewall), 6G (enable NGFW)

Connections per Second

90000/s (Firewall), 21000/s (enable NGFW)

IPSec VPN default tunnel

4000

Concurrent Connections

2.9 million

Power Supply

2 × fixed redundant PSUs

Operating Voltage

100-240VAC, 47-63Hz, redundant PSU supported

Permissible Humidity (Storage/Transport)

5% to 95%

Operating temperature

-5-+45 °C

Storage/transport temperature

-20°C to +70 °C

Relative humidity (non-condensing)

5-85 %

Width

435 mm

Height

44.5 mm

Depth

360 mm

Weight

7.5 kg

Mounting

Rack mount

Software Specifications
Security Access control Access control based on network interface, security zones, source/destination IP, domain name, port, application and customer; support time-based policy. Support DPI identification in access control.
Support security policies pre-compile during committing configuration, complex security policies will not reduce chassis performance
Support default policy, permit all or deny all is available for all policies
Support logging for policy match, include flow and hitting
Support shadowing checking in security policies
Support session management for special security policy
Support group based security policies management
APT (Advanced Persistent Threat) protection Chassis has another dedicated hardware based APT engine. Sandbox is used to detect malicious code. APT engine has abilities for protecting long-term detection attack and 0 DAY attack
APT engine can process at least 20 types of files, such as exe, rtf, Office file, rar, zip, pdf and so forth.
Raven Eye cloud security protection Raven can sync all system libraries from Raven Eye. Raven is able to prevent either known or unknown threaten when it is captured by Raven Eye in past 6 hours
Support both IPv4 and IPv6 environment.
Support one-key process for captured host
IPS Support flow based protocol analysis and protocol tree algorithm, support both IPv4 and IPv6
Attack sample library has more than 3600 entries, weekly update, and support online user manual
Support online, bypass and complex deployment
Anti-Virus Based on Raven eye cloud security center, Raven has more than 36k virus samples, weekly update
Support HTTP, FTP, POP3, IMAP and SMTP attachment scanning
Support customized scan template
Anti-virus policy can base on interface, security zone, address, user, service and time
Support online, bypass and complex deployment, support both IPv4 and IPv6
Web application protection Support protection for SQL injection and XSS script attack, support Web application security in IPv4/IPv6 protection
DDoS Support TCP flooding protection, include packet rate, source host packet rate and destination packet rate limitation. SYN cookie, dropping violation packets or only alarm are available protection actions
Support UDP flooding protection, include packet rate, source host packet rate and destination packet rate. Dropping violation packets and only alarm are available protection actions
Support ICMP flooding protection, include packet rate, source host packet rate and destination packet rate. Dropping violation packets and only alarm are available protection actions
Support inhibition for malicious scanning, such as TCP scanning, UDP scanning and ICMP scanning
Support protection for Jolt2, Land-Base, Ping of death, Syn flag, Tear drop, Winnuke, Smurf
Session Control Total connection control based on interface, address, user, application and time
CPS control based on interface, address, user, application and time
Source total connection control based on interface, address, user, application and time
Source CPS suppression control based on interface, address, user, application and time
Destination total connection control based on interface, address, user, application and time
Destination CPS control based on interface, address, user, application and time
ARP protection Support IP-MAC mapping protection and unique mapping validation
Support protection of ARP spoofing. Raven support static MAC learning or reverse flooding to correct ARP to strike back the attacker
Support ARP suppression to defense ARP flooding
Deny List Support IP based deny list, deny list up to 30K entries
Support import/export operation for deny list
Application-based control Application Identification App ID engine based on DPI, DFI and network behavior analysis
Application control Support application identification by classes, such as: IM, class-based URL management, social media, download tools, video application and so forth
Email application control Support deep email inspection based on parameters such as email title, email body, attachments and protocol commands
Application library Application library support at least 1000 applications
Application library update Application library update support both online and offline operation, weekly update
IPv4/IPv6 support Support application behavior management in IPv4/IPv6
Traffic control Token bucket Multi-level token bucket mechanism, minimum particle size 1K bps
Flexible QoS Support QoS policy on physical interface and VLAN interface
Application based QoS QoS policy support application traffic inspection
Hierarchical QoS Support 4-level nesting HQoS, each level has 64 queue
Per-user bandwidth control Support assign per-user bandwidth schedule in customer communication for upstream traffic and downstream traffic
Bandwidth reserve Support to configure upstream bandwidth and downstream bandwidth
Priority queue Support priority queue
Shaping Support shaping
Network Deployment Support routing mode and transparent mode firewall, support complex deployment
IPv4/IPv6 dual stack Support IPv4/IPv6 dual stack, all functions can work both under IPv4 and IPv6
Physical interface Support static IP address and DHCP client, support multiple addresses under interface
802.1Q VLAN Support 4096 VLANs
LAG Support LACP and static LAG. Load balancing mode can be configured.
GRE Support GRE tunnel
Static route Support static route and ECMP under static route. Support various methods of static route health check
Routing protocol Support RIP, OSPF and BGP
Policy based route Support PBR based on ingress port, source IP, destination IP, port, service and domain name, multiple next-hops are also supported
BFD Support BFD function.
Load balance in WAN Support load balance for multiple WAN interface, include PPPoE
Health check Support link health check via ICMP, TCP, DNS and HTTP request
Routing control Support ECMP, PBR and link-load balance
NAT Support source NAT, destination NAT, static NAT and policy NAT. Support CG-NAT.
NAT46/NAT64 Support NAT between IPv4 and IPv6
ALG NAT pin-hole support on application layer
NAT address pool Support multiple address pool and discontinuous address pool
VPN Support IPSec VPN and L2TP VPN
Support SSLVPN in proxy mode and tunnel mode. Support nested access policy in SSLVPN
STP Support STP protocol
DHCP Support DHCP server, support IP-MAC binding entry
DNS Server Support DNS server, Support DNS zone
DNS record Support DNS record, include A, AAA, NS, CNAME, TXT, MX and PTR
DNS transparent agent Support DNS transparent agent, support multiple algorithms for load balancing
Virtualization Hardware based virtualization Raven support hardware based virtualization acceleration
Virtual FW configuration Support full functional vFW deployment. vFW support different software, feature and HA policy
Virtual FW management Each vFW has private resource template and configuration
HA Hot-standby Support active-active and active-backup mode
Backup node management Backup node support OOB management
VRRP Support VRRP for gateway backup
Multi-standard failure detection Failure detection based on heart-beat detection, link flapping, remote failure.
Session sync Support session sync between nodes, failover will not interrupt service
HA preempt Support priority configuration for certain active node
Monitoring Threaten visualization Support threaten visualization for attack. Visualization based on threat level, country and victim, include TOP10 table and diagram.
Application based traffic visualization Support application visualization for TOP100 application. Diagram include traffic detail and per app/per user traffic statistics.
User based traffic visualization Support user based visualization for TOP100 users. Diagram include user traffic detail.
Interface based traffic visualization Support collecting detail information of interfaces, based on physical interface or virtual interface (VNI or GRE)
System report Support to generate system report in system usage. CPU usage, memory usage, concurrent connection, CPS field during real time, 1 hour, 1 day, 7 days and 1 month
Logging Local syslog Support local storage for system log
Remote syslog Support multiple syslog server
Log level Support standard level 0~7
Report System can generate traffic report and threaten report.
Email alarm System alarm can trigger email to certain receivers.
Address management Address object management Support address objects up to 8K, each object has address records up to 2K. Support domain name as address record.
Address object bulk operation Support import/export address objects/record for bulk operation.
Customized application Support customized application
System configuration Web UI(HTTP/HTTPS) Internationalization Web UI
Control/VTY Support console port, SSH and telnet for remote CLI management
SNMP Support SNMP v1/v2/v3
User login management Support local account, Radius and LDAP authentication
User role management Support different user roles to implement user management and operation audit.
NTP Support external NTP server
System configuration backup/restore Support export/import configuration file as plain text.
Packet dump Support WebUI for packet dumping

IEC 60068-2-6 vibration

1 mm, 2 Hz-13.2 Hz, 90 min.; 0.7 g, 13.2 Hz-100 Hz, 90 min.; 3.5 mm, 3 Hz-9 Hz, 10 cycles, 1 octave/min.; 1 g, 9 Hz-150 Hz, 10 cycles, 1 octave/min

IEC 60068-2-27 shock

15 g, 11 ms duration, 18 shocks

EN 61000-4-2 electrostatic discharge (ESD)

4 kV contact discharge, 8 kV air discharge

EN 61000-4-3 electromagnetic field

10V/m (80-1000MHz), 3V/m (1000-6000MHz)

EN 61000-4-4 fast transients (burst)

2 kV power line, 1 kV data line

EN 61000-4-5 surge voltage

power line: 2 kV (line/earth), 1 kV (line/line), 1 kV data line

EN 61000-4-6 Conducted Immunity

10 V (150 kHz-80 MHz)

EN 61000-4-8 power freq magnetic field

30A/m

EN 61000-4-11 voltagedips,shortinterrupt

0%(20ms), 40%(300ms), 70%(500ms), 0%(5s)

EN 55032

EN 55032 Class A

EN 61000-3-2

EN 61000-3-2 Class A

EN 61000-3-3

EN 61000-3-3

FCC CFR47 Part 15

FCC 47CFR Part 15, Class A

FCC

Compliant

China Network Access Certificate

Compliant

RoHS Compliant

RoHS( (EU) 2015/863 ) and RoHS( GB/T26572-2011 ) compliant

Accessories to Order Separately

SFP, media module

Scope of delivery

2 × device, 1 × grounding wire, 2 × power cords, 1 × console cable, 1 × Cat5UTP 2M, 1 × installation package

Update and Revision

Revision Number: 0.16 Revision Date: 05-14-2024

Update and Revision

Revision Number: 0.16 Revision Date: 05-14-2024