Security Intelligence Platform for All My Threat Management

Virtual Cloud Generation Firewall

 Virtual Cloud Generation Firewall

BLUEMAX NGF is Korea’s first next-generation firewall for virtual cloud network
security and provides an integrated security platform that detects and blocks all
threats in the wired and wireless IT infrastructure environment.
It can operate multiple firewalls with a single product through the virtualization
function and provides all next-generation firewall functions, ranging from stable
high-performance and high-availability HW architecture, application recognition,
device recognition, support for
SD-WAN environment, and security functions to respond to the latest threats of
DNS/VPN.

SECURITY INTELLIGENCE PLATFORM

for All My Threat Management

Integrated security in public

and private cloud
●

environments Real-time device compliance

Virtual Cloud Malware check, abnormal behavior
●

Makes on-premise and infection detection for

complex security
●

configuration efficient Security Protection preemptive threat detection

with Virtual System NETWORK and blocking
SECURITY
Ensures traffic
visibility with
●

app control
Prevents unauthorized
access through user
●

authentication
STIC: Smart Update, Automates security policy
global threat settings by
● ●

information service comprehensively analyzing

CSOC: AI-based threat information on collected
analysis, remote control threats, security logs, and
●

service vulnerability diagnosis results

Threat Security
Intelligence Automation
 Response to new security threats

Simultaneous response to optimized networking and security threats with

Secure SD-WAN next-generation firewall-based Secure SD-WAN
|
XDSL MPLS Settings Ability to Spee Operati
managem respond to d ng
ent threats costs

Googl Nave
e r

Branch
Office Branc
h
Office
Mail ERP

HQ/Data Center

Branch
Office Policy settings Policy
Branc
settings h
Office
Central controller

Applies Zero Trust Network policy based on device security status, user ID, and app
Zero Trust information
Network |

User User ID Authentication and

PC
Securi ID Installati
ty on of
Settin Essential
gs SW
LInking Device Security
Intern Cloud Work
SW et Syste
Securi
ty Vulnerabilit Status DMZ m
Updat y
APP Inspection
es

Application Analysis and

Control

Inspection of Device and User Environment Zero Trust Network Access Control

Equipped with machine learning technology in firewalls to respond to unknown security

DNS Security threats
|

DNS Packet Inspection Machine Learning Pattern Analysis

Malicious DNS Domain Packet Inspection

C&C DNS Server

Malicious DNS Query Requests

ML-based
DNS
Technology
Internal Malware-Infected PC Normal DNS Server

SaaS Web category-based application control and SaaS HTTP header control

Security |
SaaS Application HTTP Header
Control

Enterprise Account GET / HTTP/1.1

Acces Host: login.microsoft.com
s Connection: keep-alive
Allow User-Agent: Mozilla/5.0 (Windows NT
10.0) Restrict-Access-To-Tenants:
secui.com

GET / HTTP/1.1
Acces Host: login.microsoft.com
Personal s Connection: keep-alive
Account Deny User-Agent: Mozilla/5.0 (Windows NT
SaaS 10.0) Restrict-Access-To-Tenants:
gmail.com
 Main Function

App Control User ID

Function to actively respond to attacks

that are difficult to handle using By recognizing user ID rather than IP,
existing UTM by pre-defining and the same security policy is applied no
analyzing applications to matter when and where the network is
prevent increased vulnerabilities and accessed, ensuring user mobility and
distribution of malware by domestic and enabling the user to view statistical
foreign applications data.

Enhanced VPN Security Domain Object

Equipped with the PQC algorithm, which Uses domain names instead of IPs as firewall
is an internationally recognized next- objects, collects up to 2,048 IPs per domain in
generation encryption technology real time and/or periodically considering the
that can respond to attacks using cloud environment (portals, web hard drives).
quantum computers

Web Filter File Type Control

Uses a global database classified into When using the application, controls files by type
more than 82 categories and requests (document, compressed file, image, multimedia,
a cloud server to analyze unknown etc.) and direction to prevent unauthorized file
URL information for updates to quickly transfers, internal information leaks, and
block malicious URL external threats.
information.

SSL Inspection Open API

Automatically detects SSL sessions, Operates seamlessly with integrated

decrypts SSL packets, and applies security management systems,
them to various next-generation vulnerability diagnosis systems, and
network security functions. Improves security policy analysis systems of
performance compared to existing domestic and international vendors to
products by applying a hardware implement Security Orchestration &
accelerator Automation.
 Software Specification
User-based policy control Anti-Virus Anti-Virus Engine (File-based or Stream-
based) Realtime Blackhole List(RBL)
SECUI user authentication (captive portal) and SSO & Limiting the number of recipients and bulk mail
NGFW support SaaS application control sending URL Filtering (Settings by Category)
Application/device-based policy Anti-SPAM
control AD setup wizard for linking Setting and editing warning pages
with AD SSO OT protocol recognition URL expansion inspection (URL query
and access control QoS per inspection) IP address domain blocking
application and user ID Web Filter Global Categorized URL (Local/Cloud
DB) HTTP header control
Resource allocation per virtual system
Configuration of intuitive virtual network with topology Block Anonymizer Server List
Virtual
maps Independent operating environment for each HTTP/HTTPS, FTP/FTPS, SMTP/ SMTPS, POP3/POP3S,
System administrator
Provision of APT threat analysis function linked with IMAP/IMAPS
sandbox equipment
More than 39 universal file formats
Response Supports sharing system for detected threat
information HTTPS, SMTPS, POP3S, IMAPS, FTPS Control of information leakage through webmail
to APT Compressed files (ZIP, TAR, GZIP, ALZIP, BZIP, RAR,
APP Control, IPS, DLP, Web Filter functions, and 7ZIP)
external equipment linked with decrypted traffic
DLP Registration/inspection and blocking of resident
Hardware Acceleration registration number, card number
SSL Active-Active HA with L2/L3/L4 Filter and save (archive)
Inspection Security policy group settings
Domain Policy (URL Object) SSL VPN Client (Windows, Linux, Android, iOS)
Activation schedule by security Provision of terminal security status information
policy through compliance check
Inspection of redundant and unused (unreferenced) Anomaly detection, isolation, and deletion
policies VXLAN Packet Control Policy
Policy-based NAT & Interface-based NAT Collection of terminal security information (update,
Device security settings) Collection of abnormal traffic, files,
Detection of machine learning-based DNS and URLs
threats control
LACP, VLAN, dynamic asset
Legacy Linking with policy setting screen and log inquiry/analysis control QoS (by IP, application,
functions Policy timeline management and rollback interface)
Firewall Signature Templates based on Profiles IPv6 transition (configurable tunneling,
Multi-pattern detection function (parallel 6to4) & Translation (NAT64, DNS64),
detection) PCRE (regular expression) NAT46
Linking with vulnerability inspection tool, optimizing Routing
Protocol(IPv4-OSPF/RIP/ BGP,
signature Customized signature verification function IPv6-OSPFv3/RIPng/BGP4+)
Application layer defense
Smart pattern learning Network DHCP, DHCPv6, and RA servers
DNS, DDNS, Split DNS
defense SNMP (v1, 2, 3), Syslog
Behavior-based web attack defense, DRDoS (N:1) transmission Report (Policy
defense IKE(v1/v2), PKI(x509) Details, Report Browser)
IPS Group VPN 기능 DB-based log management (compression
supported) Traffic/session monitoring by application
GRE/IPIP, L2TP, PPTP Tunneling and user Warning alarm threshold setting
Equipped with Post Quantum Cryptography (PQC) Firmware Upgrade and Downgrade (Rollback)
Algorithm 3DES, AES, SEED, ARIA, LEA, CAST, Blowfish, Administrator access such as
MD5, LDAP/RADIUS/TACACS+/OTP Setup Wizard, Setting
Anti SHA-1, SHA-256, SHA-512, HAS160 etc. Monitoring Multi R/W(Read/Write) Administrator rights profile
CLI execution and Packet Capture on GUI
DDoS SECUI line fault detection
function Full Tunnel mode Linking with Open API, other external
solution Supporting security compliance
FIDO biometric authentication self-inspection Application-based traffic
Multi-Factor Authentication Support (3rd route setting ZTP(Zero Touch
Authentication) PASS app-based convenient Provisioning)
authentication Line quality-based traffic route setting based on
IPSec VPN (Scheduled for the second half of 2024)
Management
Functions

SSL VPN
SD-WAN

Hardware Specification
BLUEMAX NGF 50 60 100 110 200 310 510 800 ED 1100 1300 1510 2100 5100 20000
CPU 2 Core 3 Core 2 Core 4 Core 4 Core 4 Core 8 Core 8 Core 4 Core 4 Core10 Core 20 Core 32 Core 48 Core
Memory 4GB 4GB 4GB 4GB 4GB 8GB 8GB 8GB 8GB 8GB 16GB 32/64GB 64/128G 96/288G
B B
System 16GB 16GB 16GB 32GB 32GB 64GB 128GB 128GB 128GB 256GB 256GB 128/256G 128/512G 128/512G
B B B
Storage 1.92T 1.92T 1.92T
Log - - - - - 1TB 1TB 1TB 1TB 1TB 1TB B/ B/ B/
RAID RAID RAID
100GF - - - - - - - - - - - - (max2) (max4)
40GF - - - - - - - - - - - (max4) (max8) (max8)
Interface 10GF - - - - - - - - - (max4) (max4) 2(max10 10(max2 10(max2
) 6) 6)
1GF - - - - - - 4 4 4(max8) 4(max8) 4(max8) 8(max40 8(max40 8(max40
) ) )
1GC 4 4+4(Switc 4+4 4+8(Switc 4+8 8 8 8 8 8 8 8(max40 8(max40 8(max40
h) h) ) ) )
Power Supply Adapter Adapter Adapter Adapter Adapter Single Single Single Single
Redunda Redunda Redunda Redunda Redunda
nt nt nt nt nt
Throughput 1Gbps 1.5Gbps 2Gbps 3Gbps 4Gbps 8Gbps 12Gbps 14Gbps 16Gbps 18Gbps 40Gbps 80Gbps 160Gbps 320Gbps
 Virtual Cloud Generation Firewall

CERTIFICATION

Call +82-80-331-6600
3-6F, 51 Jong-ro, Jongno-gu, Seoul (Jong-ro 2-ga, Jongno Tower)
www.secui.com
Copyright® SECUI All Rights Reserved. Names and product names published in this catalog are registered trademarks of SECUI. Specifications may change without notice for
improvements.