HP VPN Firewall Appliances Getting Started Guide
7
A VPN firewall module can be installed in the HP 5800/7500/9500/12500 Switch Series or a
6600/8800 router. A switch or router can be installed with multiple VPN firewall modules to expand the
firewall processing capability for future use. The main network device (switch or router) and the VPN
firewall modules together provide highly integrated network and security functions for large networks.
The VPN firewall modules support the following functions and features:
• Traditional firewall functions.
• Virtual firewall, security zone, attack protection, URL filtering.
• Application Specific Packet Filter (ASPF), which can monitor connection processes and user
operations and provide dynamic packet filtering together with ACLs.
• Multiple types of VPN services, such as IPsec VPN.
• RIP/OSPF/BGP routing.
A VPN firewall module provides two GE ports and two GE combo interfaces, which can be used as
management ports and stateful failover ports. It is connected to the main network device through the
internal 10GE port. The HP main network device's rear card has the line-speed forwarding capability,
ensuring fast data forwarding with the firewall module. The VPN firewall modules are equipped with
dedicated, multi-core processors and high-speed caches. They can process security services without
impacting performances of the main network devices.
Appearance
Figure 9 VPN firewall module for 5800 series switches
(1) Power LED (PWR) (2) System status LED (RUN) (3) Management Ethernet port LED
(Mana
g
ement)
(4) CF card LED (CFS) (5) Mana
g
ement Ethernet port
(6) CF
ejector button
(7) CF card slot (CF CARD) (8) Ejector lever
(9) Captive screw