H3C SecPath W2000-G2 Series Web Application Firewall
- Classification:H3C Data Network Security Products
- Release time:2025-11-16
- Page views:0
H3C SecPath W2000-G2 Series Web Application Firewall
- Classification:H3C Data Network Security Products
- Release time:2025-11-16
- Page views:0
The H3C SecPath W2000 Web Application Firewall is an application security product developed by H3C Technologies Co., Ltd. (hereinafter referred to as H3C) based on years of security research and service experience. Deployed in front of the user's web application server, it defends against attacks targeting web application systems. It not only protects internet-facing web applications but can also be deployed in front of internal web application servers to perform access control and business auditing, preventing threats from within. Compared to traditional firewalls and intrusion prevention systems, the H3C SecPath W2000 Web Application Firewall focuses more on the vulnerabilities of web applications themselves and provides web application security modules such as SSL acceleration, DDoS protection, and application load balancing. It is a multi-security engine, cost-effective web application security product.
WEB Attack and Defense
The H3C SecPath W2000 Web Application Firewall is an OWASP-certified web application security product that achieves an internationally advanced level of defense against web attacks.
OWASP-Top10
A1—Injection
A2—Invalid Authentication and Session Management
A3—Cross-site scripting (XSS)
A4—Invalid Access Control
A5—Security configuration error
A6—Sensitive Information Leakage
A7—Inadequate Attack Detection and Prevention
A8 - Cross-Site Request Forgery (CSRF)
A9—Using components with known vulnerabilities
A10—Unprotected APIs
Web load balancing
The H3C SecPath W2000 Web Application Firewall supports web load balancing technology. Through a variety of built-in load balancing algorithms, it effectively improves the response speed of web services and the user experience. The web load balancing function can improve the overall performance and scalability of web application systems.
Professional DDoS protection
The H3C SecPath W2000 Web Application Firewall's DDoS protection module employs a combination of active monitoring and passive tracking. It can identify various DDoS attacks and activate unique blocking methods, efficiently filtering and protecting against them. Targeting common DDoS attack methods on the internet, it provides a combination of protection measures to effectively block attack activities, thereby ensuring the server can provide normal service.
Effective HTTPS protection
The H3C SecPath W2000 Web Application Firewall addresses SSL-encrypted applications by providing HTTPS offloading and acceleration based on business models, offering a better customer experience and reducing server load. SSL encryption has become a common form of secure access for websites, providing enhanced security but also increasing server overhead. By offloading SSL functionality to the web application firewall, the server's computational burden is objectively reduced. Furthermore, because SSL-encrypted content cannot be audited by network security devices, network security protection capabilities are objectively weakened. By legally decrypting SSL data, the H3C SecPath W2000 Web Application Firewall can continue to effectively protect web applications.
Visual analysis and statistics
The H3C SecPath W2000 Web Application Firewall has a built-in situational awareness system that can display the security attack situation in real time without the need for linkage with monitoring equipment. It can analyze traffic events and attack events, drill down into key information, and present it in a visual format.
comprehensiveSecurity modeling capability
The H3C SecPath W2000 Web Application Firewall can automatically learn web access traffic, automatically generating all relevant information such as website directory structure, request methods, condition parameters, and traffic details to build a local model. This allows for visualized statistical analysis of website operations and the direct creation of corresponding blacklists, whitelists, and fine-grained control policies based on the learning results. Furthermore, it dynamically adjusts its learning based on business access patterns and security status.
Networking applications
Multiple deployment options
Web applications are often critical business systems within an organization, requiring high stability and exhibiting diverse deployment needs for security products. The H3C SecPath W2000 Web Application Firewall integrates seamlessly with the customer's network architecture, supporting multiple protection modes including mirror monitoring, mirror blocking, transparent proxy protection, transparent protection, transparent reverse proxy protection, and reverse proxy protection, meeting the customer's IT management requirements.
Table 1-1 H3C SecPath W2000 Web Application Firewall Product Specifications
menu | Function | |
Status monitoring | System Preview | Displays information such as asset status, attack statistics, ban status, and attack trends. |
Real-time situation monitoring | View real-time situation monitoring maps and data. | |
Basic configuration of attack posture | Configure basic information for the attack posture. | |
System status | Displays data on CPU, memory, and hard drive usage. | |
Connect to monitoring | Query and display connection information | |
Interface traffic | Display the interface's traffic and speed information | |
Asset Status | Display asset status | |
IP blocking display | IP blocking display | |
Basic configuration | Protected assets | View and edit configuration of protective assets |
Assets scheduled offline | Customize the offline date and time, as well as the weekday configuration for assets. | |
Basic object configuration | Configure IP and URL object groups, and add exception URLs. | |
Rule base display | Show web protection signature database | |
Blocking returned information | Configure blocking return information | |
Sensitive word management | Supports adding, editing, importing, and exporting sensitive words. | |
Weak password management | Supports adding, querying, importing, and exporting weak passwords. | |
Safety protection | Agreement compliance testing | Configure protocol compliance detection strategy |
Agreement Compliance Testing Template | Configuration Protocol Compliance Test Template | |
Web attack protection strategy | Configure web attack protection policies | |
Web attack protection template | Configure web attack protection template | |
Web business control strategy | Configure web business control policies | |
Web Business Control Template | Configure web business control template | |
Web Sensitive Information Protection Strategy | Configure sensitive information protection policies | |
Web Sensitive Information Protection Template | Configure sensitive information protection template | |
Web service reinforcement strategy | Configure web service hardening strategy | |
Web Business Reinforcement Template | Web business reinforcement template | |
DDoS attack protection strategy | Configure DDoS protection policies | |
DDoS attack protection template | Configure DDoS protection template | |
Active defense | crawler trap | Supports web crawler trap strategy configuration |
Virtual patch | Supports virtual patch import | |
Security Scan | Supports viewing and adding vulnerability detection policies | |
Access Control | IP blacklist/whitelist | Define IP blacklists and whitelists for access control |
URL blacklist/whitelist | Define URL blacklists and whitelists for access control. | |
IP Access Control | Supports configuring IP access control policies | |
HTTP Access Control | Supports configuring HTTP access control policies | |
External testing | URL external link detection strategy | Supports adding and editing URL external link detection strategies |
Custom external URL | Supports adding external URLs | |
Website anti-tampering | Protective end detection | Supports viewing details of protected endpoint detection. |
Protection end configuration | Supports adding protected servers, selecting working modes, and one-click activation and deactivation of protection. | |
Protection end status | Supports viewing details of the protected device's status. | |
Machine Learning | Traffic throttling | Supports adding traffic rate limiting policies |
Site self-learning | Supports selecting the number of samples, the learning period, and the processing time. | |
Strategy Configuration | Supports adding policies, allowing you to select application assets, request methods, and exception URLs. | |
Mode Configuration | Supports adding assets and web hosts. | |
URL results display | Supports asset tree diagrams and URL list view results display. | |
URL protection configuration | Supports adding URLs | |
Cookie results display | Supports viewing cookie results | |
Proxy gateway | Data compression | Support adding new data compression |
Cache | Support caching | |
System Configuration | System Information Configuration | Supports custom settings for group name, city, country, email address, system timeout, and hostname. |
Time Configuration | Supports time setting, | |
Remote Management | Supports adding remote management IPs, | |
DNS configuration | Supports primary and secondary DNS configuration | |
Situation Configuration | Supports configuring the protected object area and logo, and configuring the status quo. | |
WebUI Configuration | Supports WebUI port configuration | |
SSH remote connection configuration | Supports configuring SSH remote connection mapping ports and public IP addresses. | |
Authorization Management | Supports file upload upgrade authorization, | |
Alarm Configuration | Supports log alarm configuration | |
Login Management | Supports both regular login and Radius login | |
System upgrade | Supports upgrades from local storage and upgrades from FTP servers. | |
Web protection signature database upgraded | Supports importing from local storage, upgrading from FTP servers, and upgrading from proxy servers. | |
Backup and restore | Supports manual, automatic, and import backups. | |
Operation and maintenance tools | Supports configuration of Webshell, Ping, Telnet, Tcpdump, Traceroute, SNMP, etc. | |
System Operation | Supports restarting, shutting down, and restoring factory settings. | |
Network Management | Network configuration | Configure the Port interface, Channel interface, Bridge interface, and Trunk interface. |
ARP configuration | Configure static ARP and dynamic ARP | |
Routing configuration | Configure static routes and policy routes | |
High availability | HA Management | Configure VRRP instance, configure synchronization |
Port linkage | Configure port linkage | |
Overload protection | Configure overload protection | |
Bypass | Configure automatic and manual bypass | |
Log Report | Protection Log | View protection logs and log statistics. |
External Log | View external logs | |
Anti-tampering logs | View the website's anti-tampering logs and log statistics. | |
Access Log | View access logs and log statistics. | |
Audit Log | View audit logs | |
Report export | Supports log export | |
Log backup | Supports manual and automatic log backup | |
External configuration | Supports configuration for sending syslog, WeChat, and email. | |
