Topwalk-FW - 拓尔思天行网安

Home

Products

Network security

Topwalk-FW

Topwalk-TBG

Topwalk-ACG

Topwalk-IPS

Topwalk-IDS

Topwalk-VSS

Topwalk-ADD

Topwalk-INP

Topwalk-LB

Topwalk-ATMS

Topwalk-ASG
Cross Domain Solutions

Topwalk-GAP

Topwalk-FGAP

Topwalk-UIS

Topwalk-BOP

Topwalk-BSSP
Data Security

Topwalk-PPCP

Topwalk-WAF
Security management

Topwalk-PDS

Topwalk-GAS

Topwalk-DAS

Topwalk-LAS

Topwalk-IBMS

Solutions

Services

Company

CN 

Topwalk-FW

“The Converged Security and Networking Core for the Future”

Topwalk Firewall (Topwalk-FW) is a Next-Generation high-performance security gateway with integrated firewall capabilities. It engineered for the modern enterprise perimeter and multi-cloud environments. Transcending traditional firewall access control, it deeply converges four critical capabilities—

Deep Intelligent Threat Protection,

Granular Application Control,

Intelligent Network Optimization,

Zero-Touch Branch Networking

—onto a single platform. Leveraging a dedicated multi-core hardware architecture and a single-path parallel processing engine, Topwalk-FW delivers enterprise-grade security efficacy while significantly simplifying network architecture and reducing TCO. It is the foundational choice to build an agile, visible, and resilient next-generation network infrastructure.

Home > Network security > Topwalk-FW

Core Values

High Availability

Has the ability to maintain continuous and stable operation in the face of various failures and load changes, supporting dual-machine hot backup protocols such as VRRP, VGMP, and HRP, and providing multiple dual-machine deployment modes. It supports HELLO packet and fault detection mechanisms; when the active firewall fails, the standby firewall can automatically take over to ensure the continuity of network communication.

Web Application Protection

Built-in Web application protection function supports configuring anti-attack strategies for internal network Web servers, resisting various Web application attacks such as OS command injection, SQL injection, cross-site scripting (XSS) attacks, server vulnerability attacks, PHP code injection, malicious access violating HTTP protocols, buffer overflow, worms, and Trojan backdoors. It effectively protects Web servers through built-in default templates and automatic learning functions.

Intelligent In-Depth Security Protection

Integrates functions such as firewall, Intrusion Prevention System (IPS), Anti-Virus (AV), Anti-Denial of Service (Anti-DDoS), URL filtering, and Web page filtering, capable of defending against 0Day and unknown threat attacks; has X-Forwarded-For parsing capability to identify the original IP address of accessing clients in application proxy or load balancing mode; supports comprehensive policy editing, allowing policy matching from multiple dimensions such as source security zone, destination security zone, and five-tuple to obtain policy hit information.

Application Identification and Control

Can identify specific applications in network traffic, including HTTP, HTTPS, FTP, FTPS, DNS, SSH, RDP, SIP, H.323, etc.; supports custom port editing for applications, and formulates blacklist/whitelist protection strategies and refined access control strategies based on application identification.

Powerful Multi-Branch VPN Networking

Integrates SD-WAN technology, enabling one-click completion of multi-branch VPN networking and zero-configuration launch of branch terminals, meeting the needs of multi-branch VPN networking and business migration to the cloud.

Product Advantages

Intelligent Traffic Control

Comprehensively identifies common Internet applications such as P2P downloading, IM instant messaging, online video, stock trading, and games, supporting multi-level and multi-channel traffic control. Network administrators can set hierarchical traffic strategies for departments and subordinate institutions, configuring bandwidth limits, bandwidth guarantees, and per-IP bandwidth based on users, applications, addresses, and time, with support for elastic bandwidth borrowing within the maximum bandwidth. Deployed at the network exit, it can curb bandwidth abuse, optimize network resource allocation, and ensure the quality of service for key businesses.

Integrated Security Engine

Provides integrated security protection based on users and applications, with user authentication and 4-7 layer security protection executed in parallel to achieve multi-dimensional and comprehensive protection. After passing through the integrated engine, data is processed in parallel by threat intrusion detection, virus scanning, Web security, and content filtering engines, effectively resisting threats such as Trojans, worms, SQL injection, and XSS attacks, ensuring file transmission security and blocking access to malicious websites and illegal links.

Enhanced Web Security Protection

Built-in Web security protection module includes security rules, content keyword filtering, HTTP protocol compliance check, and URL parameter compliance check. It can resist various injection attacks such as SQL injection, XSS attacks, LFI/RFI/RCE attacks, and PHP code injection, prevent risks such as hacker scanning and source code leakage, and improve website stability and service quality.

SD-WAN Rapid Networking

Built-in SD-WAN module, suitable for scenarios such as headquarters-branch networking and business migration to the cloud. It reshapes modern enterprise networks through Software-Defined Wide Area Network (SD-WAN) technology, providing the reliability and efficiency required by businesses with functions such as real-time dynamic path selection, WAN optimization, dynamic VPN tunnels, stateful firewall, and end-to-end QoS.

Core Values

Application Scenarios

Suitable for Internet exits and server frontends of government agencies, universities, financial institutions, and enterprises. It reconstructs traditional firewall functions from the perspectives of business, users, applications, and behaviors, providing intelligent control methods such as user policies, application policies, and behavior policies to solve problems that traditional firewalls are difficult to address.