Enhanced Firewall

E0065

Multi-core 64-bit network-dedicated processor, 2GB DDRIV high-speed memory

5 Gigabit RJ45 ports

Supports configuration of security policies, audit policies, bandwidth policies, NAT policies, etc.

Supports scalable integrated DPI deep security (intrusion prevention, antivirus, file filtering, malicious domain remote query, application behavior control)

Supports rich policy objects (security zones, addresses, applications, blacklists/whitelists, security profiles, intrusion prevention, audit profiles, etc.)

Supports rich network functions, static routing, policy routing, intelligent load balancing, VPN (IPSec/PPTP/L2TP) VPN, DDNS, and other multi-administrator roles enable granular permission management. Supports first-packet application identification, improving application identification performance.

Note: Antivirus (AV), Intrusion Prevention System (IPS), Malicious Domain Identification, Application Identification (APP), and Website Identification (URL) require license purchase.

The E0065 is an enhanced firewall product supporting multiple signature databases including antivirus, intrusion prevention, malicious domain identification, application identification, and website classification. It integrates firewall policies, attack protection, DPI deep security, security auditing, bandwidth management, and VPN functions, effectively mitigating network risks and providing comprehensive protection while simplifying operation and maintenance. It ensures the continuous and stable operation of core enterprise applications and businesses, making it suitable for enterprises, government agencies, industrial parks, chain hotels, and other scenarios.

Abundant ports and powerful performance. Utilizes a professional multi-core 64-bit network processor and 2GB DDRIV high-speed memory, providing powerful packet processing capabilities.

Provides 5 gigabit RJ45 ports, satisfying high-speed data forwarding while facilitating system management and maintenance.

First Packet Application Identification: Supports unique first packet application identification, recognizing applications from the very first packet to enable application routing and improve application identification performance.

Comprehensive Security Policies: Adopts the principle of least security, supporting security policies based on security zones, source IP addresses, destination IP addresses, source ports, destination ports, service groups, application groups, user groups, time periods, blacklists/whitelists, websites, internal server certificates, antivirus, URL filtering, file filtering, application behavior control, email content filtering, intrusion prevention, audit configuration files, and more. Users can customize combinations and set access rules for comprehensive control over internal and external network communication security. Comprehensive Attack Protection

Supports multiple internal/external network attack protection functions, effectively preventing various DoS attacks, scanning attacks, and suspicious packet attacks, such as: TCP Syn Flood, UDP Flood, ICMP Flood, IP scanning, port scanning, WinNuke attacks, fragmented packet attacks, WAN port ping, TCP Scan (Stealth FIN/Xmas/Null), IP spoofing, TearDrop, etc.

Supports ARP protection, such as ARP spoofing and ARP attacks, to avoid service interruptions and frequent network outages.

Supports IP and MAC address binding, allowing simultaneous binding of IP and MAC address information for hosts on both the LAN port (internal network) and WAN port (external network) to prevent ARP spoofing.

Supports MAC address filtering to block unauthorized host access.

Scalable and integrated DPI deep security:

Supports intrusion prevention, providing real-time access to the latest threat information and accurately detecting and defending against attacks targeting vulnerabilities;

Supports antivirus, quickly and accurately detecting and eliminating viruses and other malicious programs in network traffic, protecting against over 6 million viruses and Trojans;

Supports filtering file extension types, easily filtering various small files embedded in web pages to prevent viruses and Trojans from infiltrating enterprise networks and compromising Network Security;

Supports URL filtering and remote malicious domain lookup, effectively blocking phishing websites and intercepting Trojan attacks, hacker intrusions, and online fraud through a combination of local and cloud-based methods;

Supports application identification with accuracy down to the application behavior level. The combination of application identification with intrusion detection, antivirus, URL filtering, and file extension type filtering greatly improves detection performance and accuracy;

Provides a comprehensive and timely security signature database, keeping abreast of the latest developments in the network security field and ensuring timely and accurate updates to the signature database.

Refined Internet Behavior Identification and Control

Possesses a large-scale application identification feature database, enabling one-click control of nearly 6,000 common domestic desktop and mobile internet applications across 36 categories, including video, social networking, shopping, and financial applications;

Accurately identifies behaviors in popular applications such as WeChat, Weibo, and QQ, including text communication, voice and video calls, file transfers, and music playback, and provides refined control over these behaviors, selectively blocking or restricting them;

Built-in database of over a dozen domestic website categories, allowing one-click restriction of employee access to corresponding websites;

Supports disabling webpage submissions, restricting employee access to various web-based forums, Weibo, email, etc., and filtering email content to effectively prevent the leakage of sensitive corporate data;

The application and website database will be continuously updated and expanded.

Comprehensive Security Audit Strategy

Detailed and Comprehensive Logging: Supports system logs, operation logs, policy hit logs, traffic logs, audit logs, threat logs, content logs, URL logs, and email filtering logs, recording detailed information such as firewall-related traffic and operation history to help administrators understand network status and quickly locate network problems;

Graphical Traffic Statistics: Enables traffic statistics across three dimensions: interface, IP, and security policy, presenting security policy traffic data in real-time graphical form for easy overview; traffic analysis reports can be output in PDF format to help administrators analyze historical traffic distribution;

Internet Behavior Auditing: Supports HTTP behavior auditing, FTP behavior auditing, email auditing, and IM auditing. Audit logs provide insights into employee internet behavior during work hours, including web browsing and app usage, making inappropriate internet activity traceable;

TP-LINK Security Audit System: Can be used in conjunction with the TP-LINK Security Audit System for long-term, high-capacity log storage while outputting more detailed analytical reports.

Simplified Operation and Maintenance, Secure Management

A fully Chinese web interface with detailed and clear configuration guidance;

A graphical interface display, providing real-time monitoring of key resources such as CPU utilization, clear and intuitive;

Supports local/remote management, facilitating chain operations and remote assistance;

Supports password authentication/identity recognition, ensuring authorization security;

Supports multiple administrator roles for granular permission management;

Supports hard drive management and license management, with feature database upgrades;

Supports primary/standby failover and online testing, ensuring high-reliability device operation;

Provides a separate console management port for command-line management.

Flexible Bandwidth Management Policies

Offers flexible bandwidth management policies, controlling the bandwidth used by each IP in the network to ensure a good network experience for critical services and users. Management methods include: bidirectional bandwidth control, connection limit, and connection monitoring.

Rich Routing Features

Supports static routing, policy routing, intelligent load balancing, VPN (IPSec/PPTP/L2TP VPN), dynamic DNS (Peanut Shell, Comai, 3322), and other functions.

Supports Multiple Deployment Modes

Layer 3 Router Gateway Mode: As a Layer 3 router gateway, the E0065 replaces the original router in the network. Data communication between the internal and external networks is handled through NAT translation by the firewall. In this mode, the firewall's data packet processing mechanism is more sophisticated, resulting in stronger network security protection capabilities.

Layer 2 Transparent Bridge Mode: The E0065 supports configuring some or all interfaces as bridges. These interfaces operate in a Layer 2 network. As long as data passes through the bridge interface, the network is protected by the firewall. In this mode, firewall deployment does not require changes to the original topology, making it more convenient and faster.

Router + Bridge Mode: In actual network deployment, some firewall interfaces can be configured as bridge interfaces, and others as routing interfaces, allowing for flexible combination of the two methods to achieve more economical and efficient network protection.

Hardware Specifications

Ports

5 x 10/100/1000M RJ45 ports

1 x Management port

1 x USB port

1 x Console port

1 x Micro SD card slot

Processor

Multi-core 64-bit ARM network processor

Memory

DDRIV 2GB

Storage

128MB NOR + 8GB eMMC

Indicator Lights

Ports: Link/Act, Speed, USB, Micro SD

Device: PWR, SYS

Dimensions

250(w) x 158(D) x 44(H) mm

Input Power

100～240V AC, 50/60Hz

Cooling Method

Natural cooling

Operating Environment

Operating Temperature: 0℃～40℃, Operating Humidity: 10%～90%RH (non-condensing)

Storage Temperature: -40℃～70℃, Storage Humidity: 5%～90%RH (non-condensing)

Software Functions

Policy Configuration Security Policies & Audit Policies

Detection Policies (Encrypted Traffic Detection)

Bandwidth Policies (Bandwidth Control, Connection Limitation, Connection Monitoring)

NAT Policies (NAPT, One-to-One NAT, Virtual Server, NAT-DMZ, UPnP)

ALG Policies (FTP ALG, H.323 ALG, PPTP ALG, SIP ALG)

Policy Objects

Security Zones, Addresses, Users, Services, Websites, Applications, Blacklists/Whitelists, Intrusion Prevention

Security Profiles (URL Filtering, File Filtering, Application Behavior Control, Email Content Filtering, Antivirus)

Audit Profiles (HTTP Behavior Auditing, FTP Behavior Auditing, Email Auditing, IM Auditing)

Attack Protection

Supports ARP protection, such as ARP spoofing and ARP attacks

Supports protection against various common attacks, such as DDoS attacks, network scanning, and suspicious packet attacks

Supports MAC address filtering to block unauthorized host access

Integrated DPI Deep Security

Supports Intrusion Prevention

Supports Antivirus

Supports Remote Malicious Domain Query

Supports Application Behavior Recognition

Supports Filtering of File Extension Types

Network Functions Static Routing, Policy Routing

Intelligent Load Balancing

VPN (IPSec/PPTP/L2TP VPN)

Dynamic DNS (PeanutShell, Comai, 3322)

System Management

Supports Chinese Web Management and Remote Management

Supports Multiple Management Roles

Supports Configuration Backup and Import

Supports System Software Upgrades

Supports Multiple Logs, Reports, Diagnostic Center, and Panel Status

Supports CLI Management, License Management, and Disk Management

Supports Signature Database Upgrades

Performance Parameters

Maximum Concurrent Connections

150,000

New Connection Rate

13,282

Application Layer Throughput (Mbps)

981

Application Identification Throughput (Mbps)

251

IPSec Throughput (Mbps)

208

IPS Throughput (Mbps)

208

Total Threat Throughput (Application Identification + IPS + AV + Malicious Domain) (Mbps)

177

Parameter Description

These parameters were obtained from testing with a 128KB HTTP load capacity.

License Authorization (TL-FW-LIS-ALL, All-in-One)

IPS Library 1500+ AV Database

3 Million Malicious Domain Database

10000+ Application Database

6400+ Website Database

1 Million

Parameter Notes

Specifically enhanced feature databases require separate license purchase.