embedded in the application data; the firewall then dynamically opens appropriate connections for specific applications
NAT/PAT
: choice of dynamic or static network address translation (NAT) preserves a network's IP address pool or conceals the
private address of network resources, such as Web servers, which are made accessible to users of a guest or public wireless LAN
Virtual private network
(VPN)
IPSec
: provides secure tunneling over an untrusted network such as the Internet or a wireless network; offers data
confidentiality, authenticity, and integrity between two endpoints of the network
Layer 2 Tunneling Protocol
(L2TP): an industry standard-based traffic encapsulation mechanism supported by many common
operating systems such as Windows® XP and Windows Vista®; will tunnel the Point-to-Point Protocol (PPP) traffic over the IP
and non-IP networks; may use the IP/UDP transport mechanism in IP networks
Generic Routing Encapsulation
(GRE): can be used to transport Layer 2 connectivity over a Layer 3 path in a secured way;
enables the segregation of traffic from site to site
Manual or automatic Internet Key Exchange
(IKE): provides both manual or automatic key exchange required for the
algorithms used in encryption or authentication; auto-IKE allows automated management of the public key exchange, providing
the highest levels of encryption
Management
Management interface control
: provides management access through a modem port and terminal interface, as well as in-band
and out-of-band Ethernet ports; provides access through terminal interface, telnet, or Secure Shell (SSH)
Industry-standard CLI with a hierarchical structure
: reduces training time and expenses, and increases productivity in
multivendor installations
Management security
: multiple privilege levels with password protection restrict access to critical configuration commands;
ACLs provide telnet and SNMP access; local and remote syslog capabilities allow logging of all access
SNMPv1, v2, and v3
: provide complete support of SNMP; provide full support of industry-standard Management Information
Base (MIB) plus private extensions; SNMPv3 supports increased security using encryption
sFlow
(RFC 3176): provides scalable ASIC-based wire-speed network monitoring and accounting with no impact on network
performance; this allows network operators to gather a variety of sophisticated network statistics and information for capacity
planning and real-time network monitoring purposes
Remote monitoring
(RMON): uses standard SNMP to monitor essential network functions; supports events, alarm, history, and
statistics group plus a private alarm extension group
FTP, TFTP, and SFTP support
: FTP allows bidirectional transfers over a TCP/IP network and is used for configuration updates;
Trivial FTP is a simpler method using User Datagram Protocol (UDP)
Debug and sampler utility
: supports ping and traceroute for both IPv4 and IPv6
Network Quality Analyzer
(NQA): analyzes network performance and service quality by sending test packets, and provides
network performance and service quality parameters such as jitter, TCP, or FTP connection delays and file transfer rates; allows
a network manager to determine overall network performance and to diagnose and locate network congestion points or failures
Network Time Protocol
(NTP): synchronizes timekeeping among distributed time servers and clients; keeps consistent
timekeeping among all clock-dependent devices within the network so that the devices can provide diverse applications based
on the consistent time
Info center
: provides a central information center for system and network information; aggregates all logs, traps, and
debugging information generated by the system and maintains them in order of severity; outputs the network information to
multiple channels based on user-defined rules
IEEE 802.1AB Link Layer Discovery Protocol
(LLDP): automated device discovery protocol provides easy mapping of network
management applications
Multiple configuration files
: can be stored to the flash image
Dual flash images
: provide independent primary and secondary operating system files for backup while upgrading
USB support
:
QuickSpecs
HP 9500 Switch Series
Overview
DA - 13773 North America — Version 10 — July 12, 2013
Page 2
