Hillstone Networks launches StoneOS 5.5R11 to enhance threat protection
Hillstone Networks has launched the latest version of its operating system, StoneOS 5.5R11. This update includes over 200 new functionalities and improvements designed to enhance threat protection and facilitate enterprise network operations in an increasingly complex and demanding environment.
Key features of StoneOS 5.5R11 include Zero Trust Network Access (ZTNA) for intranet, integration with Azure Active Directory (AD), support for Transport Layer Security (TLS) 1.3 encryption and Restful APIs, threat prevention based on HTTP/2 and HTTP/3, SLA-based WAN route control, and improved policy management.
“These innovations enable organizations to more effectively address the growing cybersecurity threats, especially in a context marked by the proliferation of Bring Your Own Device (BYOD) and new business scenarios,” explained Tim Liu, CTO at Hillstone Networks.
ZTNA provides more comprehensive access control and better security
- ZTNA for Intranet: To reduce the attack surface within the intranet, we’ve introduced ZTNA for intranet access alongside the existing ZTNA for the internet.
- TLS 1.3 handshake for ZTNA: Before data transmission, ZTNA establishes an encrypted tunnel through the TLS 1.3 handshake to ensure secure communication. However, the TLS 1.2 handshake is slower as it requires two additional rounds.
- Integration with Azure AD: The new version of StoneOS supports Azure AD as an AAA server for SSO in ZTNA, SSL VPN, and WebAuth.
- Restful API for ZTNA: Without Restful APIs, integrating ZTNA with other enterprise tools can be challenging, leading to fragmented workflows. ZTNA now provides Restful APIs for terminal information and labels, policies, and more.
Next-generation threat protection capability
- Threat protection for HTTP/2 and HTTP/3 Traffic: StoneOS R11 applies Botnet C&C, IPS, Sandbox, Perimeter Traffic Filtering, Anti-Virus, URL Filtering, and Data Security to HTTP/2 and HTTP/3 traffic.
Simplified SD-WAN enhances business efficiency
- SLA-based WAN route control: This version introduces SLA-based WAN route control, allowing only high-quality links that meet latency, jitter, and packet loss thresholds to participate in load balancing.
- Email-based ZTP for SD-WAN: ZTP allows devices to self-configure upon connecting to the network. In addition to USB disk-based ZTP, the new version now supports email-based ZTP, allowing configuration files to be sent directly to devices via email.
Improvements in policy management and useful tools to refine and simplify processes
- Optimized policy assistant with detailed statistics: StoneOS R11 features an enhanced policy assistant that allows detailed filtering by hit count, ascending and descending packets, and bytes. This improvement facilitates more precise policy analysis and relationship management, thus improving performance and enhancing security management efficiency.
- More analytical policy redundancy check: The latest improvement optimizes the policy redundancy check mechanism by incorporating both partial redundancy and conflict analysis, and it also offers detailed information and remediation recommendations. This leads to simplified policy management, reduced conflicts, and improved overall system efficiency.
- Easier use of command line interface (CLI) in WebUI: With new support for logging into CLI directly from WebUI, users can easily deploy or verify configurations that were previously available only in CLI on the same page while reviewing postures.