HOME Cart(0) Quotation About-Us Policy PDFs Standard-List
www.ChineseStandard.net Database: 189759 (12 Oct 2025)

GB/T 20281-2020 PDF English

Q: Do you accept my currency other than USD?

Yes. https://www.ChineseStandard.us/products/GBT20281-2020 -- Click this link and select your country/currency to pay, the exact amount in your currency will be printed on the invoice. Full PDF will also be downloaded/emailed in 9 seconds.

Q: How to buy and download a true PDF of English version of GB/T 20281-2020?

Answer: A step-by-step guide to download PDF of GB/T 20281-2020_English. Step 1: Visit website https://www.ChineseStandard.net (Pay in USD), or https://www.ChineseStandard.us (Pay in any currencies such as Euro, KRW, JPY, AUD). Step 2: Search keyword 'GB/T 20281-2020'. Step 3: Click 'Add to Cart'. If multiple PDFs are required, repeat steps 2 and 3 to add up to 12 PDFs to cart. Step 4: Select payment option (Via payment agents Stripe or PayPal). Step 5: Customize Tax Invoice -- Fill up your email etc. Step 6: Click 'Checkout'. Step 7: Make payment by credit card, PayPal, Google Pay etc. After the payment is completed and in 9 seconds, you will receive 2 emails attached with the purchased PDFs and PDF-invoice, respectively. Step 8: Optional -- Go to download PDF. Step 9: Optional -- Click Open/Download PDF to download PDFs and invoice. See screenshots for above steps: https://www.chinesestandard.net/Img/LDHowToStep1-3.jpg https://www.chinesestandard.net/Img/LDHowToStep4-6.jpg https://www.chinesestandard.net/Img/LDHowToStep7.jpg https://www.chinesestandard.net/Img/LDHowToStep8.jpg https://www.chinesestandard.net/Img/LDHowToStep9.jpg

US$575.00 · In stock · Download in 9 seconds
GB/T 20281-2020: Information Security Technology - Security Technical Requirements and Testing Assessment Approaches for Firewall
Delivery: 9 seconds. True-PDF full-copy in English & invoice will be downloaded + auto-delivered via email. See step-by-step procedure
Status: Valid

GB/T 20281: Evolution and historical versions

Standard ID	Contents [version]	USD	STEP2	[PDF] delivery	Name of Chinese Standard	Status
GB/T 20281-2020	English	575	Add to Cart	0-9 seconds. Auto-delivery	Information Security Technology - Security Technical Requirements and Testing Assessment Approaches for Firewall	Valid
GB/T 20281-2015	English	150	Add to Cart	0-9 seconds. Auto-delivery	Information security technology -- Security technical requirements and testing and evaluation approaches for firewall	Obsolete
GB/T 20281-2006	English	RFQ	ASK	9 days	Information security technology Firewall technical requirements and test evaluation method	Obsolete

Excerpted PDFs (Download full copy in 9 seconds upon purchase)

PDF Preview: GB/T 20281-2020

Similar standards

GB/T 20278 GB/T 20280 GB/T 20279

GB/T 20281-2020: Information Security Technology - Security Technical Requirements and Testing Assessment Approaches for Firewall

---This is an excerpt. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.), auto-downloaded/delivered in 9 seconds, can be purchased online: https://www.ChineseStandard.net/PDF.aspx/GBT20281-2020
GB NATIONAL STANDARD OF THE PEOPLE’S REPUBLIC OF CHINA ICS 35.040 L 80 Replacing GB/T 20010-2005, GB/T 20281-2015, GB/T 31505-2015 and GB/T 32917-2016 Information Security Technology - Security Technical Requirements and Testing Assessment Approaches for Firewall Issued on. APRIL 28, 2020 Implemented on. NOVEMBER 1, 2020 Issued by. State Administration for Market Regulation; Standardization Administration of the People’s Republic of China.

Foreword... 3 1 Scope... 5 2 Normative References... 5 3 Terms and Definitions... 5 4 Abbreviations... 6 5 Overview... 7 6 Security Technical Requirements... 8 7 Testing and Assessment Methods... 28 Appendix A (normative) Classification of Firewalls and Security Technical Requirements... 83 Appendix B (normative) Classification of Firewalls and Testing and Assessment Methods... 91

1 Scope

This Standard specifies the classification, security technical requirements, and testing assessment methods for firewall. This Standard is applicable to the design, development and testing of firewall.

2 Normative References

The following documents are indispensable to the application of this document. In terms of references with a specified date, only versions with a specified date are applicable to this document. In terms of references without a specified date, the latest version (including all the modifications) is applicable to this document. GB/T 18336.3-2015 Information Technology - Security Techniques - Evaluation Criteria for IT Security - Part 3.Security Assurance Components GB/T 25069-2010 Information Security Technology - Glossary

3 Terms and Definitions

What is defined in GB/T 25069-2010, and the following terms and definitions are applicable to this document. 3.1 Firewall Firewall refers to a network security product that analyzes the passing data flow and implements access control and security protection functions. 3.2 Network-based Firewall Network-based firewall is a network security product that is deployed between different security domains, analyzes the passing data flow, and possess network layer and application layer access control, and security protection functions. 3.3 Web Application Firewall Web application firewall is a network security product deployed on the front end of WEB server, analyzes the HTTP / HTTPS access and response data flowing through it, and possesses access control and security protection functions of WEB application. 3.4 Database Firewall Database firewall is a network security product deployed on the front end of database server, analyzes the database access and response data flowing through it, and possesses access control and security protection functions of database. 3.5 Host-based Firewall Host-based firewall is a network security product deployed on computers (including personal computers and servers), and provides network layer access control, application program access restriction and attack protection functions. 3.6 Reverse Proxy Reverse proxy refers to a deployment mode that is used as a proxy on the server side to replace the server to receive request from the client side, then, forward the request to the internal server, and return the result obtained from the server to the requesting client side.

4 Abbreviations

The following abbreviations are applicable to this document. BGP. Border Gateway Protocol CSRF. Cross-site Request Forgery DMZ. Demilitarized Zone DNAT. Destination NAT FTP. File Transfer Protocol HTTP. Hypertext Transfer Protocol HTTPS. Hypertext Transfer Protocol over Secure Socket Layer ICMP. Internet Control Messages Protocol IMAP. Internet Mail Access Protocol IP. Internet Protocol IPV6.Internet Protocol V6 ISATAP. Intra-Site Automatic Tunnel Addressing Protocol MAC. Media Access Control NAT. Network Address Translation NTP. Network Time Protocol OSPF. Open Shortest Path First P2P. Peer-to-peer

5 Overview

Firewall is a network security product that acts on different security domains and possesses access control and security protection functions. It is mainly divided into network-based firewall, WEB application firewall, database firewall and host-based firewall, or a combination of them. The security technical requirements of firewall are divided into four categories. security function requirements, self-security requirements, performance requirements and security assurance requirements. Specifically speaking, security function requirements propose specific requirements for the security functions that a firewall shall possess, including networking and deployment, network layer control, application layer control, attack protection, and security audit and analysis.

6 Security Technical Requirements

6.1 Security Function Requirements 6.1.1 Networking and deployment 6.1.1.1 Deployment mode The products shall support the following deployment mode. 6.1.1.2 Routing 6.1.1.3 High availability 6.1.1.4 Device virtualization (optional) 6.1.1.5 IPv6 support (optional) 6.1.2 Network layer access 6.1.3 Application layer control 6.1.3.1 User management and control The products shall support the user authentication-based network access control function, which includes, but is not limited to. 6.1.3.2 Application type control The products shall support identification and control of various application types based on application characteristics, which include, but are not limited to. 6.1.3.3 Application content control 6.1.4 Attack protection 6.1.4.1 Denial service attack protection The products with a feature library shall support the denial service attack protection, which includes, but is not limited to. 6.1.4.2 WEB attack protection The products with a feature library shall support the function of WEB attack protection, which includes, but is not limited to. 6.1.4.3 Database attack protection The products with a feature library shall support the function of database attack protection, which includes, but is not limited to. 6.1.4.4 Malicious code protection The products with a database shall support the function of malicious code protection, which includes, but is not limited to. 6.1.5 Security audit, warning and statistics 6.1.5.1 Security audit The products shall support the function of security audit, which includes, but is not limited to. 6.1.5.2 Security warning The products shall support the warning of attack behaviors in 6.1.4 and be able to initiate combined warning to the same warning events that occur at a high frequency, so as to avoid warning storms. The warning information shall at least include the following content. 6.1.5.3 Statistics 6.2 Self-security Requirements 6.2.1 Identity identification and authentication The security requirements for the products’ identity identification and authentication include, but are not limited to. 6.2.2 Management capabilities The security requirements for the products’ management capabilities include, but are not limited to. 6.2.3 Management audit The security requirements for the products’ management audit include, but are not limited to. 6.2.4 Management mode The security requirements for the products’ management mode include, but are not limited to. 6.2.5 Security support system The security requirements for the products’ support system include, but are not limited to. 6.3 Performance Requirements 6.3.1 Throughput 6.3.1.1 Network layer throughput The network layer throughput of hardware products varies with products of different rates. See the specific index requirements below. 6.3.1.2 Mixed application layer throughput The application layer throughput of hardware products varies with products of different rates. Under the circumstance that the function of application attack protection is initiated, the specific index requirements are as follows. 6.3.1.3 HTTP throughput The HTTP throughput of hardware products varies with products of different rates. Under the circumstance that the function of WEB attack protection is initiated, the specific index requirements are as follows. 6.3.2 Delay The delay of hardware products varies with products of different rates. The specific index requirements for the delay of a pair of ports with corresponding rates are as follows. 6.3.3 Connection rate 6.3.4 Number of concurrent connections 6.4 Security Assurance Requirements 6.4.1 Development 6.4.1.1 Security architecture The developer shall provide a security architecture description of the products’ security functions. The security architecture description shall satisfy the following requirements. 6.4.1.2 Functional specification The developer shall provide a complete functional specification description, which shall satisfy the following requirements. 6.4.1.3 Product design The developer shall provide a product design document, which shall satisfy the following requirements. 6.4.1.4 Implementation expression The developer shall provide implementation expression of the products’ security functions. The implementation expression shall satisfy the following requirements. 6.4.2 Guidance document 6.4.2.1 User guide for operation The developer shall provide an explicit and reasonable user guide for operation. The description of each user role shall satisfy the following requirements. 6.4.2.2 Preparation procedure The developer shall provide the products and their preparation procedures. The description of the preparation procedures shall satisfy the following requirements. 6.4.3 Life cycle support 6.4.3.1 Configuration management capabilities The developer’s configuration management capabilities shall satisfy the following requirements. 6.4.3.2 Scope of configuration management The developer shall provide a list of product configuration items and state the developer of the configuration items. The list of product configuration items shall include the following content. 6.4.3.3 Delivery procedure The developer shall adopt a certain delivery procedure to deliver the products and document the delivery process. When delivering various versions of the products to the user, the delivery document shall describe all procedures necessary to maintain security. 6.4.4 Tests 6.4.4.1 Test coverage The developer shall provide a test coverage document, which shall satisfy the following requirements. 6.4.4.2 Test depth The developer shall provide an analysis of test depth. The description of the test depth analysis shall satisfy the following requirements. 6.4.4.3 Functional test The developer shall test the products’ security functions, document the results and provide a test document. The test document shall include the following content. 6.4.4.4 Independent test The developer shall provide a set of resources equivalent to those used in the self- testing of the security functions, to be used in the sampling tests of security functions. 6.4.5 Vulnerability assessment Based on the already-identified potential vulnerabilities, the products can resist attacks of the following strengths.

7 Testing and Assessment Methods

7.1 Testing and Assessment Environment 7.1.1 Security functions and self-security testing and assessment environment The typical environment of security function and self-security testing and assessment is shown in Figure 1. 7.1.2 Performance testing and assessment environment The typical environment of performance testing and assessment is shown in Figure 2. A specialized performance tester is adopted. The tester interface is directly connected to the firewall service interface through a network cable. 7.2 Testing and Assessment of Security Functions 7.2.1 Networking and deployment 7.2.1.1 Deployment mode The testing and assessment methods of deployment mode are as follows. 7.2.1.2 Routing 7.2.1.3 High availability 7.2.1.4 Device virtualization 7.2.1.5 Ipv6 support 7.2.2 Network layer control 7.2.3 Application layer control 7.2.3.1 User management and control The testing and assessment methods of user management and control are as follows. 7.2.3.2 Application type control The testing and assessment methods of application type control are as follows. 7.2.3.3 Application content control ......
Source: Above contents are excerpted from the full-copy PDF -- translated/reviewed by: www.ChineseStandard.net / Wayne Zheng et al.

Tips & Frequently Asked Questions

Question 1: How long will the true-PDF of English version of GB/T 20281-2020 be delivered?

Answer: The full copy PDF of English version of GB/T 20281-2020 can be downloaded in 9 seconds, and it will also be emailed to you in 9 seconds (double mechanisms to ensure the delivery reliably), with PDF-invoice.

Question 2: Can I share the purchased PDF of GB/T 20281-2020_English with my colleagues?

Answer: Yes. The purchased PDF of GB/T 20281-2020_English will be deemed to be sold to your employer/organization who actually paid for it, including your colleagues and your employer's intranet.

Question 3: Does the price include tax/VAT?

Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countries

Question 4: Do you accept my currency other than USD?

Answer: Yes. www.ChineseStandard.us -- GB/T 20281-2020 -- Click this link and select your country/currency to pay, the exact amount in your currency will be printed on the invoice. Full PDF will also be downloaded/emailed in 9 seconds.

Question 5: Should I purchase the latest version GB/T 20281-2020?

Answer: Yes. Unless special scenarios such as technical constraints or academic study, you should always prioritize to purchase the latest version GB/T 20281-2020 even if the enforcement date is in future. Complying with the latest version means that, by default, it also complies with all the earlier versions, technically.

How to buy and download a true PDF of English version of GB/T 20281-2020?

A step-by-step guide to download PDF of GB/T 20281-2020_English

Step 1: Visit website https://www.ChineseStandard.net (Pay in USD), or https://www.ChineseStandard.us (Pay in any currencies such as Euro, KRW, JPY, AUD).
Step 2: Search keyword "GB/T 20281-2020".
Step 3: Click "Add to Cart". If multiple PDFs are required, repeat steps 2 and 3 to add up to 12 PDFs to cart.
Step 4: Select payment option (Via payment agents Stripe or PayPal).
Step 5: Customize Tax Invoice -- Fill up your email etc.
Step 6: Click "Checkout".
Step 7: Make payment by credit card, PayPal, Google Pay etc. After the payment is completed and in 9 seconds, you will receive 2 emails attached with the purchased PDFs and PDF-invoice, respectively.
Step 8: Optional -- Go to download PDF.
Step 9: Optional -- Click Open/Download PDF to download PDFs and invoice.
See screenshots for above steps: Steps 1~3 Steps 4~6 Step 7 Step 8 Step 9