Eudemon1000E Series Firewall HUAWEI TECHNOLOGIES CO., LTD.

Similar documents
Eudemon8000 High-End Security Gateway HUAWEI TECHNOLOGIES CO., LTD.

Huawei Eudemon1000E-X series Firewall. Eudemon 1000E-X Series Firewall. Huawei Technologies Co., Ltd.

Quidway SVN3000 Security Access Gateway

Eudemon8000E Anti-DDoS SPU

Huawei One Net Campus Network Solution

Huawei Traffic Cleaning Solution

Product Overview. Product Family. Product Features. Powerful intrusion detection and monitoring capacity

Eudemon8000E Series 10-Gigabits IPS security gateway

Log Audit Ensuring Behavior Compliance Secoway elog System

HUAWEI USG6000 Next-Generation Firewall V100R001. Product Description. Issue 01. Date HUAWEI TECHNOLOGIES CO., LTD.

SVN5800 Secure Access Gateway

V-ISA Reputation Mechanism, Enabling Precise Defense against New DDoS Attacks

SVN3000 Security Access Gateway SSL/IPSec VPN Access Gateway

Data Sheet. DPtech Anti-DDoS Series. Overview

Huawei Network Edge Security Solution

1 Network Service Development Trends and Challenges

United Security Technology White Paper

AntiDDoS1000 DDoS Protection Systems

DPtech ADX Application Delivery Platform Series

Huawei Agile WAN Solution

Data Sheet. V-Net Link 700 C Series Link Load Balancer. V-NetLink:Link Load Balancing Solution from VIAEDGE

Technical White Paper for Multi-Layer Network Planning

Huawei Eudemon200E-N Next-Generation Firewall

HUAWEI Tecal E6000 Blade Server

How Cisco IT Uses Firewalls to Protect Cisco Internet Access Locations

SIG9800 Series Service Inspection Gateway

Part Number: HG253s V2 Home Gateway Product Description V100R001_01. Issue HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Secospace USG6600 Next-Generation Firewall Datasheet

Game changing Technology für Ihre Kunden. Thomas Bürgis System Engineering Manager CEE

Huawei esight Brief Product Brochure

Optimal Network Connectivity Reliable Network Access Flexible Network Management

UTT Technologies offers an effective solution to protect the network against 80 percent of internal attacks:

Cisco Integrated Services Routers Performance Overview

USG6600 Next-Generation Firewall

Sophos SG Series Appliances

Optimal Network Connectivity Reliable Network Access Flexible Network Management

Introduction of Quidway SecPath 1000 Security Gateway

Huawei NE5000E 400Gbps Flexible Line Processing Unit

Total solution for your network security. Provide policy-based firewall on scheduled time. Prevent many known DoS and DDoS attack

Secospace elog. Secospace elog

Customer Training Catalog Training Programs IDC

HUAWEI OceanStor Load Balancing Technical White Paper. Issue 01. Date HUAWEI TECHNOLOGIES CO., LTD.

USG6300 Next-Generation Firewall

Security Technology White Paper

Secure VoIP for optimal business communication

Table of Contents. 1 Overview 1-1 Introduction 1-1 Product Design 1-1 Appearance 1-2

Gigabit Multi-Homing VPN Security Router

Clavister SSP Security Service Platform firewall VPN termination intrusion prevention anti-virus content filtering traffic shaping authentication

DATA SECURITY 1/12. Copyright Nokia Corporation All rights reserved. Ver. 1.0

SDN, a New Definition of Next-Generation Campus Network

How Cisco IT Protects Against Distributed Denial of Service Attacks

Huawei Smart Education Solution

Gigabit Content Security Router

Huawei Business Continuity and Disaster Recovery Solution

Cisco SR 520-T1 Secure Router

Improving Quality of Service

HUAWEI TECHNOLOGIES CO., LTD. HUAWEI FusionServer X6800 Data Center Server

How To Create A Network Access Control (Nac) Solution

VALIDATING DDoS THREAT PROTECTION

Recommended IP Telephony Architecture

IREBOX X. Firebox X Family of Security Products. Comprehensive Unified Threat Management Solutions That Scale With Your Business

DDoS Protection Technology White Paper

Radware s Smart IDS Management. FireProof and Intrusion Detection Systems. Deployment and ROI. North America. International.

Federal Computer Incident Response Center (FedCIRC) Defense Tactics for Distributed Denial of Service Attacks

Cisco Intrusion Prevention System Advanced Integration Module for Cisco 1841 and Cisco 2800 and 3800 Series Integrated Services Routers

Why Is DDoS Prevention a Challenge?

NIP6300/6600 Next-Generation Intrusion Prevention System

AscenLink. Aggregating links for maximum performance. WAN Traffic Management

VRRP Technology White Paper

Total Cost of Ownership: Benefits of Comprehensive, Real-Time Gateway Security

Securing Cisco Network Devices (SND)

NetStream (Integrated) Technology White Paper HUAWEI TECHNOLOGIES CO., LTD. Issue 01. Date

ITL BULLETIN FOR JANUARY 2011

Assuring Your Business Continuity

Gigabit Multi-Homing VPN Security Router

Cisco RV 120W Wireless-N VPN Firewall

A Layperson s Guide To DoS Attacks

Virtualized Security: The Next Generation of Consolidation

QuickSpecs. Models. Features and benefits Configuration. HP VCX x3250m2 IP Telecommuting Module. HP VCX x3250m2 IP Telecommuting Module Overview

HUAWEI TECHNOLOGIES CO., LTD. USG9500 Series. Cloud Data Center Security Gateway

Data Center Solution V100R001C00. Network Design Guide. Issue 01. Date HUAWEI TECHNOLOGIES CO., LTD.

WAN Traffic Management with PowerLink Pro100

Scalable. Reliable. Flexible. High Performance Architecture. Fault Tolerant System Design. Expansion Options for Unique Business Needs

Scalable. Reliable. Flexible. High Performance Architecture. Fault Tolerant System Design. Expansion Options for Unique Business Needs

Cisco IPS 4200 Series Sensors

Cisco IPS AIM and IPS NME for Cisco 1841 and Cisco 2800, 2900, 3800 and 3900 Series Integrated Services Routers

On-Premises DDoS Mitigation for the Enterprise

Business Case for a DDoS Consolidated Solution

IBM Security Network Intrusion Prevention System

Using Palo Alto Networks to Protect the Datacenter

INTRODUCTION TO FIREWALL SECURITY

The Gateway to VoIP World

Cisco RV082 Dual WAN VPN Router Cisco Small Business Routers

Quality Certificate for Kaspersky DDoS Prevention Software

NSFOCUS Web Application Firewall White Paper

Cisco ASA 5500 Series IPS Solution

CloudEngine Series Data Center Switches. Cloud Fabric Data Center Network Solution

DDoS Protection. How Cisco IT Protects Against Distributed Denial of Service Attacks. A Cisco on Cisco Case Study: Inside Cisco IT

Mingyu Web Application Firewall (DAS- WAF) All transparent deployment for Web application gateway

Transcription:

HUAWEI TECHNOLOGIES CO., LTD.

Product Overview The Eudemon1000E series product (hereinafter referred to as the Eudemon1000E) is a new generation of multi-function security gateway designed by Huawei to meet the requirements for heavy traffic security applications. The Eudemon1000E, featuring high performance, sound reliability, excellent scalability, and favorable maintenance, is widely applied to the networks of large organizations in operator, government, finance, energy, and education sectors, providing advanced solutions to customers. Based on the latest multi-core hardware architecture design, sophisticated and reliable VRP software platform, as well as hardware and software-level reliability support, the Eudemon1000E ensures the service continuity on customer networks. The open system architecture enables the Eudemon1000E to support the flexible expansion in physical interfaces and software functions. This can effectively protect customers' investment and continuously help customers enhance product values. In addition, the Eudemon1000E provides multiple management and maintenance modes to help customers effectively manage devices, rapidly identify faults, which simplifies the maintenance process. The Eudemon1000E integrates the GTP protection function in a modular manner. This feature enables the Eudemon1000E to handle the risks encountered during GTP transmission and to provide an effective GTP protection solution to operators. Product Series Eudemon1000E-U2 Eudemon1000E-U3 Eudemon1000E-U5 Eudemon1000E-U6 1

Product Features Network Security Helping Customers Comprehensively Ensure Increasing Service Traffic Industry-leading Performance The multi-core parallel processing technique substantially enhances the performance of the Eudemon1000E, which can process dozens of threads in a parallel manner. With three industry-leading performance specifications, the Eudemon1000E brings wonderful performance experience to customers. In terms of connections per second, the most crucial performance specification of the firewall, the Eudemon1000E, with 150000 connections per second, is in an absolutely leading position. The Eudemon1000E can set up a large number of connections in a short time for network access, which increases forwarding rate and decreases delay. In addition, this performance advantage enables the Eudemon1000E to effectively deal with burst traffic and attack traffic. The Eudemon1000E can meets customers' requirements for different high-speed forwarding applications and thus satisfy the increasing needs for high bandwidth on user networks. Powerful NAT Technology NAT, as one of the key technologies of the firewall product, is widely applied in different application scenarios. The Eudemon1000E can provide powerful NAT forwarding performance to customers. In addition, the Eudemon1000E offers multiple advanced NAT techniques, including extended NAT, application-layer NAT traversal, bidirectional NAT, and NAT server load balancing. The extended NAT technique realizes NAT/PAT by translating the addresses of multiple inside hosts to a single Internet IP address. This technique effectively helps customers save Internet address resources. With the extended NAT technique, one Internet IP address is enough for internal users to access external networks no matter the internal network is large or small. Adopting the advanced technologies to meet customers' actual needs, the Eudemon1000E can better meet the customers' network requirements. High-capacity VPN With the applications of organizational networks, needs for encrypted data transmission increasingly grow. The Eudemon1000E, depending on its leading hardware platform, can provide high VPN performance and up to 20000 VPN tunnels. With the Eudemon1000E, customers no longer need to worry about the performance of data encryption transmission and heavy traffic network applications such as video and audio applications. The Eudemon1000E can ensure high-speed and secure data transmission, thus providing customers with Gbps-level encryption transmission experience. All-round P2P Traffic Monitoring P2P, the killer of bandwidth application, interrupts the normal applications of organizations and has been the top concern of most organizations. P2P application control has been a hard practice due to its protocol flexibility. The Eudemon1000E, based on the 2

powerful network protocol analysis capability owned by Huawei, can precisely identify up to 20 types of P2P traffic and control P2P traffic in different modes such as single user-based control, groupbased control, and global control, which effectively guarantees the bandwidth of customers, helps customers plan network traffic, and enhances network application value. Comprehensive Service System Guarantee Based on the powerful scalability, the Eudemon1000E integrates multiple network and security defense technologies to provide comprehensive protection for customers' key services. DDoS Attack Defense The Eudemon1000E can defend against heavy traffic DDoS attacks, thus protecting customers' service systems against DDoS attacks. Depending on the excellent performance, the Eudemon1000E can defend against Mpps-level DDoS attacks and precisely identify and control multiple types of DDoS attacks such as SYN flood, UDP flood, ICMP flood, DNS flood, and CC attacks. In addition, the Eudemon1000E can identify and defend against worm virus traffic by using Huawei-proprietary intelligent Control Algorithm (ICA). This ensures normal access during the process of identifying DDoS attack traffic. The Eudemon1000E can protect customers' network in complicated network application scenarios and has been accepted as the industry-leading DDoS protection device. Load Balancing Mechanism and Network Redundancy To ensure high reliability of key service systems, load balancing and redundancy techniques as key techniques are adopted on the Eudemon1000E. In terms of hardware architecture, 1000 Mbps interfaces of the Eudemon1000E are all in optical-electrical backup mode. This offers more flexibilities in interface type options to customers. The Eudemon1000E supports concurrency of two links on one interface. This ensures data transmission in case of physical link faults. In addition, the Eudemon1000E supports interface aggregation which bundles multiple physical interfaces into one logical interface. These aggregated interfaces can work in a concurrent manner to enhance the bandwidth of the entire link and each physical link supports load balancing and backup. Two Eudemon1000E devices can be deployed in load balancing networking environment, proportionally processing traffic at the egress. Once one of them is faulty, the other one automatically takes over the transactions. This maximally ensures the network reliability. Helping Customers Continuously Enhance Service Capabilities Based on the powerful scalability and modularized hardware and software platform architectures, the Eudemon1000E can scale to network requirements and integrate new features. In terms of hardware architecture, the Eudemon1000E can provide not only 1000 Mbps interfaces but also 100 Mbps interfaces. This offers great flexibility in networking applications. In terms of software architecture, the Eudemon1000E can provide new functions for customers by upgrading and updating software modules. Currently, the Eudemon1000E can support the virtual firewall and GTP protection function by upgrading software modules. With the virtual firewall function, the Eudemon1000E can logically categorize and manage security services on one physical device for management. 3

This reduces service management risks and enhances the utilization efficiency of the whole device. Powerful Maintenance and Management Function Based on long-term accumulated experience in network security development, Huawei provides customers with diversified and userfriendly management and maintenance modes. The Eudemon1000E supports the three-in-one maintenance mode that integrated configuration, debugging, and black box. The Eudemon1000E supports management and configuration through both Webbased graphic user interfaces and command line interfaces. The powerful debugging function provided by the Eudemon1000E allows customers to customize the format of output information in case of network faults. This helps customers rapidly identify and troubleshoot network faults. The built-in black box keeps all the crucial information before the faults. This can help directly locate faults and provide customers with clear state information. Environment-friendly New Experience The design of the Eudemon1000E fully considers power consumption. The Eudemon1000E adopts optimized components including the processing chip, system fan, and power modules. In addition, intelligent power control technique is applied to key inside power units to ensure device running and control power consumption. For example, if conditions permit, the intelligent power control technique automatically reduces the rotation speed of the fan and brings the backup power module into dormant state, thus significantly reducing the power consumption of the integrated device. The power consumption of the integrated device in normal working state is 70 W to 80 W and the maximum power consumption is controlled under 100 W, which is only a quarter as high as that of the counterpart products. Low power consumption and high performance of the Eudemon1000E help customers significantly reduce later maintenance cost and bring remarkable economic benefits. 4

Typical Networking Eudemon200E Telenet User Branch Internet VPN tunnel SOHO User Eudemon200E Link Aggregation Key Service System Eudemon1000E Data Center Intranet Typical networking of the Eudemon1000E GTP Features With the increasing development of the wireless communication technology, a variety of wireless applications enter into our life. Mobiles and handset wireless terminals can access the Internet at any time, any place. GTP plays an important role in data transmission. However, operators are exposed to severe threats and challenges because of the inherent vulnerabilities and issues of GTP, which can be exploited by attackers to launch GTP-specific anomaly attacks, GTP spoofing attacks, and other attacks that result in resources exhaustion and accounting overflow. Huawei, based on power technical advantages in core network and network security, provides customers with comprehensive GTP protection solution, which can effectively solve security problems on operators' networks. 5

INTERNET SGSN Eudemon1000E GGSN Mobile Phone/Wireless Terminal Users Deployed on Gn, Gi, and Gp to Protect GTP Applications Typical networking of the Eudemon1000E in the GTP support scenario Product Specifications Item Eudemon1000E-U2 Eudemon1000E-U3 Eudemon1000E-U5 Eudemon1000E-U6 Maximum throughput 2Gbps 4Gbps 6Gbps 8Gbps Connections per second 60000 80000 100000 150000 Number of concurrent connections 1600000 1600000 2000000 2000000 Maximum VPN throughput 2Gbps 4Gbps 5Gbps 6Gbps Number of VPN tunnels 20000 20000 20000 20000 Maximum number of ACL rules 30000 30000 30000 30000 Maximum GTP throughput 2Gbps 4Gbps 6Gbps 8Gbps Maximum number of GTP tunnels 200000 200000 200000 200000 Maximum number of virtual firewalls 100 100 100 100 6

Item Eudemon1000E-U2 Eudemon1000E-U3 Eudemon1000E-U5 Eudemon1000E-U6 Fixed interfaces 4 GE optical/electrical interfaces 1 Console port 2 USB interfaces Number of expansion slots 2 Expansion slot type 4 FE (10/100M) module 2 GE electro-optical interface module Dimensions (mm) (W D H) 436 560 44.2 Weight Input voltage 10kg 100 V AC to 240 V AC -48 V DC to -60 V DC Maximum/average power 100/75W Mean time between failures (MTBF) 37.54 years NO WARRANTY THE CONTENTS OF THIS BROCHURE ARE PROVIDED AS IS. EXCEPT AS REQUIRED BY APPLICABLE LAWS, NO WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, ARE MADE IN RELATION TO THE ACCURACY, RELIABILITY OR CONTENTS OF THIS MANUAL. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO CASE SHALL HUAWEI TECHNOLOGIES CO., LTD BE LIABLE FOR ANY SPECIAL, INCIDENTAL, INDIRECT, OR CONSEQUENTIAL DAMAGES, OR LOST PROFITS, BUSINESS, REVENUE, DATA, GOODWILL OR ANTICIPATED SAVINGS. Copyright Huawei Technologies Co., Ltd. 2009. All Rights Reserved. The information contained in this document is for reference purpose only, and is subject to change or withdrawal according to specific customer requirements and conditions. HUAWEI TECHNOLOGIES CO., LTD. Add: Huawei Industrial Base Bantian Longgang Shenzhen 518129, P.R. China Tel: +86-755-28780808 Version No.: M3-080030-20090416-C-1.0 www.huawei.com

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information