Huawei Eudemon200E-N Next-Generation Firewall



Similar documents
USG6300 Next-Generation Firewall

USG6600 Next-Generation Firewall

HUAWEI Secospace USG6600 Next-Generation Firewall Datasheet

NIP6300/6600 Next-Generation Intrusion Prevention System

SVN5800 Secure Access Gateway

Huawei Eudemon1000E-X series Firewall. Eudemon 1000E-X Series Firewall. Huawei Technologies Co., Ltd.

HUAWEI USG6000 Next-Generation Firewall V100R001. Product Description. Issue 01. Date HUAWEI TECHNOLOGIES CO., LTD.

Game changing Technology für Ihre Kunden. Thomas Bürgis System Engineering Manager CEE

The Hillstone and Trend Micro Joint Solution

How To Protect Your Network From Attack From A Virus And Attack From Your Network (D-Link)

Huawei Network Edge Security Solution

REAL-TIME WEB APPLICATION PROTECTION. AWF SERIES DATASHEET WEB APPLICATION FIREWALL

Huawei Traffic Cleaning Solution

How Traditional Firewalls Fail Today s Networks And Why Next-Generation Firewalls Will Prevail

Network Security. Protective and Dependable. 52 Network Security. UTM Content Security Gateway CS-2000

NetDefend Firewall UTM Services

Huawei Agile WAN Solution

Data Sheet. DPtech Anti-DDoS Series. Overview

Secure Cloud-Ready Data Centers Juniper Networks

Hillstone Intelligent Next Generation Firewall

SonicWALL Clean VPN. Protect applications with granular access control based on user identity and device identity/integrity

Networking for Caribbean Development

V-ISA Reputation Mechanism, Enabling Precise Defense against New DDoS Attacks

McAfee Next Generation Firewall Optimize your defense, resilience, and efficiency.

NetDefend Firewall UTM Services

Eudemon1000E Series Firewall HUAWEI TECHNOLOGIES CO., LTD.

IREBOX X. Firebox X Family of Security Products. Comprehensive Unified Threat Management Solutions That Scale With Your Business

Cyberoam Next-Generation Security. 11 de Setembro de 2015

Product Overview. Product Family. Product Features. Powerful intrusion detection and monitoring capacity

NSFOCUS Web Application Firewall

Cisco Small Business ISA500 Series Integrated Security Appliances

Introducing IBM s Advanced Threat Protection Platform

Next-Generation Firewalls: Critical to SMB Network Security

Next Generation Firewall

Firewall and UTM Solutions Guide

Advantages of Managed Security Services

Log Audit Ensuring Behavior Compliance Secoway elog System

REAL-TIME WEB APPLICATION PROTECTION. AWF SERIES DATASHEET WEB APPLICATION FIREWALL

Simple security is better security Or: How complexity became the biggest security threat

How NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements

QUOTATION FOR UTM 4/26(1)/2009/EDP-HO 06/08/2015

AntiDDoS1000 DDoS Protection Systems

PART D NETWORK SERVICES

Move over, TMG! Replacing TMG with Sophos UTM

The Evolution of the Enterprise And Enterprise Security

Eudemon8000E Series 10-Gigabits IPS security gateway

Jort Kollerie SonicWALL

UNIFIED THREAT MANAGEMENT SOLUTIONS AND NEXT-GENERATION FIREWALLS NETWORK SECURITY NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY

SonicWALL Team Nordic Recommendations for safe Unified Threat Management (UTM) Deployments*

McAfee Network Security Platform A uniquely intelligent approach to network security

Network protection and UTM Buyers Guide

Product Overview. customers in the business of service provider, enterprise, financial services, and public sectors.

R&S SITGate Next-Generation Firewall Secure access to Internet and cloud services

Load Balancing Security Gateways WHITE PAPER

Protecting against DoS/DDoS Attacks with FortiWeb Web Application Firewall

WHITE PAPER. Protecting Your Network From the Inside-Out. Internal Segmentation Firewall (ISFW)

Fighting Advanced Threats

WHITE PAPER. Protecting Your Network From the Inside-Out. Internal Segmentation Firewall (ISFW)

WildFire. Preparing for Modern Network Attacks

Applications erode the secure network How can malware be stopped?

Devising a Server Protection Strategy with Trend Micro

Cisco RSA Announcement Update

Zscaler Internet Security Frequently Asked Questions

Secure Web Gateways Buyer s Guide >

Data Sheet. VLD 500 A Series Viaedge Load Director. VLD 500 A Series: VIAEDGE Load Director

HUAWEI USG2000&5000 Series Unified Security Gateway Content Filtering White Paper

Devising a Server Protection Strategy with Trend Micro

Content Scanning for secure transactions using Radware s SecureFlow and AppXcel together with Aladdin s esafe Gateway

Readiness Assessments: Vital to Secure Mobility

Eudemon8000E Anti-DDoS SPU

REVOLUTIONIZING ADVANCED THREAT PROTECTION

Firewall Testing Methodology W H I T E P A P E R

Introducing FortiDDoS. Mar, 2013

Host-based Intrusion Prevention System (HIPS)

NetScaler: A comprehensive replacement for Microsoft Forefront Threat Management Gateway

McAfee Network Security Platform A uniquely intelligent approach to network security

Agenda. Taxonomy of Botnet Threats. Background. Summary. Background. Taxonomy. Trend Micro Inc. Presented by Tushar Ranka

How To Build A Network Security Firewall

McAfee Network Security Platform A uniquely intelligent approach to network security

White Paper. ZyWALL USG Trade-In Program

The Cisco ASA 5500 as a Superior Firewall Solution

WHAT S NEW IN WEBSENSE TRITON RELEASE 7.8

NetDefend UTM Firewall Series

AntiDDoS8000 DDoS Protection Systems

1. Built-In SPI Firewall to Protect Your Enterprise Network 2. Multi-Spam-Filtering Function Providing High Spam-Filtering Accuracy

Gateway Security at Stateful Inspection/Application Proxy

Fortigate Features & Demo

Eudemon8000 High-End Security Gateway HUAWEI TECHNOLOGIES CO., LTD.

Gigabit Content Security Router

Content-ID. Content-ID enables customers to apply policies to inspect and control content traversing the network.

FortiWeb for ISP. Web Application Firewall. Copyright Fortinet Inc. All rights reserved.

Using Palo Alto Networks to Protect the Datacenter

Architecture Overview

WatchGuard Technologies WatchGuard Technologies

Transcription:

Huawei 200E-N Next-Generation Firewall With the popularity of mobile working using smartphones and tablets, mobile apps, Web2.0, and social networking become integral parts of works. This change in IT environments greatly improves the communication efficiency, but blurs network borders and makes information security more challenging. Traditional security gateway implements security control only based on IP addresses and ports, and cannot cope with the ever-increasing application layer and web threats. Against this background, Huawei launches the 200E-N series next-generation firewall to address these challenges. With the awareness of applications, time, users, attacks, and locations, the 200E-N series clearly maps the network environment to service environment and provides application- and user-based security management and QoS management functions. Based on application identification, the 200E-N series provides powerful IPS, AV capabilities to efficiently and comprehensively secure information. Application protection is the core of the next-generation security. Configuring and managing application protection require more administrators with higher skills, increasing maintenance costs. However, the 200E-N series eliminates such concerns by using the industry-leading SmartPolicy technology to automatically generate security policies based on the service awareness result, making next-generation security simple, consistent, and cost-effective. 200E-N series next-generation firewall Huawei 200E-N Next-Generation Firewall 6-1

Features and Highlights Granular Application Access Control In the Web2.0 era, social networking and IM applications are widely used for communication and information sharing on Internet. Massive applications are used, and most of them use the same protocol (HTTP) and the same port. Traditional firewalls are aware of IP addresses and ports, but not of user information, service environment, and application-layer information. However, awareness is the basis of access control and security protection. Firewalls require comprehensive context awareness to effectively take actions and protect information security. Huawei 200E-N series next-generation firewall analyzes internet service traffic from multidimensions, including application, time, user, attack, and location and implements comprehensive network protection. Application: Identifies 6000+ mobile and web applications using technologies, such as feature identification, port identification, correlation identification, and behavior identification. Application awareness, coupled with antivirus scanning, can recognize traffic of different applications and detect the viruses, Trojan horses, and malware hidden in applications. User: Supports eight user authentication methods, including RADIUS, LDAP, and AD authentication to associate traffic IP addresses and ports with users for per-user traffic control. Threat: Provides over 5000 signatures for attack identification. The 200E-N series defends against web application attacks, such as cross-site scripting and SQL injection attacks, identifies and defends against more than 10 types of DDoS attacks, including SYN flood and UDP flood attacks, and identifies more than 5,000,000 viruses. With cloud-based URL filtering enabled, the 200E-N series provides over 85,000,000 predefined URLs to block malicious websites. Time: Records the time when traffic anomalies or security events occur to provide evidence for audit. Location: Identifies the location where the traffic is initiated to implement differentiated traffic control in different regions. The 200E-N series supports location customization based on IP addresses. Based on the Context-awareness system, the 200E-N series next-generation firewall accurately identifies threats hidden in applications and implements granular access control and network protection. Easy Security Management Traditional security gateways and most next-generation firewalls can only passively execute policies configured by administrators. However, in the real world, attacks are usually a step ahead of network administrators. Therefore, completely relying on administrators cannot protect network security in the long run. However, Huawei 200E-N series next-generation firewall can proactively discover network risks and dynamically generate protection and optimizing advises, like a security consultant. Proactive functions of security appliances are better than completely relying on administrators in the long run. 6-2 Huawei 200E-N Next-Generation Firewall

Compared with the traditional security gateways, the next-generation firewall features granular application control and in-depth application protection. Compared with traditional firewalls, using 5-tuple-based policies on the next-generation firewall does not improve network security. Next-generation firewalls have more powerful functions. However, configuring and managing these functions require more administrators with higher skills, which means a higher operation cost. The 200E-N series resolves this issue using the SmartPolicy technology. After automatic traffic pattern learning, the 200E-N automatically generates security policies using the predefined knowledge base. Enterprise administrators need only a confirmation before the firewall applies the policies to the network. The SmartPolicy function decreases the TCO by 30% using the following functions: Dynamically discover security risks and automatically generate police tuning suggestions. Discover invalid and redundant policies to remove them. Excellent Performance Nowadays, hackers are launching organized attacks for illegal gains. Therefore, in-depth application protection, such as application-layer access control and intrusion prevention, becomes a must for network protection. However, the throughput of UTM devices is poor when application-layer protection is enabled. Huawei 200E-N Next-Generation Firewall 6-3

In contrast, the 200E-N series uses the Intelligent Awareness Engine (IAE) to implement Layer-7 protection and still deliver a throughput of a Layer-4 gateway. The traditional threat detection engine implements per-packet inspection and is easy to evade. The IAE analyzes and processes multiple services concurrently. The hardware acceleration module conducts core application analysis and signature matching, concurrently processing each security services, and updates the security status. This structure ensures the minimum compromise of the overall performance with multiple security services enabled. In terms of hardware, the 200E-N series uses the dedicated multi-core platform for parallel processing. In addition, it uses the hardware acceleration technology and the content security acceleration chip on the CPU to function with the IAE for higher detection efficiency. The combination of the intelligent awareness engine and the elastic hardware structure enable the 200E-N series to deliver 10-Gigabit level threat prevention performance, meeting the security protection requirements of large data centers. Prevention of Unknown Threats Unknown threats refer to the threats whose signatures are not yet extracted. These threats attack networks mainly through email and web access. Unknown attacks may occur when a user downloads a malicious email attachment, clicks a malicious URL link in an email message, executes a malicious script, or downloads a malicious file. However, the security devices cannot detect such attacks because they have no signatures to match them. To address this issue, Huawei 200E-N series next-generation firewall uses the Power Fortress Cloud detection system to detect unknown threats, and prevent Advanced Persistent Threat (APT) attacks. This system simulates suspicious samples collected around the world in the cloud sandbox and virtualization system to analyze these samples, including behavior analysis and service awareness, to detect viruses, 0-day attacks, phishing websites, botnets, and malicious websites. If any threat is found in a sample, the system further identifies the threat by IP address, domain name, file, URL, location, spam, user IP, and history. Then the system updates the global reputation detection and query system in the cloud. With 7 x 24 pushing service of the Power Fortress Cloud-U cloud center for security knowledge base updates, the 200E-N series can obtain the latest threat detection and prevention capability to effective defend against unknown threats. Typical Application Scenarios Network Isolation and VPN Interconnection Challenges for customers: Network areas are not clearly divided, access control is insufficient, and the data transmitted between mobile employees or branches and the headquarters is likely to be intercepted or tampered. Highlights of the solution: delivers high throughput to avoid bottleneck at network borders, supports security zones to clearly divide networks, offers flexible packet filtering policies to accurately control communication, and encapsulates and checks packets of VPN users to ensure the security of data communication. 6-4 Huawei 200E-N Next-Generation Firewall

IPSec VPN Service System DMZ Intranet Branch IPSec VPN -N Mobile access External Threat Prevention Challenges for customers: Coming along with the abundant Internet resources are threats such as DDoS attacks, malicious intrusions, and viruses. Highlights of the solution: The capabilities of supporting large numbers of concurrent connections and new connections per second help to combat the numerous DDoS attacks. Empowered by advanced IPS and anti-virus technologies as well as vulnerability-based and real-time updated signature database, the 200E-N series implements near-zero false positives and negatives and a detection ratio of higher than 99%; defends against diversified threats from the Internet, and ensures the security of the intranet. Intrusions Botnet -N Service System Trojan Worm Online Behavior Management Challenges for customers: None-work-related Internet surfing, P2P download, online games, and stock transaction waste bandwidths for business, reduce employee productivity, and pose potential risks from malicious codes and hacker attacks. Huawei 200E-N Next-Generation Firewall 6-5

Highlights of the solution: The 200E-N series provides over 6000 of identifiable applications, providing visibility into the applications running on your network. The URL database containing 8.5 million website URLs helps to shield against Trojan horse-embedded and phishing sites, block pornographic and gambling sites, regulate employee online behaviors and prevent them from engaging in activities that would harm internal network security. Multi-dimensional control measures based on users, applications, time, and bandwidth ensure bandwidth for mission-critical services and improve the bandwidth usage. You can work more efficiently and have P2P, IM, game sites, and other websites under control. P2P Service net Service net -N net unlawful net IM net Product Specifications Model 200E-N1D 200E-N1 200E-N2 200E-N3 200E-N5 Firewall throughput 1Gbit/s 1Gbit/s 2Gbit/s 4Gbit/s 8Gbit/s IPS throughput(ips) 580Mbit/s 580Mbit/s 580Mbit/s 2Gbit/s 2Gbit/s Full threats throughput(ips+av) Maximum concurrent sessions New sessions/ second VPN Throughput (IPSec, 3DES) Maximum concurrent sessions SSL VPN Maximum concurrent sessions 480Mbit/s 480Mbit/s 480Mbit/s 1.8Gbit/s 1.8Gbit/s 500,000 1,500,000 2,000,000 4,000,000 4,000,000 20,000 30,000 30,000 60,000 80,000 400Mbit/s 400Mbit/s 400Mbit/s 3Gbit/s 3Gbit/s 2,000 4,000 4,000 4,000 4,000 200 500 500 1000 1000 MTBF 19.06years 11.58years 11.58years 11.96years 11.96years Physical Specifications Fixed Interface 8GE 4GE+2Combo 4GE+2Combo 8GE+4SFP 8GE+4SFP Slots - 2WSIC 2WSIC 2WSIC 2WSIC Interface card type - 2 10GE(SFP+)+8 GE(RJ45), 8 GE(RJ45), 8 GE (SFP), 4 GE(RJ45)BYPASS Height Desktop 1U 1U 1U 1U 6-6 Huawei 200E-N Next-Generation Firewall

Dimensions (H x W x D) Weight (full configuration) HDD - Redundant power supply Physical Specifications 300*220*44.5 442*421*43.6 442*421*43.6 442*421*43.6 442*421*43.6 1.7KG 10KG 10KG 10KG 10KG Optional. Supports single 300 GB hard disks (Hot swappable). Optional. Supports single 300 GB hard disks (Hot swappable). - Optional Optional Optional Optional AC power supply 100~240V 100~240V 100~240V 100~240V 100~240V DC power supply - -48~-60V -48~-60V -48~-60V -48~-60V Maximum power 60W 170W 170W 170W 170W Certifications ICSA Labs Hardware Firewall,IPS CB,CCC,CE-SDOC,ROHS,REACH&WEEE(EU),C-TICK,ETL,FCC&IC,VCCI,BSMI Functions Access Control Application Awareness User Awareness Intrusion prevention Anti-Virus URL Filter VPN Routing Security virtualization Anti-DDoS Working mode and availability Intelligent management (Application, Time, User, Attack, Location) based access control Fine-grained identification of over 6000 application protocols, application-specific action, and online update of signature databases. Eight authentication methods (local, RADIUS, HWTACACS, Secure ID, AD, CA, LDAP, and Endpoint Security) Provides over 5000 signatures for attack identification. Supports user-defined IPS signatures. Defense against web application attacks, such as cross-site scripting and SQL injection attacks. Combination of application identification and virus scaning to recognize the viruses (more than 5 millions), Trojan horses, and malware hidden in applications Cloud-based URL filtering with a URL category database that contains over 85 million URLs in over 130 categories;url blacklist and whitelist and keyword filtering. VPN technologies: IPSec VPN, SSL VPN, L2TP VPN, MPLS VPN, and GRE. Support DSVPN. IPv4: static routing, RIP, OSPF, BGP, and IS-IS IPv6: RIPng, OSPFv3, BGP4+, IPv6 IS-IS, IPv6 RD, and ACL6 Virtualization of security features, forwarding statistics, users, management operations, views, and resources (such as bandwidths and sessions) Defense against more than 10 types of DDoS attacks, such as the SYN flood and UDP flood attacks Transparent, routing, or hybrid working mode and high availability (HA), including the Active/Active and Active/Standby mode Smart Policy: evaluates the network risks based on the passed traffic and intelligently generates policies based on the evaluation to automatically optimize security policies. Supports policy matching ratio analysis and the detection of conflict and redundant policies to remove them, simplifying policy management. Provides a global configuration view and integrated policy management. The configurations can be completed in one page. Provides visualized and multi-dimensional report display by user, application, content, time, traffic, threat, and URL. Huawei 200E-N Next-Generation Firewall 6-7

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information