Eudemon8000 High-End Security Gateway HUAWEI TECHNOLOGIES CO., LTD.



Similar documents
Eudemon1000E Series Firewall HUAWEI TECHNOLOGIES CO., LTD.

Eudemon8000E Anti-DDoS SPU

Huawei Traffic Cleaning Solution

Quidway SVN3000 Security Access Gateway

Data Sheet. DPtech Anti-DDoS Series. Overview

Huawei Eudemon1000E-X series Firewall. Eudemon 1000E-X Series Firewall. Huawei Technologies Co., Ltd.

Product Overview. Product Family. Product Features. Powerful intrusion detection and monitoring capacity

Security Technology White Paper

AntiDDoS1000 DDoS Protection Systems

HUAWEI OceanStor Load Balancing Technical White Paper. Issue 01. Date HUAWEI TECHNOLOGIES CO., LTD.

DPtech ADX Application Delivery Platform Series

AntiDDoS8000 DDoS Protection Systems

Log Audit Ensuring Behavior Compliance Secoway elog System

Technical White Paper for Multi-Layer Network Planning

NIP6300/6600 Next-Generation Intrusion Prevention System

United Security Technology White Paper

V-ISA Reputation Mechanism, Enabling Precise Defense against New DDoS Attacks

HUAWEI. Quidway Eudemon Series Firewall HUAWEI

Huawei One Net Campus Network Solution

Eudemon8000E Series 10-Gigabits IPS security gateway

Huawei Network Edge Security Solution

Gigabit Content Security Router

Virtualized Security: The Next Generation of Consolidation

DDoS Protection Technology White Paper

Federal Computer Incident Response Center (FedCIRC) Defense Tactics for Distributed Denial of Service Attacks

Introducing FortiDDoS. Mar, 2013

CloudEngine Series Data Center Switches. Cloud Fabric Data Center Network Solution

Huawei NE5000E 400Gbps Flexible Line Processing Unit

Radware s Attack Mitigation Solution On-line Business Protection

UTT Technologies offers an effective solution to protect the network against 80 percent of internal attacks:

A S B

HUAWEI Tecal E6000 Blade Server

FortiDDos Size isn t everything

HUAWEI USG6000 Next-Generation Firewall V100R001. Product Description. Issue 01. Date HUAWEI TECHNOLOGIES CO., LTD.

Game changing Technology für Ihre Kunden. Thomas Bürgis System Engineering Manager CEE

Secospace elog. Secospace elog

SIG9800 Series Service Inspection Gateway

VALIDATING DDoS THREAT PROTECTION

Smart Tips. Enabling WAN Load Balancing. Key Features. Network Diagram. Overview. Featured Products. WAN Failover. Enabling WAN Load Balancing Page 1

Firewall. User Manual

NSFOCUS Network Traffic Analyzer (NTA)

SVN5800 Secure Access Gateway

Gigabit Multi-Homing VPN Security Router

A Layperson s Guide To DoS Attacks

How To Create A Network Access Control (Nac) Solution

Networking Technology Online Course Outline

HUAWEI Secospace USG6600 Next-Generation Firewall Datasheet

Data Sheet. V-Net Link 700 C Series Link Load Balancer. V-NetLink:Link Load Balancing Solution from VIAEDGE

CS5008: Internet Computing

Avaya P333R-LB. Load Balancing Stackable Switch. Load Balancing Application Guide

Firewall Defaults and Some Basic Rules

Complete Protection against Evolving DDoS Threats

Data Center Solution V100R001C00. Network Design Guide. Issue 01. Date HUAWEI TECHNOLOGIES CO., LTD.

Load Balance Router R258V

Why Is DDoS Prevention a Challenge?

HUAWEI TECHNOLOGIES CO., LTD. Anti-DDoS Solution

Introduction of Quidway SecPath 1000 Security Gateway

How Cisco IT Uses Firewalls to Protect Cisco Internet Access Locations

Huawei Eudemon200E-N Next-Generation Firewall

SVN3000 Security Access Gateway SSL/IPSec VPN Access Gateway

How Cisco IT Protects Against Distributed Denial of Service Attacks

Are you safe from DDoS attacks?

Non-blocking Switching in the Cloud Computing Era

USG6600 Next-Generation Firewall

Firewalls and Intrusion Detection

S5700S-LI Series Gigabit Enterprise Switches

Table of Contents. 1 Overview 1-1 Introduction 1-1 Product Design 1-1 Appearance 1-2

VLAN and QinQ Technology White Paper

Firewalls. Ingress Filtering. Ingress Filtering. Network Security. Firewalls. Access lists Ingress filtering. Egress filtering NAT

Huawei Business Continuity and Disaster Recovery Solution

Network Concepts. IT 4823 Information Security Concepts and Administration. The Network Environment. Resilience. Network Topology. Transmission Media

How To Block A Ddos Attack On A Network With A Firewall

SonicWALL Clean VPN. Protect applications with granular access control based on user identity and device identity/integrity

WHITE PAPER. FortiGate DoS Protection Block Malicious Traffic Before It Affects Critical Applications and Systems

Automated Mitigation of the Largest and Smartest DDoS Attacks

WAN Traffic Management with PowerLink Pro100

SDN, a New Definition of Next-Generation Campus Network

DDoS Protection on the Security Gateway

DDoS Protection. How Cisco IT Protects Against Distributed Denial of Service Attacks. A Cisco on Cisco Case Study: Inside Cisco IT

Safeguards Against Denial of Service Attacks for IP Phones

Availability Digest. Prolexic a DDoS Mitigation Service Provider April 2013

White paper. TrusGuard DPX: Complete Protection against Evolving DDoS Threats. AhnLab, Inc.

The Product Description of SmartAX. MT882 ADSL2+ Router

NSFOCUS Web Application Firewall White Paper

1. Introduction. 2. DoS/DDoS. MilsVPN DoS/DDoS and ISP. 2.1 What is DoS/DDoS? 2.2 What is SYN Flooding?

TDC s perspective on DDoS threats

What is a Firewall? A choke point of control and monitoring Interconnects networks with differing trust Imposes restrictions on network services

USG6300 Next-Generation Firewall

Part Number: HG253s V2 Home Gateway Product Description V100R001_01. Issue HUAWEI TECHNOLOGIES CO., LTD.

Acquia Cloud Edge Protect Powered by CloudFlare

1. Firewall Configuration

SecurityDAM On-demand, Cloud-based DDoS Mitigation

SonicOS 5.9 One Touch Configuration Guide

MPLS L2VPN (VLL) Technology White Paper

Huawei Agile WAN Solution

Internet Firewall CSIS Internet Firewall. Spring 2012 CSIS net13 1. Firewalls. Stateless Packet Filtering

CloudFlare advanced DDoS protection

Technical Brief. DualNet with Teaming Advanced Networking. October 2006 TB _v02

Transcription:

Eudemon8000 High-End Security Gateway HUAWEI TECHNOLOGIES CO., LTD.

Product Overview Faced with increasingly serious network threats and dramatically increased network traffic, carriers' backbone networks, large-scale enterprises' egresses, and Internet Data Centers (IDCs) propose higher requirements of security measures on network boundaries. Traditional firewalls cannot provide qualified security measures required by high-end customers. To meet the new requirements of high-end customers, Huawei launches the Eudemon8000 series products, which are security gateways of large capacity and high performance. Adopting the advanced distributed hardware architecture and high-capacity non-blocking hardware switching and forwarding technology, the Eudemon8000 series products support a maximum of 20 Gbps throughput, powerful attack-defense capability, various service features, and high-capacity high-density interface boards that support a maximum of 10 G interfaces. The Eudemon8000 series products can meet high-end customers' requirements of high reliability and high performance and provide an ideal security network platform for large-scale enterprises, operators, and IDCs. Product Series Product Features Advanced and scalable distributed structure The Eudemon8040 and the Eudemon8080 are configured with four and eight expansion slots respectively. The number of service processing boards and interface boards to be configured is at users' option. The Eudemon8000 series products adopt the advanced distributed hardware architecture, and load balancing is implemented among service boards. The Eudemon8000 series products support the scalable security solution with throughput at a maximum of 20 Gbps. Eudemon8040 Eudemon8080 Powerful attack defense and capability of abnormal traffic cleaning The Eudemon8000 series products can defend against DDoS attacks at a speed of 6000000 pps. Even under the attacks with the line

speed at 10 G, the Eudemon8000 series products can effectively distinguish the attack traffic from the normal traffic and then clean the attack traffic to guarantee the secure transmission of service traffic. The Eudemon8000 series products support various and flexible attack defense technologies, including attack fingerprint identification, automatic learning of the attack library, and Intelligent Connection Algorithm (ICA), which can effectively defend against various attacks such as SYN flood, UDP flood, CC attacks, and ICMP flood. At the egresses of carriers' LANs, the deployment of the Eudemon8000 series products can provide two solutions of traffic cleaning: direct cleaning and bypass cleaning. In bypass cleaning, the Eudemon8000 series products cooperate with the Huawei Service Inspection Gateway (SIG). The SIG monitors outgoing traffic and incoming traffic of the whole network; the Eudemon8000 series products divert and clean the abnormal traffic, and then inject the cleaned traffic to the original path. In addition, the Eudemon8000 series products control abnormal traffic such as DDoS attack traffic and P2P traffic with fine granularity to prevent the junk traffic from saturating network links. Extensive network interfaces The Eudemon8040 and Eudemon8080 support multiple interface boards, including 155 M/622 M/2.5G/10G POS interface boards, and Ethernet interface boards such as FE/GE/10 G Ethernet interface boards. The integrated equipment of the Eudemon8000 can provide two 10 GE interfaces, sixteen GE interfaces or one-hundredand-twenty-eight FE interfaces, which can meet the network requirements of high interface capacity or high interface density such as large-scale enterprises, carriers' LANs, and IDCs. High reliable firewalls The Eudemon8000 series products are carrier-class reliable security gateways. All components are hot swappable. The Eudemon8000 supports two-node cluster hot backup. In addition, the Eudemon8000 supports the transparent mode; thus, the deployment of the Eudemon8000 does not affect the existing network topology. The service boards support load balancing and hot backup; thus the failure of a single board does not affect the normal operation of the system. The Eudemon8000 series products support the trunk technology. A maximum of 64 logical interfaces are supported. Each logical interface can be bound to a maximum of 16 physical interfaces. Physical interfaces on different boards can be bound together. This greatly increases the interface bandwidth and improves reliability. Powerful NAT Service Capability The Eudemon8000 series products support multiple NAT applications, including NAT with overlapped private IP addresses, bi-directional NAT, mapping of one public IP address to multiple private IP addresses, and mapping of one private IP address to multiple public IP addresses. As the leading NAT device in the industry, the Eudemon8000 series products use the NP processor to implement high-speed NAT. A Eudemon8040 or a Eudemon8080 supports a maximum of 256 address pools. The Eudemon series products can support the NAT of large-scale Internet café or data center with hundreds of devices. The Eudemon series products use the NP processor together with log server software to process binary logs, which can avoid the loss

of NAT logs and ensure the normal process of services. Operational security service A Eudemon8040 or a Eudemon8080 supports a maximum of 512 virtual firewalls. Each virtual firewall has its independent system resources, administrator, security policy, and user authentication database. Thus, a single Eudemon8000 can be regarded as multiple firewalls. By providing convenient security services and helping reduce cost, the Eudemon8000 series products are suitable for protecting carrier-level access to IDCs. In addition, the Eudemon8000 series products can implement special security defense over VIP customers and output statistics report to realize the operation of secured bandwidth. Typical Networking Upper layer Network Various security threats MAN SIG Inspection and analysis center Divert traffic Management center Inject Eudemon8000 Control and cleaning center Intranet user Broadband access network Big customer/ Internet cafe IDC Unified service platform Deep service identification Inspection of various traffic Unified event management Abnormal traffic cleaning solution involving the Eudemon8000 in a MAN

Internet Eudemon8000 IDC Basic-service zone Value-addedservice zone Management & Maintenance zone Other zones Defense solution involving the Eudemon8000 for a large-scale IDC Product Specifications Item Eudemon8040 Eudemon8080 Fixed interface One FE management interfaces One FE management interfaces Expansion slot Four expansion slots, in which service boards and Eight expansion slots, in which service boards and interface boards can be inserted interface boards can be inserted Types of expansion interfaces Ethernet interfaces: 2 GE, 4 GE, 16 FE, 32 FE, 2 GE+8FE, 2 GE+16 FE, 1 10GE POS interface: 4 155M, 2 622M, 1 2.5G, 1 10G Dimensions (mm) (W D H) 482.6 420 352.8 482.6 420 797.3 Weight 50Kg 85Kg

Item Eudemon8040 Eudemon8080 Input voltage DC: -36V to -75V AC (110V/220V): 90V to 264V Full load power 600W 1000W Mean time between failures (MTBF) 37.54 years 37.54 years DDoS attacks that can be defended SYN flood, ICMP flood, UDP flood, CC attack, IP Spoofing, LAND attack, Smurf attack, Fraggle attack, Winnuke, Ping of Death, Tear Drop, address scanning, port scanning, IP Option control, IP fragments control, TCP flag validity check, super ICMP packet control, ICMP redirection packet, ICMP unreachable packet, TRACERT packet, HTTP Get attack, BGP Flood attack, DNS Flood attack, etc. NO WARRANTY THE CONTENTS OF THIS BROCHURE ARE PROVIDED AS IS. EXCEPT AS REQUIRED BY APPLICABLE LAWS, NO WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, ARE MADE IN RELATION TO THE ACCURACY, RELIABILITY OR CONTENTS OF THIS MANUAL. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO CASE SHALL HUAWEI TECHNOLOGIES CO., LTD BE LIABLE FOR ANY SPECIAL, INCIDENTAL, INDIRECT, OR CONSEQUENTIAL DAMAGES, OR LOST PROFITS, BUSINESS, REVENUE, DATA, GOODWILL OR ANTICIPATED SAVINGS. Copyright Huawei Technologies Co., Ltd. 2009. All Rights Reserved. The information contained in this document is for reference purpose only, and is subject to change or withdrawal according to specific customer requirements and conditions. HUAWEI TECHNOLOGIES CO., LTD. Add: Huawei Industrial Base Bantian Longgang Shenzhen 518129, P.R. China Tel: +86-755-28780808 Version No.: M3-080030-20090416-C-1.0 www.huawei.com

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information