HUAWEI Eudemon200E-G85 Firewalls...
Transcript of HUAWEI Eudemon200E-G85 Firewalls...
With the continuous digitalization and cloudification of carrier services, networks play an
important role in carrier operations, and must be protected. Network attackers use various
methods, such as identity spoofing, website Trojan horses, and malware, to initiate network
penetration and attacks, affecting the normal use of carrier networks.
Deploying firewalls on network borders is a common way to protect carrier network security.
However, firewalls can only analyze and block threats based on signatures. This method cannot
effectively handle unknown threats and may deteriorate device performance. This single-
point and passive method does not pre-empt or effectively defend against unknown threat
attacks. Threats hidden in encrypted traffic in particular cannot be effectively identified without
breaching user privacy.
Huawei's next-generation firewalls provide the latest capabilities and work with other security
devices to proactively defend against network threats, enhance border detection capabilities,
effectively defend against advanced threats, and resolve performance deterioration problems.
The product provides pattern matching and encryption/decryption service processing
acceleration functions, which greatly improve the firewall ability to process content security
detection and IPSec services.
HUAWEI Eudemon200E-G85 Firewalls (Fixed-Configuration)
Product Appearances
Eudemon200E-G85 Firewalls (Fixed-Configuration)
Product HighlightsComprehensive and integrated protection• Integrates the traditional firewall,VPN, intrusionprevention,antivirus,data leakprevention,
bandwidthmanagement,URLfiltering,andonlinebehaviormanagementfunctionsall inonedevice.
• Interworkswiththe localorcloudsandboxtoeffectivelydetectunknownthreatsandpreventzero-dayattacks.
• Implementsrefinedbandwidthmanagementbasedonapplicationsandwebsites,preferentiallyforwardskeyservices,andensuresbandwidthforkeyservices.
High performance• Enablespatternmatchingandacceleratesencryption/decryption, improvingtheperformancefor
processingIPS,antivirus,andIPSecservices.
DeploymentCloud-based management• Firewalls canproactively registerwithandbequickly incorporated into the cloud-based
managementplatformtoimplementquickdevicedeploymentwithoutmanualattendance.• Remoteserviceconfigurationmanagement,devicemonitoring,andfaultmanagementareused
toimplementcloud-basedmanagementofmassdevicesandsimplifyO&M.
Enterprise HQ
Huawei Public Cloud
Enterprise Branch
Internet
......
Carrier border protection• Firewallsaredeployedat thenetworkborder.Thebuilt-in trafficprobecanextractpacketsof
encryptedtraffictomonitorthreatsinencryptedtrafficinrealtime.• Thedeceptionfunctionisenabledonthefirewallstoproactivelyrespondtomaliciousscanning
behavior,protectingcarriersagainstthreatsinrealtime.• Thepolicycontrol,datafiltering,andauditfunctionsofthefirewallsareusedtomonitorsocial
networkapplicationstopreventdatabreachandprotectcarriernetworks.
Software Features
Feature Description
IntegratedprotectionIntegrates firewall,VPN, intrusionprevention,antivirus,data leakprevention,bandwidthmanagement,anti-DDoS,URL filtering,andanti-spam functions;providesaglobalconfigurationview;managespoliciesinaunifiedmanner.
Applicationidentificationandcontrol
Identifiesover6000applicationsandsupports theaccesscontrolgranularitydowntoapplicationfunctions;combinesapplication identificationwith intrusiondetection,antivirus,anddata filtering, improvingdetectionperformanceandaccuracy.
Cloud-basedmanagementmode
Initiatesauthenticationandregistrationtothecloud-basedmanagementplatformtoimplementplug-and-playandsimplifynetworkcreationanddeployment.Supportsremoteserviceconfiguration,devicemonitoring,andfaultmanagement,implementingthemanagementofmassdevicesinthecloud.
Cloudapplicationsecurityawareness
Controlscarriercloudapplicationsinarefinedanddifferentiatedmannertomeetcarriers'requirementsforcloudapplicationmanagement.
Intrusionpreventionandwebprotection
Accuratelydetectsanddefendsagainstvulnerability-specificattacksbasedonup-to-datethreat information.Thefirewallcandefendagainstweb-specificattacks,includingSQLinjectionandXSSattacks.
AntivirusRapidlydetectsover5milliontypesofvirusesbasedonthedaily-updatedvirussignaturedatabase.
Dataleakprevention(DLP)
Inspectsfilestoidentifythefiletypes,suchasWORD,EXCEL,POWERPOINT,andPDF,basedonfilecontent,andfiltersthefilecontent.
Bandwidthmanagement
Managesper-user andper-IPbandwidth in addition to identifying serviceapplicationstoensurethenetworkaccessexperienceofkeyservicesandusers.Controlmethodsincludelimitingthemaximumbandwidth,ensuringtheminimumbandwidth,andchangingapplicationforwardingpriorities.
URLfiltering
ProvidesaURLcategorydatabasewithover120millionURLsandacceleratesaccess tospecificcategoriesofwebsites, improvingaccessexperienceofhigh-prioritywebsites.SupportsDNSfiltering,inwhichaccessedwebpagesarefilteredbasedondomainnames.Supports theSafeSearchfunctiontofilter resourcesofsearchengines,suchasGoogle,toguaranteeaccesstoonlyhealthynetworkresources.
Behaviorandcontentaudit Auditsandtracesthesourcesoftheaccessedcontentbasedonusers.
Feature Description
LoadbalancingSupportsserver loadbalancingand link loadbalancing, fullyutilizingexistingnetworkresources.
Intelligentuplinkselection
Supportsservice-specificPBRand intelligentuplinkselectionbasedonmultipleloadbalancingalgorithms(forexample,basedonbandwidthratioandlinkhealthstatus)inmulti-egressscenarios.
VPNencryptionSupportsmultiplehighlyavailableVPNfeatures, suchas IPSecVPN,SSLVPN,L2TPVPN,MPLSVPN,andGRE,andprovidestheHuawei-proprietaryVPNclientSecoClientforSSLVPN,L2TPVPN,andL2TPoverIPSecVPNremoteaccess.
DSVPNDynamicsmartVPN(DSVPN)establishesVPNtunnelsbetweenbrancheswhosepublicaddressesaredynamicallychanged, reducingthenetworkingandO&Mcostsofthebranches.
SSL-encryptedtrafficdetection
DetectsanddefendsagainstthreatsinSSL-encryptedtrafficusingapplication-layerprotectionmethods,suchasintrusionprevention,antivirus,datafiltering,andURLfiltering.
SSLoffloadingReplacesserverstoimplementSSLencryptionanddecryption,effectivelyreducingserverloadsandimplementingHTTPtrafficloadbalancing.
Anti-DDoSDefendsagainstmorethan10typesofcommonDDoSattacks, includingSYNfloodandUDPfloodattacks.
Userauthentication
Supportsmultiple user authenticationmethods, including local, RADIUS,HWTACACS,AD,andLDAP.The firewall supportsbuilt-inPortal andPortalredirectionfunctions.ItcanworkwiththeAgileControllertoimplementmultipleauthenticationmodes.
SecurityvirtualizationSupportsvirtualizationofmultiple typesofsecurityservices, includingfirewall,intrusionprevention,antivirus,andVPN.Userscanseparatelyconductpersonalmanagementonthesamephysicaldevice.
Securitypolicymanagement
Managesandcontrols trafficbasedonVLAN IDs,quintuples, securityzones,regions,applications,URLcategories,andtimeranges,andimplementsintegratedcontentsecuritydetection.Providespredefinedcommon-scenariodefense templates to facilitatesecuritypolicydeployment.Providessecuritypolicymanagementsolutions inpartnershipwithFireMonandAlgoSectoreduceO&Mcostsandpotentialfaults.
Diversifiedreports
Providesvisualizedandmulti-dimensional reportdisplaybyuser,application,content,time,traffic,threat,andURL.
Generatesnetwork security analysis reportson theHuawei security centerplatformtoevaluatethecurrentnetworksecuritystatusandprovideoptimizationsuggestions.
RoutingSupportsmultipletypesofroutingprotocolsandfeatures,suchasRIP,OSPF,BGP,IS-IS,RIPng,OSPFv3,BGP4+,andIPv6IS-IS.
Deploymentandreliability
Supportstransparent,routing,andhybridworkingmodesandhighavailability(HA),includingtheActive/ActiveandActive/Standbymodes.
SpecificationsSystem Performance and Capacity
Model Eudemon200E-G85
FirewallThroughput1(1518/512/64-byte,UDP)
8/8/4Gbit/s
FirewallLatency(64-byte,UDP) 18µs
ConcurrentSessions(HTTP1.1)1 4,000,000
NewSessions/Second(HTTP1.1)1 80,000
IPsecVPNThroughput1(AES-256+SHA256,1420-byte)
6Gbit/s
SSLInspectionThroughput2 550Mbit/s
ConcurrentSSLVPNUsers(Default/Maximum)
100/1000
SecurityPolicies(Maximum) 15,000
VirtualFirewalls 100
URLFiltering:Categories Morethan130
URLFiltering:URLs Adatabaseofover120millionURLsinthecloud
AutomatedThreatFeedbackandIPSSignatureUpdates
Yes,anindustry-leadingsecuritycenterfromHuawei(http://sec.huawei.com/sec/web/index.do)
Third-PartyandOpen-SourceEcosystem
OpenAPIforintegrationwiththird-partyproducts,providingRESTfulandNetConfinterfacesOtherthird-partmanagementsoftwarebasedonSNMP,SSH,andSyslogCooperationwiththird-partytools,suchasTufin,AlgoSecandFireMonCollaborationwithanti-APTsolution
CentralizedManagementCentralizedconfiguration,logging,monitoring,andreportingisperformedbyHuaweieSightandeLog
VLANs(Maximum) 4094
VLANIFInterfaces(Maximum) 1024
1.TheperformanceistestedunderidealconditionsbasedonRFC2544andRFC3511.Theactualresultmayvarywithdeploymentenvironments.
2.SSLinspectionthroughputismeasuredwithIPSenabledandHTTPStrafficusingTLSv1.2withAES128-GCM-SHA256.*SA:indicatesserviceawareness.
Model Eudemon200E-G85
Dimensions(HxWxD)mm 43.6x442x420
FormFactor/Height 1U
FixedInterface 2x10GE(SFP+)+8xGECombo+2xGEWAN
USBPort 1xUSB2.0+1xUSB3.0
Weight(FullConfiguration) 5.8kg
ExternalStorage Optional,SSD(M.2)cardsupported,240GB
ACPowerSupply 100Vto240V
Typicalpowerconsumptionofthemachine
35W
PowerSupplies SingleACpowersupply;optionaldualACpowersupplies
OperatingEnvironment(Temperature/Humidity)
Temperature:0°Cto45°CHumidity:5%to95%,non-condensing
Non-operatingEnvironmentTemperature:-40°Cto+70°CHumidity:5%to95%,non-condensing
Hardware Specifications
Product Model Description
Eudemon200E-G85
UEudemon200E-G85-ACEudemon200EACHost(2*10GE(SFP+)+8*GECombo+2*GEWAN,ACpower)
UEudemon200E-G85-DCEudemon200EDCHost (2*10GE (SFP+) + 8*GECombo+2*GEWAN,DCpower)
Function License
SSLVPNConcurrentUsers
LIC-EDMLM-SSLVPN-100 QuantityofSSLVPNConcurrentUsers(100Users)
LIC-EDMLM-SSLVPN-200 QuantityofSSLVPNConcurrentUsers(200Users)
LIC-EDMLM-SSLVPN-500 QuantityofSSLVPNConcurrentUsers(500Users)
LIC-EDMLM-SSLVPN-1000 QuantityofSSLVPNConcurrentUsers(1000Users)
Eudemon License
IPSUpdateService
LIC-E200E-G85-IPS-1YIPSUpdateServiceSubscribe12Months(AppliestoE200E-G85)
LIC-E200E-G85-IPS-3YIPSUpdateServiceSubscribe36Months(AppliestoE200E-G85)
URLFilteringUpdateService
LIC-E200E-G85-URL-1YURLRemoteQueryServiceSubscribe12Months(AppliestoE200E-G85)
LIC-E200E-G85-URL-3YURLRemoteQueryServiceSubscribe36Months(AppliestoE200E-G85)
Ordering Information
Product Model Description
AntivirusUpdateService
LIC-E200E-G85-AV-1YAVUpdateServiceSubscribe12Months(AppliestoE200E-G85)
LIC-E200E-G85-AV-3YAVUpdateServiceSubscribe36Months(AppliestoE200E-G85)
ThreatProtectionBundle(IPS,AV,URL)
LIC-E200E-G85-TP-1Y-OVSThreatProtectionSubscription12Months(AppliestoE200E-G85)
LIC-E200E-G85-TP-3Y-OVSThreatProtectionSubscription36Months(AppliestoE200E-G85)
FlowProbeFunction LIC-E200E-G85-FP FlowProbeFunction(AppliestoE200E-G85)
GENERAL DISCLAIMERThe information in this document may contain predictive statement including, without limitation, statements regarding the future financial and operating results, future product portfolios, new technologies, etc. There are a number of factors that could cause actual results and developments to differ materially from those expressed or implied in the predictive statements. Therefore, such information is provided for reference purpose only and constitutes neither an offer nor an acceptance. Huawei may change the information at any time without notice.Copyright © 2020 HUAWEI TECHNOLOGIES CO., LTD. All Rights Reserved.