从路由器、交换机网络设备tracert防火墙Eudemon1000e内部服务器不回显如何处理

China Mobile Communications Corporation中国移动卡特WAP网关维护口袋书（红宝书分册）V1中国移动集团公司2011年6月前言与传统语音业务和短信增值业务不同，WAP网关不仅承载了普通WAP浏览类业务，还实现承载了二十多种不同特点和功能的WAP类业务如彩信、手机地图、手机阅读、PIM手机号簿、飞信、手机QQ、手机视频等。

随着业务量的增加，WAP网关网络结构也越来越复杂，设备型号繁杂，从设备用途来看，分为防火墙、路由器、三层和四层交换机、主机，从设备型号来讲，Eudemon 1000，Eudemon 1000E，Eudemon8080，F5 8400，Radware，ATAE R2，ATAE R2+，IBM P550，IBM P510，SUN V440，SUN V490；从操作系统来讲，Suse Linux 9，Suse Linux 10，AIX 5.3，Solaris 5.8；从数据库来讲，现网有oracle 9i，oracle 11g，DB2数据库等对于WAP维护人员维护水平的要求也越来越高。

编写本手册旨在把WAP业务流程、WAP网关常见问题排障思路进行汇总，方便维护人员快速掌握WAP业务流程和排障思路，在遇到投诉或故障时能快速定位，快速处理。

本手册制定了中国移动WAP业务系统（卡特）设备的维护常用命令或操作。

本手册起草单位：河南公司辽宁公司陕西公司本手册主要起草人：杨亚红姜峰李东本手册解释单位：中国移动通信集团参考资料来源：卡特800、研发及驻地工程指导、WAP网关维护手册红宝书—卡特分册、WAP网关维护宝典目录前言 (2)第1章WAP网关业务流程 (5)一、上下行防火墙合设的业务流程 (5)1.socket和rtsp业务流程 (5)2.wap浏览业务 (6)3.PUSH业务流程 ............................................................................. 错误！未定义书签。

华为Eudemon1000E-X3防火墙系统升级一、概述在工程建设中经常拿到的设备系统版本不是最高或者工程所要求的版本，通常我们需要对设备进行升级。

本次升级设备是：华为E1000E-X3防火墙，原系统版本为：Eudemon1000E V300R001C00SPCa00 ，升级后系统版本为：Eudemon1000E V300R001C10SPC200 。

二、涉及软件和系统文件1、华为E1000E-X3防火墙系统文件。

2、3CDaemon 软件，一款免费的集成了TFTP、FTP和SYSLOG功能的应用程序。

三、升级准备1、检查防火墙系统版本<Eudemon1000E>display versionHuawei Versatile Routing Platform SoftwareSoftware Version: Eudemon1000E V300R001C00SPCa00 (VRP (R) Software, Version 5.30)Copyright (C) 2010-2013 Huawei Technologies Co., Ltd.Eudemon1000E-X3 uptime is 0 week, 0 day, 4 hours, 51 minutesRPU's Version Information:4096M bytes SDRAM64M bytes FLASH1461M bytes CFCARD256K bytes SRAMPCB Version : VER.BCPLD Big Version : 005BKanas Logic Version : 007LGriffon Logic Version : 005LBase BootROM Version : 028 Sep 12 2013Extended BootROM Version : 060 Sep 12 2013Slot0: FIBA (PCB)VER.A (Software)000 (Logic)000<Eudemon1000E>2、连接图3、配置FTP服务器。

tracert 解析-回复tracert 解析：如何使用tracert 命令进行网络故障排除引言：在当今数字化时代，互联网已经成为我们生活和工作中不可或缺的一部分。

随着互联网的普及，我们可能会遇到许多网络故障问题，例如网站无法访问、网络速度慢或网络连接不稳定等。

为了解决这些问题，我们常常需要进行网络故障排除。

tracert 命令是一种非常有用的工具，可以帮助我们分析和解决这些网络故障。

本文将一步一步地介绍如何使用tracert 命令进行网络故障排除。

第一步：了解tracert 命令的作用和原理tracert（trace route）是一种网络故障排除工具，可用于确定数据包在网络中传输时的路径。

它通过向目标服务器发送一系列的网络请求，并记录每个请求的路径和延迟时间，从而帮助我们分析网络连接的可用性和瓶颈。

tracert 命令基于ICMP（Internet Control Message Protocol）协议实现，使用“时间超时”（Time Exceeded）错误消息作为数据包的返回信息。

当一个数据包在网络中的TTL（Time to Live）字段减为零时，它将被路由器丢弃，并发送一个时间超时错误消息给源主机。

第二步：打开命令提示符窗口要使用tracert 命令，首先需要打开命令提示符窗口。

在Windows 操作系统中，可以按下Win+R 组合键打开“运行”窗口，输入“cmd”并点击“确定”来打开命令提示符窗口。

第三步：输入tracert 命令在命令提示符窗口中，可以输入“tracert [目标地址]”命令来执行tracert 操作。

目标地址可以是一个IP 地址或域名。

例如，要追踪到谷歌的服务器，可以输入“tracert第四步：观察和分析结果tracert 命令执行之后，会显示每个网络节点的IP 地址、主机名（如果可用）、延迟时间等信息。

每一行表示数据包从源主机到目标主机经过的一个网络节点。

通过观察tracert 结果，可以找到网络连接的瓶颈和问题所在。

双机热备配置举例目录1双机热备配置举例1.1 配置主备备份方式下的双机热备1.2 配置负载分担方式上下行设备是路由器的双机热备1.3配置负载分担方式下业务接口工作在交换模式的双机热备1.4 配置主备备份方式下VRRP 和OSPF 结合的双机热备1.5 配置主备备份方式下OSPF 与NAT 结合的双机热备1双机热备配置举例通过配置双机热备功能，可以确保主用设备出现故障时能由备份设备平滑地接替工作。

配置主备备份方式下的双机热备Eudemon 作为安全设备部署在业务节点上，上下行设备均是交换机，实现主备备份的双机热备份组网。

配置负载分担方式上下行设备是路由器的双机热备Eudemon 作为安全设备部署在业务节点上，上下行设备均是路由器，实现负载分担的双机热备份组网。

配置负载分担方式下业务接口工作在交换模式的双机热备Eudemon 上下行设备均是路由器，主备设备的业务接口工作在交换模式下，在上下行路由器之间透传OSPF 协议，同时对业务流量提供安全过滤功能。

配置主备备份方式下VRRP和OSPF结合的双机热备主备设备与路由器运行OSPF协议，与交换机运行VRRP , 实现主备备份的双机热备份组网。

配置主备备份方式下OSPF与NAT结合的双机热备主备设备与路由器及下行设备GGSN设备运行OSPF协议，在设备上配置NAT功能，实现主备备份的双机热备份组网。

父主题：典型配置案例1.1配置主备备份方式下的双机热备Eudemon作为安全设备部署在业务节点上，上下行设备均是交换机，实现主备备份的双机热备份组网。

组网需求Eudemon作为安全设备被部署在业务节点上。

其中上下行设备均是交换机，Eudemon_A、Eudemon_B分别充当主用设备和备用设备。

网络规划如下：•内部网络通过路巾器与Eudemon_A、Eudemon_B 的GigabitEthernet 0/0/2接口相连，部署在Trust区域。

•外部网络通过路由器与Eudemon_A、Eudemon_B 的GigabitEthernet 0/0/1接口相连，部署在Untrust区域。

华为Eudemon1000E-G系列AI防火墙（盒式）随着运营商业务不断的数字化、云服务化，网络在运营商运营中占据着重要的位置，出于各种目的，网络攻击者通过身份仿冒、网站挂马、恶意软件等多种方式进行网络渗透与攻击，影响运营商网络的正常使用。

采用防火墙部署网络边界是当前防护运营商网络安全的主要方式，但是防火墙通常只能基于签名实现威胁的分析和阻断，该方法对未知威胁无有效的处置方法，还会引起设备性能的降低。

这种单点、被动、事中防御的方式已经不能有效的解决未知威胁攻击，对于隐匿于加密流量中的威胁在不损坏用户隐私的情况下更是无法有效的识别。

华为Eudemon1000E-G系列AI防火墙，在提供NGFW能力的基础上，联动其他安全设备，主动防御网络威胁，增强边界检测能力，有效防御高级威胁，同时解决性能下降问题。

NP提供快速转发能力，防火墙性能显著提升。

产品图华为Eudemon1000E-G15/Eudemon 1000E-G25 AI防火墙华为Eudemon1000E-G35/Eudemon 1000E-G55 AI防火墙华为Eudemon1000E-G 系列AI 防火墙（盒式）卓越性能Eudemon1000E-G 系列AI 防火墙内置转发、加密、模式匹配三大协处理引擎，有效将小包转发性能，IPS 、AV 业务性能以及IPSec 业务性能提升2倍。

内置AI 芯片，具备8TOPS 16位浮点数算力，有效支撑高级威胁防御模型加速。

智能防御Eudemon1000E-G 系列AI 防火墙内置NGE 、CDE 和AIE 三大威胁防御引擎。

NGE 作为NGFW 检测引擎，提供IPS 、反病毒和URL 过滤等内容安全相关的功能，有效保证内网服务器和用户免受威胁的侵害。

CDE （Content-based Detection Engine ）可提供数据深度分析，暴露威胁的细节，快速检测恶意文件，有效提高威胁检出率。

产品亮点C&C 加密破解检测…华为Eudemon1000E-G 系列AI 防火墙（盒式）8-3AIE 作为APT 威胁检测引擎，针对暴力破解、C&C 异常流量、DGA 恶意域名和加密威胁流量进行检测，有效解决威胁快速变化、变种频繁、传统升级特征库检测响应慢以及加密攻击检测难度大等问题，构建“普惠式”AI ，帮助客户做到更全面的网络风险评估，有效应对攻击链上的网络威胁，真正实现攻击防御“智”能化。

资料编码产品名称Quidway自研以太网交换机使用对象华为工程师、合作工程师产品版本编写部门软件服务部-解决方案部资料版本V100R002Quidway防火墙 Eudemon1000E 开局指导书拟制：孙崧铭日期：2009-09-20审核：日期：审核：日期：批准：日期：华为技术有限公司版权所有侵权必究修订记录日期修订版本描述作者2009-10-25 V1.0 完成孙崧铭目录第1章Quidway Eudemon 1000E产品概述 (1)1.1 系统介绍 (1)1.2 组网介绍 (2)1.3 系统结构介绍 (2)第2章Quidway Eudemon 1000E的特点 (3)2.1 产品系列 (3)2.2 产品优点 (4)2.3 安全域概念介绍 (5)2.3.1 防火墙的域 (5)2.3.2 域间概念 (6)2.3.3 本地域 (6)2.4 防火墙工作模式 (7)2.4.1 防火墙工作模式概述 (7)2.4.2 路由模式 (7)2.4.3 透明模式 (8)2.4.4 混合模式 (9)2.5 访问控制策略和报文过滤 (9)2.5.1 访问控制策略的异同 (9)2.5.2 ACL加速查找 (9)2.5.3 报文过滤规则的应用 (10)2.5.4 防火墙缺省动作 (11)2.6 双机热备 (11)2.6.1 VRRP的应用 (12)2.6.2 传统VRRP在E1000E备份实现的不足 (13)2.6.3 VGMP备份组 (15)2.6.4 HRP备份 (15)2.6.5 VRRP、VGMP和HRP之间的协议层次关系 (15)2.7 NAT介绍 (16)2.7.1 NAT的应用 (16)2.7.2 NAT与VRRP绑定 (17)第3章Quidway Eudemon 1000E数据准备 (18)3.1 初始连接配置 (18)3.1.1 通过Console接口搭建 (18)3.1.2 通过Telnet方式搭建 (21)3.1.3 通过WEB方式接入设备 (23)3.2 设备启动 (24)3.2.1 设备上电 (24)3.2.2 设备启动过程 (25)3.3 版本配套 (28)3.3.1 查看当前的软件版本 (28)3.4 软件版本升级 (28)3.5 配置规划 (30)3.5.1 网络拓扑图 (30)3.5.2 系统名 (31)3.5.3 当地时区 (31)3.5.4 远程维护登录帐号/口令和Super密码 (31)3.5.5 区域、接口和IP地址规划 (32)3.5.6 路由规划 (32)3.5.7 访问策略规划 (32)3.5.8 双机热备规划 (33)3.5.9 链路可达性规划 (33)3.5.10会话快速备份规划 (34)3.5.11 NAT规划 (34)3.5.12 NAT与VRRP绑定 (34)第4章Quidway Eudemon 1000E 配置 (35)4.1 时间日期和时区配置 (35)4.2 系统名配置 (35)4.3 远程维护登录帐号/口令和Super密码配置 (36)4.3.1 远程维护登录帐号/口令配置 (36)4.3.2 Super密码配置 (36)4.4 区域、接口和IP地址配置 (37)4.4.1 数据配置步骤 (37)4.4.2 测试验证 (38)4.5 路由配置 (38)4.5.1 缺省路由配置 (38)4.5.2 静态路由配置 (38)4.5.3 动态路由OSPF配置 (39)4.5.4 测试验证 (39)4.6 访问策略控制配置 (39)4.6.1 需求说明 (39)4.6.2 数据配置 (40)4.6.3 测试验证 (41)4.7 双机热备配置 (41)4.7.1 VRRP/VGMP配置 (41)4.7.2 HRP配置 (41)4.7.3 测试验证 (42)4.8 链路可达性配置 (42)4.8.1 配置方法 (42)4.8.2 测试验证 (42)4.9 会话快速备份配置 (43)4.10 NAT配置 (43)4.10.1 配置地址池与VRRP绑定 (43)4.10.2 配置内部服务器与VRRP绑定 (44)4.10.3 验证测试 (44)第5章Quidway Eudemon 1000E基本维护 (44)5.1 查看软件版本信息 (44)5.2 系统配置文件维护 (44)5.3 查看单板、电源、风扇运行状况 (45)5.4 查看CPU占用率 (45)5.5 查看内存占用率 (45)5.6 查看接口流量 (45)5.7 查看接口、链路状态 (46)5.8 查看日志缓冲区信息 (46)5.9 查看路由表信息 (46)5.10 查看ARP映射表 (46)5.11 查看会话表信息 (46)5.12 收集系统诊断信息 (46)关键词：Quidway，防火墙，Eudemon1000E，开局指导书摘要：本文结合业务与软件产品线工程师开局需要对华为Quidway局域网交换机数据准备给出指导，并对其常见配置进行描述。

Eudemon1000E-U3双机热备部署方案一、割接前准备工作1.1 设备登陆缺省情况下，Eudemon 通过Console 口登录时的认证方式为AAA，用户名为admin，密码为Admin@1231.2 备份旧的配置文件# 查看启动时加载的配置文件<Eudemon-A>display startup10:21:10 2014/03/07Configed startup system software: flash:/usg5000.binStartup system software: flash:/usg5000.binNext startup system software: flash:/usg5000.binStartup saved-configuration file: flash:/a.cfgNext startup saved-configuration file: flash:/a.cfg# 备份当前配置（文件名与加载配置文件名不同），防止割接失败时快速恢复<Eudemon-A>save 20140307.cfg# 查看存储的文件信息<Eudemon-A>dir10:26:54 2014/03/07Directory of flash:/0 -rw- 18224900 Jul 01 2007 00:03:49 usg5000.bin1 -rw- 339 Mar 31 2010 16:54:49 flashinfo.fls2 -rw- 771 Mar 31 2010 16:55:15 license.txt7 -rw- 3523 Mar 07 2014 08:15:41 a.cfg8 -rw- 3523 Mar 07 2014 10:26:47 20140307.cfg1.3 系统管理相关命令# 配置设备下次启动时加载的配置文件<Eudemon-A>startup saved-configuration configuration-filename<Eudemon-A>startup saved-configuration 20140307.cfg //启动加载20140307.cfg 配置查看设备启动时使用的文件信息 display startup查看存储设备中的文件信息 dir [ /all ] [ filename ] 查看当前配置文件 display current-configuration二、 方案概述SW-1GU13主备Eudemon-AEudemon-BTrustUntrustVRRP 心跳2GE0/0/0GE0/0/0GE0/0/3GE0/0/3GE0/0/1GE0/0/2Eudemon1000E-U3采用混合模式， 两台防火墙配置HRP 双机热备；Trust 侧通过Ip-link 检测GU IP 是否可达；Trust 与Untrust 接口联动；Untrust 侧三层口起VRRP ，心跳跑在交换机侧，心跳通过Eth-Trunk 来保护；VRRP/HRP 通过监测Ip-link 及接口状态来进行切换。

HiSecEngine Eudemon1000E-F Series AI FirewallsOverviewThe Eudemon1000E-F is a new series firewall developed by Huawei to meet the needs of carriers, enterprises, and next-generation data centers. It combines industry-leading security technologies such as access control, intrusion prevention (IPS), antivirus (AV), URL filtering, anti-spam, and data loss prevention with rich security, robust processing and carrier-class reliability. Inheriting the Eudemon series' outstanding firewall, VPN, and routing features, it helps you build a fast, efficient, and secure network.Product HighlightsComprehensive and Integrated Protection⚫Integrates the traditional firewall, VPN, intrusion prevention, antivirus, data leak prevention, bandwidth management, URL filtering, and online behavior management functions all in one device.⚫Implements refined bandwidth management based on applications and websites, preferentially forwards key services, and ensures bandwidth for key services.⚫Comes with an antivirus content-based detection engine (CDE) powered by intelligence technologies that helps detect unknown threats, and provides in-depth data analysis to gain insight into threat activities and quickly detect malicious files, effectively improving the threatdetection rate.Easy Security Management⚫Rapidly deploys security policies using scenario-specific templates.⚫Complies with the minimum permission control principle and automatically generates policy tuning suggestions based on network traffic and application risks.⚫Analyzes the policy matching ratio and discovers redundant and invalid policies to remove policies and simplify policy management.⚫Supports Huawei SecoManager to achieve a unified configuration, management and maintenance of all devices.High Performance⚫Uses the network processing platform, improving forwarding performance significantly.⚫Enables pattern matching and accelerates encryption/decryption, improving the performance for processing IPS, antivirus, and IPSec services. High Port Density⚫The device has multiple types of interfaces, such as 100G,40G, 10G, and 1G interfaces. Services can be flexibly expanded without extra interface cards.Note: The interface types supported by different models vary. For details, see the specification table.DeploymentExternal Threat Prevention⚫Coming along with the abundant Internet resources are threats such as DDoS attacks, maliciousintrusions, and viruses.⚫The capabilities of supporting large numbers of concurrent connections and new connections persecond help to combat the numerous DDoS attacks.Empowered by advanced IPS and antivirustechnologies as well as vulnerability-based andreal-time updated signature database, theEudemon1000E-F series implements near-zerofalse positives and negatives and a detection ratio of higher than 99%; defends against diversifiedthreats from the Internet, and ensures the security of the intranet . Network Isolation and VPN Interconnection⚫Network areas are not clearly divided, access control is insufficient, and the data transmittedbetween mobile employees or branches and theheadquarters is likely to be intercepted or tampered with.⚫Delivers high throughput to avoid bottleneck at network borders, supports security zones to clearly divide networks, offers flexible packet filteringpolicies to accurately control communication, and encapsulates and checks packets of VPN users to ensure the security of data communication.HackerMalwareInternetEudemonDatacenterBranchInternetHeadquartersUserIPSec VPNSSL VPNEudemonHardwareSoftware FeaturesFeature DescriptionIntegrated protection Integrates firewall, VPN, intrusion prevention, antivirus, data leak prevention, bandwidth management, anti-DDoS, URL filtering, and anti-spam functions. Provides a global configuration view, and manages policies in a unified manner.Application identification and control Identifies over 6000 applications and supports the access control granularity down to application functions. The firewall combines application identification with intrusion detection, antivirus, and data filtering, improving detection performance and accuracy.Intrusion prevention and web protection Accurately detects and defends against vulnerability-specific attacks based on up-to-date threat information. The firewall can defend against web-specific attacks, including SQL injection and XSS attacks.Antivirus Supports intelligent antivirus engine that helps detect hundreds of millions of virus variants.Bandwidth management Manages per-user and per-IP bandwidth in addition to identifying service applications to ensure the network access experience of key services and users. Control methods include limiting the maximum bandwidth, ensuring the minimumbandwidth, and changing application forwarding priorities.Eudemon1000E-F15/F25Eudemon1000E-F35/F55/F85Eudemon1000E-F125Eudemon1000E-F205Feature DescriptionURL filtering Supports remote query for URL categories. The URL category database contains over 140 million URL categories. URL category query servers are deployed globally to offer high-speed, low-latency category query services and meet the regulatory requirements of different countries and regions. URL category filtering can implement URL access control for users or groups based on information such as users or groups, time ranges, and security zones, accurately managing users' online behaviors.Intelligent uplink selection Supports service-specific PBR and intelligent uplink selection based on multiple load balancing algorithms (for example, based on bandwidth ratio and link health status) in multi-egress scenarios.VPN encryption Supports multiple highly available VPN features, such as IPSec VPN, SSL VPN, and GRE, as well as multiple encryption algorithms, such as DES, 3DES, AES, and SHA.Anti-DDoS Defends against more than 10+types of common DDoS attacks, including SYN flood and UDP flood attacks.Security virtualization Supports virtualization of multiple types of security services, including firewall, intrusion prevention, antivirus, and VPN. Users can separately conduct personal management on the same physical device.Security policy management Controls traffic based on the 5-tuples, security zone, application, and time range, and implements integrated content security detection.Uses predefined templates for common attack defense scenarios to rapidly deploy security policies, reducing learning costs.Diversified reports Provides visualized and multi-dimensional report display by user, application, content, time, traffic, threat, and URL.Routing Supports multiple types of routing protocols and features, such as RIP, OSPF, BGP, IS-IS, RIPng, OSPFv3, BGP4+, and IPv6 IS-IS.Deployment and reliability Supports transparent, routing, and hybrid working modes and high availability (HA), including the Active/Active and Active/Standby modes.SpecificationPerformance and Capability Eudemon1000E-F15Eudemon1000E-F25 IPv4 Firewall Throughput1(1518/512/64-byte, UDP)15/15/15 Gbit/s25/25/25 Gbit/s IPv6 Firewall Throughput1(1518/512/84-byte, UDP)15/15/15 Gbit/s25/2525 Gbit/s Firewall Throughput(Packet per Second)22.5 Mpps37.5 M pps Firewall Latency (64-byte, UDP)18 µs18 µsFW + SA* Throughput28Gbps12Gbps NGFW Throughput36Gbps10Gbps NGFW Throughput(Enterprise Mix)4 4.6Gbps 4.6Gbps Threat Protection Throughput (Enterprise Mix)54Gbps4Gbps Concurrent Sessions (HTTP1.1)110,000,00010,000,000 New Sessions/Second (HTTP1.1)1250,000250,000 IPSec VPN Throughput1 (AES-256 + SHA256, 1420-byte)10 Gbit/s15 Gbit/s Maximum IPSec VPN Tunnels (GW to GW)15,00015,000 Maximum IPSec VPN Tunnels (Client to GW)15,00015,000SSL VPN Throughput6 1 Gbit/s 1.5 Gbit/s Concurrent SSL VPN Users (Default/Maximum)100/2000100/2000 Security Policies (Maximum)40,00040,000 Virtual Firewalls 10001000URL Filtering: Categories More than 130URL Filtering: URLs Can access a database of over 120 million URLs in the cloudAutomated Threat Feed and IPS Signature Updates Yes, an industry-leading security center from Huawei (/sec/web/index.do)Centralized Management Centralized configuration, logging, monitoring, and reporting is performed by Huawei SecoManagerVLANs (Max)4094VLANIF Interfaces (Max)1000High Availability Configurations Active/Active, Active/StandbyPerformance and CapabilityNote:1. Performance is tested under ideal conditions based on RFC2544, 3511. The actual result may vary with deployment environments.2. SA performance is measured using 100 KB HTTP files.3. NGFW throughput is measured with Firewall, SA, and IPS enabled; the performance is measured using 100 KB HTTP files.4. NGFW throughput is measured with Firewall, SA, and IPS enabled; the performance is measured using the Enterprise Mix Traffic Model.5. The threat protection throughput is measured with Firewall, SA, IPS,and AV enabled; the performance is measured using the Enterprise Mix Traffic Model.6. SSL VPN throughput is measured using TLS v1.2 with AES128-SHA.*SA: Service Awareness.Hardware Specification Eudemon1000E-F15Eudemon1000E-F25 Dimensions (H x W x D) mm43.6 x 442 x 420Form Factor/Height1UFixed Interface8*GE COMBO + 4*GE(RJ45) + 4*GE(SFP)+ 6*10GE(SFP+)USB Port 1 x USB 3.0 portsWeight (Empty Configuration) 6.3 kgLocal Storage Optional, 1 * 2.5 inch 240G SSD storage, or 1 * 2.5 inch 1TB HDD storage Maximum Power Consumption222WAC Power Supply AC:100V to 240V, 50/60Hz DC: -48V to 60VPower Supplies Dual AC or dual DC power suppliesOperating Environment (Temperature/Humidity)Temperature: 0°C to 45°C (without optional HDD);5°C to 40°C (with optional HDD)Humidity: 5% to 95% (without optional HDD), non-condensing; 5% to 95% (with optional HDD), non-condensingNon-operating Environment Temperature: –40°C to +70°CHumidity: 5% to 95% (without optional HDD), non-condensing; 5% to 95% (with optional HDD), non-condensingOperating Altitude (Maximum)5,000 meters (without optional HDD); 3,000 meters (with optional HDD) Non-operating Altitude (Maximum)5,000 meters (without optional HDD); 3,000 meters (with optional HDD) Noise Maximum value < 72 DbaHardware SpecificationSpecificationPerformance and Capability Eudemon1000E-F35Eudemon1000E-F55Eudemon1000E-F85IPv4 Firewall Throughput1(1518/512/64-byte, UDP)35/35/35 Gbit/s50/50/40 Gbit/s80/80/40 Gbit/s IPv6 Firewall Throughput1(1518/512/84-byte, UDP)35/35/25 Gbit/s50/50/25 Gbit/s80/80/25 Gbit/s Firewall Throughput(Packet per Second)52.5 Mpps60 Mpps60 M pps Firewall Latency (64-byte, UDP)18 µs18 µs18 µsFW + SA* Throughput218Gbps25Gbps25Gbps NGFW Throughput312Gbps18Gbps18Gbps NGFW Throughput (Enterprise Mix)48Gbps8Gbps8Gbps Threat Protection Throughput (Enterprise Mix)57Gbps7Gbps7Gbps Concurrent Sessions (HTTP1.1)120,000,00020,000,00025,000,000 New Sessions/Second (HTTP1.1)1500,000500,000750,000 IPSec VPN Throughput1 (AES-256 + SHA256, 1420-byte)20 Gbit/s30 Gbit/s30Gbit/s Maximum IPSec VPN Tunnels (GW to GW)200002000020000 Maximum IPSec VPN Tunnels (Client to GW)200002000020000 SSL VPN Throughput6 3 Gbit/s 3 Gbit/s 5 Gbit/s Concurrent SSL VPN Users (Default/Maximum)50005000100/5000 Security Policies (Maximum)60,00060,00060000 Virtual Firewalls 100010001000 URL Filtering: Categories More than 130URL Filtering: URLs Can access a database of over 120 million URLs in the cloudAutomated Threat Feed and IPS Signature Updates Yes, an industry-leading security center from Huawei (/sec/web/index.do)Centralized Management Centralized configuration, logging, monitoring, and reporting is performed by Huawei SecoManagerVLANs (Max)4094VLANIF Interfaces (Max)1000High Availability Configurations Active/Active, Active/Standby Performance and CapabilityHardware SpecificationEudemon1000E-F35Eudemon1000E-F55Eudemon1000E-F85Dimensions (H x W x D) mm43.6 x 442 x 420Form Factor/Height1UFixed Interface 8*GE COMBO + 4*GE(RJ45)+ 10*10GE(SFP+)USB Port 1 x USB 3.0 portsWeight (Empty Configuration)7.3 kgLocal Storage Optional, 1 * 2.5 inch 240G SSD storage, or 1 * 2.5 inch 1TB HDD storage Maximum Power Consumption242WAC Power Supply AC:100V to 240V, 50/60Hz DC: -48V to 60VPower SuppliesDual AC or dual DC power suppliesOperating Environment (Temperature/Humidity)Temperature: 0°C to 45°C (without optional HDD); 5°C to 40°C (with optional HDD)Humidity: 5% to 95% (without optional HDD), non-condensing; 5% to 95% (with optional HDD), non-condensingNon-operating Environment Temperature: –40°C to +70°CHumidity: 5% to 95% (without optional HDD), non-condensing; 5% to 95% (with optional HDD), non-condensingOperating Altitude (Maximum)5,000 meters (without optional HDD); 3,000 meters (with optional HDD)Non-operating Altitude (Maximum)5,000 meters (without optional HDD); 3,000 meters (with optional HDD)Noise Maximum value < 72 DbaHardware SpecificationNote :1. Performance is tested under ideal conditions based on RFC2544, 3511. The actual result may vary with deployment environments.2. SA performance is measured using 100 KB HTTP files.3. NGFW throughput is measured with Firewall, SA, and IPS enabled; the performance is measured using 100 KB HTTP files.4. NGFW throughput is measured with Firewall, SA, and IPS enabled; the performance is measured using the Enterprise Mix Traffic Model.5. The threat protection throughput is measured with Firewall, SA, IPS, and AV enabled; the performance is measured using the Enterprise Mix Traffic Model.6. SSL VPN throughput is measured using TLS v1.2 with AES128-SHA.*SA: Service Awareness.SpecificationPerformance and Capability Eudemon1000E-F125Eudemon1000E-F205 IPv4 Firewall Throughput1(1518/512/64-byte, UDP)160/160/80 Gbit/s240/240/120 Gbit/s IPv6 Firewall Throughput1(1518/512/84-byte, UDP)160/120/50 Gbit/s240/200/75 Gbit/s Firewall Throughput(Packet per Second)120 M pps180 M pps Firewall Latency (64-byte, UDP)35 µs35 µsFW + SA* Throughput250Gbps75Gbps NGFW Throughput336Gbps54Gbps NGFW Throughput(Enterprise Mix)416Gbps24Gbps Threat Protection Throughput (Enterprise Mix)514Gbps21Gbps Concurrent Sessions (HTTP1.1)150,000,00075,000,000New Sessions/Second (HTTP1.1)11,500,0002,250,000 IPSec VPN Throughput1 (AES-256 + SHA256, 1420-byte)45Gbit/s65Git/s Maximum IPSec VPN Tunnels (GW to GW)4000060000 Maximum IPSec VPN Tunnels (Client to GW)4000060000SSL VPN Throughput610 Gbit/s12 Gbit/s Concurrent SSL VPN Users (Default/Maximum)100/10000100/15000 Security Policies (Maximum)6000060000Virtual Firewalls 10001000URL Filtering: Categories More than 130URL Filtering: URLs Can access a database of over 120 million URLs in the cloudAutomated Threat Feed and IPS Signature Updates Yes, an industry-leading security center from Huawei (/sec/web/index.do)Centralized Management Centralized configuration, logging, monitoring, and reporting is performed by Huawei SecoManagerVLANs (Max)4094VLANIF Interfaces (Max)1000High Availability Configurations Active/Active, Active/StandbyPerformance and CapabilityNote:1. Performance is tested under ideal conditions based on RFC2544, 3511. The actual result may vary with deployment environments.2. SA performance is measured using 100 KB HTTP files.3. NGFW throughput is measured with Firewall, SA, and IPS enabled; the performance is measured using 100 KB HTTP files.4. NGFW throughput is measured with Firewall, SA, and IPS enabled; the performance is measured using the Enterprise Mix Traffic Model.5. The threat protection throughput is measured with Firewall, SA, IPS, and AV enabled; the performance is measured using the Enterprise Mix Traffic Model.6. SSL VPN throughput is measured using TLS v1.2 with AES128-SHA.*SA: Service Awareness.Hardware Specification Eudemon1000E-F125Eudemon1000E-F205 Dimensions (H x W x D) mm43.6 x 442 x 600Form Factor/Height1UFixed Interface 2*100GE(QSFP28) + 2*40G(QSFP+)+8*25(ZSFP+) + 20*GE(SFP+)14*100GE(QSFP28) +16*25GE(ZSFP+) + 8*GE(SFP+)2USB Port 1 x USB 3.0 portsWeight (Empty Configuration) 6.3 kgLocal Storage Optional, 1 * 2.5 inch 240G SSD storage, or 1 * 2.5 inch 1TB HDD storage Maximum Power Consumption222WAC Power Supply AC:100V to 240V, 50/60Hz DC: -48V to 60VPower Supplies Dual AC or dual DC power suppliesOperating Environment (Temperature/Humidity)Temperature: 0°C to 45°C (without optional HDD);5°C to 40°C (with optional HDD)Humidity: 5% to 95% (without optional HDD), non-condensing; 5% to 95% (with optional HDD), non-condensingNon-operating Environment Temperature: –40°C to +70°CHumidity: 5% to 95% (without optional HDD), non-condensing; 5% to 95% (with optional HDD), non-condensingOperating Altitude (Maximum)5,000 meters (without optional HDD); 3,000 meters (with optional HDD) Non-operating Altitude (Maximum)5,000 meters (without optional HDD); 3,000 meters (with optional HDD) Noise Maximum value < 72 DbaHardware SpecificationNote:1. Some 100GE interfaces and 25GE interfaces of Eudemon1000E-F125 are mutually exclusive.2. Some 100GE interfaces and 25GE interfaces of Eudemon1000E-F205 are mutually exclusive.Order InformationProductEudemon1000E-F15-AC Eudemon1000E-F15 AC Host (8*GE COMBO + 4*GE RJ45 + 4*GE SFP + 6*10GE SFP+, 1 AC power supply) Eudemon1000E-F15-DC Eudemon1000E-F15 DC Host (8*GE COMBO + 4*GE RJ45 + 4*GE SFP + 6*10GE SFP+, 1 DC power supply) Eudemon1000E-F25-AC Eudemon1000E-F25 AC Host (8*GE COMBO + 4*GE RJ45 + 4*GE SFP + 6*10GE SFP+, 1 AC power supply) Eudemon1000E-F25-DC Eudemon1000E-F25 DC Host (8*GE COMBO + 4*GE RJ45 + 4*GE SFP + 6*10GE SFP+, 1 DC power supply) Eudemon1000E-F35-AC Eudemon1000E-F35 AC Host (8*GE COMBO + 4*GE RJ45 + 4*GE SFP + 10*10GE SFP+, 2 AC power supply) Eudemon1000E-F35-DC Eudemon1000E-F35 DC Host (8*GE COMBO + 4*GE RJ45 + 4*GE SFP + 10*10GE SFP+, 2 DC power supply) Eudemon1000E-F55-AC Eudemon1000E-F55 AC Host (8*GE COMBO + 4*GE RJ45 + 4*GE SFP + 10*10GE SFP+, 2 AC power supply) Eudemon1000E-F55-DC Eudemon1000E-F55 DC Host (8*GE COMBO + 4*GE RJ45 + 4*GE SFP + 10*10GE SFP+, 2 DC power supply) Eudemon1000E-F85-AC Eudemon1000E-F85 AC Host (8*GE COMBO + 4*GE RJ45 + 4*GE SFP + 10*10GE SFP+, 2 AC power supply) Eudemon1000E-F85-DC Eudemon1000E-F85 DC Host (8*GE COMBO + 4*GE RJ45 + 4*GE SFP + 10*10GE SFP+, 2 DC power supply) Eudemon1000E-F125-AC Eudemon1000E-F125 AC Host (2*QSFP28 + 2*QSFP+ + 8*ZSFP+ + 20*SFP+, 2 AC power supplies) Eudemon1000E-F125-DC Eudemon1000E-F125 DC Host (2*QSFP28 + 2*QSFP+ + 8*ZSFP+ + 20*SFP+, 2 DC power supplies) Eudemon1000E-F205-AC Eudemon1000E-F205 AC Host (4*QSFP28 + 16*ZSFP+ + 8*SFP+, 2 AC power supplies)Eudemon1000E-F205-DC Eudemon1000E-F205 DC Host (4*QSFP28 + 16*ZSFP+ + 8*SFP+, 2 DC power supplies)SSL VPN LicenseLIC-E1KF-SSLVPN-100Quantity of SSL VPN Concurrent Users(100 Users)LIC-E1KF-SSLVPN-200Quantity of SSL VPN Concurrent Users(200 Users)LIC-E1KF-SSLVPN-500Quantity of SSL VPN Concurrent Users(500 Users)LIC-E1KF-SSLVPN-1000Quantity of SSL VPN Concurrent Users(1000 Users)LIC-E1KF-SSLVPN-2000Quantity of SSL VPN Concurrent Users(2000 Users)LIC-E1KF-SSLVPN-5000Quantity of SSL VPN Concurrent Users(5000 Users)VSYS LicenseLIC-E1KF--VSYS-10Quantity of Virtual Firewall (10 Vsys)LIC-E1KF--VSYS-20Quantity of Virtual Firewall (20 Vsys)LIC-E1KF--VSYS-50Quantity of Virtual Firewall (50 Vsys)LIC-E1KF--VSYS-100Quantity of Virtual Firewall (100 Vsys)LIC-E1KF--VSYS-200Quantity of Virtual Firewall (200 Vsys)LIC-E1KF--VSYS-500Quantity of Virtual Firewall (500 Vsys)LIC-E1KF--VSYS-1000Quantity of Virtual Firewall (1000 Vsys)Threat Protection LicenseLIC-E1KE-Fxx-IPS-1YIPS Update Service Subscribe 12 MonthsLIC-E1KE-Fxx-IPS-3YIPS Update Service Subscribe 36 MonthsLIC-E1KE-Fxx-AV-1YAV Update Service Subscribe 12 MonthsLIC-E1KE-Fxx-AV-3YAV Update Service Subscribe 36 MonthsLIC-E1KE-Fxx-URL-1YURL Remote Query Service Subscribe 12MonthsLIC-E1KE-Fxx-URL-3YURL Remote Query Service Subscribe 36MonthsLIC-E1KE-Fxx-TP-1Y-OVSThreat Protection Subscription 12 MonthsLIC-E1KE-Fxx-TP-3Y-OVSThreat Protection Subscription 36 MonthsLIC-E1KE-F-CONTENTContent Security Group FunctionAbout This PublicationThis publication is for reference only and shall not constitute any commitments or guarantees. All trademarks, pictures, logos, and brands mentioned in this document are the property of Huawei Technologies Co., Ltd. or a third party.For more information, visit /en/products/enterprise-networking/security. Copyright©2021 Huawei Technologies Co., Ltd. All rights reserved.Huawei Technologies Co., Ltd.Address: Huawei Industrial Base Bantian, Longgang Shenzhen 518129, People's Republic of ChinaWebsite: Tel: 4008302118Page 7。