华为USG6300系列下一代防火墙规格清单(渠道版)
- 格式:pdf
- 大小:211.09 KB
- 文档页数:2
OverviewWith the continuous digitalization and cloudification of enterprise services, networks play an important role in enterprise operations, and must be protected. Network attackers use various methods, such as identity spoofing, website Trojan horses, and malware, to initiate network penetration and attacks, affecting the normal use of enterprise networks.Deploying firewalls on network borders is a common way to protect enterprise network security. However, firewalls can only analyze and block threats based on signatures. This method cannot effectively handle unknown threats and may deteriorate device performance. This single-point and passive method does not pre-empt or effectively defend against unknown threat attacks. Threats hidden in encrypted traffic in particular cannot be effectively identified without breaching user privacy.Huawei's next-generation firewalls provide the latest capabilities and work with other security devices to proactively defend against network threats, enhance border detection capabilities, effectively defend against advanced threats, and resolve performance deterioration problems. The network processing chip provides pattern matching and encryption/decryption service processing acceleration functions, which greatly improve the firewalls ability to process content security detection and IPSec services.Huawei USG6515E/USG6550E/USG6560E/USG6580E Next-Generation FirewallsProduct HighlightsComprehensive and integrated protection•Integrates the traditional firewall, VPN, intrusion prevention, antivirus, data leak prevention, bandwidth management, URL filtering, and online behavior management functions all in one device.•Interworks with the local or cloud sandbox to effectively detect unknown threats and prevent zero-day attacks.DeploymentCloud-based management•Firewalls proactively register with and quickly incorporated into the cloud management platform to implement quick device deployment without manual attendance.•Remote service configuration management, device monitoring, and fault management are used to implement cloud-based management of mass devices and simplify O&M.Enterprise border protection•Firewalls are deployed at the network border. The built-in traffic probe extracts packets of encrypted traffic and sends the packets to the CIS, a big data analysis platform. In this way, threats in encrypted traffic are monitored in real time. The deception function in enabled on the firewalls to proactively respond to malicious scanning behavior and associate with the CIS for behavior analysis to quickly detect and record malicious behavior, protecting enterprise against threats in real time.USG6515E/USG6550E/USG6560E/USG6580EHUAWEI TECHNOLOGIES CO., LTD.•Implements refined bandwidth management based on applications and websites, preferentially forwards key services, and ensures bandwidth for key services.More comprehensive defense•The built-in traffic probe of a firewall extracts traffic information and reports it to the CIS, a security big data analysis platform developed by Huawei. The CIS analyzes threats in the traffic, without decrypting the traffic or compromising the device performance. The threat identification rate is higher than 90%.•The deception system proactively responds to hacker scanning behavior and quickly detects and records malicious behavior, facilitating forensics and source tracing.High performance•Uses the network processing chip based on the ARM architecture, improving forwarding performance significantly.•Enables chip-level pattern matching and accelerates encryption/decryption, improving the performance for processing IPS, antivirus, and IPSec services.Specifications1. The performance is tested under ideal conditions based on RFC2544, 3511. The actual result may vary with deployment environments.2. Antivirus, IPS, and SA performances are measured using 100 KB HTTP files.3. Full protection throughput is measured with Firewall, SA, IPS, Antivirus and URL Filtering enabled. Antivirus, IPS and SA performances are measured using 100 KB HTTP files.4. SSL inspection throughput is measured with IPS enabled and HTTPS traffic using TLS v1.2 with AES128-GCM-SHA256.5. SSL VPN throughput is measured using TLS v1.2 with AES128-SHA.*SA: Service Awareness.About This PublicationThis publication is for reference only and does not constitute any commitments or guarantees. All trademarks, pictures, logos, and brands mentioned in this document are the property of Huawei Technologies Co., Ltd. or a third party.Copyright©2019 Huawei Technologies Co., Ltd. All rights reserved.System Performance and Capacity。
Huawei USG6370/6380/6390 next-generation firewalls provide high-performance security protection for medium-sized businesses and branch offices with 800 to 1500 users. The firewalls provide VPN, intrusion prevention, and antivirus functions, and can ensure high performance even when multiple security functions are enabled. With comprehensive application control and advanced threat prevention, the firewalls provide cost-effective and all-around security protection for users.HighlightsComprehensive and integrated protection• Multiple security functions, including firewall, VPN, intrusion prevention, and online behavior management,for complete versatility.• Accurately identify more than 6000 applications to deliver fine-grained access control and improve thequality of key services.• Detection and prevention of unknown threats, such as zero-day attacks, using sandboxing and thereputation system*.Simple security management• Predefined common-scenario defense templates to facilitate security policy deployment.• Automatically generate policy-tuning suggestions based on risks in network traffic and applications inaccordance with the least privilege principle.• Intelligent detection of redundant and invalid policies.Third-party proven security capability• Obtained Firewall, IPS, IPsec, and SSL VPN certifications from the ICSA Labs.•Obtained the highest-level CC certificate (EAL4+), ranking among the highest security levels in the world.HUAWEI USG6370/6380/6390 Next-Generation Firewalls---Comprehensive Protection for Medium-Sized BusinessesIntelligent link selection for Internet access• Select the optimal egress based on services, applications, bandwidth, ISPs, and link priorities to fully utilize link resources, improve Internet access experience, and reduce bandwidth settlement fees.• Detect link and tunnel quality in real time and intelligently adjust traffic distribution based on detection results to improve service quality and stability.• Create a predefined ISP address library, from which the optimal Internet access link is selected to ensurea quality Internet access experience.DeploymentIntranet Control and Security Isolation for medium-sized businesses• F irewalls are deployed on the Internet egress and between enterprise departments to protect medium-sized businesses. The firewalls use firewall policy control, data filtering, and audit functions to monitor social network applications, prevent data leaks, and protect the enterprise network.• Intrusion prevention is enabled on the firewall deployed on the Internet egress for real-time application-layer threat prevention.• T he firewall provides refined bandwidth management based on applications and website categories to prioritize bandwidth for mission-critical services.• T he firewall manages online user behavior based on URL categories and applications to block access to infected websites and websites irrelevant to work.HardwareUSG6370/6380/6390Interfaces1. 2 x USB Ports2. Console Port3. 1 x GE (RJ45) Management Port4. 8 x GE (RJ45) Ports5. 4 x GE (SFP) PortsTable 1. Wide Service Interface Cards (WSICs) for USG6300 SeriesSoftware Features1: I f no hard disk is inserted, you can view and export system and service logs. By inserting a hard disk, you can also view, export, customize, and subscribe to reports.Functions marked with * are supported only in USG V500R001 and later versions.Specifications *System Performance and Capacity1. P erformance is tested under ideal conditions based on RFC 2544 and RFC 3511. The actual result may vary with deployment environments.2. Antivirus, IPS, and SA performances are measured using 100 KB of HTTP files.3. Throughput is measured with the Enterprise Traffic Model.4. SSL inspection throughput is measured with IPS-enabled and HTTPS traffic using TLS v1.2 with AES256-SHA.5. SSL VPN throughput is measured using TLS v1.2 with AES128-SHA.6. USG6000 V100R001 supports only the RESTCONF interface and cannot interwork with sandbox or third-party tools.* SA indicates Service Awareness.* This content is applicable only to regions outside mainland China. Huawei reserves the right to interpret this content. Hardware Specifications*WISC is not hot-swappable.CertificationsRegulatory, Safety, and EMC ComplianceOrdering GuideAbout This PublicationThis publication is for reference only and does not constitute any commitments or guarantees. All trademarks, pictures, logos, and brands mentioned in this document are the property of Huawei Technologies Co., Ltd. or a third party.For more information, visit /en/products/enterprise-networking/security.Copyright©2018 Huawei Technologies Co., Ltd. All rights reserved.。
华为HiSecEngine USG6300E系列AI防火墙(桌面型)华为HiSecEngine USG6307E/USG6311E/USG6331E是为小型企业、行业分支、连锁商业机构设计开发的新一代桌面型防火墙设备。
除了传统防火墙管理模式,还支持云管模式。
云管模式为大量分支机构安全接入网络提供了即插即用、业务配置自动化、运维自动化可视化和网络大数据分析等优势。
自研网络处理芯片提供模式匹配以及加解密业务处理加速能力,使得防火墙处理内容安全检测、IPSec等业务的性能显著提升。
产品图华为HiSecEngine USG6300E系列AI防火墙(桌面型)华为HiSecEngine USG6300E 系列AI 防火墙(桌面型)5-2自主创“芯”HiSecEngine USG6300E 系列AI 防火墙使用华为自研安全芯片,内置转发、加密、模式匹配三大协处理引擎,有效将小包转发性能,IPS 、AV 业务性能以及IPSec 业务性能提升2倍。
内置华为自研AI 芯片,具备8TOPS 16位浮点数算力,有效支撑高级威胁防御模型加速。
“智”能防御HiSecEngine USG6300E 系列AI 防火墙内置NGE 、CDE 威胁防御引擎。
NGE 作为NGFW 检测引擎,提供IPS 、反病毒和URL 过滤等内容安全相关的功能,有效保证内网服务器和用户免受威胁的侵害。
产品亮点“芯”能防御运维全新自研CDE (Content-based Detection Engine )病毒检测引擎,用AI 重新定义恶意文件检测。
提供数据深度分析,暴露威胁的细节,快速检测恶意文件,有效提高威胁检出率,构建“普惠式”AI ,帮助客户做到更全面的网络风险评估,有效应对攻击链上的网络威胁,真正实现攻击防御“智”能化。
极“简”运维融合云管理方案,即插即用,实现极速简易开局。
安全控制器组件化融入AC-Campus ,实现统一管理,策略下发,有效提升防火墙运维管理。
华为HiSecEngine USG6300E系列AI防火墙(桌面型)华为HiSecEngine USG6307E/USG6311E/USG6331E是为小型企业、行业分支、连锁商业机构设计开发的新一代桌面型防火墙设备。
除了传统防火墙管理模式,还支持云管模式。
云管模式为大量分支机构安全接入网络提供了即插即用、业务配置自动化、运维自动化可视化和网络大数据分析等优势。
自研网络处理芯片提供模式匹配以及加解密业务处理加速能力,使得防火墙处理内容安全检测、IPSec等业务的性能显著提升。
产品图华为HiSecEngine USG6300E系列AI防火墙(桌面型)华为HiSecEngine USG6300E 系列AI 防火墙(桌面型)5-2自主创“芯”HiSecEngine USG6300E 系列AI 防火墙使用华为自研安全芯片,内置转发、加密、模式匹配三大协处理引擎,有效将小包转发性能,IPS 、AV 业务性能以及IPSec 业务性能提升2倍。
内置华为自研AI 芯片,具备8TOPS 16位浮点数算力,有效支撑高级威胁防御模型加速。
“智”能防御HiSecEngine USG6300E 系列AI 防火墙内置NGE 、CDE 威胁防御引擎。
NGE 作为NGFW 检测引擎,提供IPS 、反病毒和URL 过滤等内容安全相关的功能,有效保证内网服务器和用户免受威胁的侵害。
产品亮点“芯”能防御运维全新自研CDE (Content-based Detection Engine )病毒检测引擎,用AI 重新定义恶意文件检测。
提供数据深度分析,暴露威胁的细节,快速检测恶意文件,有效提高威胁检出率,构建“普惠式”AI ,帮助客户做到更全面的网络风险评估,有效应对攻击链上的网络威胁,真正实现攻击防御“智”能化。
极“简”运维融合云管理方案,即插即用,实现极速简易开局。
安全控制器组件化融入AC-Campus ,实现统一管理,策略下发,有效提升防火墙运维管理。
华为USG6000系列下一代防火墙详细性能参数表能,与Agile Controller配合可以实现微信认证。
应用安全●6000+应用协议识别、识别粒度细化到具体动作,自定义协议类型,可与阻断、限流、审计、统计等多种手段自由结合在线协议库升级。
注:USG6320可识别1600+应用。
●应用识别与病毒扫描结合,发现隐藏于应用中的病毒,木马和恶意软件,可检出超过500多万种病毒。
●应用识别与内容检测结合,发现应用中的文件类型和敏感信息,防范敏感信息泄露。
入侵防御●基于特征检测,支持超过3500漏洞特征的攻击检测和防御。
●基于协议检测,支持协议自识别,基于协议异常检测。
●支持自定义IPS签名。
APT防御与沙箱联动,对恶意文件进行检测和阻断。
Web安全●基于云的URL分类过滤,支持8500万URL库,80+分类。
●提供专业的安全URL分类,包括钓鱼网站库分类和恶意URL库分类。
●基于Web的防攻击支持,如跨站脚本攻击、SQL注入攻击。
●提供URL关键字过滤,和URL黑白名单。
邮件安全●实时反垃圾邮件功能,在线检测,防范钓鱼邮件。
●本地黑、白名单,远程实时黑名单、内容过滤、关键字过滤、附件类型、大小、数量。
●支持对邮件附件进行病毒检查和安全性提醒。
数据安全●基于内容感知数据防泄露,对邮件,HTTP,FTP,IM、SNS等传输的文件和文本内容进行识别过滤。
●20+文件还原和内容过滤,如Word、Excel、PPT、PDF等),60+文件类型过滤。
安全虚拟化安全全特性虚拟化,转发虚拟化、用户虚拟化、管理虚拟化、视图虚拟化、资源虚拟化(带宽、会话等)。
网络安全●DDoS攻击防护,防范多种类型DDoS攻击,如SYN flood、UDP flood、ICMP flood、HTTP flood、DNS flood、ARP flood和ARP欺骗等。
●丰富的VPN特性,IPSec VPN、SSL VPN、L2TP VPN、MPLS VPN、GRE等。
1.华为 NIP 报价模块有哪些?整体框架、防病毒、知识库2.华为的 SDN 对应华三的 VCF 控制器、 VNF Manager 虚构网络功能管理软件3.CE12800E产品型号有哪些? CE12804E、CE12808E、CE12816E。
4.S7706 支持 CSS2?错— S7710 才支持 CSS25.支持 WI-FI 的路由器有哪些?(针对 1220)-- 选择后缀带 w 的。
6.支持 POE out 的 AP 有: BA.AP4050DNB.AP4050DN-HDC.AP4030TND.AP20507.华为园区收费方式支持:准时长、按流量、 DAA、按 IP。
8.VXLAN 支持的 VLAN 隔绝数目有: 4096× 4096。
9. 12700 支持 2M FIB?判断:正确。
实质支持3M FIB。
10.华为 CE6875 支持堆叠数目: 9 台。
11.华为 S12700 随板 AC 支持 AP 数目: 4K。
12.AC6800V(云端 AC)支持 10K AP?判断13.AP8030 为内置防雷, AP8031 为外置防雷?判断:?14.AP8052 防备等级: IP68.15.华为公司防火墙有哪些? BCDEA. 6100B.6300C. 6500D. 6600E. 950016.AntiDDoS 能够防备 DNS?判断:正确。
17.应用层 AntiDDoS 占 AntiDDoS 比率? 0.7.18.S1724G 支持能效以太网(判断)错误。
19. NIP 系列产品: 6300 系列、 6600 系列。
20.NGFW 防火墙支持硬盘: 300G、600G、1200G。
21.哪款路由器用于 ICT 交融场景? BA.AR110B.AR511C.AR531D.AR1220C22.华为 AR 有哪些物联网接口?(多项选择) ABCDA.Hi-PLCB.ZigbeeC.RS485D.6LoWPAN23.AP7052 支持蓝牙技术和物联网扩展(判断)正确24.哪些产品支持 wave2 技术(多项选择) ABCA.AP4050DNB.AP4050DN-HDC.AP2050DND.AP4030TN25. 哪些产品支持 SVF Client? BDA.S5720SIB.S5720EIC.S5700EID.S2750EI26.S5720-S 只支持 RIP协议(判断)错误27.VXLAN 支持哪些部署场景? ABCDA.纯硬件(集中式)B.纯硬件(散布式)C.软件部署D.混淆部署28.华为 NIP 能防备哪些设施(多项选择) ABCDA.服务器B.客户端C.网络基础设施D.网络带宽29. AntiDDoS 部署方式有哪些? ABDA.直路部署B.旁路动向引流C.混淆部署D.旁路静态引流30.S7706 能够支持 6 块 ACU2 板卡?(判断)错误31.S7706 哪些特征需要 license(多项选择) ABDA.MPLSB.NQAstreamD.IPV632.AP8X82 是华为第一款室外蓝牙产品(判断)正确33.S12516X 支持前后风道设计(判断)正确34.防火墙应用处景(多项选择) ABCDA.公司内网管控B.数据中心隔绝C.互联网分支D.公司出口35. 华为 USG6650/USG6660 支持几个扩展插槽?(单项选择) DA.2B.3C.5D.636.华为防火墙相关于 h3c 防火墙,有哪些优势(多项选择) CDA.硬盘可扩展B.电口数目C.万兆光口D.插槽可扩展37.华为 AP 产品与 H3C 产品比,有哪些优势(多项选择)AB A.2.5G 产品样式多 B.华为 POE++ 支持 200 米供电38.X2S 板卡整体支持 4K AP(判断)正确39.AR2240C 支持双主控双电源(判断)错误40.华为 S6700 支持多少台堆叠? 9 台41.华为 AP8030 防备等级(单项选择) IP6842.S7706 板卡支持哪些认证(多项选择) ABCDA.MacB.PPPOE D.Portal43.S7706 互换机上的 NGFW/IPS 板卡 USB 接口作用(单项选择) AA.升级系统软件B.升级知识库C.连结鼠标键盘44.华为的业务随行特征,是由哪个层面管理的?(单项选择)A A.业务层面 B.物理层面 C.安全层面45.新主控 SRUH可提高 S7706 槽位带宽最大多少 Gbps?(单项选择) CA.120GB.240GC.320GD.480G46.R230D/R240D 支持面板、挂墙、吸顶安装(判断)正确47. AC6605 支持管理 1024AP,也就是说能够管理1024 个 AD9430(判断)错误48. AP4050DN-HD 对比于 AP4030DN 有哪些优势?(多项选择) ABCA.感知随身B.SFN遨游C.增添吞吐量、穿墙、距离、覆盖范围49.CE12800E只有一个网板(判断)错误50.防火墙 /路由器的接口能当互换业务使用。