Post on 21-Jan-2021
With the continuous digitalization and cloudification of carrier services, networks play an
important role in carrier operations, and must be protected. Network attackers use various
methods, such as identity spoofing, website Trojan horses, and malware, to initiate network
penetration and attacks, affecting the normal use of carrier networks.
Deploying firewalls on network borders is a common way to protect carrier network security.
However, firewalls can only analyze and block threats based on signatures. This method cannot
effectively handle unknown threats and may deteriorate device performance. This single-point and
passive method does not pre-empt or effectively defend against unknown threat attacks. Threats
hidden in encrypted traffic in particular cannot be effectively identified without breaching user privacy.
Huawei's next-generation firewalls provide the latest capabilities and work with other security
devices to proactively defend against network threats, enhance border detection capabilities,
effectively defend against advanced threats, and resolve performance deterioration problems.
The product provides pattern matching and encryption/decryption service processing
acceleration functions, which greatly improve the firewall ability to process content security
detection and IPSec services.
HUAWEI Eudemon1000E Series Firewalls (Fixed-Configuration)
Product Appearances
Eudemon1000E Series Firewalls (Fixed-Configuration)
Product HighlightsComprehensive and integrated protection• Integrates the traditional firewall,VPN, intrusionprevention,antivirus,data leakprevention,
bandwidthmanagement,URLfiltering,andonlinebehaviormanagementfunctionsall inonedevice.
• Interworkswiththe localorcloudsandboxtoeffectivelydetectunknownthreatsandpreventzero-dayattacks.
• Implementsrefinedbandwidthmanagementbasedonapplicationsandwebsites,preferentiallyforwardskeyservices,andensuresbandwidthforkeyservices.
High performance• Enablespatternmatchingandacceleratesencryption/decryption, improvingtheperformancefor
processingIPS,antivirus,andIPSecservices.
High port density• Thedevicehasmultipletypesofinterfaces,suchas40G,10G,and1Ginterfaces.Servicescanbe
flexiblyexpandedwithoutextrainterfacecards.
DeploymentSmall data center border protection• Firewallsaredeployedategressesofdatacenters,andfunctionsandsystemresourcescanbe
virtualized.Thefirewallhasmultipletypesof interfaces,suchas40G,10G,and1G interfaces.Servicescanbeflexiblyexpandedwithoutextrainterfacecards.
• The12-Gigabit intrusionpreventioncapabilityeffectivelyblocksavarietyofmaliciousattacksanddeliversdifferentiateddefensebasedonvirtualenvironmentrequirementstoguaranteedatasecurity.
• VPNtunnelscanbesetupbetweenfirewallsandmobileworkersandbetweenfirewallsandbranchofficesforsecureandlow-costremoteaccessandmobileworking.
Endpoint access area WAN access area Internet access area
Common services Important services Core services
V-FWV-FW
Data centerEudemon1000E Eudemon1000E
Carrier border protection• Firewallsaredeployedat thenetworkborder.Thebuilt-in trafficprobecanextractpacketsof
encryptedtraffictomonitorthreatsinencryptedtrafficinrealtime.• Thedeceptionfunctionisenabledonthefirewallstoproactivelyrespondtomaliciousscanning
behavior,protectingcarriersagainstthreatsinrealtime.• Thepolicycontrol,datafiltering,andauditfunctionsofthefirewallsareusedtomonitorsocial
networkapplicationstopreventdatabreachandprotectcarriernetworks.
Software Features
Feature Description
IntegratedprotectionIntegrates firewall,VPN, intrusionprevention,antivirus,data leakprevention,bandwidthmanagement,anti-DDoS,URL filtering,andanti-spam functions;providesaglobalconfigurationview;managespoliciesinaunifiedmanner.
Applicationidentificationandcontrol
Identifiesover6000applicationsandsupports theaccesscontrolgranularitydowntoapplicationfunctions;combinesapplication identificationwith intrusiondetection,antivirus,anddata filtering, improvingdetectionperformanceandaccuracy.
Cloud-basedmanagementmode
Initiatesauthenticationandregistrationtothecloud-basedmanagementplatformtoimplementplug-and-playandsimplifynetworkcreationanddeployment.Supportsremoteserviceconfiguration,devicemonitoring,andfaultmanagement,implementingthemanagementofmassdevicesinthecloud.
Cloudapplicationsecurityawareness
Controlscarriercloudapplicationsinarefinedanddifferentiatedmannertomeetcarriers'requirementsforcloudapplicationmanagement.
Feature Description
Intrusionpreventionandwebprotection
Accuratelydetectsanddefendsagainstvulnerability-specificattacksbasedonup-to-datethreat information.Thefirewallcandefendagainstweb-specificattacks,includingSQLinjectionandXSSattacks.
AntivirusRapidlydetectsover5milliontypesofvirusesbasedonthedaily-updatedvirussignaturedatabase.
Dataleakprevention(DLP)
Inspectsfilestoidentifythefiletypes,suchasWORD,EXCEL,POWERPOINT,andPDF,basedonfilecontent,andfiltersthefilecontent.
Bandwidthmanagement
Managesper-user andper-IPbandwidth in addition to identifying serviceapplicationstoensurethenetworkaccessexperienceofkeyservicesandusers.Controlmethodsincludelimitingthemaximumbandwidth,ensuringtheminimumbandwidth,andchangingapplicationforwardingpriorities.
URLfiltering
ProvidesaURLcategorydatabasewithover120millionURLsandacceleratesaccesstospecificcategoriesofwebsites,improvingaccessexperienceofhigh-prioritywebsites.SupportsDNSfiltering,inwhichaccessedwebpagesarefilteredbasedondomainnames.Supports theSafeSearchfunctiontofilter resourcesofsearchengines,suchasGoogle,toguaranteeaccesstoonlyhealthynetworkresources.
Behaviorandcontentaudit
Auditsandtracesthesourcesoftheaccessedcontentbasedonusers.
LoadbalancingSupportsserver loadbalancingand link loadbalancing, fullyutilizingexistingnetworkresources.
Intelligentuplinkselection
Supportsservice-specificPBRand intelligentuplinkselectionbasedonmultipleloadbalancingalgorithms(forexample,basedonbandwidthratioandlinkhealthstatus)inmulti-egressscenarios.
VPNencryptionSupportsmultiplehighlyavailableVPNfeatures, suchas IPSecVPN,SSLVPN,L2TPVPN,MPLSVPN,andGRE,andprovidestheHuawei-proprietaryVPNclientSecoClientforSSLVPN,L2TPVPN,andL2TPoverIPSecVPNremoteaccess.
DSVPNDynamicsmartVPN(DSVPN)establishesVPNtunnelsbetweenbrancheswhosepublicaddressesaredynamicallychanged, reducingthenetworkingandO&Mcostsofthebranches.
SSL-encryptedtrafficdetection
DetectsanddefendsagainstthreatsinSSL-encryptedtrafficusingapplication-layerprotectionmethods,suchasintrusionprevention,antivirus,datafiltering,andURLfiltering.
SSLoffloadingReplacesserverstoimplementSSLencryptionanddecryption,effectivelyreducingserverloadsandimplementingHTTPtrafficloadbalancing.
Anti-DDoSDefendsagainstmorethan10typesofcommonDDoSattacks, includingSYNfloodandUDPfloodattacks.
UserauthenticationSupportsmultipleuserauthenticationmethods,includinglocal,RADIUS,HWTACACS,AD,andLDAP.Thefirewallsupportsbuilt-inPortalandPortalredirectionfunctions.ItcanworkwiththeAgileControllertoimplementmultipleauthenticationmodes.
SecurityvirtualizationSupportsvirtualizationofmultiple typesofsecurityservices, includingfirewall,intrusionprevention,antivirus,andVPN.Userscanseparatelyconductpersonalmanagementonthesamephysicaldevice.
Feature Description
Securitypolicymanagement
Managesandcontrols trafficbasedonVLAN IDs,quintuples, securityzones,regions,applications,URLcategories,andtimeranges,andimplementsintegratedcontentsecuritydetection.Providespredefinedcommon-scenariodefense templates to facilitatesecuritypolicydeployment.Providessecuritypolicymanagementsolutions inpartnershipwithFireMonandAlgoSectoreduceO&Mcostsandpotentialfaults.
Diversifiedreports
Providesvisualizedandmulti-dimensional reportdisplaybyuser,application,content,time,traffic,threat,andURL.
GeneratesnetworksecurityanalysisreportsontheHuaweisecuritycenterplatformtoevaluatethecurrentnetworksecuritystatusandprovideoptimizationsuggestions.
RoutingSupportsmultipletypesofroutingprotocolsandfeatures,suchasRIP,OSPF,BGP,IS-IS,RIPng,OSPFv3,BGP4+,andIPv6IS-IS.
Deploymentandreliability
Supportstransparent,routing,andhybridworkingmodesandhighavailability(HA),includingtheActive/ActiveandActive/Standbymodes.
ModelEudemon1000E-G15
Eudemon1000E-G25
Eudemon1000E-G35
Eudemon1000E-G55
FirewallThroughput1(1518/512/64-byte,UDP)
10/10/10Gbit/s 20/20/20Gbit/s 30/30/30Gbit/s 40/40/38Gbit/s
FirewallLatency(64-byte,UDP) 15µs 15µs 15µs 15µs
ConcurrentSessions(HTTP1.1)1 6,000,000 8,000,000 10,000,000 12,000,000
NewSessions/Second(HTTP1.1)1 200,000 200,000 400,000 400,000
IPsecVPNThroughput1(AES-256+SHA256,1420-byte)
10Gbit/s 20Gbit/s 30Gbit/s 30Gbit/s
SSLInspectionThroughput2 3Gbit/s 3Gbit/s 6Gbit/s 6Gbit/s
ConcurrentSSLVPNUsers(Default/Maximum)
100/2000 100/2000 100/5000 100/5000
SecurityPolicies(Maximum) 40,000 40,000 40,000 40,000
VirtualFirewalls 200 200 500 500
URLFiltering:Categories Morethan130
URLFiltering:URLs Adatabaseofover120millionURLsinthecloud
AutomatedThreatFeedbackandIPSSignatureUpdates
Yes,anindustry-leadingsecuritycenterfromHuawei(http://sec.huawei.com/sec/web/index.do)
SpecificationsSystem Performance and Capacity
1. TheperformanceistestedunderidealconditionsbasedonRFC2544andRFC3511.Theactualresultmayvarywithdeploymentenvironments.
2. SSLinspectionthroughputismeasuredwithIPSenabledandHTTPStrafficusingTLSv1.2withAES128-GCM-SHA256.*SA:indicatesserviceawareness.
ModelEudemon1000E-G15
Eudemon1000E-G25
Eudemon1000E-G35
Eudemon1000E-G55
Third-PartyandOpen-SourceEcosystem
OpenAPIforintegrationwiththird-partyproducts,providingRESTfulandNetConfinterfacesOtherthird-partmanagementsoftwarebasedonSNMP,SSH,andSyslogCo-operationwiththird-partytools,suchasTufin,AlgoSec,andFireMmonCollaborationwithanti-APTsolution
CentralizedManagementCentralizedconfiguration,logging,monitoring,andreportingisperformedbyHuaweieSightandeLog
VLANs(Maximum) 4094
VLANIFInterfaces(Maximum) 1024
ModelEudemon1000E-G15
Eudemon1000E-G25
Eudemon1000E-G35
Eudemon1000E
Dimensions(HxWxD)mm 43.6x442x420
FormFactor/Height 1U
FixedInterface6x10GE(SFP+)+6xGE(SFP)+16xGE
2x40GE(QSFP+)+12x10GE(SFP+)+ 16xGE*
USBPort 1xUSB3.0
Weight(FullConfiguration) 7.6kg
ExternalStorage Optional,SSD(1x2.5inch)supported,240GB/HDD1TB
PowerSupply 100Vto240V
Typicalpowerconsumptionofthemachine
104.5W 136.1W
PowerSupplies OptionaldualACpowersupplies DualACpowersupplies
OperatingEnvironment(Temperature/Humidity)
Temperature:0°Cto45°CHumidity:5%to95%,non-condensing
Non-operatingEnvironmentTemperature:-40°Cto+70°CHumidity:5%to95%,non-condensing
Hardware Specifications
*Some10Gportsand40Gportsaremutuallyexclusive.Theportscanbeconfiguredasfollows:2x40GE(QSFP+)+8x10GE(SFP+)+ 16xGE(RJ45)+1xUSBor1x40GE(QSFP+)+12x10GE(SFP+)+16xGE(RJ45)+1xUSB.
-G55
Product Model Description
Eudemon1000E-G15 Eudemon1000E-G15-ACEudemon1000E-G15ACHost(16*GERJ45+6*GESFP+6*10GESFP+,8GMemory,1ACpower)
Eudemon1000E-G25 Eudemon1000E-G25-ACEudemon1000E-G25ACHost (16*GERJ45+6*GESFP+6*10GESFP+,8GMemory,1ACpower)
Eudemon1000E-G35 Eudemon1000E-G35-ACEudemon1000E-G3-ACHost(16*GERJ45+12*10GESFP++2*40GEQSFP+,16GMemory,2ACpower)
Eudemon1000E-G55 Eudemon1000E-G55-ACEudemon1000E-G55ACHost(16*GERJ45+12*10GESFP++2*40GEQSFP+,16GMemory,2ACpower)
Function License
SSLVPNConcurrentUsers
LIC-EDMLM-SSLVPN-100 QuantityofSSLVPNConcurrentUsers(100Users)
LIC-EDMLM-SSLVPN-200 QuantityofSSLVPNConcurrentUsers(200Users)
LIC-EDMLM-SSLVPN-500 QuantityofSSLVPNConcurrentUsers(500Users)
LIC-EDMLM-SSLVPN-1000 QuantityofSSLVPNConcurrentUsers(1000Users)
LIC-EDMLM-SSLVPN-2000 QuantityofSSLVPNConcurrentUsers(2000Users)
LIC-EDMLM-SSLVPN-5000 QuantityofSSLVPNConcurrentUsers(5000Users)
VirtualFirewall
LIC-EDMLM-VSYS-10 QuantityofVirtualFirewall(10Vsys)
LIC-EDMLM-VSYS-20 QuantityofVirtualFirewall(20Vsys)
LIC-EDMLM-VSYS-50 QuantityofVirtualFirewall(50Vsys)
LIC-EDMLM-VSYS-100 QuantityofVirtualFirewall(100Vsys)
LIC-EDMLM-VSYS-200 QuantityofVirtualFirewall(200Vsys)
LIC-EDMLM-VSYS-500 QuantityofVirtualFirewall(500Vsys)
LIC-EDMLM-01-VSYS EnhancedVirtualFirewallFunction
NGFW License
IPSUpdateService
LIC-E1KE-G15-IPS-1YIPSUpdateServiceSubscribe12Months(AppliestoE1000E-G15)
LIC-E1KE-G15-IPS-3YIPSUpdateServiceSubscribe36Months(AppliestoE1000E-G15)
LIC-E1KE-G25-IPS-1YIPSUpdateServiceSubscribe12Months(AppliestoE1000E-G25)
LIC-E1KE-G25-IPS-3YIPSUpdateServiceSubscribe36Months(AppliestoE1000E-G25)
LIC-E1KE-G35-IPS-1YIPSUpdateServiceSubscribe12Months(AppliestoE1000E-G35)
LIC-E1KE-G35-IPS-3YIPSUpdateServiceSubscribe36Months(AppliestoE1000E-G35)
Ordering Information
Product Model Description
LIC-E1KE-G55-IPS-1YIPSUpdateServiceSubscribe12Months(AppliestoE1000E-G55)
LIC-E1KE-G55-IPS-3YIPSUpdateServiceSubscribe36Months(AppliestoE1000E-G55)
URLFilteringUpdateService
LIC-E1KE-G15-URL-1YIPSUpdateServiceSubscribe12Months(AppliestoE1000E-G15)
LIC-E1KE-G15-URL-3YIPSUpdateServiceSubscribe36Months(AppliestoE1000E-G15)
LIC-E1KE-G25-URL-1YIPSUpdateServiceSubscribe12Months(AppliestoE1000E-G25)
LIC-E1KE-G25-URL-3YIPSUpdateServiceSubscribe36Months(AppliestoE1000E-G25)
LIC-E1KE-G35-URL-1YIPSUpdateServiceSubscribe12Months(AppliestoE1000E-G35)
LIC-E1KE-G35-URL-3YIPSUpdateServiceSubscribe36Months(AppliestoE1000E-G35)
LIC-E1KE-G55-URL-1YIPSUpdateServiceSubscribe12Months(AppliestoE1000E-G55)
LIC-E1KE-G55-URL-3YIPSUpdateServiceSubscribe36Months(AppliestoE1000E-G55)
AntivirusUpdateService
LIC-E1KE-G15-AV-1YAVUpdateServiceSubscribe12Months(AppliestoE1000E-G15)
LIC-E1KE-G15-AV-3YAVUpdateServiceSubscribe36Months(AppliestoE1000E-G15)
LIC-E1KE-G25-AV-1YAVUpdateServiceSubscribe12Months(AppliestoE1000E-G25)
LIC-E1KE-G25-AV-3YAVUpdateServiceSubscribe36Months(AppliestoE1000E-G25)
LIC-E1KE-G35-AV-1YAVUpdateServiceSubscribe12Months(AppliestoE1000E-G35)
LIC-E1KE-G35-AV-3YAVUpdateServiceSubscribe36Months(AppliestoE1000E-G35)
LIC-E1KE-G55-AV-1YAVUpdateServiceSubscribe12Months(AppliestoE1000E-G55)
LIC-E1KE-G55-AV-3YAVUpdateServiceSubscribe36Months(AppliestoE1000E-G55)
ThreatProtectionBundle(IPS,AV,URL)
LIC-E1KE-G15-TP-1Y-OVSThreatProtectionSubscription12Months(AppliestoE1000E-G15)
LIC-E1KE-G15-TP-3Y-OVSThreatProtectionSubscription36Months(AppliestoE1000E-G15)
Product Model Description
LIC-E1KE-G25-TP-1Y-OVSThreatProtectionSubscription12Months(AppliestoE1000E-G25)
LIC-E1KE-G25-TP-3Y-OVSThreatProtectionSubscription36Months(AppliestoE1000E-G25)
LIC-E1KE-G35-TP-1Y-OVSThreatProtectionSubscription12Months(AppliestoE1000E-G35)
LIC-E1KE-G35-TP-3Y-OVSThreatProtectionSubscription36Months(AppliestoE1000E-G35)
LIC-E1KE-G55-TP-1Y-OVSThreatProtectionSubscription12Months(AppliestoE1000E-G55)
LIC-E1KE-G55-TP-3Y-OVSThreatProtectionSubscription36Months(AppliestoE1000E-G55)
FlowProbe
LIC-E1KE-G15-FP FlowProbeFunction(AppliestoE1000E-G15)
LIC-E1KE-G25-FP FlowProbeFunction(AppliestoE1000E-G25)
LIC-E1KE-G35-FP FlowProbeFunction(AppliestoE1000E-G35)
LIC-E1KE-G55-FP FlowProbeFunction(AppliestoE1000E-G55)
GENERAL DISCLAIMERThe information in this document may contain predictive statement including, without limitation, statements regarding the future financial and operating results, future product portfolios, new technologies, etc. There are a number of factors that could cause actual results and developments to differ materially from those expressed or implied in the predictive statements. Therefore, such information is provided for reference purpose only and constitutes neither an offer nor an acceptance. Huawei may change the information at any time without notice.Copyright © 2020 HUAWEI TECHNOLOGIES CO., LTD. All Rights Reserved.