||Integrates firewall, VPN, intrusion prevention, antivirus, data leak prevention, bandwidth management, anti-DDoS, URL filtering, and anti-spam functions.
Provides a global configuration view, and manages policies in a unified manner.
|Application Identification and Control
||Identifies over 6,000 applications and supports the access control granularity down to application functions. The firewall combines application identification with intrusion detection, antivirus, and data filtering, improving detection performance and accuracy.
|Cloud-Based Management Mode
||The firewall initiates authentication and registration to the cloud management platform to implement plug-and-play and simplify network creation and deployment.
Service configuration, device monitoring, and fault management can be performed remotely, implementing the management of mass devices in the cloud.
|Cloud Application Security Awareness
||Controls enterprise cloud applications in a refined and differentiated manner to meet enterprises’ requirements for cloud application management.
|Intrusion Prevention and Web Protection
||Accurately detects and defends against vulnerability-specific attacks based on up-to-date threat information. The firewall can defend against web-specific attacks, including SQL injection and XSS attacks.
||Rapidly detects over 5 million types of viruses based on the daily-updated virus signature database.
||Collaborates with the local or cloud sandbox to detect and block malicious files.
Supports the flow probe information collection function to collect traffic information and send the collected information to the Cybersecurity Intelligence System (CIS) for analysis, evaluation, and identification of threats and APT attacks.
Encrypted traffic does not need to be decrypted. The firewall can work with the CIS to detect threats in encrypted traffic.
The firewall can proactively respond to malicious scanning behavior and work with the CIS to analyze behavior, quickly detect and record malicious behavior, and protect enterprises against threats in real time.
|Data Leak Prevention (DLP)
||Inspects files to identify the file types, such as Word, Excel, PowerPoint, and PDF, based on file content, and filters the file content.
||Manages per-user and per-IP bandwidth in addition to identifying service applications to ensure the network access experience of key services and users. Control methods include limiting the maximum bandwidth, ensuring the minimum bandwidth, and changing application forwarding priorities.
||Provides a URL category database with over 120 million URLs and accelerates access to specific categories of websites, improving access experience of high-priority websites.
Supports DNS filtering, in which accessed web pages are filtered based on domain names.
Supports the SafeSearch function to filter resources of search engines, such as Google, to guarantee access to only healthy network resources.
|Behavior and Content Audit
||Audits and traces the sources of the accessed content based on users.
||Supports server load-balancing and link load-balancing, fully utilizing existing network resources.
|Intelligent Uplink Selection
||Supports service-specific PBR and intelligent uplink selection based on multiple load-balancing algorithms (for example, based on bandwidth ratio and link health status) in multi-egress scenarios.
||Supports multiple highly available VPN features, such as IPSec VPN, SSL VPN, L2TP VPN, MPLS VPN, and GRE, and provides the Huawei-developed VPN client SecoClient for SSL VPN, L2TP VPN, and L2TP over IPSec VPN remote access.
||Dynamic Smart VPN (DSVPN) establishes VPN tunnels between branches whose public addresses are dynamically changed, reducing the networking and O&M costs of the branches.
|SSL-Encrypted Traffic Detection
||Detects and defends against threats in SSL-encrypted traffic using application-layer protection methods, such as intrusion prevention, antivirus, data filtering, and URL filtering.
||Replaces servers to implement SSL encryption and decryption, effectively reducing server loads and implementing HTTP traffic load-balancing.
||Defends against more than 10 types of common DDoS attacks, including SYN flood and UDP flood attacks.
||Supports multiple user authentication methods, including local, RADIUS, HWTACACS, AD, and LDAP. The firewall supports built-in Portal and Portal redirection functions. It can work with the Agile Controller to implement multiple authentication modes.
||Supports virtualization of multiple types of security services, including firewall, intrusion prevention, antivirus, and VPN. Users can separately conduct personal management on the same physical device.
|Security Policy Management
||Manages and controls traffic based on VLAN IDs, quintuples, security zones, regions, applications, URL categories, and time ranges, and implements integrated content security detection.
Provides predefined common-scenario defense templates to facilitate security policy deployment.
Provides security policy management solutions in partnership with FireMon and AlgoSec to reduce O&M costs and potential faults.
||Provides visualized and multi-dimensional report display by user, application, content, time, traffic, threat, and URL.
|Generates network security analysis reports on the Huawei security center platform to evaluate the current network security status and provide optimization suggestions.
||Supports multiple types of routing protocols and features, such as RIP, OSPF, BGP, IS-IS, RIPng, OSPFv3, BGP4+, and IPv6 IS-IS.
|Deployment and Reliability
||Supports transparent, routing, and hybrid working modes and High Availability (HA), including the Active/Active and Active/Standby modes.