Σειρά Huawei HiSecEngine AntiDDoS12000 σύστημα anti-DDoS

AntiDDoS12000

Σειρά AntiDDoS12000 σύστημα anti-DDoS

Το Huawei HiSecEngine AntiDDoS12000 παρέχει μέχρι και 2T+ δυνατότητες ασφαλείας και επέκταση υπηρεσιών, ιδανικό για heavy-traffic επιθέσεις DDoS. Επιπλέον μπορεί να αντιμετωπίσει δεκάδες επιθέσεις σε μόλις μερικά δευτερόλεπτα, εξασφαλίζοντας τη συνεχή λειτουργία υπηρεσιών.

Εξαιρετική Απόδοση

Έχει αναπτυχθεί πάνω σε κορυφαία αρχιτεκτονική hardware, ένα μόνο single HiSecEngine AntiDDoS12000 παρέχει δυνατότητα προστασίας 2.4Tbps DDoS από επίθεση, η υψηλότερη της βιομηχανίας.
Γρήγορη απόκριση

Το προϊόν μπορεί να ανταπροκριθεί σε νέους τύπους επιθέσεων DDoS μέσα σε μερικά δευτερόλεπτα.
Άμυνα

Εξαιρετική άμυνα ενάντια σε δεκάδες τύπους επιθέσεων DDoS.

Προδιαγραφές

Model	AntiDDoS12004	AntiDDoS12008
Max Defense Throughput	400 Gbps	2.4 Tbps
Max Defense Packet Rate	300 Mpps	900 Mpps
Expansion Slots	4	8
Expansion Interfaces	24-port 10GBase-SFP+ + 2-port 40G/100GBase-QSFP28 48-port 10GBase-SFP+	24-port 10GBase-SFP+ + 2-port 40G/100GBase-QSFP28 48-port 10GBase-SFP+ 18-port 40G/100GBase-QSFP28
Dimensions (H x W x D)	438 mm ×442 mm ×874 mm (9.8U)	703 mm x 442 mm ×874 mm (15.8U)
DDoS Defense Specifications	Defense against malformed-packet attacks Defense against LAND, Fraggle, Smurf, WinNuke, Ping of Death, Teardrop, and TCP error flag attacks Defense against scanning and sniffing attacks Defense against port scan and IP sweep attacks, and attacks using Tracert packets and IP options, such as IP source route, IP timestamp, and IP route record options Defense against network-layer flood attacks Defense against common network-layer flood attacks, such as SYN flood, SYN-ACK flood, ACK flood, FIN flood, RST flood, TCP Fragment flood, TCP Malformed flood, UDP flood, UDP Malformed, UDP Fragment flood, IP flood, ICMP Fragment flood and ICMP flood attacks, sweeping segment flooding, and pulse-wave attacks Defense against session-layer attacks Defense against common session-layer attacks, such as real-source SYN flood, real-source ACK flood, TCP connection exhaustion, sockstress, and TCP null connection attacks Defense against UDP reflection attacks Static rules for filtering common UDP amplification attacks, such as NTP, DNS, SSDP, CLDAP, Memcached, Chargen, SNMP and WSD Dynamic generation of filtering rules to defend against new UDP amplification attacks Defense against TCP reflection attacks Static filtering rules that are created based on network-layer characteristics TCP reflection attack filtering rules that are dynamically generated Defense against TCP replay attacks Static filtering rules that are created based on network-layer characteristics TCP replay attack filtering rules that are dynamically generated Defense against application-layer attacks (HTTP) Defense against high-frequency application-layer attacks (HTTP and HTTP CC attacks) based on behavior analysis Defense against low-frequency application-layer attacks (HTTP and HTTP CC attacks) based on machine learning Defense against slow-rate HTTP attacks based on behavior analysis, including HTTP slow header, HTTP slow post, RUDY, LOIC, HTTP multi-methods, HTTP Range request amplification, and HTTP null connection attacks Defense against HTTPS/TLS encrypted application-layer attacks Defense against high-frequency HTTPS/TLS encrypted attacks Defense against slow-rate incomplete TLS session and null connection attacks Defense against application-layer attacks (DNS) Defense against DNS Malformed, DNS query flood, NXDomain flood, DNS reply flood, and DNS cache poisoning attacks Source-based rate limiting and domain name–based rate limiting Defense against application-layer attacks (SIP) Defense against SIP flood/SIP methods flood attacks, including Register, Deregistration, Authentication, and Call flood attacks Source-based rate limiting User-defined filtering rules User-defined filtering rules for local software and hardware, as well as BGP FlowSpec rules for remote filtering. The fields can be customized, including source/destination IP address, packet length, IP protocol, IP payload, source/destination port, TCP flag bit, TCP payload, UDP payload, ICMP payload, DNS domain name, HTTP URI, HTTP field user-agent, as well as caller and callee in the SIP protocol. Dual-stack defense IPv4/IPv6 dual-stack defense against DDoS attacks Automatic tuning of defense policies Attack traffic snapshot, defense effect evaluation, and automatic tuning of defense policies Automatic attack evidence collection Baseline learning Support for dynamic traffic baseline learning and learning period configuration Packet capture-based evidence collection Automatic packet capture based on attack events and user-defined ACLs for packet capture Online parsing and analysis, source tracing, and local analysis after downloading for captured packets

View Full Specs

Model	AntiDDoS12004-F	AntiDDoS12008-F
Max Defense Throughput	300 Gbps	600 Gbps
Max Defense Packet Rate	200 Mpps	400 Mpps
Slots of Main Control Unit	2
Main Control Unit	Supports 1100GE QSFP28/240GE QSFP+/425G SFP28/810G SFP+ ports
Expansion Slots	4	8
Expansion Interfaces	2 x 40G/100GBase-QSFP28 + 12 x 100M/1G/10GBase-SFP+ 24 x FE/1G/10GBase-SFP+
Dimensions (H x W x D)	352.8mm x 442mm x 515.5mm (8U)	575mm x 442mm x 515.5mm (13U)
DDoS Defense Specifications	Defense against malformed-packet attacks Defense against LAND, Fraggle, Smurf, WinNuke, Ping of Death, Teardrop, and TCP error flag attacks Defense against scanning and sniffing attacks Defense against port scan and IP sweep attacks, and attacks using Tracert packets and IP options, such as IP source route, IP timestamp, and IP route record options Defense against network-layer flood attacks Defense against common network-layer flood attacks, such as SYN flood, SYN-ACK flood, ACK flood, FIN flood, RST flood, TCP Fragment flood, TCP Malformed flood, UDP flood, UDP Malformed, UDP Fragment flood, IP flood, ICMP Fragment flood and ICMP flood attacks, sweeping segment flooding, and pulse-wave attacks Defense against session-layer attacks Defense against common session-layer attacks, such as real-source SYN flood, real-source ACK flood, TCP connection exhaustion, sockstress, and TCP null connection attacks Defense against UDP reflection attacks Static rules for filtering common UDP amplification attacks, such as NTP, DNS, SSDP, CLDAP, Memcached, Chargen, SNMP and WSD Dynamic generation of filtering rules to defend against new UDP amplification attacks Defense against TCP reflection attacks Static filtering rules that are created based on network-layer characteristics TCP reflection attack filtering rules that are dynamically generated Defense against TCP replay attacks Static filtering rules that are created based on network-layer characteristics TCP replay attack filtering rules that are dynamically generated Defense against application-layer attacks (HTTP) Defense against high-frequency application-layer attacks (HTTP and HTTP CC attacks) based on behavior analysis Defense against low-frequency application-layer attacks (HTTP and HTTP CC attacks) based on machine learning Defense against slow-rate HTTP attacks based on behavior analysis, including HTTP slow header, HTTP slow post, RUDY, LOIC, HTTP multi-methods, HTTP Range request amplification, and HTTP null connection attacks Defense against HTTPS/TLS encrypted application-layer attacks Defense against high-frequency HTTPS/TLS encrypted attacks Defense against slow-rate incomplete TLS session and null connection attacks Defense against application-layer attacks (DNS) Defense against DNS Malformed, DNS query flood, NXDomain flood, DNS reply flood, and DNS cache poisoning attacks Source-based rate limiting and domain name–based rate limiting Defense against application-layer attacks (SIP) Defense against SIP flood/SIP methods flood attacks, including Register, Deregistration, Authentication, and Call flood attacks Source-based rate limiting User-defined filtering rules User-defined filtering rules for local software and hardware, as well as BGP FlowSpec rules for remote filtering. The fields can be customized, including source/destination IP address, packet length, IP protocol, IP payload, source/destination port, TCP flag bit, TCP payload, UDP payload, ICMP payload, DNS domain name, HTTP URI, HTTP field user-agent, as well as caller and callee in the SIP protocol. Dual-stack defense IPv4/IPv6 dual-stack defense against DDoS attacks Automatic tuning of defense policies Attack traffic snapshot, defense effect evaluation, and automatic tuning of defense policies Automatic attack evidence collection Baseline learning Support for dynamic traffic baseline learning and learning period configuration Packet capture-based evidence collection Automatic packet capture based on attack events and user-defined ACLs for packet capture Online parsing and analysis, source tracing, and local analysis after downloading for captured packets

View Full Specs

Ας Μιλήσουμε

Για τους Συνεργάτες

Εάν είστε ήδη Συνεργάτης, παρακαλώ πατήστε εδώ ώστε να λάβετε περισσότερο υλικό μάρκετινγκ.
Πατήστε εδώ να επισκεφθείτε τη περιοχή Συνεργατών και να δείτε την κατάσταση αιτημάτων, τη διαχείριση παραγγελιών, να λάβετε υποστήριξη ή να μάθετε περισσότερα για τους Συνεργάτες της Huawei.

Login

Σειρά Huawei HiSecEngine AntiDDoS12000
σύστημα anti-DDoS

Σειρά AntiDDoS12000 σύστημα anti-DDoS

Προδιαγραφές

Ενημερωτικό Υλικό

Ας Μιλήσουμε

Για τους Συνεργάτες