Запити
AntiDDoS12000
Huawei HiSecEngine AntiDDoS12000 provides up to 2T+ security protection performance and service expansion capabilities, ideal for mitigating heavy-traffic DDoS attacks. It can also effectively defend against and block hundreds of complex attacks in seconds or even milliseconds, ensuring customers' service continuity.
Built on the industry-leading hardware architecture, a single HiSecEngine AntiDDoS12000 delivers a 2.4Tbps DDoS attack protection capability, which is the highest in the industry.
The product can effectively respond to new types of DDoS attacks within seconds or even milliseconds, which is the fastest in the industry.
With full traffic collection and per-packet analysis capabilities, the product provides accurate defense against hundreds types of DDoS attacks.
| Model | AntiDDoS12004 | AntiDDoS12008 |
| Max Defense Throughput | 400 Gbps | 2.4 Tbps |
| Max Defense Packet Rate | 300 Mpps | 900 Mpps |
| Expansion Slots | 4 | 8 |
| Expansion Interfaces | 24-port 10GBase-SFP+ + 2-port 40G/100GBase-QSFP28 48-port 10GBase-SFP+ |
24-port 10GBase-SFP+ + 2-port 40G/100GBase-QSFP28 48-port 10GBase-SFP+ 18-port 40G/100GBase-QSFP28 |
| Dimensions (H x W x D) | 438 mm ×442 mm ×874 mm (9.8U) | 703 mm x 442 mm ×874 mm (15.8U) |
| DDoS Defense Specifications |
Defense against LAND, Fraggle, Smurf, WinNuke, Ping of Death, Teardrop, and TCP error flag attacks
Defense against port scan and IP sweep attacks, and attacks using Tracert packets and IP options, such as IP source route, IP timestamp, and IP route record options
Defense against common network-layer flood attacks, such as SYN flood, SYN-ACK flood, ACK flood, FIN flood, RST flood, TCP Fragment flood, TCP Malformed flood, UDP flood, UDP Malformed, UDP Fragment flood, IP flood, ICMP Fragment flood and ICMP flood attacks, sweeping segment flooding, and pulse-wave attacks
Defense against common session-layer attacks, such as real-source SYN flood, real-source ACK flood, TCP connection exhaustion, sockstress, and TCP null connection attacks
Static rules for filtering common UDP amplification attacks, such as NTP, DNS, SSDP, CLDAP,
Memcached, Chargen, SNMP and WSD
Static filtering rules that are created based on network-layer characteristics
Static filtering rules that are created based on network-layer characteristics
Defense against high-frequency application-layer attacks (HTTP and HTTP CC attacks) based on behavior
analysis
Defense against high-frequency HTTPS/TLS encrypted attacks
Defense against DNS Malformed, DNS query flood, NXDomain flood, DNS reply flood, and DNS cache
poisoning attacks
Defense against SIP flood/SIP methods flood attacks, including Register, Deregistration,
Authentication, and Call flood attacks
User-defined filtering rules for local software and hardware, as well as BGP FlowSpec rules for remote filtering. The fields can be customized, including source/destination IP address, packet length, IP protocol, IP payload, source/destination port, TCP flag bit, TCP payload, UDP payload, ICMP payload, DNS domain name, HTTP URI, HTTP field user-agent, as well as caller and callee in the SIP protocol.
IPv4/IPv6 dual-stack defense against DDoS attacks
Attack traffic snapshot, defense effect evaluation, and automatic tuning of defense policies
Support for dynamic traffic baseline learning and learning period configuration
Automatic packet capture based on attack events and user-defined ACLs for packet capture |
|
| Model | AntiDDoS12004-F | AntiDDoS12008-F |
| Max Defense Throughput | 300 Gbps | 600 Gbps |
| Max Defense Packet Rate | 200 Mpps | 400 Mpps |
| Slots of Main Control Unit | 2 | |
| Main Control Unit | Supports 1*100GE QSFP28/2*40GE QSFP+/4*25G SFP28/8*10G SFP+ ports | |
| Expansion Slots | 4 | 8 |
| Expansion Interfaces | 2 x 40G/100GBase-QSFP28 + 12 x 100M/1G/10GBase-SFP+ 24 x FE/1G/10GBase-SFP+ |
|
| Dimensions (H x W x D) | 352.8mm x 442mm x 515.5mm (8U) | 575mm x 442mm x 515.5mm (13U) |
| DDoS Defense Specifications |
Defense against LAND, Fraggle, Smurf, WinNuke, Ping of Death, Teardrop, and TCP error flag attacks
Defense against port scan and IP sweep attacks, and attacks using Tracert packets and IP options, such as IP source route, IP timestamp, and IP route record options
Defense against common network-layer flood attacks, such as SYN flood, SYN-ACK flood, ACK flood, FIN flood, RST flood, TCP Fragment flood, TCP Malformed flood, UDP flood, UDP Malformed, UDP Fragment flood, IP flood, ICMP Fragment flood and ICMP flood attacks, sweeping segment flooding, and pulse-wave attacks
Defense against common session-layer attacks, such as real-source SYN flood, real-source ACK flood, TCP connection exhaustion, sockstress, and TCP null connection attacks
Static rules for filtering common UDP amplification attacks, such as NTP, DNS, SSDP, CLDAP,
Memcached, Chargen, SNMP and WSD
Static filtering rules that are created based on network-layer characteristics
Static filtering rules that are created based on network-layer characteristics
Defense against high-frequency application-layer attacks (HTTP and HTTP CC attacks) based on behavior
analysis
Defense against high-frequency HTTPS/TLS encrypted attacks
Defense against DNS Malformed, DNS query flood, NXDomain flood, DNS reply flood, and DNS cache
poisoning attacks
Defense against SIP flood/SIP methods flood attacks, including Register, Deregistration,
Authentication, and Call flood attacks
User-defined filtering rules for local software and hardware, as well as BGP FlowSpec rules for remote filtering. The fields can be customized, including source/destination IP address, packet length, IP protocol, IP payload, source/destination port, TCP flag bit, TCP payload, UDP payload, ICMP payload, DNS domain name, HTTP URI, HTTP field user-agent, as well as caller and callee in the SIP protocol.
IPv4/IPv6 dual-stack defense against DDoS attacks
Attack traffic snapshot, defense effect evaluation, and automatic tuning of defense policies
Support for dynamic traffic baseline learning and learning period configuration
Automatic packet capture based on attack events and user-defined ACLs for packet capture |
|
Якщо ви вже є партнером компанії, натисніть тут, щоб отримати більше маркетингових ресурсів.
Натисніть тут, щоби перейти на сторінку партнерських організацій для перевірки стану запиту, управління замовленнями, отримання підтримки або додаткової інформації про партнерів компанії Huawei.
