contents · huawei confidential page 2 contents ... huawei vs cisco function huawei cisco beating...
TRANSCRIPT
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 2
Contents
Click to add Title 2 Competition Analysis
Click to add Title 1 Typical Application Scenarios
Click to add Title 3 Ordering Guide
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 3
UTM Switch
Trojan horse
Virus
UTM
UTM
NMS
eSight
Headquarters
Branch
DMZ
Security Policy Analysis and Streamlining
Application scenario Streamlines firewall policies to improve firewall utility
and reduce maintenance costs.
Solution deployment Deploy a set of Secure Center.
Pain points › Redundant and invalid firewall policies compromise
firewall work efficiency.
› Unspecific firewall policies fail to prevent security
risks.
› Multiple policies cannot be traced or do not comply
with the standards.
Benefits Improves firewall utility and enhances information
security for enterprises.
Advantages Provides diversified policy analysis reports and is
capable of streamlining policies.
The increasing
numbers of security
policies on intranet
security devices have
become a burden of
network security.
Policy streamlining
Displays redundant and ineffective
policies to remove and to improve
device utility as well as displays
network security status.
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 4
Policy Analysis Report Policy Redundancy Analysis Policy Risk Analysis
Policy Hit Analysis Policy Comprehensive Analysis
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 5
Unified Security Policy Management
Application scenario
Centralized access control and management in the
data center
Solution deployment
Deploy a set of Secure Center.
Pain points
No NMS is available for managing multiple firewalls
in the data center, and the customer needs to log in
to each firewall for manual configuration, which may
cause configuration errors and is inefficient.
Benefits
Improves the configuration efficiency and accuracy.
Advantages
Centrally delivers policy configurations.
Branch office
Mobile
working
Headquarters
Guest
Centralized policy management
of all security devices
NMS
eSight
Headquarter
Firewall
Firewall Switch
Firewall
Branch A
Firewall
Branch B
Firewall
Branch C
DMZ
Data Center
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 6
Policy Configuration
Unified Security Policy Management Service Group Configuration
Configuration of Source and
Destination Address Groups
Configuration of NE Groups
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 7
Centralized AR Security Policy Management
Application scenario
A large enterprise requires centralized management of
AR security policies.
Solution deployment
•Deploy the Secure Center management component at
the headquarters.
Pain points
•The enterprise has many branches, for each of which
an AR is deployed. Security policies on the ARs cannot
be managed in a centralized manner, reducing O&M
efficiency.
Benefits
•Centralized AR security policy management simplifies
configuration and improves O&M efficiency.
Advantages
•Supports centralized security policy configuration and
batch policy delivery for ARs.
Secure Center
Headquarters
Branch
Branch
Branch
Branch
AR AR
AR AR
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 8
•Supports centralized configuration and batch deployment of security policies on Huawei ARs.
Centralized AR Security Policy Management
Creating an ACL
Creating a Security Policy
Security Policy Batch Deployment
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 9
Centralized Switch Access Authentication
Policy Management Application scenario
A campus network requires centralized management of 802.1x
access authentication policies.
Solution deployment
•Deploy the Secure Center management component at the
headquarters.
Pain points
•Access authentication policies configured on the switches
deployed on the campus network cannot be managed in a
centralized manner, causing high O&M costs.
Benefits
•Device group-based centralized 802.1x policy management
simplifies configuration and reduces O&M costs.
•Batch delivery of 802.1x policies greatly improves new
deployment efficiency.
Advantages
•Supports device group-based centralized 802.1 policy
configuration and batch delivery.
•Supports template- and common object-based policy
configuration.
•Supports access authentication policy consistency audit.
Core layer
Aggregation layer
Access layer
R&D area
Campus network
RADIUS authentication
and authoritative servers
Administrative area
Secure Center
Device group 1 Device group 2
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 10
•Policy configuration: The Secure
Center supports centralized
configuration and batch deployment
of access authentication policies on
switches and supports deployment
result query.
Centralized Switch Access Authentication Policy Management
Policy Configuration
•Policy audit: The Secure Center
supports manual and periodic
consistency audit on switch access
authentication policies. The audit result
can be exported as a report for you to
query the consistency comparison
result.
Policy Consistency Audit
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 11
Contents
Click to add Title 1 Typical Application Scenarios
Click to add Title 2 Competition Analysis
Click to add Title 3 Ordering Guide
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 12
Competition Analysis: Huawei vs HP Function Huawei HP Beating Policies Avoiding
Points
Dominant Bidding
Items
Policy configuration
Packet-filtering
policies, IPS policies,
and AV policies
Firewall policies, IPS
policies, and AV
policies
Emphasize user- and
user group-specific policy
configuration, address
group/service group
nesting, and fine-grained
AV policy configuration
based on HTTP, FTP,
SMTP, and POP3.
Policy grouping
and
authorization
User- and user group-
specific security policy
configuration
Object configuration
Supports objects,
including schedule,
address group, service,
and Internet access
users.
Supports objects,
including schedule,
address group, and
service.
Policy
deployment/discovery
Supports policy and
object synchronization
from devices and
batch policy
deployment and
removal.
Supports interzone
policy deployment and
removal.
Emphasize policy and
object synchronization
from devices for rapid
service recovery.
Device group-
based policy
deployment
Security policy and object
synchronization from devices
Policy analysis
Supports policy
redundancy, risk, and
comprehensive
analysis.
Not supported
Provide policy redundancy
analysis, policy
simplification and
optimization suggestions,
and policy health
evaluation.
Policy redundancy analysis
and risk analysis
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 13
Competition Analysis: Huawei vs Cisco
Function Huawei Cisco Beating Policies Avoiding Points Dominant
Bidding Items
Policy configuration Supports packet-filtering
policies, IPS policies,
and AV policies
Supports ACL, NAT, AAA,
WebFilter, Botnet Traffic Filter,
Inspection and VPN policies.
Emphasize the B/S architecture to
beat the CSM which employs the C/S
architecture. The remote
management is easier than Cisco.
Guide the centralized
configuration of general policies
and avoid mentioning multiple
types of specific policies and IPv6.
Object configuration
Supports objects,
including schedule,
address group, service,
and Internet access
users.
Supports objects, including
schedule, service, user group, and
AAA server.
Policy
deployment/discovery
Supports policy and
object synchronization
from devices and batch
policy deployment and
removal.
Supports single and batch policy
deployment, scheduled policy
deployment, policy deployment on
devices or intermediate servers,
and inter-device policy clone and
sharing.
Emphasize policy and object
synchronization from devices for rapid
service recovery.
Avoid mentioning automatic
policy deployment.
Inter-device policy clone can be
implemented by discovering
policies on one device, modifying
the policies, and then deploying
the policies on the other device.
Policy version
management Supported
Supports version management and
comparison. Policy version management
Streamlined policy
management Supported Supported
Provide policy redundancy analysis,
policy simplification and optimization
suggestions, and policy health
evaluation.
Streamlined policy management
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 14
Contents
Click to add Title 1 Typical Application Scenarios
Click to add Title 2 Competition Analysis
Click to add Title 3 Ordering Guide
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 15
Ordering Guide
Product Model Description Remarks
NSHSSECPLY01 eSight Secure Center (include 5 Devices License) A basic function, mandatory
NSHSSECPLY02 eSight Secure Center Security Policy Analyzer An advanced function, optional
NSHSSECPLY03 eSight Secure Center License-Incremental 5 Devices License for increasing devices
NSHSSECPLY04 eSight Secure Center License-Incremental 25 Devices
HUAWEI ENTERPRISE ICT SOLUTIONS A BETTER WAY