eudemon%201000e%20series%20firewall.pdf

8/9/2019 Eudemon%201000E%20Series%20Firewall.pdf

http://slidepdf.com/reader/full/eudemon201000e20series20firewallpdf 1/8

Eudemon1000E Series Firewall

HUAWEI TECHNOLOGIES CO., LTD.




1

Product Overview

The Eudemon1000E series product (hereinafter referred to as the

Eudemon1000E) is a new generation of multi-function security

gateway designed by Huawei to meet the requirements for

heavy traffic security applications. The Eudemon1000E, featuring

high performance, sound reliability, excellent scalability, and

favorable maintenance, is widely applied to the networks of large

organizations in operator, government, finance, energy, and

education sectors, providing advanced solutions to customers.

Based on the latest multi-core hardware architecture design,

sophisticated and reliable VRP software platform, as well as

hardware and software-level reliability support, the Eudemon1000E

ensures the service continuity on customer networks. The open

system architecture enables the Eudemon1000E to support the

exible expansion in physical interfaces and software functions. This

can effectively protect customers' investment and continuously help

customers enhance product values. In addition, the Eudemon1000E

provides multiple management and maintenance modes to help

customers effectively manage devices, rapidly identify faults, which

simplies the maintenance process. The Eudemon1000E integrates

the GTP protection function in a modular manner. This feature

enables the Eudemon1000E to handle the risks encountered

during GTP transmission and to provide an effective GTP protection

solution to operators.

Product Series

Eudemon1000E-U2 Eudemon1000E-U3

Eudemon1000E-U5 Eudemon1000E-U6




2

bidirectional NAT, and NAT server load balancing. The extended NAT

technique realizes NAT/PAT by translating the addresses of multiple

inside hosts to a single Internet IP address. This technique effectively

helps customers save Internet address resources. With the extended

NAT technique, one Internet IP address is enough for internal users

to access external networks no matter the internal network is large

or small. Adopting the advanced technologies to meet customers'

actual needs, the Eudemon1000E can better meet the customers'

network requirements.

High-capacity VPN•

With the applications of organizational networks, needs for

encrypted data transmission increasingly grow. The Eudemon1000E,

depending on its leading hardware platform, can provide high

VPN performance and up to 20000 VPN tunnels. With the

Eudemon1000E, customers no longer need to worry about the

performance of data encryption transmission and heavy traffic

network applications such as video and audio applications.

The Eudemon1000E can ensure high-speed and secure data

transmission, thus providing customers with Gbps-level encryption

transmission experience.

All-round P2P Trafc Monitoring•

P2P, the killer of bandwidth application, interrupts the normal

applications of organizations and has been the top concern of most

organizations. P2P application control has been a hard practice

due to its protocol flexibility. The Eudemon1000E, based on the

Product Features

Network Security

Helping Customers Comprehensively Ensure Increasing

Service Trafc

Industry-leading Performance•

The multi-core parallel processing technique substantially enhancesthe performance of the Eudemon1000E, which can process

dozens of threads in a parallel manner. With three industry-leading

performance specifications, the Eudemon1000E brings wonderful

performance experience to customers. In terms of connections per

second, the most crucial performance specication of the rewall,

the Eudemon1000E, with 150000 connections per second, is in an

absolutely leading position. The Eudemon1000E can set up a large

number of connections in a short time for network access, which

increases forwarding rate and decreases delay. In addition, this

performance advantage enables the Eudemon1000E to effectively

deal with burst traffic and attack traffic. The Eudemon1000E can

meets customers' requirements for different high-speed forwarding

applications and thus satisfy the increasing needs for high

bandwidth on user networks.

Powerful NAT Technology•

NAT, as one of the key technologies of the rewall product, is widely

applied in different application scenarios. The Eudemon1000E

can provide powerful NAT forwarding performance to customers.

In addition, the Eudemon1000E offers multiple advanced NAT

techniques, including extended NAT, application-layer NAT traversal,




3

powerful network protocol analysis capability owned by Huawei,

can precisely identify up to 20 types of P2P trafc and control P2P

trafc in different modes such as single user-based control, group-

based control, and global control, which effectively guarantees the

bandwidth of customers, helps customers plan network trafc, and

enhances network application value.

Comprehensive Service System Guarantee

Based on the powerful scalability, the Eudemon1000E integrates

multiple network and security defense technologies to provide

comprehensive protection for customers' key services.

DDoS Attack Defense•

The Eudemon1000E can defend against heavy trafc DDoS attacks,

thus protecting customers' service systems against DDoS attacks.

Depending on the excellent performance, the Eudemon1000E can

defend against Mpps-level DDoS attacks and precisely identify and

control multiple types of DDoS attacks such as SYN flood, UDP

flood, ICMP flood, DNS flood, and CC attacks. In addition, the

Eudemon1000E can identify and defend against worm virus trafc

by using Huawei-proprietary intelligent Control Algorithm (ICA). This

ensures normal access during the process of identifying DDoS attack

traffic. The Eudemon1000E can protect customers' network in

complicated network application scenarios and has been accepted

as the industry-leading DDoS protection device.

Load Balancing Mechanism and Network Redundancy•

To ensure high reliability of key service systems, load balancing

and redundancy techniques as key techniques are adopted on

the Eudemon1000E. In terms of hardware architecture, 1000

Mbps interfaces of the Eudemon1000E are all in optical-electrical

backup mode. This offers more exibilities in interface type options

to customers. The Eudemon1000E supports concurrency of two

links on one interface. This ensures data transmission in case of

physical link faults. In addition, the Eudemon1000E supports

interface aggregation which bundles multiple physical interfaces

into one logical interface. These aggregated interfaces can work

in a concurrent manner to enhance the bandwidth of the entire

link and each physical link supports load balancing and backup.

Two Eudemon1000E devices can be deployed in load balancing

networking environment, proportionally processing traffic at the

egress. Once one of them is faulty, the other one automatically

takes over the transactions. This maximally ensures the network

reliability.

Helping Customers Continuously Enhance Service

Capabilities

Based on the powerful scalability and modularized hardware and

software platform architectures, the Eudemon1000E can scale

to network requirements and integrate new features. In terms of

hardware architecture, the Eudemon1000E can provide not only

1000 Mbps interfaces but also 100 Mbps interfaces. This offers

great flexibility in networking applications. In terms of software

architecture, the Eudemon1000E can provide new functions for

customers by upgrading and updating software modules. Currently,

the Eudemon1000E can support the virtual firewall and GTP

protection function by upgrading software modules. With the virtual

rewall function, the Eudemon1000E can logically categorize and

manage security services on one physical device for management.




4

This reduces service management risks and enhances the utilization

efciency of the whole device.

Powerful Maintenance and Management Function

Based on long-term accumulated experience in network security

development, Huawei provides customers with diversied and user-

friendly management and maintenance modes. The Eudemon1000E

supports the three-in-one maintenance mode that integrated

configuration, debugging, and black box. The Eudemon1000E

supports management and configuration through both Web-

based graphic user interfaces and command line interfaces. The

powerful debugging function provided by the Eudemon1000E

allows customers to customize the format of output information

in case of network faults. This helps customers rapidly identify and

troubleshoot network faults. The built-in black box keeps all the

crucial information before the faults. This can help directly locate

faults and provide customers with clear state information.

Environment-friendly New Experience

The design of the Eudemon1000E fully considers power

consumption. The Eudemon1000E adopts optimized components

including the processing chip, system fan, and power modules.

In addition, intelligent power control technique is applied to key

inside power units to ensure device running and control power

consumption. For example, if conditions permit, the intelligent

power control technique automatically reduces the rotation speed

of the fan and brings the backup power module into dormant

state, thus significantly reducing the power consumption of the

integrated device. The power consumption of the integrated device

in normal working state is 70 W to 80 W and the maximum power

consumption is controlled under 100 W, which is only a quarter as

high as that of the counterpart products. Low power consumption

and high performance of the Eudemon1000E help customers

significantly reduce later maintenance cost and bring remarkable

economic benets.




5

Typical Networking

Typical networking of the Eudemon1000E

VPN tunnel

Data Center Intranet

Key Service System

Eudemon200E

Eudemon200E

Eudemon1000E

BranchTelenet User

SOHO User

Internet

Link Aggregation

GTP Features

With the increasing development of the wireless communication

technology, a variety of wireless applications enter into our life.

Mobiles and handset wireless terminals can access the Internet at any

time, any place. GTP plays an important role in data transmission.

However, operators are exposed to severe threats and challenges

because of the inherent vulnerabilities and issues of GTP, which can

be exploited by attackers to launch GTP-specific anomaly attacks,

GTP spoofing attacks, and other attacks that result in resources

exhaustion and accounting overflow. Huawei, based on power

technical advantages in core network and network security, provides

customers with comprehensive GTP protection solution, which can

effectively solve security problems on operators' networks.




6

Item Eudemon1000E-U2 Eudemon1000E-U3 Eudemon1000E-U5 Eudemon1000E-U6

Maximum throughput 2Gbps 4Gbps 6Gbps 8Gbps

Connections per second 60000 80000 100000 150000

Number of concurrent connections 1600000 1600000 2000000 2000000

Maximum VPN throughput 2Gbps 4Gbps 5Gbps 6Gbps

Number of VPN tunnels 20000 20000 20000 20000

Maximum number of ACL rules 30000 30000 30000 30000

Maximum GTP throughput 2Gbps 4Gbps 6Gbps 8Gbps

Maximum number of GTP tunnels 200000 200000 200000 200000

Maximum number of virtual rewalls 100 100 100 100

Product Specifcations

Typical networking of the Eudemon1000E in the GTP support scenario

SGSN Eudemon1000E

Deployed on Gn, Gi,

and Gp to Protect GTP

ApplicationsMobile Phone/Wireless Terminal Users

GGSN

INTERNET



Add: Huawei Industrial Base

Bantian Longgang

Shenzhen 518129, P.R. China

Tel: +86-755-28780808

Version No.: M3-080030-20090416-C-1.0

www.huawei.com

HUAWEI TECHNOLOGIES CO., LTD.Copyright © Huawei Technologies Co., Ltd. 2009.

All Rights Reserved.

The information contained in this document is for reference

purpose only, and is subject to change or withdrawal

according to specic customer requirements and conditions.

NO WARRANTY

THE CONTENTS OF THIS BROCHURE ARE PROVIDED “AS IS”. EXCEPT AS REQUIRED BY APPLICABLE LAWS, NO WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED,

INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, ARE MADE IN RELATION TO THE

ACCURACY, RELIABILITY OR CONTENTS OF THIS MANUAL.

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO CASE SHALL HUAWEI TECHNOLOGIES CO., LTD BE LIABLE FOR ANY SPECIAL, INCIDENTAL, INDIRECT, OR

CONSEQUENTIAL DAMAGES, OR LOST PROFITS, BUSINESS, REVENUE, DATA, GOODWILL OR ANTICIPATED SAVINGS.

Item Eudemon1000E-U2 Eudemon1000E-U3 Eudemon1000E-U5 Eudemon1000E-U6

Fixed interfaces

4 GE optical/electrical interfaces

1 Console port

2 USB interfaces

Number of expansion slots 2

Expansion slot type4×FE (10/100M) module

2×GE electro-optical interface module

Dimensions (mm) (W×D×H) 436×560×44.2

Weight 10kg

Input voltage100 V AC to 240 V AC

-48 V DC to -60 V DC

Maximum/average power 100/75W

Mean time between failures (MTBF) 37.54 years

eudemon%201000e%20series%20firewall.pdf

Documents