eudemon%201000e%20series%20firewall.pdf
TRANSCRIPT
8/9/2019 Eudemon%201000E%20Series%20Firewall.pdf
http://slidepdf.com/reader/full/eudemon201000e20series20firewallpdf 1/8
Eudemon1000E Series Firewall
HUAWEI TECHNOLOGIES CO., LTD.
8/9/2019 Eudemon%201000E%20Series%20Firewall.pdf
http://slidepdf.com/reader/full/eudemon201000e20series20firewallpdf 2/8
Eudemon1000E Series Firewall
1
Product Overview
The Eudemon1000E series product (hereinafter referred to as the
Eudemon1000E) is a new generation of multi-function security
gateway designed by Huawei to meet the requirements for
heavy traffic security applications. The Eudemon1000E, featuring
high performance, sound reliability, excellent scalability, and
favorable maintenance, is widely applied to the networks of large
organizations in operator, government, finance, energy, and
education sectors, providing advanced solutions to customers.
Based on the latest multi-core hardware architecture design,
sophisticated and reliable VRP software platform, as well as
hardware and software-level reliability support, the Eudemon1000E
ensures the service continuity on customer networks. The open
system architecture enables the Eudemon1000E to support the
exible expansion in physical interfaces and software functions. This
can effectively protect customers' investment and continuously help
customers enhance product values. In addition, the Eudemon1000E
provides multiple management and maintenance modes to help
customers effectively manage devices, rapidly identify faults, which
simplies the maintenance process. The Eudemon1000E integrates
the GTP protection function in a modular manner. This feature
enables the Eudemon1000E to handle the risks encountered
during GTP transmission and to provide an effective GTP protection
solution to operators.
Product Series
Eudemon1000E-U2 Eudemon1000E-U3
Eudemon1000E-U5 Eudemon1000E-U6
8/9/2019 Eudemon%201000E%20Series%20Firewall.pdf
http://slidepdf.com/reader/full/eudemon201000e20series20firewallpdf 3/8
Eudemon1000E Series Firewall
2
bidirectional NAT, and NAT server load balancing. The extended NAT
technique realizes NAT/PAT by translating the addresses of multiple
inside hosts to a single Internet IP address. This technique effectively
helps customers save Internet address resources. With the extended
NAT technique, one Internet IP address is enough for internal users
to access external networks no matter the internal network is large
or small. Adopting the advanced technologies to meet customers'
actual needs, the Eudemon1000E can better meet the customers'
network requirements.
High-capacity VPN•
With the applications of organizational networks, needs for
encrypted data transmission increasingly grow. The Eudemon1000E,
depending on its leading hardware platform, can provide high
VPN performance and up to 20000 VPN tunnels. With the
Eudemon1000E, customers no longer need to worry about the
performance of data encryption transmission and heavy traffic
network applications such as video and audio applications.
The Eudemon1000E can ensure high-speed and secure data
transmission, thus providing customers with Gbps-level encryption
transmission experience.
All-round P2P Trafc Monitoring•
P2P, the killer of bandwidth application, interrupts the normal
applications of organizations and has been the top concern of most
organizations. P2P application control has been a hard practice
due to its protocol flexibility. The Eudemon1000E, based on the
Product Features
Network Security
Helping Customers Comprehensively Ensure Increasing
Service Trafc
Industry-leading Performance•
The multi-core parallel processing technique substantially enhancesthe performance of the Eudemon1000E, which can process
dozens of threads in a parallel manner. With three industry-leading
performance specifications, the Eudemon1000E brings wonderful
performance experience to customers. In terms of connections per
second, the most crucial performance specication of the rewall,
the Eudemon1000E, with 150000 connections per second, is in an
absolutely leading position. The Eudemon1000E can set up a large
number of connections in a short time for network access, which
increases forwarding rate and decreases delay. In addition, this
performance advantage enables the Eudemon1000E to effectively
deal with burst traffic and attack traffic. The Eudemon1000E can
meets customers' requirements for different high-speed forwarding
applications and thus satisfy the increasing needs for high
bandwidth on user networks.
Powerful NAT Technology•
NAT, as one of the key technologies of the rewall product, is widely
applied in different application scenarios. The Eudemon1000E
can provide powerful NAT forwarding performance to customers.
In addition, the Eudemon1000E offers multiple advanced NAT
techniques, including extended NAT, application-layer NAT traversal,
8/9/2019 Eudemon%201000E%20Series%20Firewall.pdf
http://slidepdf.com/reader/full/eudemon201000e20series20firewallpdf 4/8
Eudemon1000E Series Firewall
3
powerful network protocol analysis capability owned by Huawei,
can precisely identify up to 20 types of P2P trafc and control P2P
trafc in different modes such as single user-based control, group-
based control, and global control, which effectively guarantees the
bandwidth of customers, helps customers plan network trafc, and
enhances network application value.
Comprehensive Service System Guarantee
Based on the powerful scalability, the Eudemon1000E integrates
multiple network and security defense technologies to provide
comprehensive protection for customers' key services.
DDoS Attack Defense•
The Eudemon1000E can defend against heavy trafc DDoS attacks,
thus protecting customers' service systems against DDoS attacks.
Depending on the excellent performance, the Eudemon1000E can
defend against Mpps-level DDoS attacks and precisely identify and
control multiple types of DDoS attacks such as SYN flood, UDP
flood, ICMP flood, DNS flood, and CC attacks. In addition, the
Eudemon1000E can identify and defend against worm virus trafc
by using Huawei-proprietary intelligent Control Algorithm (ICA). This
ensures normal access during the process of identifying DDoS attack
traffic. The Eudemon1000E can protect customers' network in
complicated network application scenarios and has been accepted
as the industry-leading DDoS protection device.
Load Balancing Mechanism and Network Redundancy•
To ensure high reliability of key service systems, load balancing
and redundancy techniques as key techniques are adopted on
the Eudemon1000E. In terms of hardware architecture, 1000
Mbps interfaces of the Eudemon1000E are all in optical-electrical
backup mode. This offers more exibilities in interface type options
to customers. The Eudemon1000E supports concurrency of two
links on one interface. This ensures data transmission in case of
physical link faults. In addition, the Eudemon1000E supports
interface aggregation which bundles multiple physical interfaces
into one logical interface. These aggregated interfaces can work
in a concurrent manner to enhance the bandwidth of the entire
link and each physical link supports load balancing and backup.
Two Eudemon1000E devices can be deployed in load balancing
networking environment, proportionally processing traffic at the
egress. Once one of them is faulty, the other one automatically
takes over the transactions. This maximally ensures the network
reliability.
Helping Customers Continuously Enhance Service
Capabilities
Based on the powerful scalability and modularized hardware and
software platform architectures, the Eudemon1000E can scale
to network requirements and integrate new features. In terms of
hardware architecture, the Eudemon1000E can provide not only
1000 Mbps interfaces but also 100 Mbps interfaces. This offers
great flexibility in networking applications. In terms of software
architecture, the Eudemon1000E can provide new functions for
customers by upgrading and updating software modules. Currently,
the Eudemon1000E can support the virtual firewall and GTP
protection function by upgrading software modules. With the virtual
rewall function, the Eudemon1000E can logically categorize and
manage security services on one physical device for management.
8/9/2019 Eudemon%201000E%20Series%20Firewall.pdf
http://slidepdf.com/reader/full/eudemon201000e20series20firewallpdf 5/8
Eudemon1000E Series Firewall
4
This reduces service management risks and enhances the utilization
efciency of the whole device.
Powerful Maintenance and Management Function
Based on long-term accumulated experience in network security
development, Huawei provides customers with diversied and user-
friendly management and maintenance modes. The Eudemon1000E
supports the three-in-one maintenance mode that integrated
configuration, debugging, and black box. The Eudemon1000E
supports management and configuration through both Web-
based graphic user interfaces and command line interfaces. The
powerful debugging function provided by the Eudemon1000E
allows customers to customize the format of output information
in case of network faults. This helps customers rapidly identify and
troubleshoot network faults. The built-in black box keeps all the
crucial information before the faults. This can help directly locate
faults and provide customers with clear state information.
Environment-friendly New Experience
The design of the Eudemon1000E fully considers power
consumption. The Eudemon1000E adopts optimized components
including the processing chip, system fan, and power modules.
In addition, intelligent power control technique is applied to key
inside power units to ensure device running and control power
consumption. For example, if conditions permit, the intelligent
power control technique automatically reduces the rotation speed
of the fan and brings the backup power module into dormant
state, thus significantly reducing the power consumption of the
integrated device. The power consumption of the integrated device
in normal working state is 70 W to 80 W and the maximum power
consumption is controlled under 100 W, which is only a quarter as
high as that of the counterpart products. Low power consumption
and high performance of the Eudemon1000E help customers
significantly reduce later maintenance cost and bring remarkable
economic benets.
8/9/2019 Eudemon%201000E%20Series%20Firewall.pdf
http://slidepdf.com/reader/full/eudemon201000e20series20firewallpdf 6/8
Eudemon1000E Series Firewall
5
Typical Networking
Typical networking of the Eudemon1000E
VPN tunnel
Data Center Intranet
Key Service System
Eudemon200E
Eudemon200E
Eudemon1000E
BranchTelenet User
SOHO User
Internet
Link Aggregation
GTP Features
With the increasing development of the wireless communication
technology, a variety of wireless applications enter into our life.
Mobiles and handset wireless terminals can access the Internet at any
time, any place. GTP plays an important role in data transmission.
However, operators are exposed to severe threats and challenges
because of the inherent vulnerabilities and issues of GTP, which can
be exploited by attackers to launch GTP-specific anomaly attacks,
GTP spoofing attacks, and other attacks that result in resources
exhaustion and accounting overflow. Huawei, based on power
technical advantages in core network and network security, provides
customers with comprehensive GTP protection solution, which can
effectively solve security problems on operators' networks.
8/9/2019 Eudemon%201000E%20Series%20Firewall.pdf
http://slidepdf.com/reader/full/eudemon201000e20series20firewallpdf 7/8
Eudemon1000E Series Firewall
6
Item Eudemon1000E-U2 Eudemon1000E-U3 Eudemon1000E-U5 Eudemon1000E-U6
Maximum throughput 2Gbps 4Gbps 6Gbps 8Gbps
Connections per second 60000 80000 100000 150000
Number of concurrent connections 1600000 1600000 2000000 2000000
Maximum VPN throughput 2Gbps 4Gbps 5Gbps 6Gbps
Number of VPN tunnels 20000 20000 20000 20000
Maximum number of ACL rules 30000 30000 30000 30000
Maximum GTP throughput 2Gbps 4Gbps 6Gbps 8Gbps
Maximum number of GTP tunnels 200000 200000 200000 200000
Maximum number of virtual rewalls 100 100 100 100
Product Specifcations
Typical networking of the Eudemon1000E in the GTP support scenario
SGSN Eudemon1000E
Deployed on Gn, Gi,
and Gp to Protect GTP
ApplicationsMobile Phone/Wireless Terminal Users
GGSN
INTERNET
8/9/2019 Eudemon%201000E%20Series%20Firewall.pdf
http://slidepdf.com/reader/full/eudemon201000e20series20firewallpdf 8/8
Add: Huawei Industrial Base
Bantian Longgang
Shenzhen 518129, P.R. China
Tel: +86-755-28780808
Version No.: M3-080030-20090416-C-1.0
www.huawei.com
HUAWEI TECHNOLOGIES CO., LTD.Copyright © Huawei Technologies Co., Ltd. 2009.
All Rights Reserved.
The information contained in this document is for reference
purpose only, and is subject to change or withdrawal
according to specic customer requirements and conditions.
NO WARRANTY
THE CONTENTS OF THIS BROCHURE ARE PROVIDED “AS IS”. EXCEPT AS REQUIRED BY APPLICABLE LAWS, NO WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, ARE MADE IN RELATION TO THE
ACCURACY, RELIABILITY OR CONTENTS OF THIS MANUAL.
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO CASE SHALL HUAWEI TECHNOLOGIES CO., LTD BE LIABLE FOR ANY SPECIAL, INCIDENTAL, INDIRECT, OR
CONSEQUENTIAL DAMAGES, OR LOST PROFITS, BUSINESS, REVENUE, DATA, GOODWILL OR ANTICIPATED SAVINGS.
Item Eudemon1000E-U2 Eudemon1000E-U3 Eudemon1000E-U5 Eudemon1000E-U6
Fixed interfaces
4 GE optical/electrical interfaces
1 Console port
2 USB interfaces
Number of expansion slots 2
Expansion slot type4×FE (10/100M) module
2×GE electro-optical interface module
Dimensions (mm) (W×D×H) 436×560×44.2
Weight 10kg
Input voltage100 V AC to 240 V AC
-48 V DC to -60 V DC
Maximum/average power 100/75W
Mean time between failures (MTBF) 37.54 years