Anda di halaman 1dari 8

Eudemon1000E Series Firewall

HUAWEI TECHNOLOGIES CO., LTD.

Eudemon1000E Series Firewall

Product Overview
The Eudemon1000E series product (hereinafter referred to as the

system architecture enables the Eudemon1000E to support the

Eudemon1000E) is a new generation of multi-function security

flexible expansion in physical interfaces and software functions. This

gateway designed by Huawei to meet the requirements for

can effectively protect customers' investment and continuously help

heavy traffic security applications. The Eudemon1000E, featuring

customers enhance product values. In addition, the Eudemon1000E

high performance, sound reliability, excellent scalability, and

provides multiple management and maintenance modes to help

favorable maintenance, is widely applied to the networks of large

customers effectively manage devices, rapidly identify faults, which

organizations in operator, government, finance, energy, and

simplifies the maintenance process. The Eudemon1000E integrates

education sectors, providing advanced solutions to customers.

the GTP protection function in a modular manner. This feature

Based on the latest multi-core hardware architecture design,

enables the Eudemon1000E to handle the risks encountered

sophisticated and reliable VRP software platform, as well as

during GTP transmission and to provide an effective GTP protection

hardware and software-level reliability support, the Eudemon1000E

solution to operators.

ensures the service continuity on customer networks. The open

Product Series

Eudemon1000E-U2

Eudemon1000E-U3

Eudemon1000E-U5

Eudemon1000E-U6

Eudemon1000E Series Firewall

Product Features
Network Security

bidirectional NAT, and NAT server load balancing. The extended NAT
technique realizes NAT/PAT by translating the addresses of multiple

Helping Customers Comprehensively Ensure Increasing

inside hosts to a single Internet IP address. This technique effectively

Service Traffic

helps customers save Internet address resources. With the extended

Industry-leading Performance

NAT technique, one Internet IP address is enough for internal users

The multi-core parallel processing technique substantially enhances

to access external networks no matter the internal network is large

the performance of the Eudemon1000E, which can process

or small. Adopting the advanced technologies to meet customers'

dozens of threads in a parallel manner. With three industry-leading

actual needs, the Eudemon1000E can better meet the customers'

performance specifications, the Eudemon1000E brings wonderful

network requirements.

performance experience to customers. In terms of connections per


second, the most crucial performance specification of the firewall,

High-capacity VPN

the Eudemon1000E, with 150000 connections per second, is in an

With the applications of organizational networks, needs for

absolutely leading position. The Eudemon1000E can set up a large

encrypted data transmission increasingly grow. The Eudemon1000E,

number of connections in a short time for network access, which

depending on its leading hardware platform, can provide high

increases forwarding rate and decreases delay. In addition, this

VPN performance and up to 20000 VPN tunnels. With the

performance advantage enables the Eudemon1000E to effectively

Eudemon1000E, customers no longer need to worry about the

deal with burst traffic and attack traffic. The Eudemon1000E can

performance of data encryption transmission and heavy traffic

meets customers' requirements for different high-speed forwarding

network applications such as video and audio applications.

applications and thus satisfy the increasing needs for high

The Eudemon1000E can ensure high-speed and secure data

bandwidth on user networks.

transmission, thus providing customers with Gbps-level encryption


transmission experience.

Powerful NAT Technology


NAT, as one of the key technologies of the firewall product, is widely

All-round P2P Traffic Monitoring

applied in different application scenarios. The Eudemon1000E

P2P, the killer of bandwidth application, interrupts the normal

can provide powerful NAT forwarding performance to customers.

applications of organizations and has been the top concern of most

In addition, the Eudemon1000E offers multiple advanced NAT

organizations. P2P application control has been a hard practice

techniques, including extended NAT, application-layer NAT traversal,

due to its protocol flexibility. The Eudemon1000E, based on the


2

Eudemon1000E Series Firewall

powerful network protocol analysis capability owned by Huawei,

Mbps interfaces of the Eudemon1000E are all in optical-electrical

can precisely identify up to 20 types of P2P traffic and control P2P

backup mode. This offers more flexibilities in interface type options

traffic in different modes such as single user-based control, group-

to customers. The Eudemon1000E supports concurrency of two

based control, and global control, which effectively guarantees the

links on one interface. This ensures data transmission in case of

bandwidth of customers, helps customers plan network traffic, and

physical link faults. In addition, the Eudemon1000E supports

enhances network application value.

interface aggregation which bundles multiple physical interfaces


into one logical interface. These aggregated interfaces can work

Comprehensive Service System Guarantee

in a concurrent manner to enhance the bandwidth of the entire

Based on the powerful scalability, the Eudemon1000E integrates

link and each physical link supports load balancing and backup.

multiple network and security defense technologies to provide

Two Eudemon1000E devices can be deployed in load balancing

comprehensive protection for customers' key services.

networking environment, proportionally processing traffic at the

DDoS Attack Defense

egress. Once one of them is faulty, the other one automatically

The Eudemon1000E can defend against heavy traffic DDoS attacks,

takes over the transactions. This maximally ensures the network

thus protecting customers' service systems against DDoS attacks.

reliability.

Depending on the excellent performance, the Eudemon1000E can


defend against Mpps-level DDoS attacks and precisely identify and

Helping Customers Continuously Enhance Service

control multiple types of DDoS attacks such as SYN flood, UDP

Capabilities

flood, ICMP flood, DNS flood, and CC attacks. In addition, the

Based on the powerful scalability and modularized hardware and

Eudemon1000E can identify and defend against worm virus traffic

software platform architectures, the Eudemon1000E can scale

by using Huawei-proprietary intelligent Control Algorithm (ICA). This

to network requirements and integrate new features. In terms of

ensures normal access during the process of identifying DDoS attack

hardware architecture, the Eudemon1000E can provide not only

traffic. The Eudemon1000E can protect customers' network in

1000 Mbps interfaces but also 100 Mbps interfaces. This offers

complicated network application scenarios and has been accepted

great flexibility in networking applications. In terms of software

as the industry-leading DDoS protection device.

architecture, the Eudemon1000E can provide new functions for


customers by upgrading and updating software modules. Currently,

Load Balancing Mechanism and Network Redundancy

the Eudemon1000E can support the virtual firewall and GTP

To ensure high reliability of key service systems, load balancing

protection function by upgrading software modules. With the virtual

and redundancy techniques as key techniques are adopted on

firewall function, the Eudemon1000E can logically categorize and

the Eudemon1000E. In terms of hardware architecture, 1000

manage security services on one physical device for management.

Eudemon1000E Series Firewall

This reduces service management risks and enhances the utilization

Environment-friendly New Experience

efficiency of the whole device.

The design of the Eudemon1000E fully considers power


consumption. The Eudemon1000E adopts optimized components

Powerful Maintenance and Management Function

including the processing chip, system fan, and power modules.

Based on long-term accumulated experience in network security

In addition, intelligent power control technique is applied to key

development, Huawei provides customers with diversified and user-

inside power units to ensure device running and control power

friendly management and maintenance modes. The Eudemon1000E

consumption. For example, if conditions permit, the intelligent

supports the three-in-one maintenance mode that integrated

power control technique automatically reduces the rotation speed

configuration, debugging, and black box. The Eudemon1000E

of the fan and brings the backup power module into dormant

supports management and configuration through both Web-

state, thus significantly reducing the power consumption of the

based graphic user interfaces and command line interfaces. The

integrated device. The power consumption of the integrated device

powerful debugging function provided by the Eudemon1000E

in normal working state is 70 W to 80 W and the maximum power

allows customers to customize the format of output information

consumption is controlled under 100 W, which is only a quarter as

in case of network faults. This helps customers rapidly identify and

high as that of the counterpart products. Low power consumption

troubleshoot network faults. The built-in black box keeps all the

and high performance of the Eudemon1000E help customers

crucial information before the faults. This can help directly locate

significantly reduce later maintenance cost and bring remarkable

faults and provide customers with clear state information.

economic benefits.

Eudemon1000E Series Firewall

Typical Networking

Eudemon200E
Branch

Telenet User

Internet

VPN tunnel

Key Service System


Eudemon200E

Link Aggregation

SOHO User
Eudemon1000E

Data Center

Intranet

Typical networking of the Eudemon1000E

GTP Features
With the increasing development of the wireless communication

be exploited by attackers to launch GTP-specific anomaly attacks,

technology, a variety of wireless applications enter into our life.

GTP spoofing attacks, and other attacks that result in resources

Mobiles and handset wireless terminals can access the Internet at any

exhaustion and accounting overflow. Huawei, based on power

time, any place. GTP plays an important role in data transmission.

technical advantages in core network and network security, provides

However, operators are exposed to severe threats and challenges

customers with comprehensive GTP protection solution, which can

because of the inherent vulnerabilities and issues of GTP, which can

effectively solve security problems on operators' networks.

Eudemon1000E Series Firewall

INTERNET

SGSN

Eudemon1000E

GGSN

Deployed on Gn, Gi,


and Gp to Protect GTP
Mobile Phone/Wireless Terminal Users

Applications

Typical networking of the Eudemon1000E in the GTP support scenario

Product Specifications
Item
Maximum throughput

Eudemon1000E-U2
2Gbps

Eudemon1000E-U3
4Gbps

Eudemon1000E-U5
6Gbps

Eudemon1000E-U6
8Gbps

Connections per second

60000

80000

100000

150000

Number of concurrent connections

1600000

1600000

2000000

2000000

Maximum VPN throughput

2Gbps

4Gbps

5Gbps

6Gbps

Number of VPN tunnels

20000

20000

20000

20000

Maximum number of ACL rules

30000

30000

30000

30000

Maximum GTP throughput

2Gbps

4Gbps

6Gbps

8Gbps

Maximum number of GTP tunnels

200000

200000

200000

200000

Maximum number of virtual firewalls

100

100

100

100

Item

Eudemon1000E-U2

Eudemon1000E-U3

Fixed interfaces

4 GE optical/electrical interfaces
1 Console port
2 USB interfaces

Number of expansion slots

Expansion slot type

4FE (10/100M) module


2GE electro-optical interface module

Dimensions (mm) (WDH)

43656044.2

Weight

10kg

Input voltage

Eudemon1000E-U5

Eudemon1000E-U6

100 V AC to 240 V AC
-48 V DC to -60 V DC

Maximum/average power

100/75W

Mean time between failures (MTBF)

37.54 years

NO WARRANTY
THE CONTENTS OF THIS BROCHURE ARE PROVIDED AS IS. EXCEPT AS REQUIRED BY APPLICABLE LAWS, NO WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, ARE MADE IN RELATION TO THE
ACCURACY, RELIABILITY OR CONTENTS OF THIS MANUAL.
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO CASE SHALL HUAWEI TECHNOLOGIES CO., LTD BE LIABLE FOR ANY SPECIAL, INCIDENTAL, INDIRECT, OR
CONSEQUENTIAL DAMAGES, OR LOST PROFITS, BUSINESS, REVENUE, DATA, GOODWILL OR ANTICIPATED SAVINGS.

Copyright Huawei Technologies Co., Ltd. 2009.


All Rights Reserved.
The information contained in this document is for reference
purpose only, and is subject to change or withdrawal
according to specific customer requirements and conditions.

HUAWEI TECHNOLOGIES CO., LTD.


Add: Huawei Industrial Base
Bantian Longgang
Shenzhen 518129, P.R. China
Tel: +86-755-28780808
Version No.: M3-080030-20090416-C-1.0
www.huawei.com