With the continuous digitalization and cloudification of enterprise services, networks play an important role in enterprise operations, and must be protected. Network attackers use various methods, such as identity spoofing, website Trojan horses, and malware, to initiate network penetration and attacks, affecting the normal use of enterprise networks. Deploying firewalls on network borders is a common way to protect enterprise network security. However, firewalls can only analyze and block threats based on signatures. This method cannot effectively handle unknown threats and may deteriorate device performance. This single-point and passive method does not pre-empt or effectively defend against unknown threat attacks. Threats hidden in encrypted traffic in particular cannot be effectively identified without breaching user privacy. Huawei’s next-generation firewalls provide the latest capabilities and work with other security devices to proactively defend against network threats, enhance border detection capabilities, effectively defend against advanced threats, and resolve performance deterioration problems. The product provides pattern matching and encryption/decryption service processing acceleration functions, which greatly improve the firewall ability to process content security detection and IPSec services.
Product Highlights
Comprehensive and integrated protection
• Integrates the traditional firewall, VPN, intrusion prevention, antivirus, data leak prevention, bandwidth management, URL filtering, and online behavior management functions all in one device.
• Interworks with the local or cloud sandbox to effectively detect unknown threats and prevent zero-day attacks.
• Implements refined bandwidth management based on applications and websites, preferentially forwards key services, and ensures bandwidth for key services.
High performance
• Enables pattern matching and accelerates encryption/decryption, improving the performance for processing IPS, antivirus, and IPSec services.
High port density
• The device has multiple types of interfaces, such as 40G, 10G, and 1G interfaces. Services can be flexibly expanded without extra interface cards.
Deployment
Small data center border protection
• Firewalls are deployed at egresses of data centers, and functions and system resources can be virtualized. The firewall has multiple types of interfaces, such as 40G, 10G, and 1G interfaces. Services can be flexibly expanded without extra interface cards.
• The 12-Gigabit intrusion prevention capability effectively blocks a variety of malicious attacks and delivers differentiated defense based on virtual environment requirements to guarantee data security.
• VPN tunnels can be set up between firewalls and mobile workers and between firewalls and branch offices for secure and low-cost remote access and mobile working.
Enterprise border protection
• Firewalls are deployed at the network border. The built-in traffic probe can extract packets of encrypted traffic to monitor threats in encrypted traffic in real time.
• The deception function is enabled on the firewalls to proactively respond to malicious scanning behavior, protecting enterprises against threats in real time.
• The policy control, data filtering, and audit functions of the firewalls are used to monitor social network applications to prevent data breach and protect enterprise networks.
For inquiries, email us at info@agdatacom.com
Source: https://e.huawei.com/en/products/enterprise-networking/security/firewall-gateway/usg6600e