With the continuous digitalization and cloudification of carrier services, networks play an

important role in carrier operations, and must be protected. Network attackers use various

methods, such as identity spoofing, website Trojan horses, and malware, to initiate network

penetration and attacks, affecting the normal use of carrier networks.

Deploying firewalls on network borders is a common way to protect carrier network security.

However, firewalls can only analyze and block threats based on signatures. This method cannot

effectively handle unknown threats and may deteriorate device performance. This single-

point and passive method does not pre-empt or effectively defend against unknown threat

attacks. Threats hidden in encrypted traffic in particular cannot be effectively identified without

breaching user privacy.

Huawei's next-generation firewalls provide the latest capabilities and work with other security

devices to proactively defend against network threats, enhance border detection capabilities,

effectively defend against advanced threats, and resolve performance deterioration problems.

The product provides pattern matching and encryption/decryption service processing

acceleration functions, which greatly improve the firewall ability to process content security

detection and IPSec services.

HUAWEI Eudemon200E-G85 Firewalls (Fixed-Configuration)

Product Appearances

Eudemon200E-G85 Firewalls (Fixed-Configuration)

Product HighlightsComprehensive and integrated protection• Integrates the traditional firewall,VPN, intrusionprevention,antivirus,data leakprevention,

bandwidthmanagement,URLfiltering,andonlinebehaviormanagementfunctionsall inonedevice.

• Interworkswiththe localorcloudsandboxtoeffectivelydetectunknownthreatsandpreventzero-dayattacks.

• Implementsrefinedbandwidthmanagementbasedonapplicationsandwebsites,preferentiallyforwardskeyservices,andensuresbandwidthforkeyservices.

High performance• Enablespatternmatchingandacceleratesencryption/decryption, improvingtheperformancefor

processingIPS,antivirus,andIPSecservices.

DeploymentCloud-based management• Firewalls canproactively registerwithandbequickly incorporated into the cloud-based

managementplatformtoimplementquickdevicedeploymentwithoutmanualattendance.• Remoteserviceconfigurationmanagement,devicemonitoring,andfaultmanagementareused

toimplementcloud-basedmanagementofmassdevicesandsimplifyO&M.

Enterprise HQ

Huawei Public Cloud

Enterprise Branch

Internet

......

Carrier border protection• Firewallsaredeployedat thenetworkborder.Thebuilt-in trafficprobecanextractpacketsof

encryptedtraffictomonitorthreatsinencryptedtrafficinrealtime.• Thedeceptionfunctionisenabledonthefirewallstoproactivelyrespondtomaliciousscanning

behavior,protectingcarriersagainstthreatsinrealtime.• Thepolicycontrol,datafiltering,andauditfunctionsofthefirewallsareusedtomonitorsocial

networkapplicationstopreventdatabreachandprotectcarriernetworks.

Software Features

Feature Description

IntegratedprotectionIntegrates firewall,VPN, intrusionprevention,antivirus,data leakprevention,bandwidthmanagement,anti-DDoS,URL filtering,andanti-spam functions;providesaglobalconfigurationview;managespoliciesinaunifiedmanner.

Applicationidentificationandcontrol

Identifiesover6000applicationsandsupports theaccesscontrolgranularitydowntoapplicationfunctions;combinesapplication identificationwith intrusiondetection,antivirus,anddata filtering, improvingdetectionperformanceandaccuracy.

Cloud-basedmanagementmode

Initiatesauthenticationandregistrationtothecloud-basedmanagementplatformtoimplementplug-and-playandsimplifynetworkcreationanddeployment.Supportsremoteserviceconfiguration,devicemonitoring,andfaultmanagement,implementingthemanagementofmassdevicesinthecloud.

Cloudapplicationsecurityawareness

Controlscarriercloudapplicationsinarefinedanddifferentiatedmannertomeetcarriers'requirementsforcloudapplicationmanagement.

Intrusionpreventionandwebprotection

Accuratelydetectsanddefendsagainstvulnerability-specificattacksbasedonup-to-datethreat information.Thefirewallcandefendagainstweb-specificattacks,includingSQLinjectionandXSSattacks.

AntivirusRapidlydetectsover5milliontypesofvirusesbasedonthedaily-updatedvirussignaturedatabase.

Dataleakprevention(DLP)

Inspectsfilestoidentifythefiletypes,suchasWORD,EXCEL,POWERPOINT,andPDF,basedonfilecontent,andfiltersthefilecontent.

Bandwidthmanagement

Managesper-user andper-IPbandwidth in addition to identifying serviceapplicationstoensurethenetworkaccessexperienceofkeyservicesandusers.Controlmethodsincludelimitingthemaximumbandwidth,ensuringtheminimumbandwidth,andchangingapplicationforwardingpriorities.

URLfiltering

ProvidesaURLcategorydatabasewithover120millionURLsandacceleratesaccess tospecificcategoriesofwebsites, improvingaccessexperienceofhigh-prioritywebsites.SupportsDNSfiltering,inwhichaccessedwebpagesarefilteredbasedondomainnames.Supports theSafeSearchfunctiontofilter resourcesofsearchengines,suchasGoogle,toguaranteeaccesstoonlyhealthynetworkresources.

Behaviorandcontentaudit Auditsandtracesthesourcesoftheaccessedcontentbasedonusers.

Feature Description

LoadbalancingSupportsserver loadbalancingand link loadbalancing, fullyutilizingexistingnetworkresources.

Intelligentuplinkselection

Supportsservice-specificPBRand intelligentuplinkselectionbasedonmultipleloadbalancingalgorithms(forexample,basedonbandwidthratioandlinkhealthstatus)inmulti-egressscenarios.

VPNencryptionSupportsmultiplehighlyavailableVPNfeatures, suchas IPSecVPN,SSLVPN,L2TPVPN,MPLSVPN,andGRE,andprovidestheHuawei-proprietaryVPNclientSecoClientforSSLVPN,L2TPVPN,andL2TPoverIPSecVPNremoteaccess.

DSVPNDynamicsmartVPN(DSVPN)establishesVPNtunnelsbetweenbrancheswhosepublicaddressesaredynamicallychanged, reducingthenetworkingandO&Mcostsofthebranches.

SSL-encryptedtrafficdetection

DetectsanddefendsagainstthreatsinSSL-encryptedtrafficusingapplication-layerprotectionmethods,suchasintrusionprevention,antivirus,datafiltering,andURLfiltering.

SSLoffloadingReplacesserverstoimplementSSLencryptionanddecryption,effectivelyreducingserverloadsandimplementingHTTPtrafficloadbalancing.

Anti-DDoSDefendsagainstmorethan10typesofcommonDDoSattacks, includingSYNfloodandUDPfloodattacks.

Userauthentication

Supportsmultiple user authenticationmethods, including local, RADIUS,HWTACACS,AD,andLDAP.The firewall supportsbuilt-inPortal andPortalredirectionfunctions.ItcanworkwiththeAgileControllertoimplementmultipleauthenticationmodes.

SecurityvirtualizationSupportsvirtualizationofmultiple typesofsecurityservices, includingfirewall,intrusionprevention,antivirus,andVPN.Userscanseparatelyconductpersonalmanagementonthesamephysicaldevice.

Securitypolicymanagement

Managesandcontrols trafficbasedonVLAN IDs,quintuples, securityzones,regions,applications,URLcategories,andtimeranges,andimplementsintegratedcontentsecuritydetection.Providespredefinedcommon-scenariodefense templates to facilitatesecuritypolicydeployment.Providessecuritypolicymanagementsolutions inpartnershipwithFireMonandAlgoSectoreduceO&Mcostsandpotentialfaults.

Diversifiedreports

Providesvisualizedandmulti-dimensional reportdisplaybyuser,application,content,time,traffic,threat,andURL.

Generatesnetwork security analysis reportson theHuawei security centerplatformtoevaluatethecurrentnetworksecuritystatusandprovideoptimizationsuggestions.

RoutingSupportsmultipletypesofroutingprotocolsandfeatures,suchasRIP,OSPF,BGP,IS-IS,RIPng,OSPFv3,BGP4+,andIPv6IS-IS.

Deploymentandreliability

Supportstransparent,routing,andhybridworkingmodesandhighavailability(HA),includingtheActive/ActiveandActive/Standbymodes.

SpecificationsSystem Performance and Capacity

Model Eudemon200E-G85

FirewallThroughput1(1518/512/64-byte,UDP)

8/8/4Gbit/s

FirewallLatency(64-byte,UDP) 18µs

ConcurrentSessions(HTTP1.1)1 4,000,000

NewSessions/Second(HTTP1.1)1 80,000

IPsecVPNThroughput1(AES-256+SHA256,1420-byte)

6Gbit/s

SSLInspectionThroughput2 550Mbit/s

ConcurrentSSLVPNUsers(Default/Maximum)

100/1000

SecurityPolicies(Maximum) 15,000

VirtualFirewalls 100

URLFiltering:Categories Morethan130

URLFiltering:URLs Adatabaseofover120millionURLsinthecloud

AutomatedThreatFeedbackandIPSSignatureUpdates

Yes,anindustry-leadingsecuritycenterfromHuawei(http://sec.huawei.com/sec/web/index.do)

Third-PartyandOpen-SourceEcosystem

OpenAPIforintegrationwiththird-partyproducts,providingRESTfulandNetConfinterfacesOtherthird-partmanagementsoftwarebasedonSNMP,SSH,andSyslogCooperationwiththird-partytools,suchasTufin,AlgoSecandFireMonCollaborationwithanti-APTsolution

CentralizedManagementCentralizedconfiguration,logging,monitoring,andreportingisperformedbyHuaweieSightandeLog

VLANs(Maximum) 4094

VLANIFInterfaces(Maximum) 1024

1.TheperformanceistestedunderidealconditionsbasedonRFC2544andRFC3511.Theactualresultmayvarywithdeploymentenvironments.

2.SSLinspectionthroughputismeasuredwithIPSenabledandHTTPStrafficusingTLSv1.2withAES128-GCM-SHA256.*SA:indicatesserviceawareness.

Model Eudemon200E-G85

Dimensions(HxWxD)mm 43.6x442x420

FormFactor/Height 1U

FixedInterface 2x10GE(SFP+)+8xGECombo+2xGEWAN

USBPort 1xUSB2.0+1xUSB3.0

Weight(FullConfiguration) 5.8kg

ExternalStorage Optional,SSD(M.2)cardsupported,240GB

ACPowerSupply 100Vto240V

Typicalpowerconsumptionofthemachine

35W

PowerSupplies SingleACpowersupply;optionaldualACpowersupplies

OperatingEnvironment(Temperature/Humidity)

Temperature:0°Cto45°CHumidity:5%to95%,non-condensing

Non-operatingEnvironmentTemperature:-40°Cto+70°CHumidity:5%to95%,non-condensing

Hardware Specifications

Product Model Description

Eudemon200E-G85

UEudemon200E-G85-ACEudemon200EACHost(2*10GE(SFP+)+8*GECombo+2*GEWAN,ACpower)

UEudemon200E-G85-DCEudemon200EDCHost (2*10GE (SFP+) + 8*GECombo+2*GEWAN,DCpower)

Function License

SSLVPNConcurrentUsers

LIC-EDMLM-SSLVPN-100 QuantityofSSLVPNConcurrentUsers(100Users)

LIC-EDMLM-SSLVPN-200 QuantityofSSLVPNConcurrentUsers(200Users)

LIC-EDMLM-SSLVPN-500 QuantityofSSLVPNConcurrentUsers(500Users)

LIC-EDMLM-SSLVPN-1000 QuantityofSSLVPNConcurrentUsers(1000Users)

Eudemon License

IPSUpdateService

LIC-E200E-G85-IPS-1YIPSUpdateServiceSubscribe12Months(AppliestoE200E-G85)

LIC-E200E-G85-IPS-3YIPSUpdateServiceSubscribe36Months(AppliestoE200E-G85)

URLFilteringUpdateService

LIC-E200E-G85-URL-1YURLRemoteQueryServiceSubscribe12Months(AppliestoE200E-G85)

LIC-E200E-G85-URL-3YURLRemoteQueryServiceSubscribe36Months(AppliestoE200E-G85)

Ordering Information

Product Model Description

AntivirusUpdateService

LIC-E200E-G85-AV-1YAVUpdateServiceSubscribe12Months(AppliestoE200E-G85)

LIC-E200E-G85-AV-3YAVUpdateServiceSubscribe36Months(AppliestoE200E-G85)

ThreatProtectionBundle(IPS,AV,URL)

LIC-E200E-G85-TP-1Y-OVSThreatProtectionSubscription12Months(AppliestoE200E-G85)

LIC-E200E-G85-TP-3Y-OVSThreatProtectionSubscription36Months(AppliestoE200E-G85)

FlowProbeFunction LIC-E200E-G85-FP FlowProbeFunction(AppliestoE200E-G85)

GENERAL DISCLAIMERThe information in this document may contain predictive statement including, without limitation, statements regarding the future financial and operating results, future product portfolios, new technologies, etc. There are a number of factors that could cause actual results and developments to differ materially from those expressed or implied in the predictive statements. Therefore, such information is provided for reference purpose only and constitutes neither an offer nor an acceptance. Huawei may change the information at any time without notice.Copyright © 2020 HUAWEI TECHNOLOGIES CO., LTD. All Rights Reserved.