4 - Firewall Product Basics (HC110114010)

Firewall Product
Basics
www.huawei.com
Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved.

Foreword
 This section mainly introduces the development history of
firewall technology of the USG series firewall products.
Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Page2
Objectives
Upon completion of this section, you should expect to:
 Gain knowledge of the development history of firewall
technology
 Acquire knowledge of the capability and features, architecture

and performance of the USG series firewall
Contents
1. Development of Firewall Technology
2. USG Series Product
The Firewall
 A firewall is a device located between two networks with different
trust degrees (enterprise internal network and Internet), that will
police the communication flow between the two networks; with the
help of implementing uniform security policies. It avoids illegal use
and unauthorized access to important resources in order to
ensure network integrity is maintained.
 Firewall = hardware + software + control policy

 Loose control policy
 permits all, selective restriction
 Strict control policy

 restricts all, selective permission
Firewall Technology－ Firewall Classification
 Firewall can be classified into several kinds according to the
implement methods:
 Packet Filtering firewall
 Proxy firewall
 State detection firewall
Packet Filtering Firewall
The packet from

192.110.10.0/24
permitted
Internal network
Internet
Local office
Packet from
202.110.10.0/24
ACL rule rejected
Headquarters of company Unauthorized user
Proxy Firewall
WWW、FTP、
Email……proxy
Send request Forward request

Internet
Forward response Request response
Client
Security policy,
audit supervise,
alarm
State Firewall
①User A initiates Telnet session
②Firewall creates Session Other Telnet packet is blocked

item
Other users
Protected External
User A network network
The Telnet session reply packet of

user A is permitted target server
③Firewall matches Session
item packet
The Function of a Firewall in a Security System
reinforced house
Door Monitor Intrusion System reinforce, Security transmission
Firewall detection system immunity Encryption, VPN
Forbidden system Guard

Monitor
Identity authentication Scanner,
Security management center
access control Security hole detection
Firewall Limitations
 A firewall is not a total security solution, and cannot solve all the
problems of network security, it is only one part of a network
security policy.
 Defends from external threats, not internal
 Balance should be ensured between depth detection and
forwarding performance
 When using end-to-end encryption, such as with VPN, firewalls are
unable to analyze the inbound traffic;
 The firewall itself creates a performance bottleneck, through
various means, for example: anti-attack ability, session limitation.
Contents
1. Development of Firewall Technology
2. USG Series Product
Huawei USG Series Products
USG5120, USG5150
USG2205
USG2210, USG2230
USG2130, USG2130W USG2250, USG2260
USG2160, USG2160W
USG2110 Enterprise
Small enterprise headquarters
headquarters Large branch
Office
Large branch
Small branch
Remote site
Office
USG2110 Fixed Model
 2WAN+8FE (desktop model)
 Fixed configuration
 Performance
 Firewall throughput (large packets): 150 Mbit/s
 Number of concurrent connections: 100,000
 Features
 Basic firewall/VPN functions
 PPPoA/DDNS/TR069
 SOHO users (1U to 20U)
Model Description
USG2110-F 2FE+8FE, 1USB
USG2110-F-W 2FE+8FE, 1USB, WiFi
USG2110-A-W 1FE, 1ADSL+8FE, 1USB, WiFi
USG2110-A-GW-C 1FE, 1ADSL+8FE, 1USB, WiFi, 3G-CDMA2000
USG2110-A-GW-W 1FE, 1ADSL+8FE, 1USB, WiFi, 3G-WCDMA
USG2110-A-GW-T 1FE, 1ADSL+8FE, 1USB, WiFi, 3G-TD-SCDMA
USG2100 Series
 1FE+8FE (chassis model)
 1/2 x extended slot (USG2130/2160)
 Serial/E1/ADSL2+/FE/GE/3G/G.SHDSL
 Built-in WiFi (-W models)
 Complete UTM features (license control)
 IPS/Antivirus/Anti-spam/URL filtering
 IPv6 support
 VPN functions
 L2TP/SSL/IPSec/MPLS/GRE
 Performance
 Number of concurrent connections: 200,000
 Small branch users (30 U to 100 U) Model Description
USG2130 1FE+8FE, 1USB.1MIC
USG2130-W 1FE+8FE, 1USB.1MIC, WiFi
USG2160 1FE+8FE, 1USB.2MIC
USG2160-W 1FE+8FE, 1USB.2MIC, WiFi
USG5120
Model Description
 2GE+2GE Combo (chassis model)
2GE+2GE Combo,
 4MIC+2FIC+2DFIC expansion slot USG5120
2USB.4MIC+2FIC+2DFIC
 FE/GE/Serial/E1/ADSL2+/G.SHDSL/3G/WiFi USG5120- 2GE+2GE Combo,
 Multi-service open platform (X86) DC
2USB.4MIC+2FIC+2DFIC, DC
power supply
 Complete UTM features (license control)
 IPv6 support
 VPN functions
 Performance
 Number of concurrent connections:
1 million
 DC power model
 Medium-sized enterprise users (500U to 700U)
USG5150
 4GE Combo (chassis model) Model Description
 4MIC+2FIC+4DFIC expansion slot USG5150
4GE Combo,
2USB.4MIC+2FIC+4DFIC
 FE/GE/Serial/E1/ADSL2+/G.SHDSL/3G/WiFi
4GE Combo,
 Multi-service open platform (X86) USG5150-
2USB.4MIC+2FIC+4DFIC,
DC
 Complete UTM features (license control) DC power supply
 IPv6 support
 VPN functions
 Performance
 Number of concurrent connections: 2 million
 1+1 redundant power supply
 Medium-sized enterprise users (800U to 1000U)
Application Scenario of Enterprise Security Protection
USG5150
USG5120
Enterprise Enterprise
partner headquarters
Internet USG2200
USG2200
USG2100
VPN VPN
Regional office
Enterprise
branch Remote site
Thank you
www.huawei.com

4 - Firewall Product Basics (HC110114010)

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

4 - Firewall Product Basics (HC110114010)

Uploaded by

Copyright:

Available Formats

Firewall Product

Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved.

 Acquire knowledge of the capability and features, architecture

2. USG Series Product

 Firewall = hardware + software + control policy

 Strict control policy

 Packet Filtering firewall

 State detection firewall

The packet from

Send request Forward request

①User A initiates Telnet session

②Firewall creates Session Other Telnet packet is blocked

The Telnet session reply packet of

Forbidden system Guard

2. USG Series Product

You might also like