How To Sell Hillstone 302. e Pro Series NGFW v5.5r9

Hillstone E-Pro Series
Next-Generation Firewall (NGFW)
1
The Evolving Security Challenges
Hillstone NGFW Value Proposition
Hillstone NGFW Product Portfolio
Deployment Scenarios
© 2022 Hillstone Networks All Rights Reserved | 2

The Evolving
Security Challenges
©©2022
2022Hillstone
HillstoneNetworks
NetworksAll
AllRights
RightsReserved
Reserved| |33
The Evolving Network Security Challenges
Advanced Threat/Attacks Evolving Security compromise to

The Applications are out of control!
Fast ! performance!
Illegal Applications 0-Day/APT Unknown Threats High Latency
Excessive Bandwidth Consumption Threat Evasion SPAM/PHISHING/C&C… Network Down
Unencrypted Traffic Locky Ransomware DoS/DDoS Excessive Security Investment
Data Breach Shutting Down Business ……
4 © 2022 Hillstone Networks All Rights Reserved | 4

Hillstone E-Pro Series NGFW
Value Proposition
©©2022
2022Hillstone
HillstoneNetworks
NetworksAll
AllRights
RightsReserved
Reserved| |55
6
New E-Pro Series NGFW
E-Pro
Highlights
15 Models with FW Throughput from 1G to 90G,

and NGFW Throughput from 100M to 26G.
Offers flexible I/O combo options on middle and

high end models without additional cost.
Market-proven platform with high performance, low

latency and full concurrence.
Industry best TCO for SMB, Enterprise and

SD-WAN market.

Multi-Dimensional Granular Control and Protection
Critical Apps
Prioritized
Bandwidth
User Applications Deep Packet Inspection
Content Unacceptable Apps

Blocked
Geolocation
Session limits,
Access time limits
Threat
Time
IP Port
Protocol
IP/Port/
Protocol
Application

L2-L7 Full Security Protection
High-performance and high efficient IPS, IP reputation, AV, Sandbox and URL-detection engine
to identify and filter all application and traffic including SSL-encrypted traffic
Prevents SQL insertion, XSS cross-site scripts.
Signature
Prevents DoS/DDoS network-layer attacks.
abnormal abnormal
protocols traffic
Professional Botnet filtering and isolation.
Full Full Two-way attack detection, and full traffic protection.

Concurrence Protocol

Advanced Threat Protection for Known and Unknown Malware
IPS blocks vulnerability exploitation
IP Reputation blocks risky IPs from accessing servers

Anti-Virus responds to known
viruses Botnet C&C Prevention
URL Filtering controls user access to specified websites blocks the control channel
Cloud Sandbox responds to and catches intranet bots
Anti-Virus prevents users from visiting malicious sites and phishing sites unknown viruses
Pre-breach Breach Post-breach
Intrusion IP URL Anti-Virus Cloud Botnet C2

Prevention Reputation Filtering Sandbox Prevention

Cloud Sandbox for Malicious File Detection and Prevention
Static Analysis/ Behavioral Cloud

Pre-Processing Analysis Intelligence
• URL whitelist, file signature • Windows/Android/MacOS • Identify malicious files
verification simulation
• Generate threat log and report
• Cloud-based suspicious samples • Behavioral analysis to file process,
Registry action, network behavior • Share threat intelligence
• MD5 query for file behavior;
verification and report • Evasion detection • Block threats
Malicious Reporting Signature

Files Update
NGFW

Complete Botnet C&C Prevention
Internet
Core Switch Hillstone NGFW C&C Server Hacker
Bot
C2 Address DNS Sinkhole DNS Tunnel DGA Domain

Database Detection Detection Detection

Multi-layer QoS
policing
Elastic bandwidth
optimization
Intelligent Hardware VPN

multi-link load acceleration
balancing Patented PnP
Server load VPN
balancing Technology
Advanced Network
Capabilities Multiple
dynamic
routing IPv6 Ready
protocols (Gold)
App based
routing
Virtual firewall features

with IPS/ URL filtering
support

High Performance VPN
• Full support of IPSec VPN /SSL VPN / L2TP VPN

• Hardware based VPN acceleration
• Hillstone PNP VPN: “Zero deployment, Zero management”
Mobile workers
SSL VPN
L2TP VPN
HQ
Remote workers
Internet
IPSec VPN
IPSec VPN
Intranet server pool
Branch offices

Smart Traffic Management with Fine-grained QoS
Diverse Upload/ Download/ Max Bandwidth/ Min Bandwidth/

methods of
Bandwidth Reservation/ Bandwidth Guarantee
traffic control
Granular Two layers of traffic

control Each layer support up to 4 levels of nestification
Traffic
Manager
Multiple Interfaces, security domain, IP addresses, users, services,
polices applications, VLANs
Traffic
E.g. Maximum 5GB per day for a single IP
quota

Smart Traffic Management with Fine-grained QoS
Traffic
Manager

Cutting-edge FW Virtualization
Elastic resource allocation

based on the business Isolated virtual FW instance Reduced TCO
requirement
Tenant A
Server A Internet
Dedicated Resources
Tenant B
Server B Dedicated Policies
Dedicated Admins
Dedicated/ Shared Interfaces
Dedicated/ Shared CPUs

Full-Concurrence, High-Performance Architecture
Multi-cores, full concurrence architecture Unpack simultaneously, All security features can be
64-bit StoneOS® operating system detect concurrently executed on one single core

High Availability With Redundant Design
• Daemon
01
• Redundant process - logs, monitoring
Operation • Multiple operation methods: Concurrency limits, port multiplication, session maintenance, persistent
connection maintenance
02
• Dual OS
System • Separation of control plane and data plane
• Port redundancy
03
• Link aggregation
Link • Link load balancing
• BFD
• Multi-core, Concurrency architecture

04 Device • HA deployment( A/A, A/P, Peer mode), failover < 1 second
• Hot-swappable interface and power modules.

Centralized Security Management & Audit
Internet
Centralized Security Policy Configuration
Hillstone NGFW
Centralized Device & Threat Monitoring

HSM
Core
HSA Network Behavior Monitoring

Hillstone NGFW Hillstone NGFW
Security Incident Audit and Forensic
Branch Branch
HSM – Hillstone Security Manager © 2022 Hillstone Networks All Rights Reserved | 19
HAS – Hillstone Security Audit
CloudView: Security Management & Analysis Service
(SaaS)
Real-time Monitoring
• 24/7 monitoring and alerts

Centralized Device Threat Analysis • Threat analysis and reports
Monitoring and Alarm • Mobile/web access
• System/threat monitoring • Threat and event logs

• Device License status and • Comprehensive reports Ease of Use
renewal
• Real-time message and
• Cloud Inspection alarms
• No deployment required
• No maintenance
• Easy and instant subscription
Low/Flexible
Investment Options
• Free to initiate (Includes Essential features)
• Pay to subscribe (For advanced features,
Professional Version)
• Security as a Service (SaaS)

Hillstone IoT Security Solution
The Hillstone IoT Security Solution can actively identify various types of video surveillance equipment, monitor the
identified IPC and NVR devices, filter and block illegal access, discover abnormal network behavior and trigger alarm or
block in real-time to protect the video surveillance network.
Active Identification Abnormal Behavior Analysis

Actively detect the IP address, MAC Identify the network access behavior of the IoT
address, brand, model and other information devices, blocks or logs the abnormal network
of the IoT devices. behavior.
Access Control Monitoring and Management

Device authentication is achieved through Device operating status
the access whitelist mechanism, only Device online/offline status
authorized devices can access the network. Device upstream/downstream traffic status

Smart Policy Operation
Policy Group
Automated User 01 Efficient policy management based on
Policy Deployment business requirement
Radius Dynamic Authorization
Automatically issue user policy via CoA message Aggregate Policy
A set of policies act as one single policy
Policy
04 Lifecycle 02
Management
Policy Redundancy Check
Discover redundant policies for deletion Policy Assistant
Refine a general policy into detailed policy
Policy Analysis App-based and service-based policy generation
Adjust the policies by observing the
03
hit counts and hit trends
Easy Rapid Launch of New Dynamic Policy Increased Efficiency

Deployment Services Adjustment & Reduced Overhead

Comprehensive Reports Tailored for Different
Audiences
Granular Customizable Template Rich and Helpful Content

Users can define a template based on the Analysis, summary and actionable
user’s specific needs, and export a report recommendations are provided based on
containing only the data that the user is traffic statistics.
interested in.
Better Readability Easy to Utilize

The report is easy to read with its new The report can be exported into PDF,
layout, color scheme and comprehensible HTML or WORD and be shared via Email
icons. or FTP for user’s specific purpose of use.

Hillstone E-Pro NGFW Value Proposition
Superior Price Comprehensive Full Security Advanced Rich Network Full Centralized
Performance Visibility & Fine- Protection Threat Functions Concurrence Management,
granular Control from Layer 2 Protection High Audit &
to 7 Performance Monitoring
Cost-effective Application is Network 100% visibility Diverse Low latency optimized

solution with visual & operation is Identify evasive deployment without security
bundle option or controllable, reliable & stable techniques scenarios performance management and
customizable better efficiency More secure Higher ROI bottleneck, better operational
configuration user experience efficiencies

Hillstone NGFW
Product Portfolio
24
Hillstone’s NGFW Product Portfolio
100G E6360P/E6368P
10 Gigabit
80G
60G
10 Gigabit
E5760P E5960P
40G
E5260P/E5268P E5568P/ E5660P
20G
Gigabit
E3662P/ E3668P E3960P/E3968P

10G
E2800P
8G
Gigabit
Desktop
6G
E1600P E1600WP E1700P
4G
SMB and Branches Medium & Large Enterprises Large Enterprises

Hillstone E-Pro Series NGFW (1)
Wi-Fi
E1600P E1600WP
CON USB 9xGE CON USB 9xGE 4xcombo
E1700P E2800P

Hillstone E-Pro Series NGFW Spec (1)
Model E1600P E1600WP E1700P E2800P
Form Factor Desktop Desktop 1U 1U

FW Throughput 4.7 Gbps 4.7 Gbps 4.75 Gbps 8 Gbps
IPSec Throughput 850 Mbps 850 Mbps 850 Mbps 3 Gbps
AV Throughput 890 Mbps 890 Mbps 890 Mbps 2.1 Gbps
IPS Throughput 1.2 Gbps 1.2 Gbps 1.2 Gbps 3.3 Gbps
IMIX Throughput 1.7 Gbps 1.7 Gbps 1.7 Gbps 5.3 Gbps
NGFW Throughput 470 Mbps 470 Mbps 470 Mbps 1.25 Gbps
Threat Prevention Throughput 360 Mbps 360 Mbps 400 Mbps 860 Mbps
New Sessions/s(TCP) 27,000 27,000 28,000 80,000
Maximum Concurrent Sessions 0.2M 0.2M 0.6M 1M
IPSec Tunnels Number 512 512 2000 2000
Maximum SSL VPN Users 128 128 500 1000
Fixed I/O Ports 9 x GE 9 x GE 9 x GE 5 x GE, 4 x Combo
Expansion Slots N/A N/A N/A N/A
WiFI N/A iEE802.11a/b/g/n N/A N/A
150M internet access; Up to 50 150M internet access, Up to 50 150M internet access; Up to 100 800M internet access; 100-300
Suggest Sizing *
users users; need a wireless access users users
* Suggestion based on experience, it can go up and down depending on specific traffic profile and configuration

CON+AUX+USB MGT+HA 6xGE 4xSFP 2xGeneric Slot CON+AUX+USB MGT+HA 6xGE 4xSFP 2xGeneric Slot
E3662P E3668P
CON+AUX+USB MGT+HA 6xGE 4xSFP 4xSFP
2xGeneric Slot
E3960P / E3968P

Model E3662P E3668P E3960P E3968P
Form Factor 1U 1U 1U 1U
FW Throughput 10 Gbps 10 Gbps 10 Gbps 10 Gbps
IPSec Throughput 3 Gbps 3 Gbps 4 Gbps 4 Gbps
AV Throughput 2.1 Gbps 2.1 Gbps 2.2 Gbps 2.2 Gbps
IPS Throughput 3.3 Gbps 3.3 Gbps 3.9 Gbps 3.9 Gbps
IMIX Throughput 5.3 Gbps 5.3 Gbps 7 Gbps 7 Gbps
NGFW Throughput 1.25 Gbps 1.25 Gbps 1.5 Gbps 1.5 Gbps
Threat Prevention Throughput 900 Mbps 900 Mbps 1.1 Gbps 1.1 Gbps
New Sessions/s(TCP) 120,000 120,000 150,000 150,000
Maximum Concurrent Sessions 3M 3M 3.2M 3.2M
IPSec Tunnels Number 6000 6000 6000 6000
Maximum SSL VPN Users 8 / 4000 8 / 4000 8 / 6000 8 / 6000
6 x GE (one pair bypass), 4 x SFP, 6 x GE (one pair bypass), 4 x SFP,
Fixed I/O Ports 6 x GE, 4 x SFP 6 x GE, 4 x SFP
2 X SFP+ 2 X SFP+
Expansion Slots 2 x Generic Slot 2 x Generic Slot 2 x Generic Slot 2 x Generic Slot
IOC-4GE-B-P, IOC-4GE-B-P, IOC-4GE-B-P, IOC-4GE-B-P,
Expansion Modules IOC-8GE-P, IOC-8GE-P, IOC-8GE-P, IOC-8GE-P,
IOC-8SFP-P IOC-8SFP-P IOC-8SFP-P IOC-8SFP-P
Storage Options N/A 256G SSD N/A 256G SSD
Twin-mode HA N/A N/A YES YES
800M internet access; 300-500 800M internet access; 300-500
Suggested Sizing * 1G internet access; 300-800 users 1G internet access; 300-800 users
users users

USB+MGT+HA 4xGE 4xSFP CON+AUX 2xSFP+ 4xGeneric Slot USB+MGT+HA 4xGE 4xSFP CON+AUX 4xGeneric Slot
E5260P / E5268P / 5560P / 5568P E5760P/ E5960P
USB+MGT+HA MGT+HA 2xGE Bypass Slot 2xQSFP+
8SFP+
E6368P Front
Model E5260P E5268P E5560P E5568P E5760 E5960 E6368
Form Factor 2U 2U 2U 2U 2U 2U 2.5 U
FW Throughput 20 Gbps 20 Gbps 20 Gbps 20 Gbps 40 Gbps 40 Gbps 90 Gbps
IPSec Throughput 8.4 Gbps 8.4 Gbps 12 Gbps 12 Gbps 18.8 Gbps 25.6 Gbps 64 Gbps
AV Throughput 3.8 Gbps 3.8 Gbps 4.9 Gbps 4.9 Gbps 7.9 Gbps 14 Gbps 28 Gbps
IPS Throughput 8.9 Gbps 8.9 Gbps 9.3 Gbps 9.3 Gbps 18.5 Gbps 18.8 Gbps 37 Gbps
IMIX Throughput 15.5 Gbps 15.5 Gbps 20 Gbps 20 Gbps 36.5 Gbps 40 Gbps 90 Gbps
NGFW Throughput 3.9 Gbps 3.9 Gbps 5.6 Gbps 5.6 Gbps 8.9 Gbps 14 Gbps 26 Gbps
Threat Prevention
2.2 Gbps 2.2 Gbps 3.1 Gbps 3.1 Gbps 5.2 Gbps 8.2 Gbps 18 Gbps
Throughput
New Sessions/s(TCP) 200,000 200,000 300,000 300,000 500,000 600,000 1,100,000
Maximum Concurrent
6M 6M 10M 10M 12M 15M 30M
Sessions
IPSec Tunnels Number 20,000 20,000 20,000 20,000 20,000 20,000 20,000
Maximum SSL
10,000 10,000 10,000 10,000 10,000 10,000 10,000
VPN Users
4 x GE (one pair bypass), 4 x GE (one pair bypass), 4 x GE (one pair bypass), 4 x GE (one pair bypass), 2 x GE, 8 x SFP+, 2 x
Fixed I/O Ports 4 x GE, 4x SFP 4 x GE, 4x SFP
4 x SFP, 2 X SFP+ 4 x SFP, 2 X SFP+ 4 x SFP, 2 X SFP+ 4 x SFP, 2 X SFP+ QSFP+
2 x Generic Slot, 1 x
Expansion Slots 4 x Generic Slot 4 x Generic Slot 4 x Generic Slot 4 x Generic Slot 4 x Generic Slot 4 x Generic Slot
Bypass Slot
IOC-4GE-B-P, IOC-4GE-B-P, IOC-4GE-B-P, IOC-4GE-B-P, IOC-4GE-B-P, IOC-4GE-B-P,
IOC-8GE-P, IOC-8GE-P, IOC-8GE-P, IOC-8GE-P, IOC-8GE-P, IOC-8GE-P,
IOC-8GE-P,
IOC-8SFP-P, IOC-8SFP-P, IOC-8SFP-P, IOC-8SFP-P, IOC-8SFP-P, IOC-8SFP-P,
Expansion Modules IOC-8SFP-P
IOC-4SFP+-P, IOC-4SFP+-P, IOC-4SFP+-P, IOC-4SFP+-P, IOC-4SFP+-P, IOC-4SFP+-P,
IOC-8SFP+-P, IOC-8SFP+-P, IOC-8SFP+-P, IOC-8SFP+-P, IOC-8SFP+-P, IOC-8SFP+-P,
IOC-2SFP+-Lite-P IOC-2SFP+-Lite-P IOC-2SFP+-Lite-P IOC-2SFP+-Lite-P IOC-2SFP+-Lite-P IOC-2SFP+-Lite-P
Storage N/A 256G SSD N/A 256G SSD N/A N/A 512G SSD
Twin-mode HA YES YES YES YES YES YES YES
2G internet access; 500- 2G internet access; 500- 3G internet access; 800- 3G internet access; 800- 5G internet access; 1000- 7.5G internet 15G internet
Suggested Sizing *
1000 users 1000 users 1200 users 1200 users 1500 users access;1200-2000 users access;1500-3000 users

Hillstone E-Pro Series Module Card Combo Options
E5260P/E5268P/E5560P/E5568P Options
• Option 01: Base system + IOC-8GE-P × 2 + IOC-8SFP-P + IOC-2SFP+-Lite (Default Combo)

• Option 02: Base system + IOC-8GE-P + IOC-8SFP-P × 2 + IOC-2SFP+-Lite
• Option 03: Base system + IOC-8GE-P × 2 + IOC-8SFP-P × 2
• Option 04: Base system + IOC-8GE-P × 4
• Option 05: Base system + IOC-8SFP-P × 4
• Option 06: Base system + IOC-8GE-P × 3 + IOC-8SFP-P
• Option 07: Base system + IOC-8SFP-P × 3 + IOC-8GE-P
• Option 08: Base system
• Option 09: Minus some module card in Option 01~08.
E5760P/E5960P (Full Combination)
• Option 01: Base system + IOC-8GE-P + IOC-8SFP-P + IOC-2SFP+-Lite × 2 (Default Combo) • Option 07: Base system + IOC-8SFP-P × 3 + IOC-2SFP+-Lite × 1
• Option 02: Base system + IOC-8GE-P × 2 + IOC-2SFP+-Lite × 2 • Option 08: Base system + IOC-8GE-P × 2 + IOC-8SFP-P × 2
• Option 03: Base system + IOC-8SFP-P × 2 + IOC-2SFP+-Lite × 2 • Option 09: Base system + IOC-8GE-P × 3 + IOC-8SFP-P × 1
• Option 04: Base system + IOC-8GE-P + IOC-8SFP-P × 2 + IOC-2SFP+-Lite × 1 • Option 10: Base system + IOC-8GE-P × 1 + IOC-8SFP-P × 3
• Option 05: Base system + IOC-8GE-P × 2 + IOC-8SFP-P + IOC-2SFP+-Lite × 1 • Option 11: Base system
• Option 06: Base system + IOC-8GE-P × 3 + IOC-2SFP+-Lite × 1 • Option 12: Minus some module card in Option 01~11
E6368P (Full Combination)
• Option 01：Base system + IOC-8GE-P + IOC-8SFP-P (Default Combo)

• Option 02：Base system + IOC-8GE-P × 2
• Option 03：Base system + IOC-8SFP-P × 2
• Option 04：Base system
• Option 05: Minus some module card in Option 01~04

Flexible Module Card Combo Options
For E5260P/E5268P/E5560P/E5568P, which only support 1* 2SFP+-Lite Card, we have
Module Card Option1 Option2 Option3 Option4 Option5 Option6 Option7 Option8
IOC-8GE-P 2 1 2 4 0 3 1 0
IOC-8SFP-P 1 2 2 0 4 1 3 0
IOC-2SFP+-Lite 1 1 0 0 0 0 0 0
For E5760P/E5960P, which can support 1 or 2* 2SFP+-Lite Card, we have
Module Card Option1 Option2 Option3 Option4 Option5 Option6 Option7 Option8 Option9 Option10 Option11
IOC-8GE-P 1 2 0 1 2 3 0 2 3 1 0
IOC-8SFP-P 1 0 2 2 1 0 3 2 1 3 0
IOC-2SFP+-Lite 2 2 2 1 1 1 1 0 0 0 0
For E6368, we have

Note:
Module Card Option1 Option2 Option3 Option4 These tables list the max combos, if the customer
IOC-8GE-P 1 2 0 0 doesn’t need a full combination, they can also minus
IOC-8SFP-P 1 0 2 0
some card of them.
34 © 2022 Hillstone Networks All Rights Reserved | 34

Bundle: Best price performance configurations
Customizable:
Configure the base system with your own configuration of interface expansion modules to best meet the business requirement.
Basic rules of configuration:
• Half-U expansion slot fits in any slot.

• 1U height expansion modules can only be installed in Slot2 and Slot4.
• More than one expansion modules of the same type can be inserted. However, there is some limitations for some specific
modules:
• Only one IOC-4SFP+-P, IOC-8SFP+-P or IOC-2SFP+-Lite-P interface expansion module can be inserted in Slot4 of SG-
6000-E5568P, SG-6000-E5560P, SG-6000-E5268P or SG-6000-E5260P.
• Only two IOC-2SFP+-Lite-P interface expansion modules can be inserted into SG-6000-E5760P or SG-6000-E5960P.

Hillstone NGFW
35
Internet Access Server Protection Branch VPN Connection
Fine-granular, efficient network Low-latency, high-performance VPN

Flexible access control policies
application management access
Fully prevents internet threats Professional WEB server protection Easy IPSec VPN deployment
Multi-link traffic optimization and Centralized deployment, monitoring

Business virtualized security protection
application routing and management

Use Case 1: Fine Granular Application Control
A Internet Company with 500+ employees who have high

demand on internet resource, which requires the company to
expand its network bandwidth.
Challenges Solutions
Online games, video streaming and P2P Hillstone NGFW can identify online games, video
applications ran by employees in working hours, and P2P applications in traffic, set appropriate
take a lot of bandwidth resource and impact the policies, and block this traffic or limit bandwidth in
critical business applications and normal work. working hours to guarantee critical business
applications.

In-Depth Application Identification
Identify thousands of
applications, including 600+
mobile apps
Detect and identify

application in SSL-
encrypted traffic

Flexible Application Filtering

Enhanced Application Control
Access Control
Session Limitations
Multi-application
control policy based
on application
identification
Traffic Control
Application
Identification Application Traffic
Redirection

Use Case 2: Detect Encrypted Threats
In a high-tech company, SSL-encrypted traffic accounts for a

larger proportion of network traffic, which causes a huge
security vacuum inside the network.
• Employees frequently use applications with SSL- • Hillstone NGFW SSL decryption function can identify and
encrypted traffic, such as cloud drives which analyze encrypted traffic, and implement fine-granular
application control.
cannot be identified or controlled.
• Hillstone NGFW can execute complete AV/IPS/URL
• An employee accessed an encrypted phishing filtering on SSL-encrypted traffic, effectively blocking
website and infected his computer malicious traffic and protecting network security.

Identification/Monitoring of Cloud Applications
Identify 300+ popular cloud applications
Disable files uploading to a Dropbox cloud disk
Accurate Control Dropbox

of uploading / Cloud Disk
downloading to /
from Cloud Disks

Threat Prevention in Encrypted Traffic
Based on SSL proxy technology, threats hidden in encrypted traffic can be completely identified and prevented
App. identification Invasion prevention
SSL Proxy
Virus prevention URL Filtering

SSL-Encrypted
Traffic

Use Case 3: Geo-Location Based Policy
A top e-commerce company with 100,000+ customers and millions

of daily transitions. There are a lot of attacks from different
countries which are not detected and prevented effectively
• Hillstone NGFW discovered the origins/locations of the

The website is continuously attacked during the attacks, finding that most of them came from countries
business peak season. Attacks cause slow with no business.
response and user failure when logging in, resulting • Configured a security policy based on country/geolocation
in severe business impacts. of the IP, blocked traffic from this country. mitigated
attacks, and guaranteed normal business operation.

Geo-Location Based Threat Defense
The attacker distribution

by threat map
Access control based on

geo-location

Use Case 4: Prevent Data Leakage
A software company whose 60% of employees are R&D staff who

can reach the classified development documents and files. There
were many data leakage incidents during the past years.
• The company prohibited R&D • Hillstone’s solution can identify the file category and block
staff from transferring Word documents via the Internet. Word documents or any sensitive document types from
However, it did not provide an effective technology to being transferred, and record logs.
control such behavior. • Filter files transferred in working hours, and prevented
• Staff transferred large files in working hours which transferring files larger than 20M.
consumed a large amount of bandwidth.

File Transfer Control
In-depth detection and control of files

transferred through HTTP, FTP, SMTP,
POP3 and SMB protocols:
• File type
• File size
• File name

Use Case 5: Policy Optimization
A large internet enterprise that has complicated business types

with frequent new business launches. There were thousands of
firewall security policies accumulated over years.
• Significant repetition and ineffective policies Intelligently detect repetitive, redundant, unused, or
impair firewall performance. ineffective policies. Provides a reminder and helps
• A large number of policies are not reviewed due to maintenance staff to revise and remove them.
maintenance staff turnover. New maintenance
staff is unable to manage old policies

Redundant Policy Detection
Detect and reduce redundant policies in 3 easy steps!
01 One-click detection 02 Visible Detection Progress 03 Show redundant policies

Use Case 6: Protect From Ransomware
A large consulting firm providing research and consulting service in

energy sector, the research documents and consulting proposals
on their laptops and servers are critical assets for the company
• Several employees have suffered Locky Enabled Cloud-sandbox on Hillstone NGFW, the
ransomware for times and don’t have effective suspicious files are uploaded to cloud-sandbox for
solutions. behavior analysis and identified as ransomware, the
• After the investigation by Hillstone experts, those admin can get detailed threat information by
employees have opened the spam with log/report and take prompt action to block the threat
ransomware.

Deep Cloud-Sandbox Inspection Report
View the details of threat

detected by Sandbox in iCenter
Download and check the

complete sandbox report

Use Case 7: SD-WAN Solution
A large retail company is rapidly expanding their businesses all

over the world. They have consistent policies to all the branch
stores but the policies evolves as new type of services pop up and
requires different granular control.
• Slow to build private network for VPN Hillstone SD-WAN solution support Zero Touch
requirement. Provisioning(ZTP) for quick and easy deployment.
• Multi-type services require fine-grained access Its centralized management of application-based
control. QOS policy, priority control, intelligent load
balancing and routing assures high quality of
different types of services and applications at scale.

Hillstone SD-WAN Solution
HQ HSM SD-WAN Controller:

(NGFW) (SD-WAN Controller) Deploy HSM at HQ
• full range of HSM products
HQ Firewall:
Mostly deployed at enterprise HQ egress
Zone A Zone B
• mid to high-end series of firewalls
VPN VPN
VPN HUB HUB
HUB (NGFW) (NGFW)
(vFW)
VPN HUB:
NGFW or vFW in the cloud
• mid to high-end series of firewalls or vFW
CPE:
Branch 1 Branch 2 Branch 3 Branch n Deploy firewall at each branch
CPE CPE CPE CPE • low-end series of firewalls
(NGFW) (NGFW) (NGFW) (NGFW)

Hillstone SD-WAN Solution Highlights
• USB Plug and Play: Support USB disk loading configuration file
Easy • Centralized Authorization Management: The device automatically
Deployment ZTP obtains authorization when it is online
• Automatic Version Upgrade: The device automatically upgrades the
specified version when it goes online
• VPN Service Distribution and Management: Simple VPN configuration

Fast Deployment
and automatic deployment
Policy Management
Efficient Visibility • Efficient Management of Policies: Lifecycle management of policies
O&M • Device and Link Status Monitoring: Equipment and VPN links
displayed on map
Business
• E2E Security: (Firewall, URL Filtering, AD, AV, IPS）
Security
• QOS Policy Control: Application-based QOS policy and priority control

Business Quality • Intelligent Routing: Application-based load balancing and quality
Assured Assurance assurance

+1 408 508 6750
inquiry@hillstonenet.com
5201 Great America Pkwy, #420
Santa Clara, CA 95054
www.hillstonenet.com

How To Sell Hillstone 302. e Pro Series NGFW v5.5r9

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

How To Sell Hillstone 302. e Pro Series NGFW v5.5r9

Uploaded by

Copyright:

Available Formats

Hillstone E-Pro Series

Next-Generation Firewall (NGFW)

Hillstone NGFW Value Proposition

Hillstone NGFW Product Portfolio

© 2022 Hillstone Networks All Rights Reserved | 2

Advanced Threat/Attacks Evolving Security compromise to

Illegal Applications 0-Day/APT Unknown Threats High Latency

Excessive Bandwidth Consumption Threat Evasion SPAM/PHISHING/C&C… Network Down

Unencrypted Traffic Locky Ransomware DoS/DDoS Excessive Security Investment

Data Breach Shutting Down Business ……

4 © 2022 Hillstone Networks All Rights Reserved | 4

New E-Pro Series NGFW

15 Models with FW Throughput from 1G to 90G,

Offers flexible I/O combo options on middle and

Market-proven platform with high performance, low

Industry best TCO for SMB, Enterprise and

© 2022 Hillstone Networks All Rights Reserved | 6

Content Unacceptable Apps

© 2022 Hillstone Networks All Rights Reserved | 7

Prevents SQL insertion, XSS cross-site scripts.

Professional Botnet filtering and isolation.

Full Full Two-way attack detection, and full traffic protection.

© 2022 Hillstone Networks All Rights Reserved | 8

IPS blocks vulnerability exploitation

IP Reputation blocks risky IPs from accessing servers

Pre-breach Breach Post-breach

Intrusion IP URL Anti-Virus Cloud Botnet C2

© 2022 Hillstone Networks All Rights Reserved | 9

Static Analysis/ Behavioral Cloud

Malicious Reporting Signature

© 2022 Hillstone Networks All Rights Reserved | 10

Core Switch Hillstone NGFW C&C Server Hacker

C2 Address DNS Sinkhole DNS Tunnel DGA Domain

© 2022 Hillstone Networks All Rights Reserved | 11

Intelligent Hardware VPN

Virtual firewall features

© 2022 Hillstone Networks All Rights Reserved | 12

• Full support of IPSec VPN /SSL VPN / L2TP VPN

© 2022 Hillstone Networks All Rights Reserved | 13

Diverse Upload/ Download/ Max Bandwidth/ Min Bandwidth/

Granular Two layers of traffic

© 2022 Hillstone Networks All Rights Reserved | 14

© 2022 Hillstone Networks All Rights Reserved | 15

Elastic resource allocation

Dedicated/ Shared Interfaces

Dedicated/ Shared CPUs

© 2022 Hillstone Networks All Rights Reserved | 16

© 2022 Hillstone Networks All Rights Reserved | 17

• Multi-core, Concurrency architecture

© 2022 Hillstone Networks All Rights Reserved | 18

Centralized Security Policy Configuration

Centralized Device & Threat Monitoring

HSA Network Behavior Monitoring

Security Incident Audit and Forensic

• 24/7 monitoring and alerts

• System/threat monitoring • Threat and event logs

© 2022 Hillstone Networks All Rights Reserved | 20

Active Identification Abnormal Behavior Analysis

Access Control Monitoring and Management

© 2022 Hillstone Networks All Rights Reserved | 21

Easy Rapid Launch of New Dynamic Policy Increased Efficiency

© 2022 Hillstone Networks All Rights Reserved | 22

Granular Customizable Template Rich and Helpful Content