|Intrusion prevention and web protection
||Accurately detects and defends against vulnerability-specific attacks based on upto-date threat information. The firewall can defend against web-specific attacks, including SQL injection and XSS attacks.
||Rapidly detects over 5 million types of viruses based on the daily-updated virus signature database.
|Data leak prevention (DLP)
||Inspects files to identify the file types, such as WORD, EXCEL, POWERPOINT, and PDF, based on file content, and filters the file content.
||Manages per-user and per-IP bandwidth in addition to identifying service applications to ensure the network access experience of key services and users. Control methods include limiting the maximum bandwidth, ensuring the minimum bandwidth, and changing application forwarding priorities.
||Provides a URL category database with over 120 million URLs and accelerates access to specific categories of websites, improving access experience of high-priority websites. Supports DNS filtering, in which accessed web pages are filtered based on domain names.
Supports the SafeSearch function to filter resources of search engines, such as Google, to guarantee access to only healthy network resources.
|Behavior and content audit
||Audits and traces the sources of the accessed content based on users.
||Supports server load balancing and link load balancing, fully utilizing existing network resources.
|Intelligent uplink selection
||Supports service-specific PBR and intelligent uplink selection based on multiple load balancing algorithms (for example, based on bandwidth ratio and link health status) in multi-egress scenarios.
||Supports multiple highly available VPN features, such as IPSec VPN, SSL VPN, L2TP VPN, MPLS VPN, and GRE, and provides the Huawei-proprietary VPN client SecoClient for SSL VPN, L2TP VPN, and L2TP over IPSec VPN remote access.
||Dynamic smart VPN (DSVPN) establishes VPN tunnels between branches whose public addresses are dynamically changed, reducing the networking and O&M costs of the branches.
|SSL-encrypted traffic detection
||Detects and defends against threats in SSL-encrypted traffic using application-layer protection methods, such as intrusion prevention, antivirus, data filtering, and URL filtering.
||Replaces servers to implement SSL encryption and decryption, effectively reducing server loads and implementing HTTP traffic load balancing.
||Defends against more than 10 types of common DDoS attacks, including SYN flood and UDP flood attacks.
||Supports multiple user authentication methods, including local, RADIUS, HWTACACS, AD, and LDAP. The firewall supports built-in Portal and Portal redirection functions. It can work with the Agile Controller to implement multiple authentication modes.
||Supports virtualization of multiple types of security services, including firewall, intrusion prevention, antivirus, and VPN. Users can separately conduct personal management on the same physical device.
|Security policy management
||Manages and controls traffic based on VLAN IDs, quintuples, security zones, regions, applications, URL categories, and time ranges, and implements integrated content security detection.
Provides predefined common-scenario defense templates to facilitate security policy deployment.
Provides security policy management solutions in partnership with FireMon and AlgoSec to reduce O&M costs and potential faults.
||Provides visualized and multi-dimensional report display by user, application, content, time, traffic, threat, and URL.
Generates network security analysis reports on the Huawei security center platform to evaluate the current network security status and provide optimization suggestions.
||Supports multiple types of routing protocols and features, such as RIP, OSPF, BGP, IS-IS, RIPng, OSPFv3, BGP4+, and IPv6 IS-IS.
|Deployment and reliability
||Supports transparent, routing, and hybrid working modes and high availability (HA), including the Active/Active and Active/Standby modes.