Huawei Product

Quidway Eudemon 1000E Unified Security Gateway
V100R002
Product Description
Issue
01
Date
2009-01-20
Huawei Proprietary and Confidential

Copyright Huawei Technologies Co., Ltd.
Huawei Technologies Co., Ltd. provides customers with comprehensive technical support and service. For any
assistance, please contact our local office or company headquarters.
Huawei Technologies Co., Ltd.

Address:
Huawei Industrial Base

Bantian, Longgang
Shenzhen 518129
People's Republic of China
Website:
http://www.huawei.com
Email:
support@huawei.com
Copyright Huawei Technologies Co., Ltd. 2009. All rights reserved.

No part of this document may be reproduced or transmitted in any form or by any means without prior written
consent of Huawei Technologies Co., Ltd.
Trademarks and Permissions

and other Huawei trademarks are the property of Huawei Technologies Co., Ltd.
All other trademarks and trade names mentioned in this document are the property of their respective holders.
Notice
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but the statements, information, and
recommendations in this document do not constitute a warranty of any kind, express or implied.


Product Description
Contents
Contents
About This Document.....................................................................................................................1
1 Product Overview.......................................................................................................................1-1
2 Product Features.........................................................................................................................2-1
2.1 Multiple Security Zones..................................................................................................................................2-3
2.2 Powerful GTP Protection................................................................................................................................2-3
2.3 Virtual Firewall...............................................................................................................................................2-3
2.4 Multiple Work Modes.....................................................................................................................................2-4
2.5 Enhanced Packet Filtering...............................................................................................................................2-4
2.5.1 High-speed ACL Searching...................................................................................................................2-4
2.5.2 Malicious Host Filtering Based on the Blacklist....................................................................................2-4
2.5.3 MAC Address and IP Address Binding.................................................................................................2-4
2.5.4 Packet Filtering Based on the Application Layer...................................................................................2-4
2.6 Multiple NAT Applications............................................................................................................................2-4
2.6.1 Address Translation................................................................................................................................2-5
2.6.2 Multiple NAT ALGs..............................................................................................................................2-5
2.7 Powerful Attack-Defending Capability...........................................................................................................2-6
2.7.1 Defending Worm Virus..........................................................................................................................2-6
2.7.2 Defending Multiple DoS And DDoS Attacks........................................................................................2-6
2.7.3 Defending Scanning and Snooping Attacks...........................................................................................2-6
2.7.4 Defending Other Attacks........................................................................................................................2-6
2.8 IDS Cooperation..............................................................................................................................................2-6
2.9 Cost-Effective Reliability................................................................................................................................2-7
2.9.1 Cost-Effective Product Design...............................................................................................................2-7
2.9.2 1+1 Backup of Routing Information......................................................................................................2-7
2.9.3 Dual-System Hot Backup.......................................................................................................................2-7
2.10 Perfect Traffic Monitoring............................................................................................................................2-7
2.11 Multiple Authentication Modes....................................................................................................................2-7
2.12 QoS Guarantee..............................................................................................................................................2-8
2.13 Security-Guaranteed VPN Applications.......................................................................................................2-8
2.14 Flexible P2P Flow Limiting..........................................................................................................................2-9
2.15 Enhanced Log Management..........................................................................................................................2-9
2.15.1 Two Log Output Formats.....................................................................................................................2-9
Issue 01 (2009-01-20)

Contents

Product Description
2.15.2 Varied Types of Logs...........................................................................................................................2-9
2.16 Rich and Flexible Maintenance and Management......................................................................................2-10

2.16.1 Rich Maintenance and Management..................................................................................................2-10
2.16.2 SNMP Based Terminal System Management....................................................................................2-10
2.16.3 GUI Management...............................................................................................................................2-10
2.17 Compliant Tests and Standards...................................................................................................................2-10
3 System Structure.........................................................................................................................3-1
3.1 Appearance......................................................................................................................................................3-2
3.1.1 Front Panel of the Eudemon 1000E.......................................................................................................3-2
3.1.2 Rear Panel of the Eudemon 1000E Powered by AC Input....................................................................3-2
3.1.3 Rear Panel of the Eudemon 1000E Powered by DC Input....................................................................3-3
3.2 System Configuration......................................................................................................................................3-3
3.3 External Interfaces...........................................................................................................................................3-4
3.3.1 Fixed Interfaces......................................................................................................................................3-4
3.3.2 Extended Interfaces................................................................................................................................3-4
3.4 Supported Interface Modules..........................................................................................................................3-5
4 Networking Applications.........................................................................................................4-1
4.1 Attack-Defending Function.............................................................................................................................4-2
4.2 Application of Dual-System Hot Backup........................................................................................................4-2
4.3 IPSec VPNs.....................................................................................................................................................4-3
5 Purchase Guide...........................................................................................................................5-1
5.1 Host Purchase..................................................................................................................................................5-2
5.1.1 Factors for Your Purchase......................................................................................................................5-2
5.1.2 Optional List for Host Purchase.............................................................................................................5-2
5.2 Interface Module Purchase..............................................................................................................................5-2
6 Compliant Standards and Feature List.................................................................................. 6-1

6.1 Compliant Standards.......................................................................................................................................6-2
6.2 Feature List of the Eudemon 1000E................................................................................................................6-5
A Appendix...................................................................................................................................A-1
ii

Issue 01 (2009-01-20)

Product Description
Figures
Figures
Figure 3-1 Front panel of the Eudemon 1000E....................................................................................................3-2
Figure 3-2 Real panel of the Eudemon 1000E powered by AC input..................................................................3-2
Figure 3-3 Rear panel of the Eudemon 1000E powered by DC input..................................................................3-3
Figure 4-1 Hybrid networking of the Eudemon 1000E and the IDS....................................................................4-2
Figure 4-2 Dual-system hot backup of the Eudemon 1000E...............................................................................4-3
Figure 4-3 IPSec VPN implemented by the Eudemon 1000E.............................................................................4-4
Issue 01 (2009-01-20)

iii

Product Description
Tables
Tables
Table 3-1 System configuration of the Eudemon 1000E.....................................................................................3-3
Table 3-2 Console port.........................................................................................................................................3-4
Table 3-3 GE optical/electrical interface..............................................................................................................3-4
Table 3-4 FE electrical interface...........................................................................................................................3-4
Table 3-5 GE optical/electrical interface..............................................................................................................3-5
Table 5-1 Eudemon 1000E host accessories........................................................................................................5-2
Table 5-2 Interface module purchase of the Eudemon 1000E.............................................................................5-3
Table 6-1 Compliant standards.............................................................................................................................6-2
Table 6-2 Feature list of theEudemon 1000E.......................................................................................................6-5
Issue 01 (2009-01-20)


Product Description
About This Document
About This Document

Purpose
This document describes the following contents of the Eudemon 1000E series:
l
Product overview
Product features
System structure
Networking applications
Purchase guide
Standard and feature list
This document provides the service functions of the Eudemon 1000E.
Related Versions
The following table lists the product versions related to this document.
Product Name
Version
Quidway Eudemon 1000E
V100R002
Intended Audience
This document is intended for:
l
Network engineers
Network management personnel
Users with network basics
Organization
This document is organized as follows.
Issue 01 (2009-01-20)


Product Description
About This Document
Chapter
Description
1 Product Overview
The main performance and features of the

Eudemon 1000E.
2 Product Features
The powerful attack-defending capability and

various security features of the Eudemon 1000E.
3 System Structure
The appearance and interface information of the

Eudemon 1000E.
4 Networking Applications
Some typical networking modes of the Eudemon

1000E.
5 Purchase Guide
The factors that must be considered when

purchasing the Eudemon 1000E.
6 Compliant Standards and Feature

List
The compliant standards and feature list of the

Eudemon 1000E.
A Appendix
The acronyms and abbreviations used in this

document.
Conventions
Symbol Conventions
The symbols that may be found in this document are defined as follows.
Symbol
Description
DANGER
WARNING
CAUTION
Indicates a hazard with a high level of risk, which if not

avoided, will result in death or serious injury.
Indicates a hazard with a medium or low level of risk, which
if not avoided, could result in minor or moderate injury.
Indicates a potentially hazardous situation, which if not
avoided, could result in equipment damage, data loss,
performance degradation, or unexpected results.
TIP
Indicates a tip that may help you solve a problem or save

time.
NOTE
Provides additional information to emphasize or supplement

important points of the main text.

Issue 01 (2009-01-20)

Product Description
About This Document
General Conventions
The general conventions that may be found in this document are defined as follows.
Convention
Description
Times New Roman
Normal paragraphs are in Times New Roman.
Boldface
Names of files, directories, folders, and users are in

boldface. For example, log in as user root.
Italic
Book titles are in italics.
Courier New
Examples of information displayed on the screen are in

Courier New.
Command Conventions
The command conventions that may be found in this document are defined as follows.
Convention
Description
Boldface
The keywords of a command line are in boldface.
Italic
Command arguments are in italics.
[]
Items (keywords or arguments) in brackets [ ] are optional.
{ x | y | ... }
Optional items are grouped in braces and separated by

vertical bars. One item is selected.
[ x | y | ... ]
Optional items are grouped in brackets and separated by

vertical bars. One item is selected or no item is selected.
{ x | y | ... }*
Optional items are grouped in braces and separated by

vertical bars. A minimum of one item or a maximum of all
items can be selected.
[ x | y | ... ]*
Optional items are grouped in brackets and separated by

vertical bars. Several items or no item can be selected.
GUI Conventions
The GUI conventions that may be found in this document are defined as follows.
Issue 01 (2009-01-20)
Convention
Description
Boldface
Buttons, menus, parameters, tabs, window, and dialog titles

are in boldface. For example, click OK.
>
Multi-level menus are in boldface and separated by the ">"

signs. For example, choose File > Create > Folder.


Product Description
About This Document
Keyboard Operations
The keyboard operations that may be found in this document are defined as follows.
Format
Description
Key
Press the key. For example, press Enter and press Tab.
Key 1+Key 2
Press the keys concurrently. For example, pressing Ctrl+Alt

+A means the three keys should be pressed concurrently.
Key 1, Key 2
Press the keys in turn. For example, pressing Alt, A means

the two keys should be pressed in turn.
Mouse Operations
The mouse operations that may be found in this document are defined as follows.
Action
Description
Click
Select and release the primary mouse button without moving

the pointer.
Double-click
Press the primary mouse button twice continuously and

quickly without moving the pointer.
Drag
Press and hold the primary mouse button and move the
pointer to a certain position.
Update History
Updates between document issues are cumulative. Therefore, the latest document issue contains
all updates made in previous issues.
Updates in Issue 01 (2009-01-20)

Initial field trial release.

Issue 01 (2009-01-20)

Product Description
1 Product Overview
Product Overview
This topic describes the major features of the Eudemon 1000E in performance.
With the rapid development of the Internet, more and more enterprises begin to speed up their
development based on the network services. In an open network, how to protect the Intranet has
become a practical hot topic. Huawei develops the Quidway Eudemon series for large and
medium-sized enterprises, which provides a cost-effective solution for the security in the large
and medium sized enterprises and telecommunication network. Eudemon 1000E provides not
only the command-line view, but also the graphical user interface (GUI), which facilitates the
device management and configuration.
The Eudemon 1000E uses the 1U standard chassis which is equipped with a Console port. The
Eudemon 1000E has four pairs of fixed 10/100/1000 M Ethernet opto-electronic mutually
exclusive interfaces and two universal serial bus (USB2.0) interfaces. The chassis provides two
extended slots. Users can install four Fast Ethernet (FE) interfaces and two pairs of gigabit
Ethernet (GE) interfaces. The Eudemon 1000E can be installed with two AC or DC power
modules to implement two-way power supply and redundancy for the power supply.
The Eudemon 1000E brings perfect experience in performance. The number of new connections
per second takes the leading place in the field.
The Eudemon 1000E supports 30,000 access control list (ACL) rules. The mean time between
failures (MTBF) is 37.54 years.
The Eudemon 1000E is based on an integrated software and hardware platform, and adopts the
dedicated and real-time operating system (OS). In this system, you can flexibly define security
zones, such as the pre-defined Local zone, Trust zone, Untrust zone, and Demilitarized zone
(DMZ). You can also customize other security zones as required. When the data is transmitted
between two interfaces with different security levels, the checking according to security rules
is enabled on the Eudemon 1000E.
The Eudemon 1000E not only supports multiple protocols such as File Transfer Protocol (FTP)
and Simple Mail Transfer Protocol (SMTP), but also provides multiple features such as
algorithm-based fast ACL searching, static, dynamic blacklist filtering, VPN service, and P2P
flow limiting.
Issue 01 (2009-01-20)

1-1

Product Description
2 Product Features
Product Features
About This Chapter

This topic describes the powerful attack-defending capabilities and security features of the
Eudemon 1000E.
2.1 Multiple Security Zones
This topic describes the security zone division of the Eudemon 1000E.
2.2 Powerful GTP Protection
This topic describes the GPRS Tunneling protocol (GTP) data protection function of the
Eudemon 1000E.
2.3 Virtual Firewall
This topic describes the virtual firewall function provided by the Eudemon 1000E.
2.4 Multiple Work Modes
This topic describes the multiple work modes supported by the Eudemon 1000E.
2.5 Enhanced Packet Filtering
This topic describes the enhanced packet filtering capabilities of the Eudemon 1000E.
2.6 Multiple NAT Applications
This topic describes the multiple types of NAT functions provided by the Eudemon 1000E.
2.7 Powerful Attack-Defending Capability
This topic describes the powerful attack-defending capabilities of the Eudemon 1000E.
2.8 IDS Cooperation
This topic describes the powerful capabilities provided when the Eudemon 1000E networks with
the IDS.
2.9 Cost-Effective Reliability
This topic describes the high stability and availability of the Eudemon 1000E.
2.10 Perfect Traffic Monitoring
This topic describes the flow monitoring functions provided by the Eudemon 1000E.
2.11 Multiple Authentication Modes
This topic describes the multiple types of user authentication modes and charging modes
provided by the Eudemon 1000E.
Issue 01 (2009-01-20)

2-1
2 Product Features

Product Description
2.12 QoS Guarantee

This topic describes the QoS of the Eudemon 1000E.
2.13 Security-Guaranteed VPN Applications
This topic describes the application of theEudemon 1000E in VPNs.
2.14 Flexible P2P Flow Limiting
This topic describes the P2P flow limiting function provided by the Eudemon 1000E.
2.15 Enhanced Log Management
This topic describes the perfect log management function of the Eudemon 1000E.
2.16 Rich and Flexible Maintenance and Management
This topic describes the flexible maintenance and management methods supported by the
Eudemon 1000E.
2.17 Compliant Tests and Standards
This topic describes the security certifications that the Eudemon 1000E passes.
2-2

Issue 01 (2009-01-20)

Product Description
2 Product Features
2.1 Multiple Security Zones

This topic describes the security zone division of the Eudemon 1000E.
A security zone includes one or more interfaces. Different security zones have different security
levels. The Eudemon 1000E supports the following pre-defined security areas:
l
Local zone
Trust zone
Untrust zone
DMZ zone
Vzone zone
In addition, it also supports the customized security areas. The root firewall supports 11
customized areas. The virtual firewall supports 3 customized areas.
In addition, in transparent mode and mixed mode, theEudemon 1000E can classify security zones
based on virtual local area networks (VLAN).
2.2 Powerful GTP Protection

This topic describes the GPRS Tunneling protocol (GTP) data protection function of the
Eudemon 1000E.
Eudemon 1000E puts forward the general packet radio service (GPRS) tunneling protocol (GTP)
solution to interwork with the GPRS support node (GSN) of Huawei. In this way, the security
for data transmission in GPRS is guaranteed. Similar to the products of serving GPRS support
node (SGSN) and gateway GPRS support node (GGSN), the Eudemon 1000E implements the
GTP function based on the user datagram protocol (UDP). In the GPRS network, the Eudemon
1000E can deploy in the Gn, Gp, or Gi interface.
The Eudemon 1000E can protect a system against GTP charging overflow attacks.
2.3 Virtual Firewall

This topic describes the virtual firewall function provided by the Eudemon 1000E.
For the features of small-sized private network, Huawei puts forward the multiple instances
solution. That is, users can logically divide a Eudemon 1000E into multiple virtual firewalls. In
this way, the security of the multiple small-sized private networks can be guaranteed
independently. For network carriers, they can use the Eudemon 1000E to hire the service for
guaranteeing the network security.
The VPN instances provides separate VPN routes for the virtual firewalls. The VPN instances
are in one-to-one mapping relationship with the virtual firewalls. At present, the Eudemon
1000E supports IPSec, L2TP, NAT, security zone, ACL, session, blacklist, and routing for the
virtual firewalls.
Issue 01 (2009-01-20)

2-3

Product Description
2 Product Features
2.4 Multiple Work Modes

This topic describes the multiple work modes supported by the Eudemon 1000E.
The Eudemon 1000E supports routing mode, transparent mode and mixed mode. This enhances
the flexibility and adaptability of networking applications. The Eudemon 1000E integrates with
part of the routing function.
2.5 Enhanced Packet Filtering

This topic describes the enhanced packet filtering capabilities of the Eudemon 1000E.
2.5.1 High-speed ACL Searching
2.5.2 Malicious Host Filtering Based on the Blacklist
2.5.3 MAC Address and IP Address Binding
2.5.4 Packet Filtering Based on the Application Layer
2.5.1 High-speed ACL Searching

The Eudemon 1000E implements fast traffic classification algorithm. When the system is
searching more than ten thousands of ACL rules, the performance and the processing speed are
not affected.
2.5.2 Malicious Host Filtering Based on the Blacklist

The Eudemon 1000E discards the packets originated from the users in the blacklist. In this way,
the security of the Internet Service Providers (ISP) and enterprises is ensured.
2.5.3 MAC Address and IP Address Binding

If the MAC address of a packet does not match the source IP address, the packet is discarded,
so as to avoid the attack from the IP spoofing.
2.5.4 Packet Filtering Based on the Application Layer

The Eudemon 1000E provides the following Application Specific Packet Filter (ASPF) security
filtering:
l
Channel and state inspection based on TCP (Transmission Control Protocol) /UDP (User
Datagram Protocol)
Java Blocking protection and ActiveX Blocking protection
Port-to-application mapping
Filtering based on contents
2.6 Multiple NAT Applications

This topic describes the multiple types of NAT functions provided by the Eudemon 1000E.
2-4

Issue 01 (2009-01-20)

Product Description
2 Product Features
Network address translation (NAT) is to translate the address of the private network into the
address of the public network (Internet).
2.6.1 Address Translation
2.6.2 Multiple NAT ALGs
2.6.1 Address Translation

The Eudemon 1000E supports the following address translations:
l
NAT based on IP address pool
NAT implementing different policies based on different addresses
PAT based on IP address and port (TCP or UDP port)
NAT based on ACL rules
Port-level NAT
2.6.2 Multiple NAT ALGs

NAT supports multiple Application Level Gateways (ALGs) in the registration mode, including:
l
NAT ALG of the FTP protocol
NAT ALG of the NBT protocol
NAT ALG of the ICMP protocol
NAT ALG of the H.323 protocol (including T.120, RAS, Q.931 and H.245)
NAT ALG of the SIP protocol
NAT ALG of the RTSP protocol
NAT ALG of the HWCC protocol
NAT ALG of the ILS protocol
NAT ALG of the PPTP protocol
NAT ALG of Tencent QQ chatting
NAT ALG of MSN massager provided by Microsoft
NBT is short for NetBIOS over TCP.

ICMP is short for Internet Control Message Protocol.
SIP is short for Session Initiation Protocol.
RTSP is short for Real-Time Streaming Protocol.
HWCC is short for Huawei Conference Control Protocol.
DNS is short for domain name system.
ILS is short for Internet locator service.
PPTP is short for Point to Point Tunneling Protocol.
Supporting the special protocols in the registration mode, NAT can be expanded flexibly so
as to support new protocols easily without changing the software architecture.
Issue 01 (2009-01-20)

2-5

Product Description
2 Product Features
2.7 Powerful Attack-Defending Capability

This topic describes the powerful attack-defending capabilities of the Eudemon 1000E.
2.7.1 Defending Worm Virus
2.7.2 Defending Multiple DoS And DDoS Attacks
2.7.3 Defending Scanning and Snooping Attacks
2.7.4 Defending Other Attacks
2.7.1 Defending Worm Virus

According to the features of worms, the Eudemon 1000E is designed with the following
enhanced defense functions:
l
Traffic monitoring and inspection
Connection number inspection
Defense of IP address scanning
Defense of port scanning
Blacklist filtering
2.7.2 Defending Multiple DoS And DDoS Attacks

The Eudemon 1000E can effectively detect DoS and DDoS attack packets, and then forward or
discard them to avoid the attacks. Meanwhile, it records the attack behavior in the logs.
2.7.3 Defending Scanning and Snooping Attacks

The Eudemon 1000E detects the scanning and snooping packets flexibly through comparison
and analysis, so as to avoid the subsequent attacks.
l
Address scanning
Port scanning
IP source routing options
IP routing record options
Network architecture snooping through the tracer tool
2.7.4 Defending Other Attacks

The Eudemon 1000E can protect a system against multiple types of DoS attacks and scan
snooping. Also, it can guard against IP Spoofing attacks to avoid the intrusion of the system.
2.8 IDS Cooperation

This topic describes the powerful capabilities provided when the Eudemon 1000E networks with
the IDS.
With a powerful attack-defending capability, the Eudemon 1000E can work with the professional
Intrusion Detective System (IDS) that is deployed externally. Since the IDS device contains the
2-6

Issue 01 (2009-01-20)

Product Description
2 Product Features
complete information about the behavior model of attacks, the cooperative networking will
provide a more reliable and comprehensive safeguard for the network.
2.9 Cost-Effective Reliability

This topic describes the high stability and availability of the Eudemon 1000E.
2.9.1 Cost-Effective Product Design
2.9.2 1+1 Backup of Routing Information
2.9.3 Dual-System Hot Backup
2.9.1 Cost-Effective Product Design

With a dedicated hardware system, the Eudemon 1000E supports temperature monitoring and
hot swapping of fans. It is applicable to harsh environments. It adopts dual power supply modules
that support 1+1 backup. The two power supply modules can work in mutual hot backup mode
and support hot swapping. A power supply switchover does not affect system operation.
According to the design requirements for carrier-class products, the Eudemon 1000E meets the
requirements of high reliability for network devices.
2.9.2 1+1 Backup of Routing Information

The Eudemon 1000E supports Virtual Router Redundancy Protocol (VRRP). A backup group
in a network can be set based on a virtual IP address. The hosts in the network can communicate
with other networks through the virtual router.
2.9.3 Dual-System Hot Backup

The Eudemon 1000E supports Huawei Redundancy Protocol (HRP). In this case, a backup group
includes an active device and a standby device. The HRP backs up key configuration commands
and state information of the session table. In this way, the HRP ensures that the standby Eudemon
1000E can smoothly take over the work when the active Eudemon 1000E is faulty.
2.10 Perfect Traffic Monitoring

This topic describes the flow monitoring functions provided by the Eudemon 1000E.
The Eudemon 1000E supports multiple traffic monitoring, including the following functions:
l
Basic session monitoring
Promised access rate
ISPKeeper function
Real-time traffic measurement
and P2P flow limiting
2.11 Multiple Authentication Modes

This topic describes the multiple types of user authentication modes and charging modes
provided by the Eudemon 1000E.
Issue 01 (2009-01-20)

2-7

Product Description
2 Product Features
The Eudemon 1000E provides uniform framework for authentication, authorization and
accounting.
It manages the security of network access in a centralized manner.
The Eudemon 1000E provides the following authentication modes:
l
Local authentication
Standard RADIUS authentication
Huawei RADIUS+ authentication
HWTACACS authentication
Plain text authentication
MD5 authentication
RADIUS is short for Remote Authentication Dial-in User Service.

HWTACACS is short for Terminal Access Controller Access Control System.
The UEudemon 1000E supports local management to verify and authorize legal users and deny
illegal users.
Cooperating with Huawei Portal Server, the Eudemon 1000E can provide secure on-line IP
detection to prevent spoof IP attacks.
2.12 QoS Guarantee

This topic describes the QoS of the Eudemon 1000E.
Quality of Service (QoS) is used to manage the traffic over Wide Area Network (WAN) ( The
WAN is encapsulated with Point to Point Protocol (PPP), frame relay (FR) and high level data
link control (HDLC).) or the LAN through the following measures:
l
CAR
The Eudemon 1000E supports the use of CAR in security zones and supports speed limiting
based on the ACL. In speed limiting, the priority is determined by the time of configuration.
The later the time is, the higher the priority is.
Sequence guarantee
In data communications, many services such as real-time services require the devices to
guarantee the sequence, for example, the VoIP service. Thus, for both the router and the
firewall, it is an important feature to guarantee the sequence of forwarding flows. Based
on the sequence of the packets received by the interface and congestion management, the
Eudemon 1000E can guarantee the correct sequence when forwarding the packets.
2.13 Security-Guaranteed VPN Applications

This topic describes the application of theEudemon 1000E in VPNs.
The Eudemon 1000E can provide the IPSec mechanism through software or hardware encryption
cards to provide services such as access control, wireless connection integrity, data source
authentication, anti-replay, encryption, and type-based data flow encryption for the two parties
involved in communication. Through AH and ESP, the Eudemon 1000E protects IP datagrams
and upper-level protocols. The Eudemon 1000E supports two encapsulation modes, transmission
2-8

Issue 01 (2009-01-20)

Product Description
2 Product Features
and tunnel. The security association (SA) of IPSec can be established through manual
configuration or IKE auto-negotiation and supports NAT traversal. Both IKE V1 and IKE V2
are supported. IKE V2 supports EAP authentication.
The Eudemon 1000E can be applied in IPSec VPNs to provide highly reliable security
transmission channels for users. Also, it can work with L2TP and GRE to implement varied
types of VPN applications.
l
L2TP VPN
GRE VPN
IPSec VPN
L2TP over IPSec VPN
GRE over IPSec VPN
2.14 Flexible P2P Flow Limiting

This topic describes the P2P flow limiting function provided by the Eudemon 1000E.
This function can be widely applied to access networks with a large volume of P2P flows, such
as community, campuses, and enterprises.
The Eudemon 1000E adopts multiple methods to limit P2P flows.
l
Limiting multiple protocols, such as Xunlei, BT, PPLive, and QQLive
Limiting upstream and downstream flows separately
Supporting the limiting of P2P flows based on periods
2.15 Enhanced Log Management

This topic describes the perfect log management function of the Eudemon 1000E.
2.15.1 Two Log Output Formats
2.15.2 Varied Types of Logs
2.15.1 Two Log Output Formats

The Eudemon 1000E can output SYSLOG in text. It can create the information table based on
traffic state for all data traffic passing through the Eudemon 1000E. Besides, it can output high
speed binary flow logs.
2.15.2 Varied Types of Logs

The Eudemon 1000E provides complete and unified logs. The log types are listed as follows:
l
NAT logs and ASPF traffic logs
Attack-defending logs
Traffic monitoring logs
P2P flow detection logs
Blacklist logs
Issue 01 (2009-01-20)

2-9

Product Description
2 Product Features
l
Multiple kinds of statistics
2.16 Rich and Flexible Maintenance and Management

This topic describes the flexible maintenance and management methods supported by the
Eudemon 1000E.
2.16.1 Rich Maintenance and Management
2.16.2 SNMP Based Terminal System Management
2.16.3 GUI Management
2.16.1 Rich Maintenance and Management

The Eudemon 1000E supports the following local and remote maintenances:
l
Local configuration and maintenance through Console port
Local and remote maintenance based on Telnet
Maintenance and management based on Secure Shell (SSH)
The SSH maintenance and management mode ensures information security and powerful
authentication functions over an insecure network, thus avoiding such attacks as IP spoofing
and plain text password interception.
2.16.2 SNMP Based Terminal System Management

The Eudemon 1000E supports Simple Network Management Protocol (SNMP) (V1/V2c/V3)
protocol and Client/Server structure. It can be managed by Network Management Station
(NMS). For example, it can be managed by Huawei network management platforms such as
iManager N2000 and Quidway.
2.16.3 GUI Management

The Eudemon 1000E provides a friendly GUI for configuration and management. You can
configure security zones, ACL, NAT, ASPF, attack defending, blacklist and statistics parameters
through the GUI.
2.17 Compliant Tests and Standards

This topic describes the security certifications that the Eudemon 1000E passes.
The Eudemon 1000E not only has obtained the sales license issued by the Ministry of Public
Security and the Security Product Certificate of military information, but also has passed the
test of the National Information Security Inspection Center. Besides, the Eudemon 1000E is one
of the products recommended by National Confidentiality Bureau. The Eudemon 1000E is
designed in compliance with the national standards of China, Asia-Pacific and Europe. It meets
the requirements of Underwriter Laboratories Inc. (UL), CE, electromagnetic compatibility
(EMC), FCC-part15, and safety certification and network access.
2-10

Issue 01 (2009-01-20)

Product Description
3 System Structure
System Structure
About This Chapter

This topic describes the appearance and interfaces of the Eudemon 1000E.
3.1 Appearance
This topic describes the appearance of the front panel and back panel of the Eudemon 1000E.
3.2 System Configuration
This topic describes the hardware configuration requirements and environment requirements of
the Eudemon 1000E.
3.3 External Interfaces
This topic describes the external fixed interfaces and expansion slots of the Eudemon 1000E.
3.4 Supported Interface Modules
This topic describes the interface modules supported by the Eudemon 1000E.
Issue 01 (2009-01-20)

3-1

Product Description
3 System Structure
3.1 Appearance
This topic describes the appearance of the front panel and back panel of the Eudemon 1000E.
3.1.1 Front Panel of the Eudemon 1000E
3.1.2 Rear Panel of the Eudemon 1000E Powered by AC Input
3.1.3 Rear Panel of the Eudemon 1000E Powered by DC Input
3.1.1 Front Panel of the Eudemon 1000E

The Eudemon 1000E uses embedded power modules and fans. Thus, the power modules and
fans are not shown on the front panel of the Eudemon 1000E.
Figure 3-1 Front panel of the Eudemon 1000E
1
E2GE
E2GE
RUN
Class 1 laser product
SLOT2
HUAWEI
Quidway Eudemon 1000E

SLOT1
8 9
1. Extended interface module-slot 2 2. Extended interface moduleslot 3. 10/100/1000 M GE electrical

1
interface
4. 1000M GE optical interface
5. Console serial port
6. USB2.0 interface
7. Indicator
8. ESD
9. preventive wrist strap jack
3.1.2 Rear Panel of the Eudemon 1000E Powered by AC Input

Figure 3-2 Real panel of the Eudemon 1000E powered by AC input
3-2
POW0
OFF
OFF
Powered
Off Before
Pulled
Powered
Off Before
Pulled
RUN
ON
RUN
ON
HAZARDOUS MOVING PARTS

KEEP FINGERS AND OTHER
BODY PARTS AWAY
POW1
1. Fan module slot
2. AC power interface
3. AC power switch
4. AC power interface
5. AC power switch
6. Grounding terminal

Issue 01 (2009-01-20)

Product Description
3 System Structure
3.1.3 Rear Panel of the Eudemon 1000E Powered by DC Input

Figure 3-3 Rear panel of the Eudemon 1000E powered by DC input
Powered
Off Before
Pulled
POW0
OFF
OFF
Powered
Off Before
Pulled
RUN
ON
RUN
ON
HAZARDOUS MOVING PARTS

KEEP FINGERS AND OTHER
BODY PARTS AWAY
POW1
1. Fan module slot
2. DC power interface
3. DC power switch
4. DC power interface
5. DC power switch
6. grounding terminal
3.2 System Configuration

This topic describes the hardware configuration requirements and environment requirements of
the Eudemon 1000E.
Table 3-1 System configuration of the Eudemon 1000E
Issue 01 (2009-01-20)
Item
Eudemon 1000EDescription
Extended interface
Two 4-FE-port card/2-GE-port card interfaces
Fixed interface
One Console port
Four 10/100/1000 M opto-electronic mutually

exclusive interfaces
Two USB2.0 interfaces
CPU
1000MHz
Memory
1GB2, supports ECC
NVRAM
128KB
Flash Memory
64MB
Dimensions
436 mm560 mm44.2 mm (WDH)
Weight
10kg
Input voltage
AC: 100V to 240V (50/60Hz)
DC: -48V to -60V
Total consumption
100W
Operation temperature
0 to 40
Relative humidity
5%RH to 90%RH
Storage temperature
-25 to +70

3-3

Product Description
3 System Structure
3.3 External Interfaces

This topic describes the external fixed interfaces and expansion slots of the Eudemon 1000E.
3.3.1 Fixed Interfaces
3.3.2 Extended Interfaces
3.3.1 Fixed Interfaces

Table 3-2 Console port
Index
Parameter
Port standard
RS232
Connector
RJ45
Transfer rate
9600 bit/s115200 bit/s
Table 3-3 GE optical/electrical interface

Index
Parameter
Interface standard
1000Base-LX/1000Base-SX/1000Base-T, 802.3z
Connector
Optical interface: SFP optical module (supports singlemode and multimode optical modules)
Electrical interface: RJ45
Transfer rate
10/100/1000 Mbit/s, supports full-duplex and half-duplex

modes.
3.3.2 Extended Interfaces

Table 3-4 FE electrical interface
3-4
Index
Parameter
Port standard
10/100Base-TX
Connector
RJ45
Transfer rate
10/100Mbit/s

Issue 01 (2009-01-20)

Product Description
3 System Structure
Table 3-5 GE optical/electrical interface

Index
Parameter
Port standard
1000Base-LX/1000Base-SX/1000Base-T, 802.3z
Connector
Optical interface: SFP optical module (supports

single-mode and multimode optical modules)
Electrical interface: RJ45
Transfer rate
10/100/1000 Mbit/s, supports full-duplex and halfduplex modes.
3.4 Supported Interface Modules

This topic describes the interface modules supported by the Eudemon 1000E.
TheEudemon 1000E supports the following interface modules:
l
Four-port 10/100 M Ethernet electrical interface module.
Two-port gigabit Ethernet optical/electrical interface module.
Issue 01 (2009-01-20)

3-5

Product Description
Networking Applications
About This Chapter

This topic describes several typical networking modes of the Eudemon 1000E.
4.1 Attack-Defending Function
This topic describes the attack-defending function provided by the Eudemon 1000E when it
networks with the IDS.
4.2 Application of Dual-System Hot Backup
This topic describes how the Eudemon 1000E protect the security of user data by means of dualsystem hot backup.
4.3 IPSec VPNs
This topic describes how the Eudemon 1000E uses the VPN technology to guarantee the security
of network transmission.
Issue 01 (2009-01-20)

4-1

Product Description
4.1 Attack-Defending Function

This topic describes the attack-defending function provided by the Eudemon 1000E when it
networks with the IDS.
The Eudemon 1000E can work with the IDS to detect the potential attacks.
Figure 4-1 Hybrid networking of the Eudemon 1000E and the IDS
Syslog
IDS
WWW
DNS
Mail
LAN Swich
Hacker
Router
Internal Office
Area
Firewall
Hacker
PC
PC
Government
Enterprise
The Eudemon 1000E is deployed at the network ingress to prevent attacks from internal or
external networks.
The IDS device is deployed on the key location in the Intranet to identify attacks from
hackers, and the log host records the detailed attack logs.
At present, there are two deployment modes:
Based on the mirroring port of the device.
LAN Switch and the Eudemon 1000E cooperate with each other so as to guard against
various attacks.
4.2 Application of Dual-System Hot Backup

This topic describes how the Eudemon 1000E protect the security of user data by means of dualsystem hot backup.
The Eudemon 1000E provides the dual-system hot backup, so that the user data will not be
disrupted due to the switchover between the active and standby Eudemons.
4-2

Issue 01 (2009-01-20)

Product Description
Figure 4-2 Dual-system hot backup of the Eudemon 1000E
PC
LAN
Switch Firewall
(Master)
Router
PC
LAN
Switch
Firewall
(Backup)
Router
Company headquarter
Two Eudemon 1000E devices in the headquarters (HQ) form a hot backup group. One of
the Eudemon 1000E is used as the master device for security protection. The other is used
as the slave device. The backup group provides the security guard such as ACL, ASPF,
traffic monitoring and NAT.
Two Eudemon 1000E devices are interconnected with each other.
The LAN switch devices in the Intranet and the routers in the Extranet are connected with
each Eudemon 1000E device to form the mesh connection.
4.3 IPSec VPNs

This topic describes how the Eudemon 1000E uses the VPN technology to guarantee the security
of network transmission.
As the VPN gateway, the Eudemon 1000E supports tunneling technologies such as L2TP and
GRE. It uses the tunneling technologies with the IPSec and firewall technologies to guarantee
the QoS and security of network transmission. Figure 4-3 shows the details.
l
The access VPN provides SOHO and mobile office users with security channels to access
the resources of the headquarters through public switched telephone network (PSTN)/
integrated services digital network (ISDN).
The intranet VPN provides channels to access the headquarters for the regional offices and
branch offices. The IPSec/IKE technology is used to ensure that data is securely transmitted
over the Internet. This protects the data on the Internet from eavesdropping and tampering.
Issue 01 (2009-01-20)

4-3

Product Description
l
The extranet VPN provides channels to access the internal network of an enterprise for the
partners and customers. Also, it protects the security of the internal network.
Figure 4-3 IPSec VPN implemented by the Eudemon 1000E

PC
File Server
Extranet VPN
Intrannet VPN
PC
Branch/Partner
PC
Company
Headquarter
Firewall
Firewall
Carriers
network
NAS
Access
VPN
PSTN/ISDN
Personal
mobile
office
Home office
VPN tunnel
4-4

Issue 01 (2009-01-20)

Product Description
5 Purchase Guide
Purchase Guide
About This Chapter

This topic describes the factors to be considered when you purchase the product.
5.1 Host Purchase
This topic describes the factors to be considered when you purchase hosts.
5.2 Interface Module Purchase
This topic describes the factors to be considered when you purchase interface modules.
Issue 01 (2009-01-20)

5-1

Product Description
5 Purchase Guide
5.1 Host Purchase

This topic describes the factors to be considered when you purchase hosts.
5.1.1 Factors for Your Purchase
5.1.2 Optional List for Host Purchase
5.1.1 Factors for Your Purchase

You can take the following factors into consideration when you buy Eudemon 1000E hosts:
l
Networking requirement: Choose the types and amount of interfaces according to the scale
and performance of your networking. Then choose the product model according to the
interfaces.
Reliability: The Eudemon 1000E hosts adopt a double power supply module that works in
1+1 redundancy backup mode.
Power supply: Choose AC or DC power supply module according to the type of power
supply.
5.1.2 Optional List for Host Purchase

The Eudemon 1000E provides AC and DC power supply. You can select either of them as
required. Table 5-1 lists the host and related accessories.
Table 5-1 Eudemon 1000E host accessories
Item
Quantity
Remarks
Host
Mandatory, provides hosts powered by AC/DC

input
Accessories
Mandatory
5.2 Interface Module Purchase

This topic describes the factors to be considered when you purchase interface modules.
The Eudemon 1000E provides multiple interface modules and the relevant cables that may be
delivered separately from the host. You can purchase the modules and host as needed.
The purchase for the interface modules involves two selections: interface module selection and
its relevant cable or optical cable selection. Generally, if the interface module matches only a
certain type of cable, you do not need to choose cable. Otherwise, you should choose and buy
cables in the cable suite based on the line features and the number of interfaces. For more
information, see Table 5-2.
5-2

Issue 01 (2009-01-20)

Product Description
5 Purchase Guide
Table 5-2 Interface module purchase of the Eudemon 1000E
Issue 01 (2009-01-20)
Interface Module
Cable
Remarks
Four-port 10/100 M Ethernet

electrical interface module
Ethernet cable
The cables are optional.
Two-port 10/100/1000 M optoelectronic mutually exclusive

interface module
Ethernet cable
The cables are optional.
Multi-mode optical transceiver
Multi-mode
optical cable
The optical cables are optional.

Choose the optical cables from the
external optical cable set.
Single-mode optical transceiver
Single-mode
optical cable
The optical cables are optional.

Choose the optical cables from the
external optical cable set.

5-3

Product Description
6 Compliant Standards and Feature List
Compliant Standards and Feature List
About This Chapter

This topic describes the compliant standards and features of theEudemon 1000E.
6.1 Compliant Standards
This topic describes the compliant standards of theEudemon 1000E.
6.2 Feature List of the Eudemon 1000E
This topic describes the features of the Eudemon 1000E.
Issue 01 (2009-01-20)

6-1

Product Description
6.1 Compliant Standards

This topic describes the compliant standards of theEudemon 1000E.
Table 6-1 Compliant standards
6-2
Standard
Content
ETS 300 386
Electromagnetic compatibility and Radio spectrum Matters (ERM);

Telecommunication network equipment;ElectroMagnetic
Compatibility (EMC) requirements
IEC 62151
Safety of equipment electrically connected to a telecommunication

network
IEEE 802.1d
MAC bridges
IEEE 802.1p
Traffic Class Expediting and Dynamic Multicast Filtering
IEEE 802.1q
Virtual Bridged Local Area Networks
IEEE 802.3u
Definition of Fast Ethernet (100BTX, 100BT4, 100BFX)
IEEE 802.3z
Definition of Gigabit Ethernet (over Fibre)
ITU-T G.652
Characteristics of a single-mode optical fibre and cable
RFC0768
User datagram protocol (UDP)
RFC0791
Internet protocol (IP)
RFC0792
Internet Control Massage Protocol (ICMP)
RFC0793
Transport Control Protocol (TCP)
RFC0854
Telnet
RFC0894
Technical specification For network access server
RFC1157
Simple Network Management Protocol (SNMP)
RFC1213
Management information base for network management of TCP/

IP-based Internets: MIB-II
RFC1229
Extensions to the generic-interface MIB
RFC1661
Point-to-point links (PPP)
RFC1757
Remote network monitoring management information base
RFC2865
Remote authentication dial in user service (RADIUS)
RFC2869
RADIUS extensions
RFC2903
Generic AAA architecture
RFC2904
AAA authorization framework

Issue 01 (2009-01-20)

Product Description
Issue 01 (2009-01-20)
Standard
Content
RFC2906
AAA authorization requirements
RFC2809
Implementation of L2TP compulsory tunneling via RADIUS
RFC1492
An access control protocol, sometimes called TACACS
RFC2401
Security architecture for the Internet protocol
RFC2402
Authentication header (AH)
RFC2403
The Use of HMAC-MD5-96 within ESP and AH
RFC2404
The Use of HMAC-SHA-1-96 within ESP and AH
RFC2405
The ESP DES-CBC cipher algorithm with explicit IV
RFC2406
IP encapsulating security payload (ESP)
RFC2407
The Internet IP security domain of interpretation for ISAKMP
RFC2408
Internet security association and key management protocol

(ISAKMP)
RFC2409
Internet key exchange (IKE)
RFC2410
The NULL encryption algorithm and its use with IPsec
RFC3715
IPSec-Network Address Translation (NAT) Compatibility

Requirements
RFC3947
Negotiation of NAT-Traversal in the IKE
RFC3948
UDP Encapsulation of IPsec ESP Packets
RFC2663
IP Network Address Translator (NAT) Terminology and

Considerations
RFC 2712
Addition of Kerberos Cipher Suites to Transport Layer Security

(TLS)
RFC 3268
Advanced Encryption Standard (AES) Ciphersuites for Transport

Layer Security (TLS)
RFC 3943
Transport Layer Security (TLS) Protocol Compression Using

Lempel-Ziv-Stac (LZS)
RFC 4132
Addition of Camellia Cipher Suites to Transport Layer Security

(TLS)
RFC 4162
Addition of SEED Cipher Suites to Transport Layer Security (TLS).
RFC 4279
Pre-Shared Key Ciphersuites for Transport Layer Security (TLS)
RFC 4346
The Transport Layer Security (TLS) Protocol Version 1.1
RFC 4366
Transport Layer Security (TLS) Extensions

6-3

Product Description
6-4
Standard
Content
RFC 4492
Elliptic Curve Cryptography (ECC) Cipher Suites for Transport

Layer Security (TLS)
RFC 4507
Transport Layer Security (TLS) Session Resumption without

Server-Side State
RFC 2578
Structure of management information version 2 (SMIv2)
RFC 2579
Textual conventions for SMIv2
RFC2580
Conformance statements for SMIv2
RFC1157
SNMP
RFC1155
Structure and identification of management information for TCP/

IP-based Internets
RFC1213
Management information base for network management of TCP/

IP-based Internets: MIB-II
RFC1212
Concise MIB definitions
RFC1901
Introduction to community-based SNMPv2
RFC1035
NTPv3 specification
RFC854
Telnet protocol specification
RFC857
Telnet echo option
RFC858
Telnet "Suppress Go Ahead" option
RFC1091
Telnet terminal type option
RFC4250
The Secure Shell (SSH) Protocol Assigned Numbers
RFC4251
The Secure Shell (SSH) Protocol Architecture
RFC4252
The Secure Shell (SSH) Authentication Protocol
RFC4253
The Secure Shell (SSH) Transport Layer Protocol
RFC4254
The Secure Shell (SSH) Connection Protocol
RFC4255
Using DNS to Securely Publish Secure Shell (SSH) Key

Fingerprints
RFC4256
Generic Message Exchange Authentication for the Secure Shell

Protocol (SSH)
RFC4335
The Secure Shell (SSH) Session Channel Break Extension
RFC4344
The Secure Shell (SSH) Transport Layer Encryption Modes
RFC4419
Diffie-Hellman Group Exchange for the Secure Shell (SSH)

Transport Layer Protocol

Issue 01 (2009-01-20)

Product Description
Standard
Content
RFC4462
Generic Security Service Application Program Interface (GSS-API)

Authentication and Key Exchange for the Secure Shell (SSH)
Protocol
RFC1350
TFTPv2
RFC959
FTP
RFC1945
Hypertext Transfer Protocol -- HTTP/1.0
RFC2145
Use and Interpretation of HTTP Version Numbers
RFC2616
Hypertext Transfer Protocol -- HTTP/1.1
RFC2617
HTTP Authentication: Basic and Digest Access Authentication
RFC2774
An HTTP Extension Framework
RFC2817
Upgrading to TLS Within HTTP/1.1
RFC2818
HTTP Over TLS
RFC2965
HTTP State Management Mechanism
RFC2787
Definitions of managed objects for the virtual router redundancy

protocol
VGMP
VRRP
HRP
Huawei redundancy protocol
6.2 Feature List of the Eudemon 1000E

This topic describes the features of the Eudemon 1000E.
Table 6-2 Feature list of theEudemon 1000E
Issue 01 (2009-01-20)
Attribute
Description
Security
defending
Packet filtering
Supports basic ACL and advanced ACL
Supports ACL based on time period
Supports ACL between zones
Supports dynamic maintenance ACL rules
Supports blacklist, MAC address and IP address

binding
Supports ASPF and state inspection
Provides port mapping mechanism

6-5

Product Description
Attribute
Description
NAT
Attack
defending
traffic
monitoring
Supports address conversion (NAT and PAT)
Provides the internal server
Port-level NAT server
Supports multiple NAT ALGs, including FTP,

PPTP, DNS, NBT, ICMP, H.323, QQ, MSN, RTSP,
SIP and conference control protocol.
Defends multiple DoS attacks such as SYN Flood,

ICMP Flood, UDP Flood, WinNuke, ICMP
redirection and unreachable packets, Land, Smurf,
Fraggle and IP Spoofing.
Defends scanning and snooping such as address

scanning, port scanning, IP source routing option,
IP routing record option, timestamp and snooping
routing.
Macrocephalic packet attacks: macrocephalic IP

multipartite packets, macrocephalic TCP packets,
extra-large ICMP packets, Tear Drop and Ping Of
Death.
Supports limit to link amount
Supports access rate promise
Supports real-time traffic measurement and

analysis
Supports the monitoring and limitation of P2P flows
Supports the networking with IDS devices

Network
interconnecting
Link layer
protocol
Supports Ethernet_II and Ethernet_SNAP
Supports VLAN
IP service
Supports address resolution
Supports static domain name resolution
Supports DHCP trunk and DHCP server
Supports static routing
Supports RIP, OSPF and BGP dynamic routing
Supports policy routing
Supports routing policy and routing iteration
Routing
protocol
6-6

Issue 01 (2009-01-20)

Product Description
Attribute
Description
VPN
Supports the authentication protocols AH and ESP,

and encapsulation in transmission or tunnel mode
Supports the key exchange protocol, IKE V1/V2
Supports L2TP VPN
Supports GRE VPN
Supports IPSec VPN
Supports RADIUS protocols and provides

verification modes of PAP and CHAP
Supports user authentication of PPP and Login
Supports local authentication
Supports multiple ISP
CAR
Sequence guarantee
Supports routing mode
Supports transparent mode
Supports composite mode
Hierarchical protection of command line against the

intrusion from unauthorized users
Supports file system and provides multiconfiguration files and multiple program files
GUI management
Telnet configuration management, which supports

Telnet Client.
Maintenance management through the SSH
Complies with multiple national and international

certification and design standards
1+1 hot backup of power
Dual-system
hot backup
Supports hot backup of part of the commands
Supports hot backup of state: firewall ACL, ASPF,

traffic monitoring and NAT.
System
management
Supports standard network management protocol

SNMPv1/v2c/v3
AAA
Service
application
QoS
Configuration
and management
Working mode
Configuration
method
Maintenance and
reliability
Issue 01 (2009-01-20)
Product design

6-7

Product Description
6-8
Attribute
Description
System logs
Measures input and output of IP packets
Provides NAT logs
Provides ASPF logs
Provides attack defending logs
Provides P2P flow detection logs
Provides traffic monitoring logs
Provides blacklist logs
Provides multiple measurement information (traffic measurement,

attack packet amount)

Issue 01 (2009-01-20)

Product Description
A Appendix
Appendix
A
AC
Alternating Current
ACL
Access Control List
AH
Authentication Header
ALG
Application Level Gateway
ASPF
Application Specific Packet Filter
C
CE
Community European
CPU
Central Processing Unit
D
DC
Direct Current
DDoS
Distributed Denial of Service
DoS
Denial of Service
DMZ
Demilitarized Zone
DNS
Domain Name Server
Issue 01 (2009-01-20)
ECC
Embedded Control Channel
EMC
Electromagnetic Compatibility
ESP
Encapsulating Security Payload

A-1

Product Description
A Appendix
F
FE
FastEthernet
FR
Frame Relay
FTP
File Transfer Protocol
G
GE
GigabitEthernet
GGSN
Gateway GPRS Support Node
GPRS
General Packet Radio Service
GRE
Generic Routing Encapsulation
GSN
Gateway Serving Node
GUI
Graphic User Interface
H
HDLC
High Data Link Control
HRP
Huawei Redundancy Protocol
HWCC
Huawei Conference Control Protocol
HWTACACS
Huawei Terminal Access Controller Access Control

System
I
ICMP
Internet Control Message Protocol
IDS
Intrusion Detective System
IKE
Internet Key Exchange
ILS
Internet Locator Service
IP
Internet Protocol
IPSec
IP Security
ISDN
Integrated Services Digital Network
L
L2TP
Layer 2 Tunneling Protocol
M
A-2

Issue 01 (2009-01-20)

Product Description
A Appendix
MAC
Medium Access Control
MD5
Message-Digest Algorithm 5
N
NAT
Network Address Translation
NBT
NetBIOS over TCP
NGN
Next Generation Network
NMS
Network Management System
NTP
Network Time Protocol
NVRAM
Non-Volatile Random Access Memory
P
P2P
Peer to Peer
PAT
Port Address Translation
PPP
Point to Point Protocol
PPTP
Point to Point Tunneling Protocol
PSTN
Public Switched Telephone Network
Q
QoS
Quality of Service
R
RADIUS
Remote Authentication Dial-In User Service
RTSP
Real-Time Streaming Protocol
Issue 01 (2009-01-20)
SFP
Small Form-Factor Pluggable
SGSN
Serving GPRS Support Node
SIP
Session Initiation Protocol
SMTP
Simple Mail Transfer Protocol
SNMP
Simple Network Management Protocol
SSH
Secure Shell

A-3

Product Description
A Appendix
T
TCP
Transport Control Protocol
TFTP
Trivial File Transfer Protocol
U
UDP
User Datagram Protocol
UL
Underwriter Laboratories Inc.
USB
Universal Serial Bus
A-4
VLAN
Virtual Local Area Network
VPN
Virtual Private Network
VRRP
Virtual Router Redundancy Protocol

Issue 01 (2009-01-20)

Huawei Product

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Huawei Product

Uploaded by

Copyright:

Available Formats

Quidway Eudemon 1000E Unified Security Gateway

Huawei Proprietary and Confidential

Huawei Technologies Co., Ltd.

Huawei Industrial Base

Copyright Huawei Technologies Co., Ltd. 2009. All rights reserved.

Trademarks and Permissions

Huawei Proprietary and Confidential

Quidway Eudemon 1000E Unified Security Gateway

Huawei Proprietary and Confidential

Quidway Eudemon 1000E Unified Security Gateway

2.16 Rich and Flexible Maintenance and Management......................................................................................2-10

6 Compliant Standards and Feature List.................................................................................. 6-1

Huawei Proprietary and Confidential

Quidway Eudemon 1000E Unified Security Gateway

Huawei Proprietary and Confidential

Quidway Eudemon 1000E Unified Security Gateway

Huawei Proprietary and Confidential

Quidway Eudemon 1000E Unified Security Gateway

About This Document

About This Document

Standard and feature list

This document provides the service functions of the Eudemon 1000E.

Quidway Eudemon 1000E

Network management personnel

Users with network basics

Huawei Proprietary and Confidential

Quidway Eudemon 1000E Unified Security Gateway

About This Document

The main performance and features of the

The powerful attack-defending capability and

The appearance and interface information of the

Some typical networking modes of the Eudemon

The factors that must be considered when

6 Compliant Standards and Feature

The compliant standards and feature list of the

The acronyms and abbreviations used in this

Indicates a hazard with a high level of risk, which if not

Indicates a tip that may help you solve a problem or save

Provides additional information to emphasize or supplement

Huawei Proprietary and Confidential

Quidway Eudemon 1000E Unified Security Gateway

About This Document

Times New Roman

Normal paragraphs are in Times New Roman.

Names of files, directories, folders, and users are in

Book titles are in italics.

Examples of information displayed on the screen are in

The keywords of a command line are in boldface.

Command arguments are in italics.

Items (keywords or arguments) in brackets [ ] are optional.

Optional items are grouped in braces and separated by

Optional items are grouped in brackets and separated by

Optional items are grouped in braces and separated by

Optional items are grouped in brackets and separated by

Buttons, menus, parameters, tabs, window, and dialog titles

Multi-level menus are in boldface and separated by the ">"

Huawei Proprietary and Confidential

Quidway Eudemon 1000E Unified Security Gateway

About This Document

Press the keys concurrently. For example, pressing Ctrl+Alt

Press the keys in turn. For example, pressing Alt, A means

Select and release the primary mouse button without moving

Press the primary mouse button twice continuously and

Updates in Issue 01 (2009-01-20)