HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 2

Contents

Click to add Title 2 Competition Analysis

Click to add Title 1 Typical Application Scenarios

Click to add Title 3 Ordering Guide

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 3

UTM Switch

Trojan horse

Virus

UTM

UTM

NMS

eSight

Headquarters

Branch

DMZ

Security Policy Analysis and Streamlining

Application scenario Streamlines firewall policies to improve firewall utility

and reduce maintenance costs.

Solution deployment Deploy a set of Secure Center.

Pain points › Redundant and invalid firewall policies compromise

firewall work efficiency.

› Unspecific firewall policies fail to prevent security

risks.

› Multiple policies cannot be traced or do not comply

with the standards.

Benefits Improves firewall utility and enhances information

security for enterprises.

Advantages Provides diversified policy analysis reports and is

capable of streamlining policies.

The increasing

numbers of security

policies on intranet

security devices have

become a burden of

network security.

Policy streamlining

Displays redundant and ineffective

policies to remove and to improve

device utility as well as displays

network security status.

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 4

Policy Analysis Report Policy Redundancy Analysis Policy Risk Analysis

Policy Hit Analysis Policy Comprehensive Analysis

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 5

Unified Security Policy Management

Application scenario

Centralized access control and management in the

data center

Solution deployment

Deploy a set of Secure Center.

Pain points

No NMS is available for managing multiple firewalls

in the data center, and the customer needs to log in

to each firewall for manual configuration, which may

cause configuration errors and is inefficient.

Benefits

Improves the configuration efficiency and accuracy.

Advantages

Centrally delivers policy configurations.

Branch office

Mobile

working

Headquarters

Guest

Centralized policy management

of all security devices

NMS

eSight

Headquarter

Firewall

Firewall Switch

Firewall

Branch A

Firewall

Branch B

Firewall

Branch C

DMZ

Data Center

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 6

Policy Configuration

Unified Security Policy Management Service Group Configuration

Configuration of Source and

Destination Address Groups

Configuration of NE Groups

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 7

Centralized AR Security Policy Management

Application scenario

A large enterprise requires centralized management of

AR security policies.

Solution deployment

•Deploy the Secure Center management component at

the headquarters.

Pain points

•The enterprise has many branches, for each of which

an AR is deployed. Security policies on the ARs cannot

be managed in a centralized manner, reducing O&M

efficiency.

Benefits

•Centralized AR security policy management simplifies

configuration and improves O&M efficiency.

Advantages

•Supports centralized security policy configuration and

batch policy delivery for ARs.

Secure Center

Headquarters

Branch

Branch

Branch

Branch

AR AR

AR AR

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 8

•Supports centralized configuration and batch deployment of security policies on Huawei ARs.

Centralized AR Security Policy Management

Creating an ACL

Creating a Security Policy

Security Policy Batch Deployment

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 9

Centralized Switch Access Authentication

Policy Management Application scenario

A campus network requires centralized management of 802.1x

access authentication policies.

Solution deployment

•Deploy the Secure Center management component at the

headquarters.

Pain points

•Access authentication policies configured on the switches

deployed on the campus network cannot be managed in a

centralized manner, causing high O&M costs.

Benefits

•Device group-based centralized 802.1x policy management

simplifies configuration and reduces O&M costs.

•Batch delivery of 802.1x policies greatly improves new

deployment efficiency.

Advantages

•Supports device group-based centralized 802.1 policy

configuration and batch delivery.

•Supports template- and common object-based policy

configuration.

•Supports access authentication policy consistency audit.

Core layer

Aggregation layer

Access layer

R&D area

Campus network

RADIUS authentication

and authoritative servers

Administrative area

Secure Center

Device group 1 Device group 2

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 10

•Policy configuration: The Secure

Center supports centralized

configuration and batch deployment

of access authentication policies on

switches and supports deployment

result query.

Centralized Switch Access Authentication Policy Management

Policy Configuration

•Policy audit: The Secure Center

supports manual and periodic

consistency audit on switch access

authentication policies. The audit result

can be exported as a report for you to

query the consistency comparison

result.

Policy Consistency Audit

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 11

Contents

Click to add Title 1 Typical Application Scenarios

Click to add Title 2 Competition Analysis

Click to add Title 3 Ordering Guide

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 12

Competition Analysis: Huawei vs HP Function Huawei HP Beating Policies Avoiding

Points

Dominant Bidding

Items

Policy configuration

Packet-filtering

policies, IPS policies,

and AV policies

Firewall policies, IPS

policies, and AV

policies

Emphasize user- and

user group-specific policy

configuration, address

group/service group

nesting, and fine-grained

AV policy configuration

based on HTTP, FTP,

SMTP, and POP3.

Policy grouping

and

authorization

User- and user group-

specific security policy

configuration

Object configuration

Supports objects,

including schedule,

address group, service,

and Internet access

users.

Supports objects,

including schedule,

address group, and

service.

Policy

deployment/discovery

Supports policy and

object synchronization

from devices and

batch policy

deployment and

removal.

Supports interzone

policy deployment and

removal.

Emphasize policy and

object synchronization

from devices for rapid

service recovery.

Device group-

based policy

deployment

Security policy and object

synchronization from devices

Policy analysis

Supports policy

redundancy, risk, and

comprehensive

analysis.

Not supported

Provide policy redundancy

analysis, policy

simplification and

optimization suggestions,

and policy health

evaluation.

Policy redundancy analysis

and risk analysis

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 13

Competition Analysis: Huawei vs Cisco

Function Huawei Cisco Beating Policies Avoiding Points Dominant

Bidding Items

Policy configuration Supports packet-filtering

policies, IPS policies,

and AV policies

Supports ACL, NAT, AAA,

WebFilter, Botnet Traffic Filter,

Inspection and VPN policies.

Emphasize the B/S architecture to

beat the CSM which employs the C/S

architecture. The remote

management is easier than Cisco.

Guide the centralized

configuration of general policies

and avoid mentioning multiple

types of specific policies and IPv6.

Object configuration

Supports objects,

including schedule,

address group, service,

and Internet access

users.

Supports objects, including

schedule, service, user group, and

AAA server.

Policy

deployment/discovery

Supports policy and

object synchronization

from devices and batch

policy deployment and

removal.

Supports single and batch policy

deployment, scheduled policy

deployment, policy deployment on

devices or intermediate servers,

and inter-device policy clone and

sharing.

Emphasize policy and object

synchronization from devices for rapid

service recovery.

Avoid mentioning automatic

policy deployment.

Inter-device policy clone can be

implemented by discovering

policies on one device, modifying

the policies, and then deploying

the policies on the other device.

Policy version

management Supported

Supports version management and

comparison. Policy version management

Streamlined policy

management Supported Supported

Provide policy redundancy analysis,

policy simplification and optimization

suggestions, and policy health

evaluation.

Streamlined policy management

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 14

Contents

Click to add Title 1 Typical Application Scenarios

Click to add Title 2 Competition Analysis

Click to add Title 3 Ordering Guide

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 15

Ordering Guide

Product Model Description Remarks

NSHSSECPLY01 eSight Secure Center (include 5 Devices License) A basic function, mandatory

NSHSSECPLY02 eSight Secure Center Security Policy Analyzer An advanced function, optional

NSHSSECPLY03 eSight Secure Center License-Incremental 5 Devices License for increasing devices

NSHSSECPLY04 eSight Secure Center License-Incremental 25 Devices

HUAWEI ENTERPRISE ICT SOLUTIONS A BETTER WAY