Huawei is one of the world’s top networking telecommunications equipment and services companies that deliver high-performance IT networking and security products, especially in Asia and EMEA regions. The company has a huge customer base that appreciates its networking products, for offering exceptional quality and support. Besides, Huawei products are also made by the compliance requirements of EMEA regions. In other words, the company has demonstrated its expertise and proficiency at many levels.
Huawei has been one of the mega market players in the industry for over a decade in providing world-class firewalls and has diversified its offerings to include various network security appliances such as anti-DDoS and intrusion prevention systems.
Types of Firewalls Offered by Huawei
Huawei has been seen as a Challenger in Gartner’s Magic Quadrant report. With a wide range of high-performance firewall appliances, Huawei caters to both enterprise and service provider markets.
In terms of target audience, Huawei offers two types of firewalls, namely:
- Unified Security Gateway (USG) Huawei firewalls
- Eudemon Huawei firewalls
The Unified Security Gateway (USG) line is aimed at the enterprise segment while the Eudemon line caters to carriers and service providers. The USG6000V virtual gateway allows users to use firewalls and related security services to implement virtual multi-tenant separation.
Huawei has also incorporated Cloud Application Security Awareness (CASA) and TLS/SSL decryption, with its USG6000 series featuring fine-grained application access control, policy automation, and various threat prevention technologies, including cloud, sandbox, and defense against unknown threats.
The Key Features of Huawei Firewalls
Based on the NSS Labs, here are the key features of the next-generation of USG Huawei Firewalls along with their ratings. Let’s check out how Huawei firewalls fare in the market.
- Security and performance: No rating; NSS Labs recommends a thorough evaluation before purchasing.
- Value: Good; perceived value and high-performance features have led to above-average sales growth.
- Implementation: Very good; users report relatively easy implementation, and the ability to integrate with Huawei firewalls receives high marks.
- Management: Good; users are generally satisfied, but some have suggested improvements to reporting and a more customizable GUI. One customer called the firewall “very good” with excellent functionality and ease of management.
- Support: Very good; users are generally content, but it’s advised that Huawei customers purchase a support plan that meets their specific needs.
- Cloud features: Good; the USG6000V supports multiple virtual environments, including AWS and Azure.
Huawei firewalls are available in both forms – physical appliances and virtual firewalls.
The USG firewalls offered by Huawei have received certifications from ICSA and NSS Labs. Specifically, they have been certified at the Evaluation Assurance Level (EAL) 4+ under Common Criteria.
The USG6000 series can analyze traffic in complex network environments and provide administrative visibility into traffic statistics by application, content, time, user, attack, and location. This feature assists administrators in configuring security policies.
What are the best practices to follow when implementing Huawei firewalls?
The management of security policies is an important part of the information security policy for your business. Creating firewall security policies helps you ensure that firewalls and other devices are capable of proper security services.
Initially, the security policy for each firewall is simple. However, as new services and devices are deployed into your business network and IT infrastructure, an increasing number of security policies are required, making configuration changes and management more complex.
To address this issue, organizations need to establish and strictly implement a policy management process that is used for reviewing all security policy applications. This process can be dynamically adjusted based on service requirements.
To ensure reasonable and traceable security policy addition and modification, you should consider following the best practices when implementing the firewall policies:
- To add a security policy, the service team member responsible for the application specifies the policy and submits it to the business director for evaluation. The business director reviews the policy’s necessity and forwards it to the security team. The service team must provide the following details:
- The access destination (service, port, or application)
- The access source, usually a subnet. If the access originates from a server, its IP address is required.
- The function and purpose of the policy
- The validity period of the policy. If not specified, the policy is considered long-term. This process ensures that all security policy applications are reviewed and can be dynamically adjusted based on service requirements. It also enables traceable policy addition and modification.
- Communication with the business director or applicant about the new security policy application may be necessary to ensure that the new security policy can meet service requirements and to inform them of the security policy’s complexity and risks.
- The security team deploys and verifies the security policy, with key roles including the service team and data owner participating in the verification.
- All security policies must be recorded to comply with industry specifications such as PCI DSS and for auditing purposes.
- The following information should be recorded for each security policy: the content of the security policy application provided by the service team, the applicant and approver in the service team, the application date and time, and the handler of the security team.
- Recording each security policy may make the process difficult, but it is reasonable and efficient in the long run.
- Anyone in the security team can view the records to understand the intent of each security policy and establish the association between the security policy and the application process.
- Recording and auditing security policies can help locate problems promptly.
The above policies are a great way to ensure that you are securing your business network properly against potential cyber threats and attacks.