Presentation is loading. Please wait.

Presentation is loading. Please wait.

HUAWEI eSight Secure Center Feature Introduction

Published byClara Lewis Modified over 6 years ago

Similar presentations

Presentation on theme: "HUAWEI eSight Secure Center Feature Introduction"— Presentation transcript:

1 HUAWEI eSight Secure Center Feature Introduction

2 Contents 1 2 3 4 Typical Scenario and Management Challenges
Secure Center Solution 3 Competitive Analysis 4 Ordering Guidance

3 Application Scenario for Firewall Policies
1. Headquarters, branch, and data center border protection 2. Internal security protection for an enterprise network and data center network 3. User access control for an enterprise network and data center network In these scenarios, a large number of policies (such as security policies and NAT policies) and objects (such as address sets and services) need to be planned. Branch Enterprise Network Office Network Data Center FW IPS Terminal security FW Terminal security FW IPS DMZ WAF SSL VPN SOC eSight Cloud Data Center SSL VPN IPSecVPN FW Anti-DDoS IPS FW Terminal security

4 Policy Management Challenges
Unfamiliarity with new devices Fault recovery Rapid deployment Centralized planning Secure Center Complex traffic in an enterprise Establishment of new branches Lack of security knowledge Migration of office areas Employee admission and resignation Employee transfer to another department Changes in service traffic Rapid fault recovery Lack of optimization skills Migration of policies to new devices Provides centralized policy planning, adjustment and deployment as well as rapid fault recovery capabilities. Smart Policy是华为NGFW独有的智能策略管理技术,在安全管理的整个生命周期为企业提供帮助。

5 Contents 1 2 3 4 Typical Scenarios and Management Challenges
Secure Center Solution 3 Competitive Analysis 4 Ordering Guidance

6 eSight Secure Center O&M Solution
Centralized planning and management of polices/objects Centrally plans and manages security policies and NAT policies of firewalls. Centrally manages public objects such as security zones, address sets, time segments, and services. Planning and Management Configuration Synchronization Policy Deployment Backup and Restoration Backup and restoration of policies and objects Supports periodical and manual backup of firewall policies and objects. Supports restoration of firewall policies and objects. Synchronization of firewall policies and objects Supports synchronization of firewall policies and objects to eSight. Supports comparison between policies and objects on firewalls and those in eSight. Supports synchronization of device configurations using NETCONF. Completion of policy deployment in four steps Supports verification of the deployment environment, improving the deployment success rate. Allows incremental deployment, minimizing the effect of the deployment on network service operating. Supports service data deployment using NETCONF.

7 Planning and Management
Configuration Synchronization Policy Deployment Backup and Restoration Planning and Management

8 Centralized Planning and Management of Policies/Objects
NGFW Object Management NMS area eSight Headquarters Firewall Switch Branch A Branch B Branch C DMZ Data Center App Location Time Attack Content User IP address pool NGFW Security Policies Quintuple App Content Time User Threat Location Action NGFW NAT Policies Quintuple IP address pool Action Object management: centrally plans and manages objects on the entire network. Policy management: plans and manages security policies and NAT policies on the entire network. Policy planning in multiple modes: supports the following operations in policy planning: copy, cut, paste, drag, and import. Multi-user operation support: provides the lock function, to prevent multiple users from modifying a policy or object at the same time. Note: eSight V3R7C00 does not support planning and configuration of the following objects: applications, contents, users, and threats. 6个维度起来进行策略控制,控制粒度更细,管理更方便。各个功能可以相互叠加,例如识别具体应用后再进行防病毒,文件解压后在进行防病毒。

9 Planning Objects and Policies
1. Create an object. 2. Create a policy, and reference the object in the policy. After planning policies and objects, the administrator creates and adjusts objects on the object management page, and references objects on the page for creating or modifying a policy. The system allows the administrator to drag the objects to be referenced to desired areas on the page for creating or modifying a policy. If an object that the administrator wants to reference does not exist, the administrator can create one on the page for creating or modifying a policy. 3. Bind the policy to devices on which the policy needs to be deployed.

10 Centralized Policy Management
Secure Center provides centralized and policy-based management of security policies and NAT policies on the entire network. The administrator can bind a policy to multiple devices to implement centralized planning and management of policies.

11 Planning and Management of Policy Groups
Support centralized planning and management of policy groups. Allows the administrator to create, delete, and modify policy groups.

12 Support for Multi-user Operations
Provides the lock function to prevent multiple administrators from modifying an object or policy at the same time, ensuring data consistency and accuracy. When an administrator is modifying an object or policy, the system automatically locks this object or policy, so other administrators cannot modify or delete it. The admin user can unlock objects or policies locked up by other users. A button is provided on the GUI to allow an administrator to manually lock an object or policy.

13 Domain-based Management
Domain Enable The administrator can enable, disable, and manage administrative domains. The administrator can create administrative domains, and plan devices and virtual systems in the administrative domains. eSight provides the domain-based management function to manage security policies for services in different domains. Each domain runs independently, and the administrator can switch between administrative domains.

14 Configuration Synchronization
Planning and Management Configuration Synchronization Policy Deployment Backup and Restoration Configuration Synchronization

15 Configuration Synchronization Management
Supports synchronization of policies and objects configured on devices to eSight. Supports immediate synchronization and periodical synchronization. The former synchronization mode is manual, while the latter one is automatic but an interval needs to be set. Device configuration status: The system checks device configurations between two synchronizations. If they are inconsistent, the device configuration status will be Changed. Configuration status: The system checks the configuration data on eSight and that on a device in the last synchronization. If they are inconsistent, the configuration status will be Out of Syn.

16 Comparison of Configuration Between eSight and Devices
The system provides detailed differences between configuration data in eSight and that on a device. An administrator analyzes the differences and determines which data is correct. If the configuration data on a device is correct, the administrator performs the accept operation to write the device configuration to the eSight database. If the data in eSight is correct, the administrator simply needs to retain the data in eSight. The preceding operations ensure consistency between configuration data in eSight and that on the devices.

17 Policy Deployment Planning and Management
Configuration Synchronization Policy Deployment Backup and Restoration Policy Deployment

18 Policy Deployment After planning objects and policies, an administrator deploys them on devices by clicking Instant execution or Schedule deployment. Currently, an object or policy can be deployed on a maximum of 10 devices at a time.

19 Policy Deployment (Continued)
Specify devices Verify deployment environment Display deployment results After an administrator specifies devices, the system verifies the deployment environment and provides the data to deploy for the administrator. This is to ensure deployment success.

20 Backup and Restoration
Planning and Management Configuration Synchronization Policy Deployment Backup and Restoration Backup and Restoration

21 Backing Up Configuration Data
Manually back up policies and objects. Configure parameters for automatic backup. The customer can regularly back up policies and objects supported in eSight. If faults occur on the network, the customer can restore the network service using backup data, improving network restoration efficiency.

22 Checking Differences Between Backup Data
An administrator can compare data that is backed up in different backup tasks and determine which backup data can be used to restore network configuration.

23 Restoring Configuration Data
Select the backup data and restore network configuration. The administrator checks differences between backup data and selects the desired backup data to restore network configuration, ensuring rapid restoration of network services. To restore network configuration, the administrator first needs to replace configuration data in the eSight database with the backup data, and then deploy the new configuration data on specified devices.

24

Download ppt "HUAWEI eSight Secure Center Feature Introduction"

Similar presentations

Presented by Nikita Shah 5th IT ( )

Presented by Nikita Shah 5th IT ( )
Configuring Windows Vista Security Chapter 3. IE7 Pop-up Blocker Pop-up Blocker prevents annoying and sometimes unsafe pop-ups from web sites Can block.

Configuring Windows Vista Security Chapter 3. IE7 Pop-up Blocker Pop-up Blocker prevents annoying and sometimes unsafe pop-ups from web sites Can block.
Evidor: The Evidence Collector Software using for: Software for lawyers, law firms, corporate law and IT security departments, licensed investigators,

Evidor: The Evidence Collector Software using for: Software for lawyers, law firms, corporate law and IT security departments, licensed investigators,
Implementing ISA Server Caching. Caching Overview ISA Server supports caching as a way to improve the speed of retrieving information from the Internet.

Implementing ISA Server Caching. Caching Overview ISA Server supports caching as a way to improve the speed of retrieving information from the Internet.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.
Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.

Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.
1 © 2001, Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Cisco Easy VPN Solutions Applications and Implementation with Cisco IOS.

1 © 2001, Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Cisco Easy VPN Solutions Applications and Implementation with Cisco IOS.
Maintaining Windows Server 2008 File Services

Maintaining Windows Server 2008 File Services
A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.

A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.
Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?

Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?
Module 16: Software Maintenance Using Windows Server Update Services.

Module 16: Software Maintenance Using Windows Server Update Services.
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.
Purpose Intended Audience and Presenter Contents Proposed Presentation Length Intended audience is all distributor partners and VARs Content may be customized.

Purpose Intended Audience and Presenter Contents Proposed Presentation Length Intended audience is all distributor partners and VARs Content may be customized.
Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.

Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.
Data Center Network Redesign using SDN

Data Center Network Redesign using SDN
Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.

Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.
Hands-On Microsoft Windows Server 2008

Hands-On Microsoft Windows Server 2008
PART 2: Product Line. Tenor Switches & Gateways Tenor AX Series Solution For Medium to Large Enterprises  Available in 8, 16, 24 and 48 port Available.

PART 2: Product Line. Tenor Switches & Gateways Tenor AX Series Solution For Medium to Large Enterprises  Available in 8, 16, 24 and 48 port Available.
Implementing File and Print Services

Implementing File and Print Services
ShareTech 2015 Next-Gen UTM.

ShareTech 2015 Next-Gen UTM.

Similar presentations

Ads by Google