Huawei Firewall NIP6680-AC, 16 GE (RJ45) + 8 GE (SFP) + 4 x 10 GE (SFP+), 2 AC Power Huawei Firewall NIP6680-AC Overview NIP6680, NIP6680-AC, NIP6680 AC Host (16 GE (RJ45) + 8 GE (SFP) + 4 x 10 GE (SFP+), 2 AC Power, with Knowledge base Update Subscription 12 Months) Huawei NIP6000, an advanced New Generation Intrusion Prevention System (NGIPS), provides context, application, and content awareness capabilities and defends against unknown threats to better protect network infrastructures, bandwidth performance, servers, and clients. Huawei Firewall NIP6680-AC Specification Model NIP6680 Performance Mid-range 10 Gigabit Scalability IPS Throughput 15.0 Gbit/s Fixed Ports 4 x 10 GE +1 6 GE + 8 SFP Height 3U Dimensions 442 mm x 415 mm x 130.5 mm Weight 24 kg Hard Disk Optional: Supports one 300 GB hard disk (RAID1 and hot-swappable) Redundant Power Supply Standard AC Power Supply 100V to 240V DC Power Supply -48V to -60V Power Consumption 350W Operating Environment Temperature 0C to 45C (without optional hard disk) 5C to 40C (with optional hard disk) Humidity 10% to 90% Functions Intelligent Management Detects the types, operating systems, and enabled services of protected IT assets and dynamically generates suitable intrusion prevention policies for the IT environment Evaluates the risk level of attack events based on the IT environment so that administrators can process critical attack events and ignore false positive attacks Identifies application types of live network traffic and determines whether to implement intrusion detection based on the risk levels of the identified application types Provides multiple types of logs, such as threat logs, operation logs, system logs, and policy matching logs, for the administrator to learn about network events Provides multiple types of reports, such as traffic reports, threat reports, and policy matching reports, for the administrator to view network traffic and threat status. The NIP can also interwork with an eSight to provide more comprehensive and diversified reports Provides a web UI, CLI (console, Telnet, and sTelnet), and network management system (SNMP) for device management Intrusion Prevention Defends against common attacks, such as Worms, Trojan horses, botnets, cross-site scripting, and SQL injection, based on the signature database, and provides user-defined signatures to defend against new attacks APT Detection Detects APT attacks based on reputation systems and the sandbox. The NIP6300/NIP6600 sends suspect files to the sandbox for detection and then displays attack events based on the sandbox detection result Supports IP and CC reputation to detect and prevent malicious IP addresses and domain names Application Security Automatically learns traffic patterns and defends against multiple types of DDoS attacks at the application layer, including HTTP, HTTPS, DNS, and SIP flood attacks Scans for viruses in files transmitted through HTTP, FTP, SMTP, POP3, IMAP, NFS, and SMB and prevents virus-infected files from being transmitted Identifies more than 6,000 applications, including P2P, IM, online gaming, social networking, video, and audio applications, and takes actions (block, traffic limiting, application usage display) for the identified applications Web Security Decrypts HTTPS traffic and detects threats Provides a URL blacklist to control online behavior Network Security Detects threats in IPv6 traffic Detects threats in VLAN, QinQ, MPLS, GRE, IPv4 over IPv6, and IPv6 over IPv4 tunnel traffic Automatically learns traffic patterns and defends against multiple types of DDoS attacks at the network layer, including SYN, UDP, ICMP, and ARP flood attacks Defends against multiple types of single-packet attacks, including: Scanning attacks, such as IP sweep and port scanning Malformed packet attacks, such as IP spoofing, LAND, Smurf, Fraggle, WinNuke, Ping of Death, TearDrop, IP fragment, ARP spoofing, and attacks using invalid TCP flags Control message attacks, such as oversized ICMP packets, ICMP unreachable packets, ICMP redirect packets, Tracert, packets with options such as IP source routing, IP record route, and IP timestamp Blacklists the source or destination IP addresses of attacks to block the follow-up packets from or to the blacklisted IP addresses High Availability Supports hot backup protocols, such as VRRP, VGMP, and HRP, and provides a hot standby mechanism to ensure that services can automatically and smoothly switch to the standby device if the active device fails Provides a bypass card to ensure service continuity if the system encounters faults (such as hardware failures, and devices being powered off) Provides visualized fault diagnosis for the administrator to diagnose all possible fault causes and automatically displays the diagnosis results and troubleshooting suggestions Signature Database Update Supports online and offline updates of the IPS-SDB, SA_SDB, and antivirus SDB for the device to have the latest defense capabilities Related products S5700-28P-LI-AC NIP6330-AC S5700-10P-PWR-LI-AC NIP6650-DC S5700-28C-EI-AC LIC-AV12-NIP63-HM NIP6610-AC S6700-48-EI S6720-32C-SI-AC S6720-16X-LI-16S-AC S6720-26Q-SI-24S-AC LIC-IPS24-NIP63-HM Stock