Application of Firewalls in Solutions and Typical Projects

As a basic security protection product, the firewall is used in various solutions and service scenarios. This section provides document links to various solutions for your reference.

Application of Firewalls in Huawei Network Solutions

Solution	Document	Major Applications
CloudFabric Data Center Network Solution	Documentation	As a VAS device, the firewall provides tenants with value-added security services such as security policies, EIP, source NAT, IPSec, and content security. To isolate services of different tenants and provide on-demand services, the controller generates a security resource pool based on the virtual systems of the firewall. When a tenant applies for a VAS service, the controller allocates a virtual system (logical VAS) in the security resource pool to the tenant. The tenant does not need to perceive the underlying firewall device. In addition, when the big data security analyzer detects an advanced or potential threat on the network, the firewall acts as an enforcer to receive instructions from the upper-level controller to block traffic.
CloudCampus Solution	Documentation	Firewalls work in cloud management mode and register with the cloud management platform in a unified manner. The cloud management platform delivers services and performs routine O&M. After the firewalls are connected to the cloud management platform, most service functions cannot be manually configured on the firewalls. Only necessary functions are reserved.
HiSec Solution	Documentation	The HiSec solution is a software defined security solution proposed by Huawei. It offers an innovative intelligent three-layer security defense architecture consisting of the analyzer, controller, and enforcer. The firewall functions as an enforcer in the three-layer architecture to receive defense policies delivered by the controller and block threat traffic in a timely manner. The HiSec solution can be applied to cloud data center security, campus security, and video surveillance security. For details, see the documents of different scenarios in the documentation.

Solution

Document

Major Applications

CloudFabric Data Center Network Solution

Documentation

As a VAS device, the firewall provides tenants with value-added security services such as security policies, EIP, source NAT, IPSec, and content security.

To isolate services of different tenants and provide on-demand services, the controller generates a security resource pool based on the virtual systems of the firewall. When a tenant applies for a VAS service, the controller allocates a virtual system (logical VAS) in the security resource pool to the tenant. The tenant does not need to perceive the underlying firewall device.

In addition, when the big data security analyzer detects an advanced or potential threat on the network, the firewall acts as an enforcer to receive instructions from the upper-level controller to block traffic.

CloudCampus Solution

Documentation

Firewalls work in cloud management mode and register with the cloud management platform in a unified manner. The cloud management platform delivers services and performs routine O&M.

After the firewalls are connected to the cloud management platform, most service functions cannot be manually configured on the firewalls. Only necessary functions are reserved.

HiSec Solution

Documentation

The HiSec solution is a software defined security solution proposed by Huawei. It offers an innovative intelligent three-layer security defense architecture consisting of the analyzer, controller, and enforcer.

The firewall functions as an enforcer in the three-layer architecture to receive defense policies delivered by the controller and block threat traffic in a timely manner.

The HiSec solution can be applied to cloud data center security, campus security, and video surveillance security. For details, see the documents of different scenarios in the documentation.

Application of Firewalls in Typical Projects

The following table lists comprehensive application cases in typical projects. The firewall versions and deployment schemes used in various projects are different. For details, see the documentation.

Typical Scenario	Documentation	Major Applications
Campus network egress	Application of Firewalls in the Campus Egress Security Solution	Firewalls are deployed at campus network egresses to provide Internet access and security protection functions, including intrusion prevention, user-specific Internet access control, ISP intelligent uplink selection, and NAT.
Broadcast and television network egress	Application of Firewalls in the Egress Security Solution for Broadcast and Television Networks	Firewalls are deployed on broadcast and television networks or tier-2 carriers' egresses to provide Internet access and security protection functions, including hot standby, intrusion prevention, NAT, and ISP intelligent uplink selection.
Financial data center	Application of Firewalls in the Security Solution for Financial Data Centers	Firewalls can be deployed at the data center egress, Internet egress, or intranet access area. The functions used at various deployment locations are different. For details, see the documentation.
Enterprise campus network egress	Application of Firewalls in the Egress Security Solution for Enterprise Campus Networks	Firewalls are deployed at the egresses of large- and medium-sized enterprises to provide Internet access, VPN interconnection, and security protection functions, including hot standby, NAT, ISP intelligent uplink selection, VPN, and attack defense.
Cloud computing	Application of Firewalls in the Security Solution for Cloud Computing Networks	Firewalls are deployed on cloud computing networks to release virtual machines and portal systems that provide services for external systems for enterprise users to access. In such a scenario, firewalls mainly provide the hot standby, virtual system, and NAT Server functions. Firewalls are divided into different virtual systems to isolate access of different enterprise users.