HUAWEI NIP2000/5000

NIP2100/2200/5100

Advantages
Huawei Network Intelligent Protection (NIP) systems prevent large
and medium-sized enterprises, industrial users, and operators from

Comprehensive defense against new threats

network threats and help them maintain uninterrupted services.

Using a modular engine design and multiple advanced detection
technologies, the NIP provides virtual patching, web application
protection, client application protection, malicious software control,

and Botnet

Defense against application-layer DoS attacks: DNS, HTTP, SIP

More than 200 security researchers for collecting global

threats and upgrading signature in real time

anti-DoS, and application awareness and control functions.

Therefore, the NIP guarantees business continuity, data security,
and regulatory compliance for these organizations.

Accurate detection and intelligent interception

Accurate detection with the vulnerability detection technology

Traffic baseline self-learning without threshold configuration

errors

Designed with carrier-class reliability and supporting multiple

special protocols such as MPLS and VLAN, the Huawei NIP can

be flexibly deployed in various scenarios. The NIP supports zero

configuration network access mode and automatically intercepts

Defense against the latest malicious software, zero-day attack,

Automatic interception of attacks on key services without

manual intervention

Easy to use and low TCO

Product Overview

Proactive and Comprehensive Protection

The NIP effectively prevents potential or unknown threats with multiple

Zero configuration network access without parameter

modification
Centralized security management and real-time security
monitoring

advanced detection technologies:

With the intelligent protocol identification technology, the NIP

automatically distinguishes applications from protocols without
manual setting of protocol ports.

With the multiple reassembly technology on layers 2 to 7 and the

Visual application traffic

High availability
Carrier-class hardware design, support for temperature
monitoring and hot-swap fans and power supplies

Support for HA deployment in active-active and active-standby

modes

Support for hardware bypass

protocol restoration technology, the NIP can present payload at the

application layer and the file layer clearly and detect attacks,
avoiding the interference of evasive technologies.

With the detection technologies based on vulnerability and attack

features, the NIP detects and defenses known threats, such as
vulnerabilities exploitation, worms, and Trojans in real time.

With protocol anomaly detection, traffic anomaly detection, and

heuristic detection technologies, the NIP detects attacks caused by
unknown vulnerabilities and malicious software.

Virtual patching: Among all intrusion detection technologies used by

the NIP, the most important one is the vulnerability-based detection
technology. This technology can effectively prevent threats caused by
vulnerabilities, such as overflow attack and worm infection. Compared
with traditional attack feature-based detection technologies, the
vulnerability-based detection technology does not generate false
positives and can better tackle attacks using evasion technologies.
Relying on more than 200 senior researchers and global data
acquisition and attack discovery capabilities, Huawei security research
team provides customers with the latest security reports, and release
patches

1/5

Function Overview

periodically (weekly) or immediately (when a major vulnerability is

Easy Deployment

identified). These patches are distributed to customers' IPS devices

through the cloud security center so that the IPS devices can defense

The NIP, pre-configured with default mature security policies, supports

against attacks immediately after the release of the patch.

zero configuration network access. Based on advanced engine

technologies and high-quality vulnerability-based signature of the

Client protection: With the emergence of Web2.0 applications,

policies, the NIP provides high-precision detection capability and

more and more attacks target browsers and the popular PDF, SWF,

automatically intercepts major and severe threats of services without

JPEC, and Office files. Due to the vulnerabilities of clients, a large

manual intervention.

number of personal computers become zombies caused by hackers,

The NIP supports in-line deployment in transparent mode and off-line

and important information such as bank account and network

deployment. The network and security administrator can select the

password is stolen.

working mode for a device because the interfaces of the device can

The NIP can deeply parse and detect the coded or compressed

work in in-line or off-line mode without network readjustment.

content based on protocols and file format (for example, in GZIP or

The NIP detects special network encapsulation data such as MPLS,

UTF format). It automatically skips the part irrelevant to threats in the

VLAN trunk, and GRE data, and facilitates flexible deployment.

parsing process. The NIP provides complete protection for browsers

and files and high online performance.

Malicious software control: The NIP can defense Trojans,

adware, and malicious software, and intercepts them based on the
communication and broadcasting traffic characteristics. This reduces
IT cost and prevents intrusion or disclosure of private and proprietary
information.

Web application protection: Many enterprises and institutions

High Availability
The NIP provides reliability and availability at the highest level when
the IPS is deployed in in-line mode. NIP supports high reliability
configuration (active-standby mode and active-active mode), hot-swap
redundant power supply, hot-swap fan, and the electronic hard disk
solution. The NIP provides software bypass and hardware bypass

have migrated applications to the Web service platform. Intrusion into

function (fail-open). A module or even the entire IPS can be bypassed

and attacks on the Web server may have disastrous effect on these

when it works abnormally.

organizations. For example, through an SQL injection attack, a hacker

may change web pages, obtain the administrator password, and clear
the data of the entire website.
The NIP uses an active security mode independent of attack features
or mode matching technologies to guarantee implementation of proper
application behaviors. With this mode, the NIP can identify good
application behaviors and prevent malicious behaviors.

Application awareness and control: The NIP can identify

more than 1000 network applications and fully monitor and manage
various network behaviors, such as instant messaging (IM), online
games, online video, and online stock trading. This enables
enterprises to identify and prevent unauthorized network behaviors,
better implement security policies, and improve the working efficiency
of employees.

Centralized Management and Reports

The NIP can monitor, upgrade, and deliver policies at multiple devices
in a centralized manner based on the Web-based management mode
or through NIP Manager, the centralized management software.
The NIP provides multiple pre-defined policies to satisfy customers'
needs of customized policies.
With rich log statistics and reporting functions, the NIP Manager
presents the real-time network status, historical information, attack
ranking, and traffic trend in different granularities and dimensions. This
keeps users informed of network health status and provides guidance
for network hardening and IT activity implementation.

With precise bandwidth allocation strategies, the NIP restricts the

bandwidth used by unauthorized applications such as P2P, online
video, and large file downloading. The NIP reserves sufficient
bandwidth for office applications such as OA and ERP, improving the
network access speed.

Infrastructure protection
With the powerful DDoS attack prevention and the traffic model selflearning capability, the NIP can automatically detect and intercept DoS
attacks or traffic surge caused by viruses. As a result, the NIP protects
network infrastructure such as routers, switches, VoIP systems, DNS,
and Web servers from attacks and ensures continuous availability of
key services.

2/5

Typical Application

WAN edge
Internet access
point
Firewall

Internet

Firewall

Firewall

Firewall

Firewall

Front end of the

server
Network bypass
monitoring IDS

IDC cluster

Internet access point

Restricts the traffic of P2P and network video applications to

Front end of the server

caused by malicious software.

Restricts the use of IM, game, and stock software to

guarantee the working efficiency of employees.

Prevents the servers from DoS/DDoS attacks.

Restricts the use of online storage, Web mail, and IM to

Defenses against new attacks on Web applications, such as

SQL injection, cross-site scripting, scanning, guessing, and

prevent internal information of enterprises from being

snooping attacks.

disclosed.

Intercepts worms and vulnerabilities that target services and

platforms; prevents data damage, tampering, leak, or zombie

guarantee the bandwidth of normal service.

Prevents data loss, damage, or zombie caused by network

Provides IDC value-added service.

threats to clients on an intranet and the browser.

Network bypass monitoring - IDS

WAN edge

Detects violations of IT policies on the network.

Isolates networks logically.

Complies with government's compulsory standards for

Prevents the intrusion of worms or Trojans from extranets.

confidential networks or confidential-associated networks.

Monitors disclosures of intranet information to extranets.

Assists the network management system in network

Detects and prevents malicious behaviors such as attack

maintenance and provides key troubleshooting information.

probes from extranets.

Helps the organization to obtain certification of standards

necessary for company listing and investment invitation.

3/5

Specifications
Model

NIP2100

Product
performance

NIP2200

NIP5100

NIP5200

High-end megabit

Low-end gigabit

Mid-range gigabit

High-end gigabit

1GE(RJ45)

1GE(RJ45)

1GE(RJ45)

4GE(RJ45)

4GE(RJ45)

4GE(RJ45)

4GE(RJ45)

4GE(combo)

4GE(combo)

4GE(combo)

4GE(combo)

2FIC

3FIC

3FIC

3FIC

4GE(RJ45) BYPASS

4GE(RJ45) BYPASS

2Line(LC/UPC)

2Line(LC/UPC) BYPASS

BYPASS

8GE(RJ45), 8GE(SFP)

8GE(RJ45),

2XE, 2XE+8GE

Extension and I/O

Dedicated

1GE(RJ45)

management
port
Fixed interface
Extension slot

4GE(RJ45) BYPASS
Extension
network port

2Line(LC/UPC)

4GE(RJ45) BYPASS

BYPASS

2Line(LC/UPC) BYPASS

8GE(RJ45),

8GE(RJ45), 8GE(SFP)

8GE(SFP)

8GE(SFP)
2XE, 2XE+8GE

Functions and Features

Server

All-round server protection, addressing problems including system and service vulnerability exploits, brute force,

protection

SQL injection, and cross site scripting

Security protection for web browsers and plug-ins (Java and ActiveX)
Protection for files with common formats: PDF, Word, Flash, and AVI

Client protection

Defense against operating system vulnerabilities, detection of infected systems, and detection of spyware and
adware
Malformed packet attack prevention, special packet control, scanning attack prevention, TCP/UDP flooding attack
prevention

Infrastructure
protection

Application-layer DDoS attack prevention: HTTP, HTTPs, DNS, SIP, and so on

Traffic model self-learning: setting the threshold of traffic attacks based on normal traffic statistics

Network

Identification and management of more than 1000 application protocols, covering mainstream application

application

protocols including P2P, IM, online games, stock software, voice application, online video, streaming media, Web

management

mail, mobile terminals, and remote login

Real-time alarm, audible alarm, Syslop, SNMP Trap, E-mail, sending short messages, third-party device linkage,

Alarm response

Device
management

IP address isolation, attack packet capturing, and real-time session interception

GUI-based configuration, hierarchical management, permission-based access control, and centralized device
management
Periodic upgrade of engine repository, rollback of engine repository, and Intranet upgrade

Log and report

Device status monitoring, event information record backup, log querying and filtering, real-time monitoring of

monitoring

network status, and specialized reports

Deployment and Specialized management port: In-line IPS deployment, off-line IDS deployment, and hybrid deployment
availability

Hardware bypass and HA

Integrated System
Dimensions
(HWD) (mm)
Power supply

44256043.6

442415130.5

442415130.5

442415130.5

AC: 100 V to 240 V

AC: 100 V to 240 V 50/60

AC: 100 V to 240 V

AC: 100 V to 240 V 50/60 Hz

50/60 Hz, supporting

Hz, supporting

50/60 Hz, supporting

DC: -48 V to -60 V

redundancy

redundancy

redundancy

4/5

supporting redundancy
Maximum power

150 W
Temperature: 0C to

Operating

40C

environment

humidity: 5% to 95%,
non-condensing

MTBF

12.67 years

300 W
Temperature: 0C to 40C
humidity: 5% to 95%, noncondensing
12.67 years

300 W
Temperature: 0C to
40C
humidity: 5% to 95%,
non-condensing
12.67 years

300 W
Temperature: 0C to 40C
humidity: 5% to 95%, noncondensing
12.67 years

5/5