NIP2000D/5000D Intrusion Detection Systems

Huawei NIP2000D/5000D Series integrated defense detection and response systems dynamically detect threats to traffic and applications in enterprise, IDC, and campus networks.

Detects thousands of intrusions across 30 categories, including network scanning, Trojan horse, worm virus, DoS or DDoS attack, and malicious code attacks. Delivers instant alarm and response mechanisms to intrusions or suspicious behaviors. Especially suited to organizations with highly sensitive communications and data.

Face network threats head-on with NIP2000D/5000D Series dynamic intrusion detection systems from Huawei.

Huawei NIP2000D NIP5000D IDS

Product Highlights

Detection of emerging threats
Detection of latest malware, zero-day attacks, and botnets;
300+ security researchers for global threat collection and real-time signature update;
Detection of application-layer DDoS attacks, such as DNS, HTTP, and SIP attacks;
Accurate detection
Accurate vulnerability-based detection;
Automatic learning of service traffic baselines to avoid improper threshold settings;
Ease of use, lower TCO
Zero-configuration, no parameter adjustments;
Centralized security management, real-time security monitoring;
Application traffic visibility
High availability
Carrier-class hardware design, temperature monitoring, hot-swappable parts such as fans and power modules

Deployment Scenarios

IDS deployment scenarios

Internet access point

In front of servers

Product Specification

Model NIP2050D NIP2100D NIP2130D NIP2150D NIP2200D NIP5100D NIP5200D NIP5500D
Scalability
Management port 1 × GE (RJ45) 1 × GE (RJ45) 1 × GE (RJ45) 1 × GE (RJ45) 1 × GE (RJ45) 1 × GE (RJ45) 1×GE(RJ45) 1 × GE (RJ45)
Fixed port

4 × GE (RJ45)

4 × GE (combo)

4 × GE (RJ45)

4 × GE (combo)

4 × GE (RJ45)

4 × GE (combo)

4 × GE (RJ45)

4 × GE (combo)

4 × GE (RJ45)

4 × GE (combo)

4 × GE (RJ45)

4 × GE (combo)

4 × GE (RJ45)

4 × GE (combo)

4 × GE (RJ45)

4 × GE (combo)

2 × 10GE (SFP)

Key features
Attack detection Intelligent protocol identification, packet and flow reassembly, identification of real protocol and file types, attack signature detection, vulnerability signature detection, traffic pattern learning, detection of abnormal network and protocol behaviors and evasions
Server attack detection Comprehensive threat detection to protect application servers from exploits of system and service vulnerabilities, brute force cracking, SQL injection, and cross site scripting
Client attack detection

Detection of threats to browsers and their plug-ins (Java and ActiveX)

Detection of threats to common file formats, such as PDF, Word, Flash, and AVI

Malware detection Detection of Trojan horses, worms, spyware, remote control, botnet, and grayware, such as adware
Traffic-based attacks

Detection of malformed packets, specially grafted packets, scanning attacks, and TCP/UDP floods ²

Detection of application-layer DDoS attacks, such as DNS, HTTP, and SIP attacks;

Traffic learning: Automatic learning of traffic baselines for proper settings of attack traffic thresholds;

Application awareness: Identification and management of 850+ application protocols, such as P2P, IM, online game, stock trading, voice, online video, streaming media, webmail, mobile device apps, and remote login
Alert and response Real-time alarms, logging to databases, audible alarms, syslog, SNMP traps, email and SMS notification, device interworking, capture of attack packets such as TCP reset packets
Device Management

GUI-based configuration, hierarchical administrator management, access permission settings, and centralized device management ²

Scheduled engine knowledge base update, rollback of engine knowledge base, centralized update on internal network

Log Reports Device state monitoring, event log backup, log query and filtering, real-time network monitoring, report generation
Device Specifications Device Specifications
Dimensions (H x W x D) 43.6 x 442 × 560 (mm) 130.5 x 442 × 415 (mm)
Power module

AC: 100 V to 240 V 50/60 Hz

Power module redundancy supported

AC: 100 V to 240 V 50/60 Hz

DC: –48 V to –60 V

Power module redundancy supported

Maximum power 150W 300W
Operating environment Temperature: 0ºC to 40ºC; humidity: 10% to 85%, non-condensing
MTBF 12.67 years

Ordering Information

NIP2000D – 5000D IDS Quotation Items
Model (External) Description
Host Quotation
NIP2050D-AC-01 NIP2050D Standard AC Host(4GE(RJ45)+4GE Combo,4G Memory,2 AC Power),with HW NIP Network Intelligent Protection System Software,with 12 Months Knowledge Base Update Service
NIP2100D-AC-01 NIP2100D Standard AC Host(4GE(RJ45)+4GE Combo,4G Memory,2 AC Power) Spare Part,with HW NIP Network Intelligent Protection System Software,with 12 Months Knowledge Base Update Service
NIP2130D-AC-01 NIP2130D Standard AC Host(4GE(RJ45)+4GE Combo,4G Memory,2 AC Power),with HW NIP Network Intelligent Protection System Software,with 12 Months Knowledge Base Update Service
NIP2150D-AC-01 NIP2150D Standard AC Host(4GE(RJ45)+4GE Combo,4G Memory,2 AC Power),with HW NIP Network Intelligent Protection System Software,with 12 Months Knowledge Base Update Service
NIP2200D-AC-01 NIP2200D Standard AC Host(4GE(RJ45)+4GE Combo,4G Memory,2 AC Power) Spare Part,with HW NIP Network Intelligent Protection System Software,with 12 Months Knowledge Base Update Service
NIP5100D-AC-01 NIP5100D Standard AC Host(4GE(RJ45)+4GE Combo,4G Memory,2 AC Power) Spare Part,with HW NIP Network Intelligent Protection System Software,with 12 Months Knowledge Base Update Service
NIP5200D-AC-01 NIP5200D Standard AC Host(4GE(RJ45)+4GE Combo,4G Memory,2 AC Power) Spare Part,with HW NIP Network Intelligent Protection System Software,with 12 Months Knowledge Base Update Service
NIP5200D-DC-01 NIP5200D Standard DC Host(4GE(RJ45)+4GE Combo,4G Memory,2 DC Power) Spare Part,with HW NIP Network Intelligent Protection System Software,with 12 Months Knowledge Base Update Service
NIP5500D-AC-01 NIP5500D Standard AC Host(4GE(RJ45)+4GE Combo+2*10GE SFP,4G Memory,2 AC Power) Spare Part,with HW NIP Network Intelligent Protection System Software,with 12 Months Knowledge Base Update Service
NIP5500D-DC-01 NIP5500D Standard DC Host(4GE(RJ45)+4GE Combo+2*10GE SFP,4G Memory,2 DC Power) Spare Part,with HW NIP Network Intelligent Protection System Software,with 12 Months Knowledge Base Update Service
Host Software
NIP2050D knowledge base update
LIC-IDS-12-NIP2050D Knowledge Base Update Service Subscribe 12 Months,with HW NIP Network Intelligent Protection System Software
LIC-IDS-36-NIP2050D Knowledge Base Update Service Subscribe 36 Months,with HW NIP Network Intelligent Protection System Software
NIP2130D knowledge base update
LIC-IDS-12-NIP2130D Knowledge Base Update Service Subscribe 12 Months,with HW NIP Network Intelligent Protection System Software
LIC-IDS-36-NIP2130D Knowledge Base Update Service Subscribe 36 Months,with HW NIP Network Intelligent Protection System Software
NIP2150D knowledge base update
LIC-IDS-12-NIP2150D Knowledge Base Update Service Subscribe 12 Months,with HW NIP Network Intelligent Protection System Software
LIC-IDS-36-NIP2150D Knowledge Base Update Service Subscribe 36 Months,with HW NIP Network Intelligent Protection System Software
NIP2100D knowledge base update
LIC-IDS-12-NIP2100D Knowledge Base Update Service Subscribe 12 Months,with HW NIP Network Intelligent Protection System Software
LIC-IDS-36-NIP2100D Knowledge Base Update Service Subscribe 36 Months,with HW NIP Network Intelligent Protection System Software
NIP2200D knowledge base update
LIC-IDS-12-NIP2200D Knowledge Base Update Service Subscribe 12 Months,with HW NIP Network Intelligent Protection System Software
LIC-IDS-36-NIP2200D Knowledge Base Update Service Subscribe 36 Months,with HW NIP Network Intelligent Protection System Software
NIP5100D knowledge base update
LIC-IDS-12-NIP5100D Knowledge Base Update Service Subscribe 12 Months,with HW NIP Network Intelligent Protection System Software
LIC-IDS-36-NIP5100D Knowledge Base Update Service Subscribe 36 Months,with HW NIP Network Intelligent Protection System Software
NIP5200D knowledge base update
LIC-IDS-12-NIP5200D Knowledge Base Update Service Subscribe 12 Months,with HW NIP Network Intelligent Protection System Software
LIC-IDS-36-NIP5200D Knowledge Base Update Service Subscribe 36 Months,with HW NIP Network Intelligent Protection System Software
NIP5500D knowledge base update
LIC-IDS-12-NIP5500D Knowledge Base Update Service Subscribe 12 Months,with HW NIP Network Intelligent Protection System Software
LIC-IDS-36-NIP5500D Knowledge Base Update Service Subscribe 36 Months,with HW NIP Network Intelligent Protection System Software

Huawei IDS

Huawei NIP intrusion detection system (IDS) is designed for large and medium-sized enterprises, vertical industry and carrier customers. The system can locate network threats and traffic that does not comply with security policies and provide specific and effective countermeasures to achieve an integrated solution that incorporates protection, detection, and response. The NIP IDS incorporates multiple new-generation detection technologies to protect customer networks in line with the product concept of "comprehensive detection, accurate analysis, and multi-dimensional report".

Huawei NIP IDS uses a carrier-class high availability design that suits different environments. The product can get up-and-running with zero configuration to automatically detect threats without complex signature tuning, manual network parameter setting, or threshold benchmarking. Huawei NIP IDS significantly simplifies deployment and reduces the total cost of ownership (TCO).

Competitive products includes Cisco IPS4345, 4360, 4510, 4520, Check Point IPS-1,Sourcefire Next-Generation IPS Snort 3D7000 Series 3D8000 Series IPSx Series Sourcefire Defense Center,3COM Tippingpoint IDS, IBM ISS Proventia GX4004 IPS,GX5008 IPS,  GX5108 IPS, GX5208 IPS, GX6116 IPS, CrossBeam IPS,GX3002 IPS, GX4002 IPS, McAfee M-8000, M-6050, M-4050,M-3050, M-2950, M-2850, M-2750, M1450, M-1250, Stonesoft StoneGate IPS 6105 StoneGate IPS 3205 StoneGate IPS 3201 StoneGate IPS 1205 StoneGate IPS 1060 StoneGate IPS 1030, Juniper IDP75 IDP250 IDP800 IDP8200, NitroSecurity NitroGuard IPS1000, IPS2000, IPS4000, IPS5000