NIP2000/5000 Intrusion Prevention Systems

The NIP2000/5000 Series offers comprehensive network intrusion prevention for Web2.0 and cloud computing on enterprise, IDC, and campus networks. Multi-level protection technologies provide virtual patching, web application protection, client protection, malware defense, and network- and application-layer anti-DDoS functions for IPv4 and IPv6 networks.

With zero configuration, zero false positives, powerful packet detection and forwarding, the NIP2000/5000 Series outshines competitors in performance and cost.

Keep vital traffic and data safe today with the plug-and-play NIP2000/5000 Series.

Huawei NIP2000D NIP5000D IDS

Product Highlights

Overall defense against new threats
  • Defends against new malware, zero-day attacks, and botnet.
  • Defends against application-layer DDoS attacks, such as DNS, HTTP, and SIP attacks.
  • More than 300 security researchers globally collect threats and update signatures in real time.
  • Accurate detection and automatic prevention against service threats
  • Uses vulnerability-based detection technology to provide accurate detection.
  • Avoids threshold configuration mistakes through automatic baseline learning.
  • Automatically prevents against key service threats with no manual intervention.
  • Easy to use and low TCO
  • Can be deployed online with default configurations.
  • Provides centralized security management and real-time security monitor.
  • Provides visualized application traffic.
  • High availability
  • Provides carrier-class hardware design and supports temperature monitor and hot swap of components, such as the fan and power supply.
  • Supports active-active and active-standby HA deployments.
  • Supports hardware bypass.
  • Deployment Scenarios

    IPS deployment scenarios

    Internet access point

  • Limits undesired P2P and video traffic and ensures the bandwidth for proper services.
  • Prevents IM, online gaming, and stock exchange applications to avoid network abuse.
  • Prevents online storage, Web mail, and IM applications to avoid disclosure of internal documents or confidential information.
  • Protects internal hosts and browsers against threats to avoid data loss, data damage, or turning the hosts into zombies
  • Offline Monitor (IDS mode)

  • Meets the requirement of policy compliance.
  • Meet the governmental mandatory standards in classified protection of information system and secret-involved networks.
  • Helps to maintain the network by providing key information for intrusion detection or faults caused by other anomalies.
  • Helps enterprises to pass standard authentications, which are necessary for company listing or investment promotion.
  • In front of servers

  • Prevents worms and exploits targeting at service and platform vulnerabilities to avoid possible damage, tampering, data loss, or turning the servers into zombies.
  • Prevents server faults caused by DoS or DDoS attacks.
  • Prevents emerging attacks, such as SQL injection, cross-site scripting, scanning, password guessing, and sniffing, targeting at Web applications.
  • Provides IDC value-added services.
  • WAN Border

  • Implements network logical isolation.
  • Prevents the spread of worms and Trojan horses from external networks.
  • Monitors violations on internal networks.
  • Detects and prevents malicious behaviors, such as sniffing and reconnaissance, from external networks.
  •  

    Product Specification

    Model NIP2050 NIP2100 NIP2130 NIP2150 NIP2200 NIP5100 NIP5200 NIP5500
    Extension and I/O
    Dedicated management interface 1 x GE (RJ45) 1 x GE (RJ45) 1 x GE (RJ45) 1 x GE (RJ45) 1 x GE (RJ45) 1 x GE (RJ45) 1 x GE (RJ45) 1 x GE (RJ45)
    Fixed interface

    4 x GE (RJ45)

    4 x GE (combo)

    4×GE(RJ45)

    4×GE(combo)

    4×GE(RJ45)

    4×GE(combo)

    4×GE(RJ45)

    4×GE(combo)

    4×GE(RJ45)

    4×GE(combo)

    4×GE(RJ45)

    4×GE(combo)

    4×GE(RJ45)

    4×GE(combo)

    4×GE(RJ45)

    4×GE(combo)

    2×10GE(SFP)

    Feature
    Server protection Provides all-round protection for application servers and defends against system vulnerability attacks, service vulnerability attacks, brute force, SQL injection, cross-site scripting, and viruses.
    Client protection

    ● Protects browsers and plug-ins, such as Java and ActiveX.

    ● Protects files such as Word, PDF, Flash, and AVI.

    ● Detects and defends against system vulnerabilities, spyware, adware and viruses.

    Infrastructure Protection

    ● Defends against malformed packet attacks, special packet control attacks, scanning attacks, and TCP/UDP flood attacks.

    ● Defends against application-layer DDoS attacks, such as the HTTP, HTTPS, DNS, and SIP flood attacks.

    ● Traffic self-learning: sets the threshold for traffic-type attacks based on statistics on normal traffic.

    Network application control

    Identifies and controls more than 1200 application protocols, including P2P, IM, online game, stock, voice, online video, stream media, web mail, mobile terminal, and remote login applications.

    Provides real-time alarming, audible alarms, syslogs, SNMP traps, emails, SMS messages, interworking with the third-party device, IP address isolation, attack packet capture, and real-time session blocking.

    Alarm and Response
    Device management

    ● Provides GUI, hierarchical management over administrators, access control permission setting, and centralized management over devices.

    ● Supports the rollback and periodic update of the engine knowledge database, and centralized update on the intranet.

    Log report monitor Provides device status monitoring, event information backup, log query and filtering, real-time network status monitoring, and report customization.
    Deployment and availability

    ● The IPS device is deployed in in-line mode and the IDS device is deployed in off-line mode. Interfaces are deployed in online and off-line modes.

    ● Supports hardware bypass cards and hot standby deployment.

    Specifications of Integrated Devices
    Dimensions (H x W x D) (mm) 43.6 x 442 x 560 43.6 x 442 x 560 43.6 x 442 x 560 130.5 x 442 x 415
    Power supply

    AC: 100 V to 240 V 50/60 Hz

    Power supply redundancy is supported.

    AC: 100 V to 240 V 50/60 Hz

    DC: –48 V to –60 V

    Power supply redundancy is supported.

    Maximum power
    150 W
    300 W
    Operating environment

    Temperature: 0ºC to 40ºC

    Relative humidity: 5% to 95%, non-condensing

    MTBF 12.67 years

    Ordering Information

    Model (External) Description
    Host Quoted Items
    NIP2050-AC-01 NIP2050 Standard AC Host(4GE(RJ45)+4GE Combo,4G Memory,2 AC Power),with HW NIP Network Intelligent Protection System Software,with 12 Months Knowledge Base Update Service
    NIP2100-AC-01 NIP2100 Standard AC Host(4GE(RJ45)+4GE Combo,4G Memory,2 AC Power),with HW NIP Network Intelligent Protection System Software,with 12 Months Knowledge Base Update Service
    NIP2130-AC-01 NIP2130 Standard AC Host(4GE(RJ45)+4GE Combo,4G Memory,2 AC Power),with HW NIP Network Intelligent Protection System Software,with 12 Months Knowledge Base Update Service
    NIP2150-AC-01 NIP2150 Standard AC Host(4GE(RJ45)+4GE Combo,4G Memory,2 AC Power),with HW NIP Network Intelligent Protection System Software,with 12 Months Knowledge Base Update Service
    NIP2200-AC-01 NIP2200 Standard AC Host(4GE(RJ45)+4GE Combo,4G Memory,2 AC Power),with HW NIP Network Intelligent Protection System Software,with 12 Months Knowledge Base Update Service
    NIP5100-AC-01 NIP5100 Standard AC Host(4GE(RJ45)+4GE Combo,4G Memory,2 AC Power),with HW NIP Network Intelligent Protection System Software,with 12 Months Knowledge Base Update Service
    NIP5200-AC-01 NIP5200 Standard AC Host(4GE(RJ45)+4GE Combo,4G Memory,2 AC Power),with HW NIP Network Intelligent Protection System Software,with 12 Months Knowledge Base Update Service
    NIP5200-DC-01 NIP5200 Standard DC Host(4GE(RJ45)+4GE Combo,4G Memory,2 DC Power),with HW NIP Network Intelligent Protection System Software,with 12 Months Knowledge Base Update Service
    NIP5500-AC-01 NIP5500 Standard AC Host(4GE(RJ45)+4GE Combo+2*10GE Optical Ports,4G Memory,2 AC Power),with HW NIP Network Intelligent Protection System Software,with 12 Months Knowledge Base Update Service
    NIP5500-DC-01 NIP5500 Standard DC Host(4GE(RJ45)+4GE Combo+2*10GE Optical Ports,4G Memory,2 AC Power),with HW NIP Network Intelligent Protection System Software,with 12 Months Knowledge Base Update Service
    Host Auxiliary Software
    NIP2050 Knowledge Base Update Feature
    LIC-IPS-12-NIP2050 Knowledge Base Update Service Subscribe 12 Months,with HW Network Intelligent Protection System Software
    LIC-IPS-36-NIP2050 Knowledge Base Update Service Subscribe 36 Months,with HW Network Intelligent Protection System Software
    LIC-AV-12-NIP2050 Antivirus Update Service Subscribe 12 Months,with HW Network Intelligent Protection System Software
    LIC-AV-36-NIP2050 Antivirus Update Service Subscribe 36 Months,with HW Network Intelligent Protection System Software
    NIP2100 Knowledge Base Update Feature
    LIC-IPS-12-NIP2100 Knowledge Base Update Service Subscribe 12 Months,with HW Network Intelligent Protection System Software
    LIC-IPS-36- NIP2100 Knowledge Base Update Service Subscribe 36 Months,with HW Network Intelligent Protection System Software
    LIC-AV-12- NIP2100 Antivirus Update Service Subscribe 12 Months,with HW Network Intelligent Protection System Software
    LIC-AV-36- NIP2100 Antivirus Update Service Subscribe 36 Months,with HW Network Intelligent Protection System Software
    NIP2130 Knowledge Base Update Feature
    LIC-IPS-12-NIP2130 Knowledge Base Update Service Subscribe 12 Months,with HW Network Intelligent Protection System Software
    LIC-IPS-36- NIP2130 Knowledge Base Update Service Subscribe 36 Months,with HW Network Intelligent Protection System Software
    LIC-AV-12-NIP2130 Antivirus Update Service Subscribe 12 Months,with HW Network Intelligent Protection System Software
    LIC-AV-36- NIP2130 Antivirus Update Service Subscribe 36 Months,with HW Network Intelligent Protection System Software
    NIP2150 Knowledge Base Update Feature
    LIC-IPS-12-NIP2150 Knowledge Base Update Service Subscribe 12 Months,with HW Network Intelligent Protection System Software
    LIC-IPS-36- NIP2150 Knowledge Base Update Service Subscribe 36 Months,with HW Network Intelligent Protection System Software
    LIC-AV-12- NIP2150 Antivirus Update Service Subscribe 12 Months,with HW Network Intelligent Protection System Software
    LIC-AV-36- NIP2150 Antivirus Update Service Subscribe 36 Months,with HW Network Intelligent Protection System Software
    NIP2200 Knowledge Base Update Feature
    LIC-IPS-12-NIP2200 Knowledge Base Update Service Subscribe 12 Months,with HW Network Intelligent Protection System Software
    LIC-IPS-36-NIP2200 Knowledge Base Update Service Subscribe 36 Months,with HW Network Intelligent Protection System Software
    LIC-AV-12-NIP2200 Antivirus Update Service Subscribe 12 Months,with HW Network Intelligent Protection System Software
    LIC-AV-36-NIP2200 Antivirus Update Service Subscribe 36 Months,with HW Network Intelligent Protection System Software
    NIP5100 Knowledge Base Update Feature
    LIC-IPS-12-NIP5100 Knowledge Base Update Service Subscribe 12 Months,with HW Network Intelligent Protection System Software
    LIC-IPS-36-NIP5100 Knowledge Base Update Service Subscribe 36 Months,with HW Network Intelligent Protection System Software
    LIC-AV-12-NIP5100 Antivirus Update Service Subscribe 12 Months,with HW Network Intelligent Protection System Software
    LIC-AV-36-NIP5100 Antivirus Update Service Subscribe 36 Months,with HW Network Intelligent Protection System Software
    NIP5200 Knowledge Base Update Feature
    LIC-IPS-12-NIP5200 Knowledge Base Update Service Subscribe 12 Months,with HW Network Intelligent Protection System Software
    LIC-IPS-36-NIP5200 Knowledge Base Update Service Subscribe 36 Months,with HW Network Intelligent Protection System Software
    LIC-AV-12-NIP5200 Antivirus Update Service Subscribe 12 Months,with HW Network Intelligent Protection System Software
    LIC-AV-36-NIP5200 Antivirus Update Service Subscribe 36 Months,with HW Network Intelligent Protection System Software
    NIP5500 Knowledge Base Update Feature
    LIC-IPS-12-NIP5500 Knowledge Base Update Service Subscribe 12 Months,with HW Network Intelligent Protection System Software
    LIC-IPS-36-NIP5500 Knowledge Base Update Service Subscribe 36 Months,with HW Network Intelligent Protection System Software
    LIC-AV-12-NIP5500 Antivirus Update Service Subscribe 12 Months,with HW Network Intelligent Protection System Software
    LIC-AV-36-NIP5500 Antivirus Update Service Subscribe 36 Months,with HW Network Intelligent Protection System Software
    Service Board/Bypass Card
    FIC-4GE-BYPASS 4GE Electric Ports Bypass Card,with HW General Security Platform Software
    FIC-8GE 8GE Electric Ports Interface Card,with HW General Security Platform Software
    FIC-8SFP 8GE Optical Ports FIC Interface Card,with HW General Security Platform Software
    FIC-2LINE-M-BYPASS 2 Link LC/UPC Multimode Optical Interface Bypass Protect Card,with HW General Security Platform Software
    FIC-2LINE-S-BYPASS 2 Link LC/UPC Singlemode Optical Interface Bypass Protect Card,with HW General Security Platform Software
    FIC-2SFP+ 2*10GE Optical Ports FIC Interface Card,with HW General Security Platform Software
    FIC-2SFP+&8GE 2*10GE Optical Ports+8GE Electric Ports Interface Card,with HW General Security Platform Software

    Huawei IPS

    Huawei Intrusion Prevention System (IPS) of NIP series is designed for large- and medium-scale enterprises, industries, and carriers to defend against network threats and ensure proper running of services. With the modularized engine design and various advanced detection technologies, the NIP provides virtual patches, web application protection, client application protection, anti-malware, antivirus, anti-DDoS, and application sensing and control on IPv4 and IPv6 networks. The NIP helps implement service continuity, data security, and law and regulation compliance.

    With the carrier-class design, Huawei NIP system supports various special protocols, such as Multiprotocol Label Switching (MPLS) and Virtual Local Area Network (VLAN), and can be deployed in various environments. The NIP with default configurations can automatically block various types of service threats. Therefore, the NIP significantly simplifies the deployment and effectively decreases the total cost of ownership (TCO).

    Competitive products includes Cisco IPS4345, 4360, 4510, 4520, Check Point IPS-1,Sourcefire Next-Generation IPS Snort 3D7000 Series 3D8000 Series IPSx Series Sourcefire Defense Center,3COM Tippingpoint IDS, IBM ISS Proventia GX4004 IPS,GX5008 IPS,  GX5108 IPS, GX5208 IPS, GX6116 IPS, CrossBeam IPS,GX3002 IPS, GX4002 IPS, McAfee M-8000, M-6050, M-4050,M-3050, M-2950, M-2850, M-2750, M1450, M-1250, Stonesoft StoneGate IPS 6105 StoneGate IPS 3205 StoneGate IPS 3201 StoneGate IPS 1205 StoneGate IPS 1060 StoneGate IPS 1030, Juniper IDP75 IDP250 IDP800 IDP8200, NitroSecurity NitroGuard IPS1000, IPS2000, IPS4000, IPS5000.