TM

Hillstone E-1000 Series

Next-Generation Firewall

E1100W / E1100WG3w / E1600 / E1606 / E1700

The Hillstone E-1000 Series Next Generation Firewall (NGFW) provides comprehensive and granular visibility and control of
applications. It can identify and prevent potential threats associated with high-risk applications while providing
policy-based control over applications, users, and user-groups. Policies can be defined that guarantee bandwidth to
mission-critical applications while restricting or blocking unauthorized or malicious applications. The Hillstone E-1000
Series NGFW incorporates comprehensive network security and advanced firewall features, provides superior price perfor-
mance, excellent energy efficiency, and comprehensive threat prevention capability.

Product Highlights

Granular Application Identification and Control Comprehensive Threat Detection and Prevention
The Hillstone E-1000 Series NGFW provides fine-grained The Hillstone E-1000 Series NGFW provides real-time protec-
control of web applications regardless of port, protocol, or tion for applications from network attacks including viruses,
evasive action. It can identify and prevent potential threats spyware, worms, botnets, ARP spoofing, DoS/DDoS, Trojans,
associated with high-risk applications while providing buffer overflows, and SQL injections. It incorporates a unified
policy-based control over applications, users, and user-groups. threat detection engine that shares packet details with multiple
Security Policies can be defined that guarantee bandwidth to security engines (AD, IPS, URL filtering, Anti-Virus, Sandbox
mission-critical applications while restricting or blocking unau- etc.), which significantly enhances the protection efficiency and
thorized or malicious applications. reduces network latency.

www.hillstonenet.com
Phone: 1-800-889-9860
 Hillstone E-1000 Series Next-Generation Firewall E-1000 Series

Features

Network Services
ï Support protocols including HTTP/HTTPS, POP3, IMAP, SMTP and FTP
ï Dynamic routing (OSPF, BGP, RIPv2) ï Support file types including PE,ZIP, RAR, Office, PDF, APK, JAR and SWF
ï Static and Policy routing ï File transfer direction and file size control
ï Route controlled by application ï Provide complete behavior analysis report for malicious files
ï Built-in DHCP, NTP, DNS Server and DNS proxy ï Global threat intelligence sharing, real-time threat blocking
• Tap mode – connects to SPAN port ï Support detection only mode without uploading files
ï Interface modes: sniffer, port aggregated, loopback, VLANS (802.1Q and
Trunking) Botnet C&C Prevention
ï L2/L3 switching & routing
ï Discover intranet botnet host by monitoring C&C connections and block
ï Virtual wire (Layer 1) transparent inline deployment
further advanced threats such as botnet and ransomware
ï Regularly update the botnet server addresses
Firewall
ï prevention for C&C IP and domain
ï Operating modes: NAT/route, transparent (bridge), and mixed mode ï Support TCP, HTTP, and DNS traffic detection
ï Policy objects: predefined, custom, and object grouping ï IP and domain whitelists
ï Security policy based on application, role and geo-location
ï Application Level Gateways and session support: MSRCP, PPTP, RAS, RSH, SIP, IP Reputation
FTP, TFTP, HTTP, dcerpc, dns-tcp, dns-udp, H.245 0, H.245 1, H.323
ï Identify and filter traffic from risky IPs such as botnet hosts, spammers, Tor
ï NAT and ALG support: NAT46, NAT64, NAT444, SNAT, DNAT, PAT, Full Cone
nodes, breached hosts, and brute force attacks
NAT, STUN
ï Logging, dropping packets, or blocking for different types of risky IP traffic
ï NAT configuration: per policy and central NAT table
ï Regular IP reputation signature database upgrade
ï VoIP: SIP/H.323/SCCP NAT traversal, RTP pin holing
ï Global policy management view
SSL Decryption
ï Security policy redundancy inspection, policy group, policy configuration
ï Application identification for SSL encrypted traffic
rollback
ï IPS enablement for SSL encrypted traffic
ï Comprehensive DNS policy
ï AV enablement for SSL encrypted traffic
ï Schedules: one-time and recurring
ï URL filter for SSL encrypted traffic
ï SSL Encrypted traffic whitelist
Intrusion Prevention
ï SSL proxy offload mode
ï Protocol anomaly detection, rate-based detection, custom signatures,
manual, automatic push or pull signature updates, integrated threat
Endpoint Identification and Control
encyclopedia
ï Support to identify endpoint IP, endpoint quantity, on-line time, off-line time,
ï IPS Actions: default, monitor, block, reset (attackers IP or victim IP, incoming
and on-line duration
interface) with expiry time
ï Support 10 operation systems
ï Packet logging option
ï Support query based on IP, endpoint quantity, control policy and status etc.
ï Filter Based Selection: severity, target, OS, application or protocol
ï Support the identification of accessed endpoints quantity across layer 3,
ï IP exemption from specific IPS signatures
logging and interference on overrun IP
ï IDS sniffer mode
ï IPv4 and IPv6 rate based DoS protection with threshold settings against TCP
Data Security
Syn flood, TCP/UDP/SCTP port scan, ICMP sweep, TCP/UDP/SCIP/ICMP session
ï File transfer control based on file type
flooding (source/destination)
ï File protocol identification, including HTTP, FTP, SMTP and POP3
ï Active bypass with bypass interfaces
ï File signature and suffix identification for over 100 file types
ï Predefined prevention configuration
ï Content filtering for HTTP-GET, HTTP-POST, FTP and SMTP protocols
ï IM identification and network behavior audit
Anti-Virus
ï Manual, automatic push or pull signature updates
Application Control
ï Flow-based Antivirus: protocols include HTTP, SMTP, POP3, IMAP, FTP/SFTP
ï Over 3,000 applications that can be filtered by name, category, subcategory,
ï Compressed file virus scanning
technology and risk
ï Each application contains a description, risk factors, dependencies, typical
Attack Defense
ports used, and URLs for additional reference
ï Abnormal protocol attack defense
ï Actions: block, reset session, monitor, traffic shaping
ï Anti-DoS/DDoS, including SYN Flood, DNS Query Flood defense
ï Identify and control cloud applications in the cloud
ï ARP attack defense
ï Provide multi-dimensional monitoring and statistics for cloud applications,
including risk category and characteristics
URL Filtering
ï Flow-based web filtering inspection
Quality of Service (QoS)
ï Manually defined web filtering based on URL, web content and MIME header
ï Max/guaranteed bandwidth tunnels or IP/user basis
ï Dynamic web filtering with cloud-based real-time categorization database:
ï Tunnel allocation based on security domain, interface, address, user/user
over 140 million URLs with 64 categories (8 of which are security related)
group, server/server group, application/app group, TOS, VLAN
ï Additional web filtering features:
ï Bandwidth allocated by time, priority, or equal bandwidth sharing
- Filter Java Applet, ActiveX or cookie
ï Type of Service (TOS) and Differentiated Services (DiffServ) support
- Block HTTP Post
ï Prioritized allocation of remaining bandwidth
- Log search keywords
ï Maximum concurrent connections per IP
- Exempt scanning encrypted connections on certain categories for privacy
ï Bandwidth allocation based on URL category
ï Web filtering profile override: allows administrator to temporarily assign
ï Bandwidth limit by delaying access for user or IP
different profiles to user/group/IP
ï Web filter local categories and category rating override
Server Load balancing
ï Weighted hashing, weighted least-connection, and weighted round-robin
Cloud-Sandbox
ï Session protection, session persistence and session status monitoring
ï Upload malicious files to cloud sandbox for analysis
ï Server health check, session monitoring and session protection

www.hillstonenet.com
 Hillstone E-1000 Series Next-Generation Firewall E-1000 Series

Features

- Port, local & remote link monitoring

Link Load balancing - Stateful failover
ï Bi-directional link load balancing - Sub-second failover
ï Outbound link load balancing includes policy based routing, ECMP and - Failure notification
weighted, embedded ISP routing and dynamic detection ï Deployment options:
ï Inbound link load balancing supports SmartDNS and dynamic detection - HA with link aggregation
ï Automatic link switching based on bandwidth, latency, jitter, connectivity, - Full mesh HA
application etc. - Geographically dispersed HA
ï Link health inspection with ARP, PING, and DNS
User and Device Identity
VPN ï Local user database
ï IPSec VPN ï Remote user authentication: TACACS+, LDAP, Radius, Active
- IPSEC Phase 1 mode: aggressive and main ID protection mode ï Single-sign-on: Windows AD
- Peer acceptance options: any ID, specific ID, ID in dialup user group ï 2-factor authentication: 3rd party support, integrated token server with
- Supports IKEv1 and IKEv2 (RFC 4306) physical and SMS
- Authentication method: certificate and pre-shared key ï User and device-based policies
- IKE mode configuration support (as server or client) ï User group synchronization based on AD and LDAP
- DHCP over IPSEC ï Support for 802.1X, SSO Proxy
- Configurable IKE encryption key expiry, NAT traversal keep alive ï WebAuth page customization
frequency ï Interface based Authentication
- Phase 1/Phase 2 Proposal encryption: DES, 3DES, AES128, AES192, ï Agentless ADSSO (AD Polling)
AES256 ï Use authentication synchronization based on SSO-monitor
- Phase 1/Phase 2 Proposal authentication: MD5, SHA1, SHA256, SHA384, ï Support MAC-based user authentication
SHA512
- Phase 1/Phase 2 Diffie-Hellman support: 1,2,5 Administration
- XAuth as server mode and for dialup users ï Management access: HTTP/HTTPS, SSH, telnet, console
- Dead peer detection ï Central Management: Hillstone Security Manager (HSM), web service APIs
- Replay detection ï System Integration: SNMP, syslog, alliance partnerships
- Autokey keep-alive for Phase 2 SA ï Rapid deployment: USB auto-install, local and remote script execution
ï IPSEC VPN realm support: allows multiple custom SSL VPN logins associated ï Dynamic real-time dashboard status and drill-in monitoring widgets
with user groups (URL paths, design) ï Language support: English
ï IPSEC VPN configuration options: route-based or policy based
ï IPSEC VPN deployment modes: gateway-to-gateway, full mesh, Logs & Reporting
hub-and-spoke, redundant tunnel, VPN termination in transparent mode ï Logging facilities: local memory and storage (if available), multiple syslog
ï One time login prevents concurrent logins with the same username servers and multiple Hillstone Security Audit (HSA) platforms
ï SSL portal concurrent users limiting ï Encrypted logging and log integrity with HSA scheduled batch log uploading
ï SSL VPN port forwarding module encrypts client data and sends the data to ï Reliable logging using TCP option (RFC 3195)
the application server ï Detailed traffic logs: forwarded, violated sessions, local traffic, invalid
ï Supports clients that run iOS, Android, and Windows XP/Vista including packets, URL etc.
64-bit Windows OS ï Comprehensive event logs: system and administrative activity audits, routing
ï Host integrity checking and OS checking prior to SSL tunnel connections & networking, VPN, user authentications, WiFi related events
ï MAC host check per portal ï IP and service port name resolution option
ï Cache cleaning option prior to ending SSL VPN session ï Brief traffic log format option
ï L2TP client and server mode, L2TP over IPSEC, and GRE over IPSEC ï Three predefined reports: Security, Flow and network reports
ï View and manage IPSEC and SSL VPN connections ï User defined reporting
ï PnPVPN ï Reports can be exported in PDF via Email and FTP

IPv6 Statistics and Monitoring

ï Management over IPv6, IPv6 logging and HA ï Application, URL, threat events statistic and monitoring
ï IPv6 tunneling, DNS64/NAT64 etc ï Real-time traffic statistic and analytics
ï IPv6 routing protocols, static routing, policy routing, ISIS, RIPng, OSPFv3 and ï System information such as concurrent session, CPU, Memory and
BGP4+ temperature
ï IPS, Application identification, URL filtering, Anti-Virus, Access control, ND ï iQOS traffic statistic and monitoring, link status monitoring
attack defense ï Support traffic information collection and forwarding via Netflow (v9.0)

VSYS CloudView
ï System resource allocation to each VSYS ï Cloud-based security monitoring
ï CPU virtualization ï 7/24 access from web or mobile application
ï Non-root VSYS support firewall, IPSec VPN, SSL VPN, IPS, URL filtering ï Device status, traffic and Threat monitoring
ï VSYS monitoring and statistic ï Cloud-based log retention and reporting
ï Not supported on E1600, E1100W and E1100W3Gw
Wireless
High Availability ï Multi-SSID and wireless traffic control (only on E1100W and E1100WG3w)
ï Redundant heartbeat interfaces ï Wire link and WCDMA link back up (Only on E1100WG3w)
ï Active/Active and Active/Passive ï WCDMA IPSec VPN (Only on E1100WG3w)
ï Standalone session synchronization
ï HA reserved management interface
ï Failover:

www.hillstonenet.com
 Hillstone E-1000 Series Next-Generation Firewall E-1000 Series

Product Specification

Specification SG-6000-E1100W SG-6000-E1100WG3w SG-6000-E1600 SG-6000-E1606 SG-6000-E1700

FW Throughput (1) 1Gbps 1Gbps 1Gbps 1Gbps 1.5Gbps/2Gbps

IPSec Throughput(2) 600Mbps 600Mbps 600Mbps 600Mbps 700Mbps

AV Throughput(3) 300Mbps 300Mbps 300Mbps 300Mbps 400Mbps

(4)
IPS Throughput 400Mbps 400Mbps 400Mbps 400Mbps 600Mbps

IMIX Throughput (5) 200Mbps 200Mbps 200Mbps 200Mbps 600Mbps

NGFW Throughput(6) 350Mbps 350Mbps 350Mbps 350Mbps 450Mbps

Threat Protection
300Mbps 300Mbps 300Mbps 300Mbps 400Mbps
Throughput(7)

New Sessions/s(8) 10,000 10,000 10,000 12,000 25,000

Maximum Concurrent
Sessions (Default/Max) 200k 200k 200k 400k 600k/1M

IPSec Tunnel Number 512 512 512 1,000 2,000

SSL VPN Users

8/128 8/128 8/128 8/500 8/500
(Default/Max)

1 x Console Port 1 x Console Port 1 x Console Port 1 x Console Port 1 x Console Port
Management Ports
1 x USB Port 1 x USB Port 1 x USB Port 1 x USB Port 1 x USB Port

Fixed I/O Ports 9 x GE 9 x GE 9 x GE 9 x GE 9 x GE

WiFi IEEE802.11a/b/g/n IEEE802.11a/b/g/n N/A N/A N/A

3G NA WCDMA N/A N/A N/A

Maximum Power 1×45W Redundancy 1×45W Redundancy

30W 30W 30W
Consumption 1+1 1+1

AC:100-240V
AC:100-240V
Power Supply AC 100-240V 50/60Hz AC 100-240V 50/60Hz AC 100-240V 50/60Hz 50/60Hz
50/60Hz
DC-40~-60V

Desktop Desktop Desktop 1U 1U

Dimension
12.6 × 5.91 × 1.7 in 12.6 × 5.91 × 1.7 in 12.6 × 5.91 × 1.7 in 17.4 x 9.5 x 1.7in 17.4 x 9.5 x 1.7in
(W×D×H, mm)
(320×150×44 mm) (320×150×44 mm) (320×150×44 mm) (442 x 241 x 44mm) (442 x 241 x 44mm)

Weight 3.3lb (1.5KG) 3.3lb (1.5KG) 3.3lb (1.5KG) 5.5Ib (2.5kg) 5.5Ib (2.5kg)

Temperature 32-104 F (0-40°C) 32-104 F (0-40°C) 32-104 F (0-40°C) 32-104F (0-40°C) 32-104F (0-40°C)

Relative Humidity 10-95% (no dew) 10-95% (no dew) 10-95% (no dew) 10-95% (no dew) 10-95% (no dew)

Compliance and CE, CB, FCC, UL/cUL, ROHS, IEC/EN61000-4-5 Power Surge Protection, ISO 9001:2015, ISO 14001:2015, CVE Compatibility, IPv6 Ready, ICSA
Certificate Firewalls

Unless specified otherwise, all performance, capacity and functionality are based on StoneOS5.5R6. Results may vary based on StoneOS®version and deployment.

NOTES: (1) FW throughput data is obtained under single-stack UDP traffic with 1518-byte packet size; (2) IPSec throughput data is obtained under Preshare Key AES256+SHA-1
configuration and 1400-byte packet size packet; (3) AV throughput data is obtained under HTTP traffic with file attachment; (4) IPS throughput data is obtained under bi-direc-
tion HTTP traffic detection with all IPS rules being turned on; (5) IMIX throughput data is obtained under UDP traffic mix (64 byte : 512 byte : 1518 byte =5:7:1); (6) NGFW
throughput data is obtained under 64 Kbytes HTTP traffic with application control and IPS enabled; (7) Threat protection throughput data is obtained under 64 Kbytes HTTP traffic
with application control, IPS, AV and URL filtering enabled; (8) New Sessions/s is obtained under TCP traffic.

Version :EX-08.01-NGFW-5.5R6-0818-EN-01 www.hillstonenet.com