Accelerating Deployment Cycles. Reducing Management Overhead. Simplify Configuration.

Hillstone’s Security Manager enhances network security by allowing businesses to segment their networks into multiple virtual domains. Domains can be based on geography, business unit or security function. It provides the versatility needed to manage Hillstone’s infrastructure while simplifying configuration, accelerating deployment cycles, and reducing management overhead.

Multi-Domain Security

Most companies face security challenges when their business spans offices located in several regions or countries. Multiple security gateways, multiple sites requiring different security policies and multiple administrators can quickly create a complex security environment. Organizations need the tools to manage global security policies while allowing regional administrators to manage devices and users in their geographic location or business division. Hillstone’s Security Manager allows the primary administrator to segment security management into multiple virtual domains. It provides the security, visibility, and control required by organizations while reducing management costs, simplifying configuration, and accelerating deployment cycles.

Simplified Provisioning and Management

Hillstone’s Multi-Domain Security Management simplifies the provisioning of new devices. It allows a primary administrator to create groups of devices for other administrators to monitor and manage. The primary administrator can download global policies, security updates, and policy updates, while local administrators provide policies for local devices, users, and groups.

Key features

  • Segregate networks into multiple virtual domains based on location, business unit or security function
  • Define global security policy templates and assign them to virtual domains
  • Multiple global security policies may be created
  • Virtual domains share global security policies and generate separate policies for specific users/groups and devices
  • Shared objects can be assigned and used across Domains
  • Administrators assigned to specific domains and devices
  • Hierarchical role-based management (administrator, operator, auditor) inherit different privileges
  • Multiple administrators can work on separate domains simultaneously
  • Single security console manages multiple domains
  • Graphical interface to view, create and manage all domains
  • Create groups of devices for administrators to manage
  • Assign global policies to multiple management domains
  • Create role based administrators to manage polices and devices
  • Device registration supported by IP, domain name or template
  • Detect redundant policies, useless objects, and policy hits
  • Create policy snapshots and rollback policies
  • Centralized management of route, NAT and security policies
  • Centralized management of IPS/AV/SLB/URL/iQoS policy
  • AAA Server, user, role configuration management
  • Supports virtual appliance management
  • Support Firewall HA, including HA cluster management for Hillstone firewalls in Active-Passive/Active-Active/Active-Peer modes, HA groups relationship and status display
  • Monitor all multi-domain system components including Hillstone NGFW, NIPS and CloudEdge from a central location
  • Monitor device availability including CPU, memory, concurrent sessions, and traffic from each domain
  • Monitor VPN topography graphs for each registered device
  • View network status and VPN link alerts
  • Monitor security events from each domain including IP, URLs, applications, and threats
  • View trends for device traffic, user traffic, application traffic
  • Monitor license status for devices
  • View Top 10 Threats, and Top 10 URLs accessed
  • Logs produced for device traffic, system resource utilization, security events, data security and application usage
  • Logs may be filtered by device
  • Logs produced for HSM system
  • Logs produced for historical log queries and backups
  • Device IP, domain name, and template registration
  • Device software version number
  • Device configuration file comparison
  • Configuration file backup and recovery
  • Support to lock configuration file of device
  • IPS, APP, AV, URL signature upgrade configuration centralized management
  • Support HSM HA deployment, Master/Slave roles
  • Preemption mode
  • Monitor/Log Synchronization
  • Automatic Synchronizing and Manual Synchronizing
  • Master/Slave Switchover Alarm
  • Standalone/Master/Slave modes
  • Register up to 16 slave devices on one master device
  • Memory alarm, CPU alarm, disk alarm, and slave device offline alarm display on master device
  • More than 30 built-in report templates
  • Customized reporting
  • Reports available in HTML and PDF format
  • Multiple types of alerts including real-time and threshold-based alerts
  • Device security event alerts
  • vHSM do not support SMS Alert