vHSM

Hillstone Security Management

Platform

Hillstone’s Security Management Platform enhances network security by allowing businesses

to segment their networks into multiple virtual domains. Domains can be based on geography,
business unit or security function. It provides the versatility needed to manage Hillstone’s
infrastructure while simplifying configuration, accelerating deployment cycles, and reducing
management overhead.

Product Highlights
Multi-Domain Security Simplified Provisioning and Management
Most companies face security challenges when their busi- Hillstone’s Multi-Domain Security Management simplifies the
ness spans offices located in several regions or countries. provisioning of new devices. It allows a primary administrator
Multiple security gateways, multiple sites requiring different to create groups of devices for other administrators to mon-
security policies and multiple administrators can quickly itor and manage. The primary administrator can download
create a complex security environment. Organizations need global policies, security updates, and policy updates, while
the tools to manage global security policies while allowing local administrators provide policies for local devices, users,
regional administrators to manage devices and users in their and groups. Administrator also can lock the using rules and
geographic location or business division. Hillstone’s Security object configuration to improve the security and reliability of
Manager allows the primary administrator to segment secu- device configuration.
rity management into multiple virtual domains. It provides the
Corporate HQ
security, visibility, and control required by organizations while
Service Zone
reducing management costs, simplifying configuration, and HSM/vHSM
accelerating deployment cycles. Hillstone
NGFW/NIPS

Mgt Link
SD-WAN Internet
VPN Link

HSM serves as the centralized Security Manager in Hillstone’s

SD-WAN solution, offers centralized policy management and
global visibility, allowing one-click set-up and deployment of
SD-WAN networking from a central console. Branch A Branch B Branch C

www.HillstoneNet.com © 2021 Hillstone Networks All Rights Reserved. | 1

Hillstone Security Management Platform

Features
Domain Based Management VPN Network Monitoring
• Segregate networks into multiple virtual domains based on location, business • VPN topology monitoring
unit or security function
• Network status monitoring
• Define global security policy templates and assign them to virtual domains
• Link interruption alarm
• Multiple global security policies may be created
• Virtual domains share global security policies and generate separate policies for System Management
specific users/groups and devices • Time zone configuration, support for daylight saving time
• Shared objects can be assigned and used across domains • HSM file system automatically fix
Role-based Administration • Configuration synchronization prompt
• Administrators assigned to specific domains and devices • HSM system password protection
• Hierarchical role-based management (administrator, operator, auditor) inherit High Availability
different privileges
• Support HSM HA deployment, Master/Slave roles
• Multiple administrators can work on separate domains simultaneously
• Preemption mode
Centralized Management • Monitor/Log Synchronization
• Single security console manages multiple domains • Automatic Synchronizing and Manual Synchronizing
• Graphical interface to view, create and manage all domains • Master/Slave Switchover Alarm
• Create groups of devices for administrators to manage
Distributed Deployment
• Assign global policies to multiple management domains
• Standalone/Master/Slave modes
• Create role based administrators to manage policies and devices
• Register up to 16 slave devices on one master device
• Device registration supported by IP, domain name or template
• Memory alarm, CPU alarm, disk alarm, and slave device offline alarm display on
• Detect redundant policies, useless objects, and policy hits master device
• Create policy snapshots and rollback policies
• Support policy assistant Centralized Reporting
• Centralized management of route, NAT and security policies • More than 30 built-in report templates
• Centralized management of IPS/AV/SLB/URL/iQoS policy • Customized reporting: detailed and merged logging report with custom filters by
event severity, firewall, protocol, source/destination IP, source/destination port,
• Centralized management of firewall password user, application/service, ingress interface, rule/policy number, action, close
• AAA Server, user, role configuration management reason.
• Supports virtual appliance management • Reports available in HTML and PDF format
Centralized Monitoring Alerts
• Monitor all multi-domain system components including Hillstone NGFW, • Multiple types of alerts including real-time and threshold-based alerts
CloudEdge, NIPS, sBDS, ADC and HSA from a central location • Device security event alerts
• Monitor device availability including CPU, memory, concurrent sessions, and • vHSM do not support SMS Alert
traffic from each domain
• Monitor VPN topography graphs for each registered device IPv6
• View network status and VPN link alerts • IPv6-compliant security policy, NAT, address book configuration &
• Monitor security events from each domain including IP, URLs, applications, and management
threats • IPv6 log collection and query
• View trends for device traffic, user traffic, application traffic • IPv6 monitoring data collection and presentation
• Monitor license and signature update status for devices
Device Inspection
• View Top 10 Threats, and Top 10 URLs accessed, last 1 hour threat stats, last 1
hour alarm stats • Manual inspection, regular inspection, intelligent inspection
• Batch inspection
Log Management
• Logs produced for device traffic, system resource utilization, security events, Ticketing System
data security, application usage and device upgrade • Ticket creation, processing, review and deployment
• Logs may be filtered by device • Ticket batch import and review
• Logs produced for HSM system • Policy redundancy check
• Logs can be exported for historical log queries and backups • Device auto identification
• Support log forwarding to third-party syslog server • Provide API to connect with other ticketing system

Configuration Management SD-WAN Management

• Device IP, domain name, and template registration • VPN Star Networking and Mesh Networking
• Device software version number • VPN network management
• Device configuration file comparison • Device and link status monitoring
• Configuration file backup and recovery • Support branch device onboarding via ZTP, customizable ZTP template
• Support to lock configuration file of device • Easy SD-WAN business deployment
• IPS, APP, AV, URL signature upgrade configuration centralized management
vHSM
• Support Firewall HA, including HA cluster management for Hillstone firewalls in
Active-Passive/Active-Active/Active-Peer modes, HA groups relationship and • Support VMware WorkStation, EXSi, KVM
status display • Support AWS platform

www.HillstoneNet.com © 2021 Hillstone Networks All Rights Reserved. | 2

Hillstone Security Management Platform

Specifications

Virtual Appliance (vHSM) Specification

15/25 15/100 15/500 15/1000

Log Performance 1,000 EPS 2,000 EPS 5,000 EPS 10,000 EPS
vCPU Requirement 4 8 18 24
Memory Requirement 4 GB 16 GB 32 GB 64 GB
Port Requirement 2 ports 2 ports 2 ports 2 ports
Hard Disk Requirement (Min.) 100 GB 2 TB 4 TB 8 TB
Virtual Environment Requirement VMware Workstation/ESXi or KVM

NOTES:
(1) The default number of devices that HSM manages is only valid with the HSM platform license. It can be extended to the maximum number with the HSM extension
license.

www.HillstoneNet.com
© 2021 Hillstone Networks All Rights Reserved.
Version: EX-08.01-HSM4.7.0-0221-EN-01