E1100W / E1600 / E1606 / E1700

Hillstone E-Series
Next-Generation Firewall

The Hillstone E-Series Next Generation Firewall (NGFW) is designed for the specific function of
security and provides comprehensive and granular visibility and control of applications. It can
identify and prevent potential threats associated with high-risk applications while providing policy-
based control over applications, users, and user-groups. Policies can be defined that
guarantee bandwidth to mission-critical applications while restricting or blocking unauthorized or
malicious applications. The Hillstone E-Series NGFW incorporates comprehensive network
security and advanced firewall features, provides superior price performance, excellent energy
efficiency, and comprehensive threat prevention capability.

Product Highlights
Granular Application Identification and Control Comprehensive Threat Detection and Prevention
The Hillstone E-Series NGFW provides fine-grained control The Hillstone E-Series NGFW provides real-time protection for
of web applications regardless of port, protocol, or evasive applications from network attacks including viruses, spyware,
action. It can identify and prevent potential threats associ- worms, botnets, ARP spoofing, DoS/DDoS, Trojans, buffer
ated with high-risk applications while providing policy-based overflows, and SQL injections. It incorporates a unified threat
control over applications, users, and user-groups. Security detection engine that shares packet details with multiple
Policies can be defined that guarantee bandwidth to mis- security engines (AD, IPS, URL filtering, Antivirus, Sandbox
sion-critical applications while restricting or blocking unautho- etc.), which significantly enhances the protection efficiency
rized or malicious applications. and reduces network latency.

www.HillstoneNet.com © 2020 Hillstone Networks All Rights Reserved. | 1

Hillstone E-Series Next-Generation Firewall

Features
Network Services Attack Defense • URL filter for SSL encrypted traffic
• Dynamic routing (OSPF, BGP, RIPv2) • Abnormal protocol attack defense • SSL encrypted traffic whitelist
• Static and policy routing • Anti-DoS/DDoS, including SYN flood, UDP flood, • SSL proxy offload mode
• Route controlled by application DNS reply flood, DNS query flood defense, TCP • Support application identification, DLP, IPS
fragment, ICMP fragment, etc. sandbox, AV for SSL proxy decrypted traffic of
• Built-in DHCP, NTP, DNS Server and DNS proxy
• ARP attack defense SMTPS/POP3S/IMAPS
• Tap mode – connects to SPAN port
• Allow list for destination IP address
• Interface modes: sniffer, port aggregated, Endpoint Identification and Control
loopback, VLANS (802.1Q and Trunking) URL Filtering • Support to identify endpoint IP, endpoint quantity,
• L2/L3 switching & routing • Flow-based web filtering inspection on-line time, off-line time, and on-line duration
• Multicast(PIM-SSM) • Manually defined web filtering based on URL, web • Support 10 operating systems including Windows,
• Virtual wire (Layer 1) transparent inline content and MIME header iOS, Android, etc.
deployment • Dynamic web filtering with cloud-based real-time • Support query based on IP, endpoint quantity,
categorization database: over 140 million URLs control policy and status etc.
Firewall
with 64 categories (8 of which are security related) • Support the identification of accessed endpoints
• Operating modes: NAT/route, transparent (bridge), quantity across layer 3, logging and interference
• Additional web filtering features:
and mixed mode on overrun IP
- Filter Java Applet, ActiveX or cookie
• Policy objects: predefined, custom, aggregate • Redirect page display after custom interference
policy, object grouping - Block HTTP Post
operation
• Security policy based on application, role and - Log search keywords
• Supports blocking operations on overrun IP
geo-location - Exempt scanning encrypted connections on
• User identification and traffic control for remote
• Application Level Gateways and session support: certain categories for privacy
desktop services of Windows Server
MSRCP, PPTP, RAS, RSH, SIP, FTP, TFTP, HTTP, • Web filtering profile override: allows administrator
dcerpc, dns-tcp, dns-udp, H.245 0, H.245 1, H.323 to temporarily assign different profiles to user/ Data Security
• NAT and ALG support: NAT46, NAT64, NAT444, group/IP • File transfer control based on file type, size and
SNAT, DNAT, PAT, Full Cone NAT, STUN • Web filter local categories and category rating name
• NAT configuration: per policy and central NAT override • File protocol identification, including HTTP, FTP,
table • Support multi-language SMTP, POP3 and SMB
• VoIP: SIP/H.323/SCCP NAT traversal, RTP pin • File signature and suffix identification for over 100
holing Cloud-Sandbox
file types
• Global policy management view • Upload malicious files to cloud sandbox for
• Content filtering for HTTP-GET, HTTP-POST, FTP
analysis
• Security policy redundancy inspection, policy and SMTP protocols
group, policy configuration rollback • Support protocols including HTTP/HTTPS, POP3,
• IM identification and network behavior audit
IMAP, SMTP, FTP and SMB
• Policy Assistant for easy detailed policy • Filter files transmitted by HTTPS using SSL Proxy
deployment • Support file types including PE, ZIP, RAR, Office,
and SMB
PDF, APK, JAR, SWF and Script
• Policy analyzing and invalid policy cleanup
• File transfer direction and file size control Application Control
• Comprehensive DNS policy
• Provide complete behavior analysis report for • Over 4,000 applications that can be filtered by
• Schedules: one-time and recurring malicious files name, category, subcategory, technology and risk
Intrusion Prevention • Global threat intelligence sharing, real-time threat • Each application contains a description, risk
blocking factors, dependencies, typical ports used, and
• Protocol anomaly detection, rate-based detection,
custom signatures, manual, automatic push or • Support detection only mode without uploading URLs for additional reference
pull signature updates, integrated threat encyclo- files • Actions: block, reset session, monitor, traffic
pedia • URL allow / block list configuration shaping
• IPS Actions: default, monitor, block, reset • Identify and control cloud applications in the cloud
(attackers IP or victim IP, incoming interface) with Botnet C&C Prevention
• Provide multi-dimensional monitoring and
expiry time • Discover intranet botnet host by monitoring C&C statistics for cloud applications, including risk
• Packet logging option connections and block further advanced threats category and characteristics
such as botnet and ransomware
• Filter Based Selection: severity, target, OS, appli-
cation or protocol • Regularly update the botnet server addresses Quality of Service (QoS)
• Prevention for C&C IP and domain • Max/guaranteed bandwidth tunnels or IP/user
• IP exemption from specific IPS signatures
• Support TCP, HTTP, and DNS traffic detection basis
• IDS sniffer mode
• Allow and block list based on IP address or • Tunnel allocation based on security domain,
• IPv4 and IPv6 rate based DoS protection with interface, address, user/user group, server/server
threshold settings against TCP Syn flood, TCP/ domain name
group, application/app group, TOS, VLAN
UDP/SCTP port scan, ICMP sweep, TCP/UDP/ • Support DNS sinkhole and DNS tunneling
detection • Bandwidth allocated by time, priority, or equal
SCIP/ICMP session flooding (source/destination)
bandwidth sharing
• Active bypass with bypass interfaces
IP Reputation • Type of Service (TOS) and Differentiated Services
• Predefined prevention configuration (DiffServ) support
• Identify and filter traffic from risky IPs such as
Antivirus botnet hosts, spammers, Tor nodes, breached • Prioritized allocation of remaining bandwidth
hosts, and brute force attacks • Maximum concurrent connections per IP
• Manual, automatic push or pull signature updates
• Logging, dropping packets, or blocking for • Bandwidth allocation based on URL category
• Manually add or delete MD5 signature to the AV different types of risky IP traffic
database • Bandwidth limit by delaying access for user or IP
• Periodical IP reputation signature database
• MD5 signature support uploading to cloud • Automatic expiration cleanup and manual cleanup
upgrade
sandbox, and manually add or delete on local of user used traffic
database SSL Decryption
• Flow-based antivirus: protocols include HTTP,
Server Load Balancing
• Application identification for SSL encrypted traffic
SMTP, POP3, IMAP, FTP/SFTP, SMB • Weighted hashing, weighted least-connection, and
• IPS enablement for SSL encrypted traffic weighted round-robin
• Compressed file virus scanning
• AV enablement for SSL encrypted traffic

www.HillstoneNet.com © 2020 Hillstone Networks All Rights Reserved. | 2

Hillstone E-Series Next-Generation Firewall

Features (Continued)
• Session protection, session persistence and • VTEP for VxLAN static unicast tunnel • Support IP-based and MAC-based user authenti-
session status monitoring cation
• Server health check, session monitoring and IPv6
session protection • Management over IPv6, IPv6 logging and HA Administration
• IPv6 tunneling: DNS64/NAT64, IPv6 ISATAP, IPv6 • Management access: HTTP/HTTPS, SSH, telnet,
Link Load Balancing console
GRE, IPv6 over IPv4 GRE
• Bi-directional link load balancing • Central Management: Hillstone Security Manager
• IPv6 routing including static routing, policy routing,
• Outbound link load balancing: policy based routing ISIS, RIPng, OSPFv3 and BGP4+ (HSM), web service APIs
including ECMP, time, weighted, and embedded • System Integration: SNMP, syslog, alliance
• IPS, Application identification, URL filtering,
ISP routing; Active and passive real-time link partnerships
Antivirus, Access control, ND attack defense, iQoS
quality detection and best path selection
• IPv6 jumbo frame support • Rapid deployment: USB auto-install, local and
• Inbound link load balancing supports SmartDNS remote script execution
and dynamic detection • IPv6 Radius support
• Dynamic real-time dashboard status and drill-in
• Automatic link switching based on bandwidth, • IPv6 support on the following ALGs: TFTP, FTP,
monitoring widgets
latency, jitter, connectivity, application etc. RSH, HTTP, SIP
• Language support: English
• Link health inspection with ARP, PING, and DNS • IPv6 support on distributed iQoS
• Track address detection Logs & Reporting
VPN
• Logging facilities: local log storage with storage
• IPSec VPN VSYS
models for up to 6 months, multiple syslog
- IPSEC Phase 1 mode: aggressive and main ID • System resource allocation to each VSYS servers and multiple Hillstone Security Audit (HSA)
protection mode • CPU virtualization platforms
- Peer acceptance options: any ID, specific ID, ID in • Non-root VSYS support firewall, IPSec VPN, • Encrypted logging and log integrity with HSA
dialup user group SSL VPN, IPS, URL filtering, app monitoring, IP scheduled batch log uploading
- Supports IKEv1 and IKEv2 (RFC 4306) reputation, QoS • Reliable logging using TCP option (RFC 3195)
- Authentication method: certificate and • VSYS monitoring and statistic, app monitoring, IP • Detailed traffic logs: forwarded, violated sessions,
pre-shared key reputation, AV, QoS local traffic, invalid packets, URL etc.
- IKE mode configuration support (as server or High Availability • Comprehensive event logs: system and adminis-
client) trative activity audits, routing & networking, VPN,
• Redundant heartbeat interfaces user authentications, WiFi related events
- DHCP over IPSEC
• Active/Active and Active/Passive mode • IP and service port name resolution option
- Configurable IKE encryption key expiry, NAT
traversal keep alive frequency • Standalone session synchronization • Brief traffic log format option
- Phase 1/Phase 2 Proposal encryption: DES, • HA reserved management interface • Three predefined reports: Security, Flow and
3DES, AES128, AES192, AES256 • Failover: Network reports
- Phase 1/Phase 2 Proposal authentication: - Port, local & remote link monitoring • User defined reporting
MD5, SHA1, SHA256, SHA384, - Stateful failover • Reports can be exported in PDF, Word and HTML
SHA512 - Sub-second failover via Email and FTP
- IKEv1 support DH group 1,2,5,19,20,21,24 - Failure notification
- IKEv2 support DH group Statistics and Monitoring
• Deployment options:
1,2,5,14,15,16,19,20,21,24 • Application, URL, threat events statistic and
- HA with link aggregation monitoring
- XAuth as server mode and for dialup users
- Full mesh HA • Real-time traffic statistic and analytics
- Dead peer detection
- Geographically dispersed HA • System information such as concurrent session,
- Replay detection
CPU, memory and temperature
- Autokey keep-alive for Phase 2 SA Twin-mode HA (only available on E3960 and
• iQOS traffic statistic and monitoring, link status
• IPSEC VPN realm support: allows multiple custom above models) monitoring
SSL VPN logins associated with user groups (URL • High availability mode among multiple devices
paths, design) • Support traffic information collection and
• Multiple HA deployment modes forwarding via Netflow (v9.0)
• IPSEC VPN configuration options: route-based or
• Configuration and session synchronization among
policy based CloudView
multiple devices
• IPSEC VPN deployment modes: gateway-to- • Cloud-based security monitoring
• Dual HA data link ports
gateway, full mesh, hub-and-spoke, redundant
• 24/7 access from web or mobile application
tunnel, VPN termination in transparent mode User and Device Identity • Device status, traffic and threat monitoring
• One time login prevents concurrent logins with the • Local user database
same username • Cloud-based log retention and reporting
• Remote user authentication: TACACS+, LDAP,
• SSL portal concurrent users limiting Radius, Active Directory IoT Security
• SSL VPN port forwarding module encrypts client • Single-sign-on: Windows AD • Identify IoT devices such as IP Cameras and
data and sends the data to the application server Network Video Recorders
• 2-factor authentication: 3rd party support,
• Supports clients that run iOS, Android, and integrated token server with physical and SMS • Support query of monitoring results based on
Windows XP/Vista including 64-bit Windows OS filtering conditions, including device type, IP
• User and device-based policies
• Host integrity checking and OS checking prior to address, status, etc.
SSL tunnel connections • User group synchronization based on AD and
LDAP • Support customized whitelists
• MAC host check per portal
• Support for 802.1X, SSO Proxy
• Cache cleaning option prior to ending SSL VPN Wireless
session • WebAuth: page customization, force crack
• Multi-SSID and wireless traffic control (only on
prevention, IPv6 support
• L2TP client and server mode, L2TP over IPSEC, E1100W)
and GRE over IPSEC • Interface based authentication
• View and manage IPSEC and SSL VPN connec- • Agentless ADSSO (AD Polling)
tions • Use authentication synchronization based on
• PnPVPN SSO-monitor

www.HillstoneNet.com © 2020 Hillstone Networks All Rights Reserved. | 3

Hillstone E-Series Next-Generation Firewall

Specifications

SG-6000-E1100W SG-6000-E1600 SG-6000-E1606 SG-6000-E1700

FW Throughput (1) 1 Gbps 1 Gbps 1 Gbps 1.5 Gbps / 2 Gbps

IPSec Throughput (2) 600 Mbps 600 Mbps 600 Mbps 700 Mbps
AV Throughput (3) 300 Mbps 300 Mbps 300 Mbps 400 Mbps
IPS Throughput (4) 400 Mbps 400 Mbps 400 Mbps 600 Mbps
IMIX Throughput (5) 200 Mbps 200 Mbps 200 Mbps 600 Mbps
NGFW Throughput (6) 350 Mbps 350 Mbps 350 Mbps 450 Mbps
Threat Protection Throughput (7) 300 Mbps 300 Mbps 300 Mbps 400 Mbps
New Sessions/s (8) 10,000 10,000 12,000 25,000
Maximum Concurrent Sessions
200,000 200,000 400,000 600,000 / 1 Million
(Standard/Maximum)
IPSec Tunnel Number 512 512 1,000 2,000
SSL VPN Users (Default/Max) 8 / 128 8 / 128 8 / 500 8 / 500
Virtual Systems (Default/Max) N/A 1/1 1/5 1/5
1 x Console Port 1 x Console Port 1 x Console Port 1 x Console Port
Management Ports
1 x USB Port 1 x USB Port 1 x USB Port 1 x USB Port
Fixed I/O Ports 9 x GE 9 x GE 9 x GE 9 x GE
WiFi IEEE802.11a/b/g/n N/A N/A N/A

45W, Single AC or DC, Dual AC

Power Specification 30W, Single AC 30W, Single AC 45W, Single AC, Dual AC Redundant
Redundant

AC 100-240 V 50/60 Hz
Power Supply AC 100-240 V 50/60 Hz AC 100-240 V 50/60 Hz AC 100-240 V 50/60 Hz
DC-40~-60 V

Desktop Desktop 1U 1U
Dimension (W×D×H, mm) 12.6 × 5.91 × 1.7 in 12.6 × 5.91 × 1.7 in 17.4 x 9.5 x 1.7in 17.4 x 9.5 x 1.7in
(320×150×44 mm) (320×150×44 mm) (442 x 241 x 44mm) (442 x 241 x 44mm)

Weight 3.3 lb (1.5 kg) 3.3 lb (1.5 kg) 5.5 lb (2.5 kg) 5.5 lb (2.5 kg)
Temperature 32-104°F (0-40°C) 32-104°F (0-40°C) 32-104°F (0-40°C) 32-104°F (0-40°C)
Relative Humidity 10-95% (no dew) 10-95% (no dew) 10-95% (no dew) 10-95% (no dew)
CE, CB, FCC, UL/cUL, ROHS, IEC/EN61000-4-5 Power Surge Protection, ISO 9001:2015, ISO 14001:2015, CVE Compatibility, IPv6
Compliance and Certificate
Ready, ICSA Firewalls

www.HillstoneNet.com © 2020 Hillstone Networks All Rights Reserved. | 4

Hillstone E-Series Next-Generation Firewall

Specifications

SG-6000-E2300 SG-6000-E2800 SG-6000-E2860 SG-6000-E2868

FW Throughput (1) 2.5 Gbps / 4 Gbps 4.5 Gbps / 6 Gbps 6 Gbps 6 Gbps
IPSec Throughput (2) 1 Gbps 3 Gbps 3 Gbps 3 Gbps
AV Throughput (3) 700 Mbps 1.2 Gbps 1.2 Gbps 1.2 Gbps
IPS Throughput (4)
1 Gbps 1.8 Gbps 1.8 Gbps 1.8 Gbps
IMIX Throughput (5) 800 Mbps 2 Gbps 2 Gbps 2 Gbps
NGFW Throughput (6) 650 Mbps 850 Mbps 1 Gbps 1 Gbps
Threat Protection Throughput (7) 500 Mbps 700 Mbps 800 Mbps 800 Mbps
New Sessions/s (8) 50,000 80,000 80,000 80,000
Maximum Concurrent Sessions
1 Million / 2 Million 1 Million / 2 Million 2 Million 2 Million
(Standard/Maximum)
IPSec Tunnel Number 2,000 2,000 4,000 4,000
SSL VPN Users (Default/Max) 8 / 1,000 8 / 1,000 8 / 2,000 8 / 2,000
Virtual Systems (Default/Max) 1/5 1/5 1/5 1/5
256G / 512G SSD
Storage Options N/A N/A N/A
(E2868 / E2868A)
1 x Console Port, 1 x AUX Port, 1 x 1 x Console Port, 1 x AUX Port
Management Ports 1 x Console Port, 1×USB port 1 x Console Port, 1×USB port
USB Port, 1 x HA, 1 x MGT 1 x USB Port, 1 x HA, 1 x MGT
Fixed I/O Ports 5 x GE, 4 x Combo 5 x GE, 4 x Combo 6 x GE, 4 x SFP 6 x GE, 4 x SFP
Available Slots for Expansion
N/A N/A 2 x Generic Slot 2 x Generic Slot
Modules
IOC-4GE-B-M, IOC-8GE-M, IOC- IOC-4GE-B-M, IOC-8GE-M, IOC-
Expansion Module Option N/A N/A
8SFP-M 8SFP-M
45W, Single AC or DC, Dual AC 45W, Single AC or DC, Dual AC 150W, Single AC or DC, Dual AC
Power Specification 150W, Single AC, Dual AC Redundant
Redundant Redundant Redundant
AC 100-240 V 50/60 Hz AC 100-240 V 50/60 Hz AC 100-240 V 50/60 Hz AC 100-240 V 50/60 Hz
Power Supply
DC -40 ~ -60 V DC -40 ~ -60 V DC -40 ~ -60 V DC -40 ~ -60 V
1U 17.4 x 9.5 x 1.7 in 1U 17.4 x 9.5 x 1.7 in 1U 17.2 x 14.4x 1.7 in 1U 17.2 x 14.4x 1.7 in
Dimension (W×D×H, mm)
(442 x 241 x 44 mm) (442 x 241 x 44 mm) (436 x 366 x 44 mm) (436 x 366 x 44 mm)
Weight 5.5 lb (2.5 kg) 5.5 lb (2.5 kg) 12.3 lb (5.6 kg) 12.3 lb (5.6 kg)
Temperature 32-104°F (0-40°C) 32-104°F (0-40°C) 32-104°F (0-40°C) 32-104°F (0-40°C)
Relative Humidity 10-95%(no dew) 10-95% (no dew) 10-95% (no dew) 10-95% (no dew)
Compliance and Certificate CE, CB, FCC, UL/cUL, ROHS, IEC/EN61000-4-5 Power Surge Protection, ISO 9001:2015, ISO 14001:2015, CVE Compatibility, IPv6 Ready, ICSA Firewalls

Module Options
IOC-8GE-M IOC-8SFP-M IOC-4GE-B-M

Names 8GE Expansion Module 8SFP Expansion Module 4GE Bypass Expansion Module
I/O Ports 8 x GE 8 x SFP, SFP module not included 4 x GE Bypass (2 pair bypass ports)
Dimension ½U (Occupies 1 generic slot) ½U (Occupies 1 generic slot) ½U (Occupies 1 generic slot)
Weight 1.8 lb (0.8 kg) 2.0 lb (0.9 kg) 1.8 lb (0.8 kg)

www.HillstoneNet.com © 2020 Hillstone Networks All Rights Reserved. | 5

Hillstone E-Series Next-Generation Firewall

Specifications

SG-6000-E3662 SG-6000-E3668 SG-6000-E3960 SG-6000-E3965 SG-6000-E3968

FW Throughput (1) 8 Gbps 8 Gbps 10 Gbps 10 Gbps 310 Gbps

IPSec Throughput (2) 3 Gbps 3 Gbps 4 Gbps 6 Gbps 4 Gbps
AV Throughput (3) 1.6 Gbps 1.6 Gbps 2.5 Gbps 3 Gbps 2.5 Gbps
IPS Throughput (4) 3 Gbps 3 Gbps 4 Gbps 4 Gbps 4Gbps
IMIX Throughput (5) 2 Gbps 2 Gbps 3 Gbps 4 Gbps 3 Gbps
NGFW Throughput (6) 1.2 Gbps 1.2 Gbps 1.5 Gbps 3 Gbps 1.5 Gbps
Threat Protection Throughput (7) 900 Mbps 900 Mbps 1.1 Gbps 2 Gbps 1.1 Gbps
New Sessions/s (8) 120,000 120,000 150,000 170,000 150,000
Maximum Concurrent Sessions 3 Million 3 Million 3.2 Million 6 Million 3.2 Million
IPSec Tunnel Number 6,000 6,000 10,000 10,000 10,000
SSL VPN Users (Default/Max) 8 / 4,000 8 / 4,000 8 / 6,000 8 / 8,000 8 / 6,000
Virtual Systems (Default/Max) 1 / 50 1 / 50 1 / 100 1 / 100 1 / 100
256G / 512G SSD 256G / 512G SSD
Storage Options N/A N/A N/A
(E3668 / E3668A) (E3968 / E3968A)
1 x Console Port, 1 x AUX 1 x Console Port, 1 x AUX, 1 x Console Port, 1 x AUX, 1 x Console Port, 1 x AUX, 1 x Console Port, 1 x AUX,
Management Ports Port, 1 x USB Port, 1 x HA, 1 Port, 1 x USB Port, 1 x HA, 1 Port, 1 x USB Port, 1 x HA, 1 Port, 1 x USB Port, 1 x HA, 1 Port, 1 x USB Port, 1 x HA, 1
x MGT x MGT x MGT x MGT x MGT
6 x GE (one pair bypass), 4 x 4 x GE (one pair bypass), 4 x 6 x GE (one pair bypass), 4 x
Fixed I/O Ports 6 x GE, 4 x SFP 6 x GE, 4 x SFP
SFP, 2 X SFP+ SFP, 2 X SFP+ SFP, 2 X SFP+
Available Slots for Expansion
2 x Generic Slot 2 x Generic Slot 2 x Generic Slot 4 x Generic Slot 2 x Generic Slot
Modules
IOC-4GE-B-M, IOC-8GE-M,
IOC-4GE-B-M, IOC-8GE-M, IOC-4GE-B-M, IOC-8GE-M, IOC-4GE-B-M, IOC-8GE-M, IOC-4GE-B-M, IOC-8GE-M,
Expansion Module Option IOC-8SFP-M, IOC-4SFP+, IOC-
IOC-8SFP-M IOC-8SFP-M IOC-8SFP-M IOC-8SFP-M
8SFP+, IOC-2SFP+-Lite
Twin-mode HA N/A N/A Yes Yes Yes
150W, Single AC or DC, Dual 150W, Single AC, Dual AC 150W, Single AC or DC, Dual 450W, Dual AC or Dual DC 150W, Single AC, Dual AC
Power Specification
AC Redundant Redundant AC Redundant Redundant Redundant
AC 100-240 V 50/60 Hz AC 100-240 V 50/60 Hz AC 100-240 V 50/60 Hz
Power Supply AC 100-240 V 50/60 Hz AC 100-240 V 50/60 Hz
DC -40 ~ -60 V DC -40 ~ -60 V DC -40 ~ -60 V
1U 17.2 x 14.4x 1.7 in 1U 17.2 x 14.4x 1.7 in 1U 17.2 x 14.4x 1.7 in 2U 17.3 x 20.9 x 3.5 in 1U 17.2 x 14.4x 1.7 in
Dimension (W×D×H, mm)
(436 x 366 x 44 mm) (436 x 366 x 44 mm) (436 x 366 x 44 mm) (440 x530 x 88 mm) (436 x 366 x 44 mm)
Weight 12.3 lb (5.6 kg) 12.3 lb (5.6 kg) 12.3 lb (5.6 kg) 27.1 lb (11.8 kg) 27.1 lb (11.8 kg)
Temperature 32-104°F (0-40°C) 32-104°F (0-40°C) 32-104°F (0-40°C) 32-104°F (0-40°C) 32-104°F (0-40°C)
Relative Humidity 10-95% (no dew) 10-95% (no dew) 10-95% (no dew) 10-95% (no dew) 10-95% (no dew)
Compliance and Certificate CE, CB, FCC, UL/cUL, ROHS, IEC/EN61000-4-5 Power Surge Protection, ISO 9001:2015, ISO 14001:2015, CVE Compatibility, IPv6 Ready, ICSA Firewalls

Module Options
IOC-8GE-M IOC-8SFP-M IOC-4GE-B-M IOC-2SFP+-Lite IOC-8SFP+ IOC-4SFP+

4GE Bypass Expansion

Names 8GE Expansion Module 8SFP Expansion Module 2SFP+ Expansion Module 8SFP+ Expansion Module 4SFP+ Expansion Module
Module
8 x SFP, SFP module not 4 x GE Bypass (2 pair 2 x SFP+, SFP+ module not 8 x SFP+, SFP+ module not 4 x SFP+, SFP+ module not
I/O Ports 8 x GE
included bypass ports) included included included
½U (Occupies 1 generic ½U (Occupies 1 generic ½U (Occupies 1 generic ½U (Occupies 1 generic 1U (Occupies 2 generic 1U (Occupies 2 generic
Dimension
slots) slot) slot) slot) slots) slots)
Weight 1.8 lb (0.8 kg) 2.0 lb (0.9 kg) 1.8 lb (0.8 kg) 0.7 lb (0.3 kg) 1.5 lb (0.7 kg) 1.5 lb (0.7 kg)

www.HillstoneNet.com © 2020 Hillstone Networks All Rights Reserved. | 6

Hillstone E-Series Next-Generation Firewall

Specifications
SG-6000-E5168 SG-6000-E5260 SG-6000-E5268 SG-6000-E5568 SG-6000-E5660 SG-6000-E5760 SG-6000-E5960

FW Throughput (1) 10 Gbps 16 Gbps 16 Gbps 20 Gbps 25 Gbps 32 Gbps 40 Gbps

IPSec Throughput (2) 6 Gbps 8 Gbps 8 Gbps 12 Gbps 15 Gbps 18 Gbps 25 Gbps
AV Throughput (3) 3 Gbps 3.5 Gbps 3.5 Gbps 5 Gbps 7 Gbps 8 Gbps 10 Gbps
IPS Throughput (4) 4 Gbps 5 Gbps 5 Gbps 7 Gbps 12 Gbps 15 Gbps 18 Gbps
IMIX Throughput (5) 4 Gbps 6 Gbps 6 Gbps 8 Gbps 12 Gbps 16 Gbps 16 Gbps
NGFW Throughput (6) 3 Gbps 3.5 Gbps 3.5 Gbps 5 Gbps 7 Gbps 8 Gbps 9.5 Gbps
Threat Protection
2 Gbps 2.2 Gbps 2.2 Gbps 3 Gbps 4.5 Gbps 5 Gbps 6 Gbps
Throughput (7)
New Sessions/s (8) 170,000 200,000 200,000 300,000 400,000 500,000 600,000
Maximum Concurrent
6 Million 6 Million 6 Million 10 Million 10 Million 12 Million 15 Million
Sessions
IPSec Tunnel Number 10,000 20,000 20,000 20,000 20,000 20,000 20,000
SSL VPN Users
8 / 8,000 8 / 10,000 8 / 10,000 8 / 10,000 8 / 10,000 8 / 10,000 8 / 10,000
(Default/Max)
Virtual Systems
1 / 100 1 / 250 1 / 250 1 / 250 1 / 250 1 / 250 1 / 250
(Default/Max)
256G / 512G SSD 256G / 512G SSD 256G / 512G SSD
Storage Options N/A N/A N/A N/A
(E5168 / E5168A) (E5268 / E5268A) (E5568 / E5568A)
1 x Console Port, 1 1 x Console Port, 1 1 x Console Port, 1 1 x Console Port, 1 1 x Console Port, 1 1 x Console Port, 1 1 x Console Port, 1
Management Ports x AUX Port, 1 x USB x AUX, Port, 1 x USB x AUX, Port, 1 x USB x AUX, Port, 1 x USB x AUX, Port, 1 x USB x AUX, Port, 1 x USB x AUX, Port, 1 x USB
Port, 1 x HA, 1 x MGT Port, 1 x HA, 1 x MGT Port, 1 x HA, 1 x MGT Port, 1 x HA, 1 x MGT Port, 1 x HA, 1 x MGT Port, 1 x HA, 1 x MGT Port, 1 x HA, 1 x MGT

4 x GE (one pair 4 x GE (one pair 4 x GE (one pair 4 x GE (one pair

Fixed I/O Ports bypass), 4 x SFP, 2 bypass), 4 x SFP, 2 bypass), 4 x SFP, 2 bypass), 4 x SFP, 2 4 x GE, 4x SFP 4 x GE, 4x SFP 4 x GE, 4x SFP
X SFP+ X SFP+ X SFP+ X SFP+
Available Slots for
4 x Generic Slot 4 x Generic Slot 4 x Generic Slot 4 x Generic Slot 4 x Generic Slot 4 x Generic Slot 4 x Generic Slot
Expansion Modules

IOC-4GE-B-M, IOC- IOC-4GE-B-M, IOC- IOC-4GE-B-M, IOC- IOC-8GE-M, IOC- IOC-8GE-M, IOC- IOC-8GE-M, IOC- IOC-8GE-M, IOC-
8GE-M, IOC-8SFP-M 8GE-M, IOC-8SFP-M, 8GE-M, IOC-8SFP-M 8SFP-M, IOC-4GE-B-M, 8SFP-M, IOC-4GE-B-M, 8SFP-M, IOC-4GE-B-M, 8SFP-M, IOC-4GE-B-M,
Expansion Module
IOC-4SFP+, IOC- IOC-4SFP+, IOC- IOC-4SFP+, IOC- IOC-8SFP+, IOC- IOC-8SFP+, IOC- IOC-8SFP+, IOC- IOC-8SFP+, IOC-
Option
8SFP+, IOC-2SF- 8SFP+, IOC-2SF- 8SFP+, IOC-2SF- 4SFP+ , IOC-2SF- 4SFP+ , IOC-2SF- 4SFP+ , IOC-2SF- 4SFP+ , IOC-2SF-
P+-Lite P+-Lite P+-Lite P+-Lite P+-Lite P+-Lite P+-Lite

Twin-mode HA Yes Yes Yes Yes Yes Yes Yes

450W, Dual AC or Dual 450W, Dual AC or Dual 450W, Dual AC or Dual 450W, Dual AC or Dual 450W, Dual AC or Dual 450W, Dual AC or Dual 450W, Dual AC or Dual
Power Specification
DC Redundant DC Redundant DC Redundant DC Redundant DC Redundant DC Redundant DC Redundant
AC 100-240 V AC 100-240 V AC 100-240 V AC 100-240 V AC 100-240 V AC 100-240 V AC 100-240 V
Power Supply 50/60 Hz 50/60 Hz 50/60 Hz 50/60 Hz 50/60 Hz 50/60 Hz 50/60 Hz
DC -40 ~ -60 V DC -40 ~ -60 V DC -40 ~ -60 V DC -40 ~ -60 V DC -40 ~ -60 V DC -40 ~ -60 V DC -40 ~ -60 V
Dimension (W×D×H, 2U 17.3 x 20.9 x 3.5 in 2U 17.3 x 20.9 x 3.5 in 2U 17.3 x 20.9 x 3.5 in 2U 17.3 × 20.5 × 3.5 in 2U 17.3 × 20.5 × 3.5 in 2U 17.3 × 20.5 × 3.5 in 2U 17.3 × 20.5 × 3.5 in
mm) (440 x530 x 88 mm) (440 x530 x 88 mm) (440 x530 x 88 mm) (440×520×88 mm) (440×520×88 mm) (440×520×88 mm) (440×520×88 mm)
Weight 26.0 lb (11.8 kg) 26.0 lb (11.8 kg) 26.0 lb (11.8 kg) 27.1 lb (12.3 kg) 27.1 lb (12.3 kg) 27.1 lb (12.3 kg) 27.1 lb (12.3 kg)
Temperature 32-104°F (0-40°C) 32-104°F (0-40°C) 32-104°F (0-40°C) 32-104°F (0-40°C) 32-104°F (0-40°C) 32-104°F (0-40°C) 32-104°F (0-40°C)
Relative Humidity 10-95% (no dew) 10-95% (no dew) 10-95% (no dew) 10-95% (no dew) 10-95% (no dew) 10-95% (no dew) 10-95% (no dew)
Compliance and
CE, CB, FCC, UL/cUL, ROHS, IEC/EN61000-4-5 Power Surge Protection, ISO 9001:2015, ISO 14001:2015, CVE Compatibility, IPv6 Ready, ICSA Firewalls
Certificate

Module Options
IOC-8GE-M IOC-8SFP-M IOC-4GE-B-M IOC-2SFP+-Lite IOC-8SFP+ IOC-4SFP+

4GE Bypass Expansion

Names 8GE Expansion Module 8SFP Expansion Module 2SFP+ Expansion Module 8SFP+ Expansion Module 4SFP+ Expansion Module
Module
8 x SFP, SFP module not 4 x GE Bypass (2 pair 2 x SFP+, SFP+ module not 8 x SFP+, SFP+ module not 4 x SFP+, SFP+ module not
I/O Ports 8 x GE
included bypass ports) included included included
½U (Occupies 1 generic ½U (Occupies 1 generic ½U (Occupies 1 generic ½U (Occupies 1 generic 1U (Occupies 2 generic 1U (Occupies 2 generic
Dimension
slot) slot) slot) slot) slots) slots)
Weight 1.8 lb (0.8 kg) 2.0 lb (0.9 kg) 1.8 lb (0.8 kg) 0.7 lb (0.3 kg) 1.5 lb (0.7 kg) 1.5 lb (0.7 kg)

www.HillstoneNet.com © 2020 Hillstone Networks All Rights Reserved. | 7

Hillstone E-Series Next-Generation Firewall

Specifications
SG-6000-E6160 SG-6000-E6168 SG-6000-E6360 SG-6000-E6368

FW Throughput (1) 60 Gbps 60 Gbps 80 Gbps 80 Gbps

IPSec Throughput (2) 35 Gbps 35 Gbps 50 Gbps 50 Gbps
AV Throughput (3) 20 Gbps 20 Gbps 27 Gbps 27 Gbps
IPS Throughput (4) 25 Gbps 25 Gbps 35 Gbps 35 Gbps
IMIX Throughput (5) 30 Gbps 30 Gbps 40 Gbps 40 Gbps
NGFW Throughput (6) 16 Gbps 16 Gbps 24 Gbps 24 Gbps
Threat Protection Throughput (7) 12 Gbps 12 Gbps 18 Gbps 18 Gbps
New Sessions/s (8) 800,000 800,000 1.1 Million 1.1 Million
Maximum Concurrent Sessions 20 Million 20 Million 30 Million 30 Million
IPSec Tunnel Number 20,000 20,000 20,000 20,000
SSL VPN Users (Default/Max) 8 / 10,000 8 / 10,000 8 / 10,000 8 / 10,000
Virtual Systems (Default/Max) 1 / 500 1 / 500 1 / 500 1 / 500
Storage Options N/A 512G SSD N/A 512G SSD
1 x Console Port, 1 x AUX Port, 1 x 1 x Console Port, 1 x AUX, Port, 1 x 1 x Console Port, 1 x AUX, Port, 1 x 1 x Console Port, 1 x AUX, Port, 1 x
Management Ports
USB Port, 1 x HA, 1 x MGT USB Port, 1 x HA, 1 x MGT USB Port, 1 x HA, 1 x MGT USB Port, 1 x HA, 1 x MGT
Fixed I/O Ports 2 x GE, 8 x SFP+ 2 x GE, 8 x SFP+ 2 x GE, 8 x SFP+, 2×QSFP+ 2 x GE, 8 x SFP+, 2×QSFP+
Available Slots for Expansion 2 x Generic Slot 2 x Generic Slot 2 x Generic Slot 2 x Generic Slot
Modules 1 x Bypass Slot 1 x Bypass Slot 1 x Bypass Slot 1 x Bypass Slot
IOC-8GE-M, IOC-8SFP-M IOC-8GE-M, IOC-8SFP-M IOC-8GE-M, IOC-8SFP-M IOC-8GE-M, IOC-8SFP-M
Expansion Module Option
2MM-BE, 2SM-BE 2MM-BE, 2SM-BE 2MM-BE, 2SM-BE 2MM-BE, 2SM-BE
Twin-mode HA Yes Yes Yes Yes
450W, Dual AC or Dual DC 450W, Dual AC or Dual DC 450W, Dual AC or Dual DC 450W, Dual AC or Dual DC
Power Specification
Redundant Redundant Redundant Redundant
AC 100-240 V 50/60 Hz AC 100-240 V 50/60 Hz AC 100-240 V 50/60 Hz AC 100-240 V 50/60 Hz
Power Supply
DC -40 ~ -60 V DC -40 ~ -60 V DC -40 ~ -60 V DC -40 ~ -60 V
2.5U 17.3 × 18.1 × 4.3 in 2.5U 17.3 × 18.1 × 4.3 in 2.5U 17.3 × 18.1 × 4.3 in 2.5U 17.3 × 18.1 × 4.3 in
Dimension (W×D×H, mm)
(440×460×110 mm) (440×460×110 mm) (440×460×110 mm) (440×460×110 mm)
Weight 30.4 lb (13.8 kg) 30.4 lb (13.8 kg) 30.4 lb (13.8 kg) 30.4 lb (13.8 kg)
Temperature 32-104°F (0-40°C) 32-104°F (0-40°C) 32-104°F (0-40°C) 32-104°F (0-40°C)
Relative Humidity 10-95% (no dew) 10-95% (no dew) 10-95% (no dew) 10-95% (no dew)
Compliance and Certificate CE, CB, FCC, UL/cUL, ROHS, IEC/EN61000-4-5 Power Surge Protection, ISO 9001:2015, ISO 14001:2015, CVE Compatibility, IPv6 Ready, ICSA Firewalls

Module Options
IOC-8GE-M IOC-8SFP-M 2MM-BE 2SM-BE

2SFP Single-Mode Bypass 2SFP Single-Mode Bypass

Names 8GE Expansion Module 8SFP Expansion Module
Expansion Module Expansion Module
2 x SFP, MM Bypass 2 x SFP, SM Bypass
I/O Ports 8 x GE 8 x SFP, SFP module not included
(1 pair bypass port) (1 pair bypass port)
Dimension ½U (Occupies 1 generic slot) ½U (Occupies 1 generic slot) ½U (Occupies 1 generic slot) ½U (Occupies 1 generic slot)
Weight 1.8 lb (0.8 kg) 2.0 lb (0.9 kg) 0.66 lb (0.3 kg) 0.66 lb (0.3 kg)

NOTES:
(1) FW throughput data is obtained under single-stack UDP traffic with 1518-byte packet size;
(2) IPSec throughput data is obtained under Preshare Key AES256+SHA-1 configuration and 1400-byte packet size;
(3) AV throughput data is obtained under HTTP traffic with file attachment;
(4) IPS throughput data is obtained under bi-direction HTTP traffic detection with all IPS rules being turned on;
(5) IMIX throughput data is obtained under UDP traffic mix (64 byte : 512 byte : 1518 byte =5:7:1);
(6) NGFW throughput data is obtained under 64 Kbytes HTTP traffic with application control and IPS enabled;
(7) Threat protection throughput data is obtained under 64 Kbytes HTTP traffic with application control, IPS, AV and URL filtering enabled;
(8) New sessions/s is obtained under TCP traffic.
Unless specified otherwise, all performance, capacity and functionality are based on StoneOS5.5R8. Results may vary based on StoneOS® version and deployment.

www.HillstoneNet.com
© 2020 Hillstone Networks All Rights Reserved.
Version: EX-08.01-NGFW-5.5R8-1120-EN-01