Abstract

Huawei Technologies commissioned Tolly to evaluate the Huawei Xinghe Intelligent Unified SASE solution against Fortinet’s solution. The main focus of the project was to compare the two offerings across four areas that matter in distributed enterprise networking: SD-WAN automation and service assurance, security protection, zero-trust access control on the intranet, and intelligent operations and maintenance.  

The report presents Huawei’s approach as a tightly integrated “cloud-network-edge-endpoint” SASE architecture built around iMaster NCE-Campus with Qiankun OP, Huawei SASE security gateways, and HiSec Endpoint. Tolly’s evaluation found that Huawei provided broader automation for branch rollout and overlay orchestration, including registration-center ZTP, email-based ZTP, USB-based ZTP, and batch deployment. Huawei also supported automatic orchestration of hub-spoke, full-mesh, multi-region, and service-specific topologies, with support for as many as 16 hub sites, routing domains, forwarding-control separation through route reflectors, and optional tunnel encryption by routing domain or virtual network. Fortinet supported fewer orchestration models and automatic service orchestration for no more than two hubs.  

For SD-WAN operations, both solutions supported local and centralized Internet breakout, batch policy deployment, and dual-gateway resilience. However, Tolly reports that Huawei handled failover more gracefully: when a line fault occurred, both existing and new sessions were switched to the backup path, while on the automatically orchestrated Fortinet SD-WAN only new sessions were switched and existing sessions could be interrupted. Huawei also supported in-band tunnel SLA measurement, service steering for both hub and spoke sites, and hierarchical QoS, while Fortinet’s steering policies were more limited and HQoS was not supported. Huawei’s application identification database covered more than 6,200 applications versus 2,400+ for Fortinet.  

Security was another major differentiator in the report. Huawei’s firewall was credited with 24,000+ IPS signatures, identification of 6,200+ applications, URL filtering against 560+ million URLs in 137 categories, and local DNS filtering with 2 million entries. The corresponding Fortinet figures cited by Tolly were 17,500+ IPS signatures, 2,400+ applications, 300+ million URLs in 90 categories, and about 80,000 local DNS entries. In malware testing, Huawei’s emulator unpacking detected 100% of 1,000 UPX-packed malware variants plus the original TeslaCrypt sample, while Fortinet detected only the original sample. In public malware download tests, Huawei’s firewall achieved threat detection rates up to 95%, compared with 79% for Fortinet.  

The report also emphasizes Huawei’s integrated security and O&M model. Tolly says Huawei’s unified iMaster NCE-Campus platform can correlate events across switches, firewalls, and HiSec Endpoint, isolate compromised hosts near the source, and automate response through more than 2,000 analysis rules. Huawei also required only one endpoint client for intranet admission, EDR, NAC, and ZTNA functions, whereas Fortinet required multiple clients and controllers. On the O&M side, Huawei provided richer visualization, including overlay topology display, application traffic visibility, security forensics highlighting, fault collection tools, standby-link support, tenant rights and domain management, MSP delegation, site isolation, and ESN whitelisting. Overall, the report positions Huawei Xinghe Intelligent Unified SASE as a more automated, more integrated, and more operationally cohesive platform than the compared Fortinet solution in the tested scenarios.