Huawei Battlecard

Company Overview ................................................................................................... 2

Product Overview ...................................................................................................... 4
Weakness.................................................................................................................13
Strength ...................................................................................................................15
Quick Dismiss...........................................................................................................16
Landmines ...............................................................................................................18
Why We Win ............................................................................................................19
Why We Lose ...........................................................................................................20

v1.2, reviewed December 2023

Cisco Confidential – Internal Only Page 1 of 28

Company Overview
Huawei Technologies was founded in 1987 and is headquartered in Shenzhen, China. It has
around 208,000 employees and operates in over 170 countries and regions. Huawei is a
global provider of information and communications technology infrastructure and smart
devices. Huawei serves consumers, telecom operators, and enterprises. Huawei's
enterprise business is only about 21% of its total revenue.

Because of national security concerns, Huawei in the US, Australia, Japan, New Zealand,
Taiwan, and other regions faces product and 5G wireless network project bans, business
contract restrictions, security scrutiny, and related pushback. See full lists

Huawei is privately held. Details of its ownership and control are somewhat unclear. In
Huawei's most recent annual report, it reported 2022 total revenues of around $92.4B, down
0.9% from $94.6B in 2021. However, net profit for 2022 totaled $5.18B, a 69% year-on-year
decline.

Acquisitions

• Vocord, Moscow-based company that focuses on facial recognition technology, Jun

2019 | More information
• HexaTier, Israel- based database security and compliance solutions company, Dec
2016 | More information
• Toga Networks, Israel-based iT networking company, Dec 2016 | More information

Positioning

Enterprise Networking: Go digital faster with Huawei Intelligent Cloud-Network

Analyst Report

2022 Gartner Magic Quadrant for Enterprise Wired and Wireless LAN
Infrastructure: Leader (Huawei) vs. Leader (Cisco)

2022 Gartner Magic Quadrant for Network Firewalls: Challenger (Huawei) vs. Challenger
(Cisco)

Customers & Partners

• 65% of 2021 revenue comes from China, and 21% from EMEA. Source

Cisco Confidential – Internal Only Page 2 of 28

• Customers mentioned on their website: Emaar, Hotel Kapok, Buerodata, Kuveyt Türk
Bank, Orizzonte Village Resort, Lingnan University, and Guangdong Second
Provincial General Hospital.
• Huawei has the following partners:
o Solution Partners: solution partners are mainly ISVs/IHVs/Consulting
companies/SIs who work with Huawei on the building, marketing, and sales
of joint industry solutions.
o Sales Partners: Al Yousuf, Altech, Arrow, CAE, PT DOIS, Ebttikar, EOH,
FIBERDATA, 4Sight, HAND, Infosys, Mustek, Octalpha, PEDAB, SAP, SKY,
Softline, SPIE, SYNNEX, Techaccess, Vector Solutions, Veracomp, Visiontech,
VSTECS, X Web, BG Unified Solutions Pty Ltd.
o Service Partners: Com.Tel S.p.A, Coreun, CTC Global Sdn Bhd, Enterprise
Systems, ITIC, JET, Rasse, REDISUL, Tecco Technology, Tech Vision System
Ltd, telkomtelstra.
o Huawei ICT Academy: an academy authorized by Huawei to use Huawei
certification training material and other content to train its students.
o Huawei Talent Alliance Partners: academies or companies focusing on
education and training, can work with Huawei to develop talents jointly.

Cisco Confidential – Internal Only Page 3 of 28

Product Overview
Meraki Huawei
Switching (MS) √
Wireless LAN (MR) √
Access
Mobile Device
x
Management (SM)
Security and SD-WAN (MX) √
WAN
Cellular Gateways (MG) √
Sensors (MT) x
IoT
Smart Cameras (MV) x

Huawei Enterprise Networking product portfolio includes switches, routers, WLAN, network
security and network management, control, and analysis software.

Solutions include:

• Campus Network Solution

o Low-Carbon Intelligent Campus Network
o Cloud-Managed Network Service
o SD-WAN Branch Interconnection
o HiSec Campus Security
• Data Center Network Solution
• WAN Solution
• Network Security Solution
o HiSec Campus Security Solution
o HiSec Data Center Security Solution
o Branch Security Solution
o HiSec Advanced Threat Defense Security Solution

Switches

• Campus Switches
• Core/Aggregation switch
o CloudEngine S12700E Series Switches
o S12700 Series Agile Switches
o CloudEngine S8700 Series Switches
o S7700 Series Smart Routing Switches
o CloudEngine S6730-H Series 10 GE Switches

Cisco Confidential – Internal Only Page 4 of 28

 o CloudEngine S6730-H Series 25 GE Switches
o CloudEngine S6730-S Series Switches
o CloudEngine S5732-H Series All-Optical Switches
o CloudEngine S5731-H Series Switches
o S6720-HI Series Switches
o S6720-EI Series Switches
o S6720-SI Series Multi GE Switches
o S6720-LI Series Switches
• LAN Access Switches
o CloudEngine S5732-H Series Hybrid Optical-Electrical Switches
o CloudEngine S5731-H Series Hybrid Optical-Electrical Switches
o CloudEngine S5731-L Series Remote Unit Switches
o CloudEngine S5736-S Series All-Optical Switches
o CloudEngine S5736-S Series Multi-GE Switches
o CloudEngine S5732-H Series Multi-GE Switches
o CloudEngine S5732- H Series All-Optical Switches
o CloudEngine S5731-H Series Switches
o S6720-SI Series Multi GE Switches
o CloudEngine S5731-S Series Switches
o CloudEngine S5735-S Series Switches
o CloudEngine S5735-L Series Switches
o CloudEngine S5735-L-Q Series Quiet Switches
o S5730-SI Series Switches
o S5720-EI Series Switches
o S5720-SI Series Switches
o S5720-LI Series Switches
o S5720S-LI Series Switches
• SMB Switches
o CloudEngine S1730S Series Switches
o S2720-EI Series Switches
o S2700 Series Switches
o S1700 Series Switches
• Vertical-Specific Switches
o CloudEngine S5735-S-IA Series Video Backhaul Switches
o CloudEngine S5735-L-I Series Extended Temperature Switches
o CloudEngine S5735-S-I Series Extended Temperature Switches
o S5720I-SI Series Switches with Extended Temperature Switches

Cisco Confidential – Internal Only Page 5 of 28

• Data Center Switches
o Core/Aggregation Switches
▪ CloudEngine 16800 Series Data Center Switches
▪ CloudEngine 12800 Series Data Center Switches
o Access Switches
▪ CloudEngine Data Center Storage Network Switches
▪ CloudEngine 9800 Series Data Center Switches
▪ CloudEngine 8800 Series Data Center Switches
▪ CloudEngine 6800 Series Data Center Switches
▪ CloudEngine 5800 Series Data Center Switches

• Network Analyzers
o iMaster NCE-FabricInsight
An intelligent analysis platform designed for data center networks,
iMaster NCE-FabricInsight is based on telemetry and big data
analytics, providing comprehensive network application analysis and
visualization to users, eliminating the boundary between applications
and networks.

• Network-wide health evaluation: Uses Telemetry to collect

network-wide data in real-time, implementing 24/7 proactive
awareness of network health. Intelligently predicts traffic and
capacity risks, and identifies 90% of potential risks in advance.
• Quick fault locating: Builds the network knowledge graph to
identify more than 75 types of typical faults within 1 minute,
locate them within 3 minutes, and rectify them within 5
minutes. Analyzes network-wide flows based on TCP/UDP and
associates applications with networks, implementing fault
demarcation and location within minutes.
• Comprehensive service assurance: Automatically identifies
configuration and entry changes, improving efficiency by 10
times. Performs automatic network intent verification on the
data plane, comprehensively identifying service interconnection
risks.

Source
o iMaster NCE CampusInsight
Huawei iMaster Network Cloud Engine (NCE)-CampusInsight is an
intelligent network analysis platform that has totally transformed
traditional network resource monitoring. The platform collects
network data in real-time through telemetry, learns network behavior,
and identifies fault patterns based on big data analytics and Machine

Cisco Confidential – Internal Only Page 6 of 28

 Learning (ML) algorithms. This transforms Operations and
Maintenance (O&M) — making it predictive and proactive — identifying
85% of faults before they occur, to elevate the overall user experience
to new levels.

• Real-Time Experience Visibility

o Each region: Displays the status of the entire network
through visualized, multi-dimensional network health
indicators.
o Each client: Visualizes the entire network experience
journey of all network users in real-time.
o Each application: Helps administrators understand the
user experience of audio and video applications in real-
time, with the rapid demarcation of faulty devices.
• Fault Location Within Minutes
o Proactive identification: Proactively identifies 85% of
potential network faults.
o Rapid location: Locates faults within minutes, identifies
root causes, and automatically gives effective
rectification suggestions.
o Intelligent prediction: Compares and analyzes real-time
data with the dynamic baseline to predict possible
faults.
• Intelligent Network Optimization
o Real-time simulation feedback: Evaluates channel
conflicts on wireless networks in real-time and provides
optimization suggestions.
o Predictive optimization: Intelligent radio calibration
improves network-wide performance by over 50%,
verified by independent testing and validation company,
the Tolly Group.
Source

Routers

• Core
oNetEngine 5000E Series
o NetEngine 9000 Series
• WAN Aggregation
o NetEngine 40E Series Routers
o NetEngine 8000 Series Routers
o NetEngine A800 Series Access Router

Cisco Confidential – Internal Only Page 7 of 28

 o NetEngine AR6700 Series Enterprise Routers
o NetEngine AR6300 Series Enterprise Routers
o NetEngine AR6200 Series Enterprise Routers
o NetEngine AR8000 Series Enterprise Routers
• Branch
o NetEngine AR6100 Series Enterprise Routers
o NetEngine AR650 Series Enterprise Routers
o NetEngine AR610 Series Enterprise Routers
• SME & SOHO
o NetEngine AR650 Series Enterprise Routers
o NetEngine AR610 Series Enterprise Routers
• vRouter: NetEngine AR1000V Virtual Router
• Industrial Router: AR502H Series Edge Computing IoT Gateways
• Multi-Service Control Gateways: ME60 Series
• Multi-Service Packet Transport Platforms
o PTN 7900 Series
o PTN 900 Series

WLAN Solution

• Indoor Access Point

o AirEngine 8760-X1-PRO Access Point
o AirEngine 6700 Series
▪ AirEngine 6760-X1 & 6760-X1E Access Point
▪ AirEngine 6761-21 & AirEngine 6761-21E Access Point
▪ AirEngine 6761-22T Access Point
▪ AirEngine 6761-21T Access Point
o AirEngine 5700 Series
▪ AirEngine 5762-16W Access Point
▪ AirEngine 5760-51 Access Point
▪ AirEngine 5761-21 Access Point
▪ AirEngine 5761-12 Access Point
▪ AirEngine 5761-11 Access Point
▪ AirEngine 5762-12 Access Point
▪ AirEngine 5761-12W Access Point
▪ AirEngine 5761-11W Access Point
▪ AirEngine 5762-15HW Access Point
▪ AirEngine 5762-13W Access Point

Cisco Confidential – Internal Only Page 8 of 28

 ▪ AirEngine 5762-12SW Access Point
▪ AirEngine 5760-10 Access Point
o AP7000 Series: AirEngine AP7060DN Access Point
o AP6000 Series: AP6750-10T Access Point
o AP5000 Series
▪ AP5510-W-GP Access Point
▪ AP5030DN & AP5130DN Access Points
o AP4000 Series
▪ AP4050DE-M Access Point
▪ AP4050DN-E Access Point
▪ AP4051DN Access Point
▪ AP4030TN Access Point
o AP2000 Series
▪ AP2051DN & AP2051DN-E Access Points
▪ AP2051DN-S Access Point
• Outdoor Access Points
o AirEngine 5761R-11 & AirEngine 5761R-11E Access Points
o AirEngine 8700R Series: AirEngine 8760R-X1 & 8760R-X1E Outdoor Access
Points
o AirEngine 6700R Series: AirEngine 6760R-51 & 6760R-51E Access Points
o AP8000 Series
▪ AP8082DN & AP8182DN Access Points
▪ AP8050TN-HD Access Point
▪ AP8050DN & AP8150DN Access Points
• Rail Transportation Access Points: AirEngine 6760-51EI Access Point
• Agile Distributed Access Points
o AirEngine 9700D-M Central Access Point
o AD9431DN-24X Central Access Point
o R250D Remote Units
o R251D & R251D-E Remote Units
• Access Controllers
o AirEngine 9700-M1 Access Controller
o AirEngine 9700 Series: AirEngine 9700-M Access Controller
o AC6000 Series
▪ AC6800V Access Controller
▪ AC6805 Access Controller
▪ AC6508 Access Controller
o Wireless Access Controller Cards/Unit

Cisco Confidential – Internal Only Page 9 of 28

 ▪ Native Wireless Access Controller Cards
▪ ACU2 Wireless Access Controller Unit

Network Security Solution

• Firewall and Application Security Gateway

o HiSecEngine USG12000 Series AI Firewalls
o HiSecEngine USG6600E Series AI Firewall (Fixed-Configuration)
o USG9500 Series Terabit-Level Next-Generation Firewall
o USG6700E Series AI Firewall (Fixed-Configuration)
o HiSecEngine USG6600F Series AI Firewalls
o HiSecEngine USG6700F Series AI Firewalls
o USG6000V Virtual Service Gateway
o HiSecEngine USG6500E Series AI Firewalls (Fixed-Configuration)
• DDoS Protection Systems
o AntiDDoS1000 Series DDoS Protection Systems
o AntiDDoS8000 Series DDoS Protection Systems
o AntiDDoS12000 series anti-DDoS system
• Anti-APT Based on Big Data Analysis
o HiSec Insight Advanced Threat Analytics System: Defends against APT
attacks by using big data analytics and machine learning, with the ability to
detect resource reconnaissance, external penetration, command and control,
internal transmission, and data forwarding.
o Security Event Management Center (eLog): Providing superb performance,
reliability, security, and scalability when implementing mass storage, unified
management, and convenient operation and maintenance, meeting the needs
of log management and security audit.
• SecoManager Security Controller

Security service orchestration, unified policy management, and high-performance log

management for data centers, campus networks, and branch networks. SecoManager
collaborates with network devices, security devices, and a big data-based intelligent
analytics system — HiSec Insight — to establish a network-wide security defense system
that is capable of detecting, analyzing, and handling threats.

Network Management, Control, and Analysis Software

• Campus ADN Management and Control System

o iMaster NCE-Campus: An intelligent network automation platform that
integrates management, control, analysis, and AI functions, providing full-

Cisco Confidential – Internal Only Page 10 of 28

 lifecycle automation of campus networks, while implementing intelligent fault
closure through big data analytics and AI.
o iMaster NCE-CampusInsight: An intelligent network analysis platform that
has totally transformed traditional network resource monitoring. The platform
collects network data in real-time through telemetry, learns network behavior,
and identifies fault patterns based on big data analytics and Machine
Learning (ML) algorithms. This transforms Operations and Maintenance
(O&M) — making it predictive and proactive — identifying 85% of faults before
they occur, to elevate the overall user experience to new levels.
• Data Center ADN Management and Control System
o iMaster NCE-Fabric: A network automation and intelligence platform
integrating management, control, analysis, and AI functions, to efficiently
translate business intent into configurations and policies for the physical
network.
o iMaster NCE-FabricInsight: An intelligent analysis platform designed for data
center networks, iMaster NCE-FabricInsight is based on telemetry and big
data analytics, providing comprehensive network application analysis and
visualization to users, eliminating the boundary between applications and
networks.
• WAN ADN Management and Control System
o iMaster NCE-IP: A core component of the Huawei IP WAN solution that
maximizes the value of networks, with flexible and robust management
capabilities, for the rapid deployment and provisioning of VPN services on
WANs.
o Network Cloud Engine-Transport: A key component for a transport network to
evolve towards Software-Defined Networking (SDN). Applicable to backbone,
metro, and enterprise access networking settings, it provides a variety of
functions and features, such as real-time resource visualization, fast service
provisioning, and automatic network O&M. It drives the evolution of next-
generation transport networks, meeting new requirements for innovative
service experiences and flexible and efficient networks, required by enterprise
private lines and DC interconnection.
• Access ADN Management and Control System
o iMaster NCE-FAN: Featuring intelligent O&M and automated management
and control, iMaster NCE-FAN enables carriers to improve user experience
and troubleshooting efficiency — overhauling the traditional complaint-driven
approach to O&M and building next-generation automated access networks.
• Optical ADN Management and Control System
o iMaster NCE-T: Featuring real-time resource visualization, agile service
provisioning, and automatic network O&M, the iMaster NCE-T meets the
network requirements of enterprise private lines and DC interconnection,
delivering an innovative service experience while remaining flexible and
efficient.
• SD-WAN ADN Management and Control System

Cisco Confidential – Internal Only Page 11 of 28

o iMaster NCE-WAN: an autonomous driving network management and control
system that implements network virtualization, centralized policy
management, and cloud management for enterprise branch networks.

Cisco Confidential – Internal Only Page 12 of 28

Weakness
Unnecessary complexity in remote management of branches

Multinationals setting up overseas branches value the ability to quickly and easily set up
and operate branches with limited or no IT support.

Huawei is unable to meet this need due to its lack of zero-touch

provisioning and limitations in SD-WAN and remote troubleshooting. Furthermore, ongoing
management of remote branches is complicated by multiple management systems and
is limited to 2000 sites.

Complex and fragmented management

Huawei is operated through five management platforms, creating complexity and

additional costs: Management systems for Huawei include iMaster NCE-Campus, iMaster
NCE-Fabric, iMaster NCE-IP, iMaster NCE-Transport, and iMaster NCE-WAN.

Meraki offers a complete cloud-native platform that gives unified visibility and control over
switching, wireless LAN, mobile device management, security, SD-WAN, cellular gateway,
sensors, and smart cameras. Meraki seamlessly integrates with over 250 apps in the
Meraki Marketplace.

Basic Security

Huawei does not support content filtering and URL filtering out-of-the-box (URL only
supports black list). Meraki MX supports this.

Meraki offers robust security features like Intrusion Detection System (IDS)/Intrusion
Prevention System (IPS), content filtering, web search filtering, anti-malware, geo-IP-based
firewalling, and IPsec VPN connectivity while providing the performance required for
modern, bandwidth-intensive networks. Organizations of all sizes and across all industries
rely on the Meraki MX to deliver secure connectivity to hub locations or multi-cloud
environments, as well as application quality of experience.

Additional weakness

• Huawei does not provide advanced technical support for partners for free, outside
of China.
• Huawei public cloud is not available in the EU, they will have to rely on partners to
provide cloud for EU customers.
• Huawei SD-WAN's VPN and Internet connection times are 148s and 143s, whereas
Meraki MX's VPN and Internet connection times are 55s and 56s.

Cisco Confidential – Internal Only Page 13 of 28

• Meraki switches support the connected Ethernet cable for remote physical layer
connectivity testing, Huawei provides the panel but it fails real-world testing.
• Slow customer support response. Huawei customers have reported that support
outside China is often received through partners, which leads to longer response
times

Cisco Confidential – Internal Only Page 14 of 28

Strength
• Huawei has a local advantage in China. vs. Meraki, a US company.
• Huawei is less expensive than Meraki (and Cisco).
• Huawei claims to have better hardware performance than Meraki.
• Huawei has a lot of salespeople in China compared to Meraki.
• Huawei customers can manage devices through GUI and CLI.
• Huawei iMaster NCE-Campus supports digital twin technology as a management
model, allowing mapping of physical networks to a digital twin model, which can
simulate, test, and verify network planning.

Cisco Confidential – Internal Only Page 15 of 28

Quick Dismiss
Unsuitable for remotely deploying and operating branch sites

Multinational companies including Chinese multinationals setting up overseas branches

and multinationals setting up branches in China have a strong requirement for being able to
quickly and easily set up branches with limited or no IT support.

Huawei is unable to meet this need due to its lack of zero-touch

provisioning and limitations in SD-WAN and remote troubleshooting. Huawei enterprise
networking is designed to be operated onsite by professionals with at least basic IT
skills. Furthermore, ongoing management of remote branches is complicated by multiple
management systems and is limited to 2000 sites.

How will you manage remote branches if you choose Huawei?

Meraki offers a proven approach to zero-touch provisioning that can be deployed across
thousands of sites with no local IT support. Branch deployments can be operated remotely
from a single pane of glass because Meraki offers a complete cloud-native platform that
gives unified visibility and control over switching, wireless LAN, mobile device management,
security, SD-WAN, cellular gateway, sensors, and smart cameras. Meraki seamlessly
integrates with over 250 apps in the Meraki Marketplace

Geopolitical concerns

The United States has longstanding national security concerns with Huawei, which led to
the passage of the Secure and Trusted Communications Networks Act of 2019. It has also
accused the company of stealing intellectual property and circumventing sanctions. Huawei
equipment is banned for use in telecommunication networks in the United States and other
countries including the UK, Canada, Australia, and New Zealand.

Full list of countries and restrictions placed on Huawei.

List of vendors covered by the Secure and Trusted Networks Act of 2019.

Are you sure you will never need to deploy networks in countries that reject Huawei?

Huawei: a business in rapid decline

Huawei's business is in free fall. 2021 revenues declined by 28% compared to 2020, falling
from $133B to $94B, a staggering drop of $39B dollars in just one year.

Cisco Confidential – Internal Only Page 16 of 28

For how much longer can Huawei sustain this collapse?

Cisco Confidential – Internal Only Page 17 of 28

Landmines
• Do you need to manage remote branches?

Huawei cannot meet this need due to its lack of zero-touch provisioning and limitations in
SD-WAN and remote troubleshooting. Huawei enterprise networking is designed to be
operated onsite by professionals with at least basic IT skills.

• Are all of your current and planned future sites in jurisdictions that are free of
restrictions on Huawei?

The United States has longstanding national security concerns with Huawei. Huawei
equipment is banned for use in telecommunication networks in the United States and other
countries, including the UK, Canada, Australia, and New Zealand.

Cisco Confidential – Internal Only Page 18 of 28

Why We Win
We would most likely win against Huawei because:

• Prospects that are global companies with branches they need to manage remotely
without dedicated local IT staff are attracted to Meraki's zero-touch provisioning and
unified visibility and control. Configuring Huawei products is difficult and labor-
intensive.
• Cisco Meraki has been providing cloud-only networking solutions for more than 16
years, and we are trusted by thousands of companies globally. Huawei first
introduced its cloud solution in 2019. Since enterprise networking is a small part of
Huawei's business (around 16%), they lack the focus to catch up with Meraki.

Note that Huawei products may appear similar to Meraki products in PowerPoint
presentations and websites. Encourage prospects to run a POC to compare deployment
and provisioning of Meraki vs. Huawei.

Cisco Confidential – Internal Only Page 19 of 28

Why We Lose
• Lower costs. Huawei appears to be less expensive than Meraki (and Cisco).
• Chinese enterprises may prefer Huawei because it is a Chinese company based in
China.

Cisco Confidential – Internal Only Page 20 of 28

Leader (Huawei)

Huawei - 2022 Gartner Magic Quadrant for Enterprise Wired and Wireless LAN
Infrastructure

Huawei is a Leader in this Magic Quadrant. This is its first year in the Leader’s quadrant for
this research. This is largely due to strong market execution, despite adverse geopolitical
conditions, and progress in its marketing strategy, which has allowed it to remain the third-
largest provider in this market (in terms of global revenue share). The company has also
weathered supply chain issues better than other vendors. Its CloudEngine S series
switches, AirEngine wireless APs and associated network software products are broadly
focused on addressing a wide range of use cases. Huawei’s operations are globally diverse,
with clients across multiple verticals and sizes. However, geopolitical issues cause Huawei
to have virtually no presence in North America and limited penetration in a few other

Cisco Confidential – Internal Only Page 21 of 28

countries, such as Australia and the U.K., where it ceased operations of its own accord.
Gartner expects Huawei to continue to invest in AI and ML functionality, in addition to
automation and network orchestration capabilities across its portfolio.

Strengths

• Comprehensive product portfolio: Huawei has a comprehensive wired and

wireless product portfolio. This allows it to address all customer use cases and price
competitively compared to most of its competitors.
• AI- and ML-enabled network management platform: The iMaster NCE-Campus
network management platform provides AI-driven Wi-Fi, wired and WAN network
assurance services, and user policy orchestration, plus the ability to simulate, test
and verify network planning.
• Wireless-first support: Huawei is focused on supporting firms that are adopting a
“wireless-first” strategy. A focus on integrated features that support ease of
management and high levels of end-user experience has contributed to growth in
Wi-Fi revenue of over 50% in 2021.

Cautions

• Geopolitical challenges: Ongoing geopolitical challenges and questions around the

security integrity of its network portfolio limits Huawei’s exposure in some regions,
including North America, the U.K. and Australia.
• Weak product branding recognition in some markets: Gartner has observed that
potential buyers interested in adopting Huawei in some markets outside the APAC
region ask about the company and its products in generalities and, usually, in
relation to pricing rather than specific products or technologies.
• Less influential on technical market direction than other market leaders:
Despite having the third-largest market share by revenue (behind Cisco and HPE,
respectively), Huawei does not deliver groundbreaking innovation that would shape
the market on its own terms.

Cisco Confidential – Internal Only Page 22 of 28

Leader (Cisco)

Cisco – 2022 Gartner Magic Quadrant for Enterprise Wired and Wireless LAN
Infrastructure

Cisco is a Leader in this Magic Quadrant. Its Catalyst and Meraki wired and wireless
products deliver one of the most comprehensive hardware and application portfolios that
can address enterprise network requirements for all scales. Cisco’s operations are
geographically diversified, and the company has the largest channel partner footprint
among all network equipment vendors. Cisco continues to invest in the capabilities of Cisco
DNA Center, its on-premises network management and orchestration platform, which is
inclusive of its software-defined architecture (SDA). Cisco announced its Cisco+ offering in
2021, which primarily offers an alternative consumption model for its enterprise hardware. In
June 2022, Cisco announced monitoring and limited configuration capabilities of its Catalyst

Cisco Confidential – Internal Only Page 23 of 28

portfolio with Meraki Dashboard. Therefore, the vendor will be investing in increasing
functionalities, achieving use-case parity and delivering experience consistency across the
two portfolios.

Strengths

• Vast wired and wireless portfolio: The breadth and scope of Cisco’s wired and
wireless hardware and software products, and ancillary device ecosystems, enable
the company to address use cases across nearly all scenarios.
• Strong global channel ecosystem: Cisco’s global internal sales and partner
channel enables it to address and support enterprise presales engineering and
procurement requirements, irrespective of location.
• DNA Center management platform: Primarily an on-premises deployment option
via either a physical or a virtual form factor. DNA provides an AI/ML-enabled network
management platform that can help reduce configuration burden, improve
troubleshooting and decrease operational complexities for customers across the
Catalyst wired and wireless portfolio.

Cautions

• Mandatory DNA licensing: All new purchases of Catalyst wired switching products
require mandatory DNA licensing for 36 months, whether the customer intends to
use Cisco DNA Center or not. This results in many Catalyst customers paying for
features and functionalities that they will not use.
• Overlapping product lines and tools: Catalyst products cater to various segments,
ranging from large enterprises to midsize enterprises. However, Meraki also targets
many of the same market segments. Additionally, Cisco has two separate
management products: Cisco’s DNA Center and Meraki Dashboard, neither of which
currently fully monitors or provides full cross-platform configuration functions.
• Lackluster Cisco+ Offering: Cisco announced its Cisco+ hardware “as a service” in
2021; however, it is largely relegated to a consumption and managed services
model. Cisco has not invested in dedicated hardware that would support true NaaS
cloudlike technical feature flexibility. Therefore, interest and adoption of Cisco+
remains in the low single digits.

Cisco Confidential – Internal Only Page 24 of 28

Challenger (Huawei)

Huawei - 2022 Gartner Magic Quadrant for Network Firewalls

Huawei is a Challenger in this Magic Quadrant. A large product portfolio makes Huawei a
desirable vendor for customers who want to consolidate. Huawei has different firewalls for
different use cases. It often wins deals based on its price/performance.

Huawei is a large infrastructure vendor with a diverse product portfolio. Its firewalls, which
include the USG series for enterprise and the Eudemon series for carriers, are part of its
network security product portfolio.

Cisco Confidential – Internal Only Page 25 of 28

Major updates in 2022 relating to Huawei’s firewalls have included enhancements to
routing, SD-WAN and sandboxing capabilities.

Strengths

• Scalability: Huawei has a large base of carrier and data center customers. As a
result, it offers highly scalable appliances. Of all the vendors evaluated in this Magic
Quadrant, Huawei offers support for the most virtual firewall instances in its
dedicated hardware appliance models and scalable management console.
• Cloud-native firewall: Huawei offers a cloud-native firewall service for Huawei
Cloud, as well as a container firewall service called the Container Guard Service
(only for Huawei Cloud). The container firewall offers features such as container
runtime security and image security with vulnerability management. It can be
managed from a centralized console within Huawei Cloud.
• Advanced threat detection: Huawei offers threat correlation capabilities between
its firewall, native EDR and XDR platforms. Clients can also utilize managed
detection and response (MDR) services offered directly by Huawei, which are sold
as Qiankun Border Protection and Response.
• Pricing: Huawei’s firewalls have a competitive price/performance ratio. Their TCO is
one of the lowest in the market. Huawei often wins deals on this basis.

Cautions

• Regional partnerships: Huawei’s partners are mostly limited to Chinese

companies. For example, its ZTNA offering can integrate with Bamboo Cloud’s IAM
solution, while, for EDR, Huawei has partnered with Jiangmin and Leagsoft.
• Offerings outside Huawei Cloud: Although Huawei offers virtual cloud firewall,
container firewall and microsegmentation products, these are primarily for Huawei
Cloud. Only recently has Huawei partnered with Microsoft Azure for a cloud firewall.
• IoT security: Huawei firewalls offer only basic IoT-related security. They lack
features such as IoT discovery. Huawei only offers limited signature-based
protection of regular IoT vulnerabilities through the IPS signature database in its
firewalls.
• ELA: Despite having a large product portfolio, Huawei does not offer ELA-based
deals. An ELA would make deals involving multiple years and multiple products
easier for customers to understand and accept.

Cisco Confidential – Internal Only Page 26 of 28

Challenger (Cisco)

Cisco - 2022 Gartner Magic Quadrant for Network Firewalls

Cisco is a Challenger in this Magic Quadrant. Cisco has a large product portfolio and its
firewalls are often sold as a part of large deals.

Cisco is an infrastructure vendor. It has different firewall product lines for different
deployment use cases: the Cisco Secure Firewall, Cisco Adaptive Security Appliance
(ASA), Cisco Secure Workload and Cisco Meraki series. In addition, Cisco offers the
Umbrella Secure Internet Gateway (SIG) for FWaaS, and industrial firewalls (the Secure
Firewall Industrial Security Appliance [ISA] series).

Cisco Confidential – Internal Only Page 27 of 28

Major updates in 2021 and 2022 have included native support for TLS 1.3 decryption;
support for Cisco Secure Firewall Threat Defense in Alibaba Cloud and Alkira; and the
cloud-delivered Secure Firewall Management Center. Cisco also added a managed
subscription service for VPN, which enables Cisco to manage scale and change for users
with options including Umbrella SIG support.

Strengths

• IoT/industrial control system (ICS) security: Cisco offers IoT security, having
formed a partnership with Rockwell to secure ICSs. Cisco has a dedicated IoT
research team within the Cisco Talos Intelligence Group. Cisco Secure Firewalls
receive building management and medical asset information from Cisco Digital
Network Architecture’s (DNA’s) endpoint analytics.
• Licensing: Cisco has a diverse, flexible collection of licensing agreements that allow
organizations to deploy whichever Cisco security solutions make sense for their use
cases, in deals with favorable commercial terms.
• Customer feedback: Clients consider the SecureX cloud-based threat correlation
solution platform included with Cisco products a strength. They praise Cisco for
continuing to deliver above-average technical support.
• Distributed-office use case: Cisco offers Meraki firewalls to connect remote
offices. These firewalls benefit from tight integration with Cisco Umbrella for SASE
use cases. Ease of deployment is enabled by zero-touch provisioning, which also
provides connectivity assurance with VPN monitoring. Cisco also offers a dedicated
FWaaS offering through Cisco Umbrella.

Cautions

• Multiple firewall product lines: Cisco’s firewall portfolio is confusing, with

overlapping product capabilities. This can result in deployment of products with
different operating systems, which increases learning curves and slows
effectiveness.
• Container firewall: Cisco lacks a dedicated containerized firewall offering to protect
containers. It offers the Cisco Secure Workload microsegmentation product line for
container security.
• Sales execution: Cisco Secure Firewalls are generally sold as a part of bigger
Cisco enterprise license agreement (ELA) deals and lack visibility in pure firewall
deals. Although Cisco Meraki MX firewalls are popular for the distributed-office use
case, Gartner does not see Cisco firewalls preferred on clients’ shortlists for other
use cases, such as cloud firewalls and data centers.
• Customer feedback: We hear feedback from Gartner clients that Cisco’s reseller
partners are not recommending Cisco Secure Firewalls because of legacy instability
issues and buggy firmware. The firewall management GUI is a work in progress, and
some Cisco clients report that the firewall management is comparatively weak.
Additionally, clients find Cisco Secure Firewalls expensive when purchased outside
an ELA deal.

Cisco Confidential – Internal Only Page 28 of 28