Firewalls can (and should) block outbound connections, as well. (Although trying to ultimately clamp down on this in any normal business environment where humans want to web browse is a battle you will ultimately lose if you are trying to completely stop all of it.)
Sure, but then Huawei can say, "well we can't support our hardware if you don't let us access it". Or maybe they would say, "Ok so would you like to pay for on-site support?"
The "phone home" model is one of the safer ones to my knowledge, if only because it allows a blanket "-A INPUT -j drop" rule. Outbound connections should be filtered, yes, but inbound is even more important.
