Main Products: Huawei Video Conference ,Huawei Server ,Huawei Storage ,Huawei Switch ,Huawei Router
Huawei USG9560-BASE-DC-V3 NGFW AC
USD $36,000 - $36,000 /Unit
Min.Order:1 Unit
Quick Details View All >
Business Type: Trading Company
California United StatesMain Products: Huawei Video Conference ,Huawei Server ,Huawei Storage ,Huawei Switch ,Huawei RouterProduct Details
USG9560 DC Basic Configuration(include X8 DC Chassis,2*SRU,1*SFU)
Characteritics
With revolutionized system architecture, the USG9500 security gateway series has the industry's highest firewall throughput and the most concurrent connections. With dedicated traffic splitting technology, the overall performance of the USG9500 increases linearly with the addition of SPUs. The USG9500 delivers a maximum of 960 Gbps large-packet throughput, 960 million concurrent connections, and 4096 virtual firewalls. The industry leading performance can meet the performance demand of high-end customers, such as television and broadcast systems, government agencies, energy companies, and education organizations.
Network security is a key point in enterprise operating. To ensure the service continuity on a high-speed network, the USG9500 supports active/standby and active/active redundancy, port aggregation, VPN redundancy, and SPU load balancing. Meanwhile, the USG9500 also supports dual-MPU active/standby switchover to provide high availability. The mean time between failures (MTBF) of the USG9500 is up to 200,000 hours, and the failover time is less than one second. These features ensure the service continuity.
More and more services, such as mobile access, short message notification, and push mail, require secure data transmission over the Internet. To meet these needs, a VPN gateway that supports hundreds of thousands of connections is required. The USG9500 supports VPN gateway redundancy, up to 500 Gbps encryption performance, and 960,000 concurrent VPN tunnels, which are industry's highest standards. The USG9500 supports 4over6 and 6over4 VPN technologies to deal with the evolution from IPv4 to IPv6. The USG9500 also supports USG9500 Series
Cloud Data Center Security Gateway 4 IKEv2, provides improved user authentication, packet authentication, and NAT traversal functions, and prevents attacks, such as man-in-the-middle attacks and denial of service (DoS) attacks. The USG9500 also supports Extensible Authentication Protocol for GSM Subscriber Identity Module (EAP-SIM) and Extensible Authentication
Protocol – Authentication and Key Agreement (EAP-AKA) authentication to protect wireless networks.
The performance of an Intrusion Prevention System (IPS) relies on detection engine performance, signature identification ratio, and processing capacity. With the advanced IPS detection engine and mature signature database, the USG9500 defends against various threats, including unauthorized automatic downloads, spoofing software, spyware/adware, abnormal protocols, P2P anomalies, and exploits that target system vulnerabilities. A single vulnerability-based signature covers thousands of attacks that target at the vulnerability. Supplemented with the globally deployed honeypot system, the USG9500 can capture the latest attacks, worms, and Trojan
horses, thereby providing zero-day attack defense capability. Moreover, to improve real-world IPS performance, the USG9500 uses an internal off-line design and "one board one feature" technology to direct the traffic to be inspected by the IPS to a dedicated module. This method improves IPS performance without compromising basic firewall performance.
The IPv4 addresses are already exhausted and the Internet is smoothly evolving from IPv4 to IPv6. To meet the needs during the transition from IPv4 to IPv6, the USG9500 supports NAT44 (4), DS-Lite, 6RD, and NAT64, thereby providing an effective, flexible, reliable, and cost-effective transition solution for carriers. NAT44 (4) enables the high utilization of IPv4 addresses to prevent the exhaustion of IPv4 addresses; DS-Lite allows the IPv4 application to be used on the newly established IPv6 networks; 6RD provides efficient IPv6 access; and NAT64 enables an IPv6
network to communicate with an IPv4 network. The NAT44 and DS-Lite functions support NAT tracing.
Cloud computing, which relies on virtualization and high-speed network connection, faces security challenges. The USG9500 delivers high throughput and enriched virtual system functions, including resource, configuration, and management virtualization to meet the requirements of different customers. Resource virtualization manages virtual host resources based on quota, management virtualization supports user-defined policies, log management, and auditing for each virtual firewall, and forwarding virtualization enables customized service processing.
Specifications
| Model | USG9520 | USG9560 | USG9580 | |
|---|---|---|---|---|
| Performance and Capacity | ||||
| Firewall throughput (maximum) | 80 Gbps | 480 Gbps | 960 Gbps | |
| Firewall throughput (composite traffic) | 80 Gbps | 480 Gbps | 960 Gbps | |
| Maximum number of concurrent sessions | 80 million | 480 million | 960 million | |
| IPSec VPN performance (3DES) | 48 Gbps | 240 Gbps | 500 Gbps | |
| IPSec VPN performance (AES) | 48 Gbps | 240 Gbps | 500 Gbps | |
| Maximum number of concurrent IPSec VPN tunnels | 128,000 | 640,000 | 1,000,000 | |
| Expansion and I/O | ||||
| Expansion slots | 3 SPU and LPU slots | 8 SPU and LPU slots | 16 SPU and LPU slots | |
| Number of MPU slots | 2 | |||
| Interface module type | 12 x GE SFP, 12 x GE RJ45, 1 x 10GE XFP, 4 x 10GE XFP, 20xGE SFP, 2x10GE XFP, 4x10GE XFP etc. | |||
| Security Functions | ||||
| BASIC FIREWALL | Routing/Transparent/Composite mode State validation detection Blacklist and whitelist Access control ASPF(Application Specific Packet Filter) Security zone division | |||
| NAT/CGN | Destination NAT/PAT NAT NO-PAT Source NAT-IP address persistency Source IP address pool grouping NAT Server Bidirectional NAT NAT-ALG(Application Layer Gateway) Unlimited IP address expansion Policy-based destination NAT Port Range pre-allocated Hair pinning mode SMART NAT NAT64 DS-Lite 6RD(IPv6 Rapid Deployment) | |||
| SERVICE AWARENESS | Identify and Control Over 1,200 Applications: P2P, IM, game, stock, VoIP, video, media stream, mail, mobile, Web browsing, remote access, network management, and news etc. | |||
| VIRTUAL PRIVATE NETWORK (VPN) | DES, 3DES, and AES encryption MD5 and SHA-1 authentication Manually configured key, PKI (X 509), and IKEv2 Perfect forward secrecy (DH group) Anti-replay attack Remote VPN access IPSec NAT Traversal Dead Peer Detection EAP authentication VPN gateway redundancy IPSec V6,IPSec 4 over 6, IPSec 6 over 4 L2TP Tunnel GRE Tunnel | |||
| PKI | PKI certificate requests (PKCS 10) Certificate authority (CA) PKI Authentication: EAP-SIM, EAP-AKA PKI Protocol: SCEP, OCSP, CMPv2 Self-signed certificate | |||
| INTRUSION PREVENTION SYSTEM | Protocol Anomaly Support Custom Signature Support Automatic Attack Database Update Defends against worms, zero-day attacks, Trojans horses, and malware. | |||
| ANTI-DDOS | SYN-flood, ICMP-flood, TCP-flood, UDP-flood, DNS-flood etc. Port-scan, Smurf, Tear-drop, IP-Sweep etc. IPv6-extension-header defend TTL detection TCP-mss detection Attack log output | |||
| HIGH AVALABILITY | Active-Active, Active-Standby Stateful Failover (Huawei Redundancy Protocol) Configuration synchronization Firewall and IPSec VPN session synchronization Device fault detection Link fault detection Dual main board switchover | |||
| NETWORKING/ROUTING | POS/GE/10GE link support DHCP relay/server Policy-based routing Dynamic Routing for IPv4/IPv6 (RIP/OSPF/ISIS/BGP) Multi-zone support Route between zones/Vlans Multi-link Aggregation (Eth-trunk, LACP) | |||
| VIRTUAL FIREWALLS | 4096 virtual firewall(VFW) definition VLAN virtualization Security zones virtualization User defined virtual resources Route between VFW VFW based traffic CAR | |||
| MANAGEMENT | Web UI (HTTP and HTTPS) CLI (console/Telnet/SSH) U2000/VSM network management Hierarchical administrators Software upgrade Configuration rollback | |||
| MONITORING | Structured Syslog SNMP (v2) Binary log Trace route Log server (eLog) | |||
| Dimensions, Power Supply, and Operating Environment | ||||
| Dimensions (H x W x D) | 175 x 442x 650 (4U DC model) 220 x 442 x 650 (5U AC model) | 620 x 442 x 650 | 1420 x 442 x 650 | |
| Weight | DC: Base chassis: 33 lbs (15 kg) DC: Fully configured chassis: 70.5 lbs (32 kg) AC: Base chassis: 55.1 lbs (25 kg) AC: Fully configured chassis: 92.5 lbs (42 kg) | Empty chassis: 43.2 kg Full configuration: 113kg | Empty chassis: 94.4 kg Full configuration: 229 kg | |
| AC power supply | 90 V AC to 275 V AC; 175 V AC to 275 V AC (recommended) | |||
| DC power supply | -38 V to -72 V; Rated -48 V | |||
| Maximum power consumption | 1270 W | 3960 W | 7540 W | |
| Operating temperature | Long term: 0 °C to 45 °C Storage: -40°C to +70 °C | |||
| Ambient humidity | Long term: 5% RH to 85% RH, non-condensing Short term: 5% RH to 95% RH, non-condensing Storage: 0% RH to 95% RH, non-condensing | |||
| CERTIFICATIOn | Safety certification, EMC, CB, Rohs, FCC, MET, C-tick,VCCI | |||
Note: The list above is comprehensive and may contain features which are not available on all USG9500 appliances. Consult USG9500 system documentation to determine feature availability.
Comparison
| Vendor | Product | Description | Huawei Advantages |
| HUAWEI | USG9560 | USG9560, new generation cloud data center firewall USG9500 series 14U Chassis, Dual core distributed platform Support maximum 480Gbps firewall throughput | |
| JUNIPER | SRX5600 | SRX5600,5 slots,Dual power supplies |
| USG9520-BASE-DC-V3 | USG9520 DC Basic Configuration(include X3 DC Chassis,2*MPU) |
|---|---|
| USG9520-BASE-AC-V3 | USG9520 AC Basic Configuration(include X3 AC Chassis,2*MPU),with HW General Security Platform Software |
| USG9560-BASE-DC-V3 | USG9560 DC Basic Configuration(include X8 DC Chassis,2*SRU,1*SFU),with HW General Security Platform Software |
| USG9560-BASE-AC-V3 | USG9580 DC Standard Configuration(include X16 DC Chassis,2*MPU,4*SFU),with HW General Security Platform Software |
| SPU-X3-20-O-E8KE | 20G X3 Firewall Service Processing Unit(oversea),with HW General Security Platform Software |
| SPU-X8X16-20-O-E8KE | 20G X8&X16 Firewall Service Processing Unit(oversea),with HW General Security Platform Software |
| FWCD0LPUKD01 | Flexible Card Line Processing Unit(LPUF-21,2 Sub-Slots) B,With HS General Security Platform Software |
| FWCD00L1XX01 | 1-Port 10GBase WAN/LAN XFP Flexible Interface Daughter Card |
| FWCD00EBGF01 | 12-Port 100/1000Base-X SFP Flexible Interface Daughter Card |
| FWCD00EBGE01 | 12-Port 10/100/1000Base-TX RJ45 Flexible Interface Daughter Card |
| FWCD0LPUND01 | Flexible Card Line Processing Unit(LPUF-40,2 sub-slots) A,with HS General Security Platform Software |
| FWCD00L2XX01 | 2-Port 10GBase LAN/WAN-XFP Flexible Card(P40) |
| FWCD00EFGF01 | 20-Port 100/1000Base-X-SFP Flexible Card(P40) |
Contact Supplier
You May Like
New Products
Popular Searches
Recommended Products
Find Similar Products By Category
Facebook
X
Pinterest
Linkedln