HUAWEI HiSecEngine USG6500E Series Firewalls (Fixed … · 2020. 7. 29. · HUAWEI HiSecEngine...
9
With the continuous digitalization and cloudification of enterprise services, networks play an important role in enterprise operations, and must be protected. Network attackers use various methods, such as identity spoofing, website Trojan horses, and malware, to initiate network penetration and attacks, affecting the normal use of enterprise networks. Deploying firewalls on network borders is a common way to protect enterprise network security. However, firewalls can only analyze and block threats based on signatures. This method cannot effectively handle unknown threats and may deteriorate device performance. This single-point and passive method does not pre-empt or effectively defend against unknown threat attacks. Threats hidden in encrypted traffic in particular cannot be effectively identified without breaching user privacy. Huawei's next-generation firewalls provide the latest capabilities and work with other security devices to proactively defend against network threats, enhance border detection capabilities, effectively defend against advanced threats, and resolve performance deterioration problems. The product provides pattern matching and encryption/decryption service processing acceleration functions, which greatly improve the firewall ability to process content security detection and IPSec services. HUAWEI HiSecEngine USG6500E Series Firewalls (Fixed-Configuration) Product Appearances HiSecEngine USG6500E Series (Fixed-Configuration)
Transcript of HUAWEI HiSecEngine USG6500E Series Firewalls (Fixed … · 2020. 7. 29. · HUAWEI HiSecEngine...
With the continuous digitalization and cloudification of enterprise services, networks play an
important role in enterprise operations, and must be protected. Network attackers use various
methods, such as identity spoofing, website Trojan horses, and malware, to initiate network
penetration and attacks, affecting the normal use of enterprise networks.
Deploying firewalls on network borders is a common way to protect enterprise network
security. However, firewalls can only analyze and block threats based on signatures. This
method cannot effectively handle unknown threats and may deteriorate device performance.
This single-point and passive method does not pre-empt or effectively defend against unknown
threat attacks. Threats hidden in encrypted traffic in particular cannot be effectively identified
without breaching user privacy.
Huawei's next-generation firewalls provide the latest capabilities and work with other security
devices to proactively defend against network threats, enhance border detection capabilities,
effectively defend against advanced threats, and resolve performance deterioration problems.
The product provides pattern matching and encryption/decryption service processing
acceleration functions, which greatly improve the firewall ability to process content security
detection and IPSec services.
HUAWEI HiSecEngine USG6500E Series Firewalls (Fixed-Configuration)
Product Appearances
HiSecEngine USG6500E Series (Fixed-Configuration)
Product HighlightsComprehensive and integrated protection• Integrates the traditional firewall,VPN, intrusionprevention,antivirus,data leakprevention,
bandwidthmanagement,URLfiltering,andonlinebehaviormanagementfunctionsall inonedevice.
• Interworkswiththe localorcloudsandboxtoeffectivelydetectunknownthreatsandpreventzero-dayattacks.
• Implementsrefinedbandwidthmanagementbasedonapplicationsandwebsites,preferentiallyforwardskeyservices,andensuresbandwidthforkeyservices.
High performance• Enablespatternmatchingandacceleratesencryption/decryption, improvingtheperformancefor
processingIPS,antivirus,andIPSecservices.
DeploymentCloud-based management• Firewalls canproactively registerwithandbequickly incorporated into the cloud-based
managementplatformtoimplementquickdevicedeploymentwithoutmanualattendance.• Remoteserviceconfigurationmanagement,devicemonitoring,andfaultmanagementareused
toimplementcloud-basedmanagementofmassdevicesandsimplifyO&M.
Enterprise HQ
Huawei Public Cloud
Enterprise Branch
Internet
......
Enterprise border protection• Firewallsaredeployedat thenetworkborder.Thebuilt-in trafficprobecanextractpacketsof
encryptedtraffictomonitorthreatsinencryptedtrafficinrealtime.• Thedeceptionfunctionisenabledonthefirewallstoproactivelyrespondtomaliciousscanning
behavior,protectingenterprisesagainstthreatsinrealtime.• Thepolicycontrol,datafiltering,andauditfunctionsofthefirewallsareusedtomonitorsocial
networkapplicationstopreventdatabreachandprotectenterprisenetworks.
Software Features
Feature Description
IntegratedprotectionIntegrates firewall,VPN, intrusionprevention,antivirus,data leakprevention,bandwidthmanagement,anti-DDoS,URL filtering,andanti-spam functions;providesaglobalconfigurationview;managespoliciesinaunifiedmanner.
Applicationidentificationandcontrol
Identifiesover6000applicationsandsupports theaccesscontrolgranularitydowntoapplicationfunctions;combinesapplication identificationwith intrusiondetection,antivirus,anddata filtering, improvingdetectionperformanceandaccuracy.
Cloud-basedmanagementmode
Initiatesauthenticationandregistrationtothecloud-basedmanagementplatformtoimplementplug-and-playandsimplifynetworkcreationanddeployment.Supportsremoteserviceconfiguration,devicemonitoring,andfaultmanagement,implementingthemanagementofmassdevicesinthecloud.
Cloudapplicationsecurityawareness
Controlsenterprisecloudapplications inarefinedanddifferentiatedmannertomeetenterprises'requirementsforcloudapplicationmanagement.
Intrusionpreventionandwebprotection
Accuratelydetectsanddefendsagainstvulnerability-specificattacksbasedonup-to-datethreat information.Thefirewallcandefendagainstweb-specificattacks,includingSQLinjectionandXSSattacks.
AntivirusRapidlydetectsover5milliontypesofvirusesbasedonthedaily-updatedvirussignaturedatabase.
Dataleakprevention(DLP)
Inspectsfilestoidentifythefiletypes,suchasWORD,EXCEL,POWERPOINT,andPDF,basedonfilecontent,andfiltersthefilecontent.
Bandwidthmanagement
Managesper-user andper-IPbandwidth in addition to identifying serviceapplicationstoensurethenetworkaccessexperienceofkeyservicesandusers.Controlmethodsincludelimitingthemaximumbandwidth,ensuringtheminimumbandwidth,andchangingapplicationforwardingpriorities.
Feature Description
URLfiltering
ProvidesaURLcategorydatabasewithover120millionURLsandacceleratesaccesstospecificcategoriesofwebsites,improvingaccessexperienceofhigh-prioritywebsites.SupportsDNSfiltering,inwhichaccessedwebpagesarefilteredbasedondomainnames.Supports theSafeSearchfunctiontofilter resourcesofsearchengines,suchasGoogle,toguaranteeaccesstoonlyhealthynetworkresources.
Behaviorandcontentaudit
Auditsandtracesthesourcesoftheaccessedcontentbasedonusers.
LoadbalancingSupportsserver loadbalancingand link loadbalancing, fullyutilizingexistingnetworkresources.
Intelligentuplinkselection
Supportsservice-specificPBRand intelligentuplinkselectionbasedonmultipleloadbalancingalgorithms(forexample,basedonbandwidthratioandlinkhealthstatus)inmulti-egressscenarios.
VPNencryptionSupportsmultiplehighlyavailableVPNfeatures, suchas IPSecVPN,SSLVPN,L2TPVPN,MPLSVPN,andGRE,andprovidestheHuawei-proprietaryVPNclientSecoClientforSSLVPN,L2TPVPN,andL2TPoverIPSecVPNremoteaccess.
DSVPNDynamicsmartVPN(DSVPN)establishesVPNtunnelsbetweenbrancheswhosepublicaddressesaredynamicallychanged, reducingthenetworkingandO&Mcostsofthebranches.
SSL-encryptedtrafficdetection
DetectsanddefendsagainstthreatsinSSL-encryptedtrafficusingapplication-layerprotectionmethods,suchasintrusionprevention,antivirus,datafiltering,andURLfiltering.
SSLoffloadingReplacesserverstoimplementSSLencryptionanddecryption,effectivelyreducingserverloadsandimplementingHTTPtrafficloadbalancing.
Anti-DDoSDefendsagainstmorethan10typesofcommonDDoSattacks, includingSYNfloodandUDPfloodattacks.
UserauthenticationSupportsmultipleuserauthenticationmethods,includinglocal,RADIUS,HWTACACS,AD,andLDAP.Thefirewallsupportsbuilt-inPortalandPortalredirectionfunctions.ItcanworkwiththeAgileControllertoimplementmultipleauthenticationmodes.
SecurityvirtualizationSupportsvirtualizationofmultiple typesofsecurityservices, includingfirewall,intrusionprevention,antivirus,andVPN.Userscanseparatelyconductpersonalmanagementonthesamephysicaldevice.
Securitypolicymanagement
Managesandcontrols trafficbasedonVLAN IDs,quintuples, securityzones,regions,applications,URLcategories,andtimeranges,andimplementsintegratedcontentsecuritydetection.Providespredefinedcommon-scenariodefense templates to facilitatesecuritypolicydeployment.Providessecuritypolicymanagementsolutions inpartnershipwithFireMonandAlgoSectoreduceO&Mcostsandpotentialfaults.
Diversifiedreports
Providesvisualizedandmulti-dimensional reportdisplaybyuser,application,content,time,traffic,threat,andURL.
GeneratesnetworksecurityanalysisreportsontheHuaweisecuritycenterplatformtoevaluatethecurrentnetworksecuritystatusandprovideoptimizationsuggestions.
Feature Description
RoutingSupportsmultipletypesofroutingprotocolsandfeatures,suchasRIP,OSPF,BGP,IS-IS,RIPng,OSPFv3,BGP4+,andIPv6IS-IS.
Deploymentandreliability
Supportstransparent,routing,andhybridworkingmodesandhighavailability(HA),includingtheActive/ActiveandActive/Standbymodes.
Model USG6525E USG6555E USG6565E USG6585E
FirewallThroughput1
(1518/512/64-byte,UDP)2/2/2Gbit/s 4/4/3.6Gbit/s 6/6/3.6Gbit/s 9/8/4Gbit/s
FirewallLatency(64-byte,UDP) 18µs 18µs 18µs 18µs
FW+SA+IPSThroughput2 1.5Gbit/s 2.1Gbit/s 2.2Gbit/s 2.2Gbit/s
FW+SA+IPS+AntivirusThroughput2 1.5Gbit/s 2.0Gbit/s 2.2Gbit/s 2.2Gbit/s
ConcurrentSessions(HTTP1.1)1 3,000,000 4,000,000 4,000,000 4,000,000
NewSessions/Second(HTTP1.1)1 70,000 78,000 80,000 80,000
MaximumIPsecVPNTunnels(GWtoGW) 4,000 4,000 4,000 4,000
MaximumIPsecVPNTunnels(ClienttoGW) 4,000 4,000 4,000 4,000
IPsecVPNThroughput1
(AES-256+SHA256,1420-byte)2Gbit/s 4Gbit/s 6Gbit/s 6Gbit/s
SSLInspectionThroughput3 300Mbit/s 450Mbit/s 500Mbit/s 550Mbit/s
ConcurrentSSLVPNUsers(Default/Maximum)
100/500 100/1000 100/1000 100/1000
SecurityPolicies(Maximum) 15,000 15,000 15,000 15,000
VirtualFirewalls 50 100 100 100
URLFiltering:Categories Morethan130
URLFiltering:URLs Adatabaseofover120millionURLsinthecloud
AutomatedThreatFeedbackandIPSSignatureUpdates
Yes,anindustry-leadingsecuritycenterfromHuawei(http://sec.huawei.com/sec/web/index.do)
SpecificationsSystem Performance and Capacity
1.TheperformanceistestedunderidealconditionsbasedonRFC2544andRFC3511.Theactualresultmayvarywithdeploymentenvironments.
2.TheAntivirus,IPS,andSAperformanceismeasuredusing100KBHTTPfiles.3.SSLinspectionthroughputismeasuredwithIPSenabledandHTTPStrafficusingTLSv1.2withAES128-GCM-SHA256.*SA:indicatesserviceawareness.
Model USG6525E USG6555E USG6565E USG6585E
Third-PartyandOpen-SourceEcosystem
OpenAPIforintegrationwiththird-partyproducts,providingRESTfulandNetConfinterfacesOtherthird-partmanagementsoftwarebasedonSNMP,SSH,andSyslogCooperationwiththird-partytools,suchasTufin,AlgoSecandFireMonCollaborationwithanti-APTsolution
CentralizedManagementCentralizedconfiguration,logging,monitoring,andreportingisperformedbyHuaweieSightandeLog
VLANs(Maximum) 4094
VLANIFInterfaces(Maximum) 1024
Model USG6525E USG6555E USG6565E USG6585E
Dimensions(HxWxD)mm 43.6x442x420
FormFactor/Height 1U
FixedInterface 2x10GE(SFP+)+8xGECombo+2xGEWAN
Dedicatedmanagementport Yes
USBPort 1xUSB2.0+1xUSB3.0
Weight(FullConfiguration) 5.8kg
ExternalStorage
Optional,SSD(M.2)cardsupported,64GB/240GB
Optional,SSD(M.2)cardsupported,240GB
ACPowerSupply 100Vto240V
Typicalpowerconsumptionofthemachine
35W
PowerSupplies SingleACpowersupply;optionaldualACpowersupplies
OperatingEnvironment(Temperature/Humidity)
Temperature:0°Cto45°CHumidity:5%to95%,non-condensing
Non-operatingEnvironmentTemperature:-40°Cto+70°CHumidity:5%to95%,non-condensing
Hardware Specifications
Product Model Description
USG6525E USG6525E-ACUSG6525EACHost(2*10GE(SFP+)+8*GECombo+2*GEWAN,ACpower)
USG6555E USG6555E-ACUSG6555EACHost(2*10GE(SFP+)+8*GECombo+2*GEWAN,ACpower)
USG6565E USG6565E-ACUSG6565EACHost(2*10GE(SFP+)+8*GECombo+2*GEWAN,ACpower)
USG6585E USG6585E-ACUSG6585EACHost(2*10GE(SFP+)+8*GECombo+2*GEWAN,ACpower)
Function License
SSLVPNConcurrentUsers
LIC-USG6KE-SSLVPN-100 QuantityofSSLVPNConcurrentUsers(100Users)
LIC-USG6KE-SSLVPN-200 QuantityofSSLVPNConcurrentUsers(200Users)
LIC-USG6KE-SSLVPN-500 QuantityofSSLVPNConcurrentUsers(500Users)
LIC-USG6KE-SSLVPN-1000 QuantityofSSLVPNConcurrentUsers(1000Users)
NGFW License
IPSUpdateService
LIC-USG6525E-IPS-1YIPSUpdateServiceSubscribe12Months(AppliestoUSG6525E)
LIC-USG6525E-IPS-3YIPSUpdateServiceSubscribe36Months(AppliestoUSG6525E)
LIC-USG6555E-IPS-1YIPSUpdateServiceSubscribe12Months(AppliestoUSG6555E)
LIC-USG6555E-IPS-3YIPSUpdateServiceSubscribe36Months(AppliestoUSG6555E)
LIC-USG6565E-IPS-1YIPSUpdateServiceSubscribe12Months(AppliestoUSG6565E)
LIC-USG6565E-IPS-3YIPSUpdateServiceSubscribe36Months(AppliestoUSG6565E)
LIC-USG6585E-IPS-1YIPSUpdateServiceSubscribe12Months(AppliestoUSG6585E)
LIC-USG6585E-IPS-3YIPSUpdateServiceSubscribe36Months(AppliestoUSG6585E)
URLFilteringUpdateService
LIC-USG6525E-URL-1YURLUpdateServiceSubscribe12Months(AppliestoUSG6525E)
LIC-USG6525E-URL-3YURLUpdateServiceSubscribe36Months(AppliestoUSG6525E)
LIC-USG6555E-URL-1YURLUpdateServiceSubscribe12Months(AppliestoUSG6555E)
LIC-USG6555E-URL-3YURLUpdateServiceSubscribe36Months(AppliestoUSG6555E)
Ordering Information
Product Model Description
LIC-USG6565E-URL-1YURLUpdateServiceSubscribe12Months(AppliestoUSG6565E)
LIC-USG6565E-URL-3YURLUpdateServiceSubscribe36Months(AppliestoUSG6565E)
LIC-USG6585E-URL-1YURLUpdateServiceSubscribe12Months(AppliestoUSG6585E)
LIC-USG6585E-URL-3YURLUpdateServiceSubscribe36Months(AppliestoUSG6585E)
AntivirusUpdateService
LIC-USG6525E-AV-1YAVUpdateServiceSubscribe12Months(AppliestoUSG6525E)
LIC-USG6525E-AV-3YAVUpdateServiceSubscribe36Months(AppliestoUSG6525E)
LIC-USG6555E-AV-1YAVUpdateServiceSubscribe12Months(AppliestoUSG6555E)
LIC-USG6555E-AV-3YAVUpdateServiceSubscribe36Months(AppliestoUSG6555E)
LIC-USG6565E-AV-1YAVUpdateServiceSubscribe12Months(AppliestoUSG6565E)
LIC-USG6565E-AV-3YAVUpdateServiceSubscribe36Months(AppliestoUSG6565E)
LIC-USG6585E-AV-1YAVUpdateServiceSubscribe12Months(AppliestoUSG6585E)
LIC-USG6585E-AV-3YAVUpdateServiceSubscribe36Months(AppliestoUSG6585E)
ThreatProtectionBundle(IPS,AV,URL)
LIC-USG6525E-TP-1Y-OVSThreatProtectionSubscription12Months(AppliestoUSG6525E)
LIC-USG6525E-TP-3Y-OVSThreatProtectionSubscription36Months(AppliestoUSG6525E)
LIC-USG6555E-TP-1Y-OVSThreatProtectionSubscription12Months(AppliestoUSG6555E)
LIC-USG6555E-TP-3Y-OVSThreatProtectionSubscription36Months(AppliestoUSG6555E)
LIC-USG6565E-TP-1Y-OVSThreatProtectionSubscription12Months(AppliestoUSG6565E)
LIC-USG6565E-TP-3Y-OVSThreatProtectionSubscription36Months(AppliestoUSG6565E)
LIC-USG6585E-TP-1Y-OVSThreatProtectionSubscription12Months(AppliestoUSG6585E)
LIC-USG6585E-TP-3Y-OVSThreatProtectionSubscription36Months(AppliestoUSG6585E)
GENERAL DISCLAIMERThe information in this document may contain predictive statement including, without limitation, statements regarding the future financial and operating results, future product portfolios, new technologies, etc. There are a number of factors that could cause actual results and developments to differ materially from those expressed or implied in the predictive statements. Therefore, such information is provided for reference purpose only and constitutes neither an offer nor an acceptance. Huawei may change the information at any time without notice.Copyright © 2020 HUAWEI TECHNOLOGIES CO., LTD. All Rights Reserved.
Product Model Description
CloudSandboxInspection
LIC-USG6525E-CS-1YCloudSandboxInspection12Months(AppliestoUSG6525E)
LIC-USG6525E-CS-3YCloudSandboxInspection36Months(AppliestoUSG6525E)
LIC-USG6555E-CS-1YCloudSandboxInspection12Months(AppliestoUSG6555E)
LIC-USG6555E-CS-3YCloudSandboxInspection36Months(AppliestoUSG6555E)
LIC-USG6565E-CS-1YCloudSandboxInspection12Months(AppliestoUSG6565E)
LIC-USG6565E-CS-3YCloudSandboxInspection36Months(AppliestoUSG6565E)
LIC-USG6585E-CS-1YCloudSandboxInspection12Months(AppliestoUSG6585E)
LIC-USG6585E-CS-3YCloudSandboxInspection36Months(AppliestoUSG6585E)
FlowProbeFunction
LIC-USG6525E-FP FlowProbeFunction(AppliestoUSG6525E)
LIC-USG6555E-FP FlowProbeFunction(AppliestoUSG6555E)
LIC-USG6565E-FP FlowProbeFunction(AppliestoUSG6565E)
LIC-USG6585E-FP FlowProbeFunction(AppliestoUSG6585E)
N1 License
Foundationpackagefunction
N1-USG6525E-F-Lic N1-USG6525EFoundation,PerDevice
N1-USG6555E-F-Lic N1-USG6555EFoundation,PerDevice
N1-USG6565E-F-Lic N1-USG6565EFoundation,PerDevice
N1-USG6585E-F-Lic N1-USG6585EFoundation,PerDevice
Advancedpackagefunction
N1-USG6525E-A-Lic N1-USG6525EAdvanced,PerDevice
N1-USG6555E-A-Lic N1-USG6555EAdvanced,PerDevice
N1-USG6565E-A-Lic N1-USG6565EAdvanced,PerDevice
N1-USG6585E-A-Lic N1-USG6585EAdvanced,PerDevice
Note: Somepartsofthis table list thesalesstrategies indifferentregions.Formore information,pleasecontactyourHuaweirepresentative.
