Secospace USG9300 (V100R001)
-
Upload
utopia-media -
Category
Documents
-
view
242 -
download
0
Transcript of Secospace USG9300 (V100R001)
-
8/9/2019 Secospace USG9300 (V100R001)
1/6
Secospace USG9300
Secospace USG9300
V100R001
-
8/9/2019 Secospace USG9300 (V100R001)
2/6
Secospace USG9300
Product Features
Advanced NP+multi-system+distributed
architecture breaking traditional
perormance bottlenecks
The USG9300 adopts architecture in which the control
modules, interace modules, and service processing modules
are mutually independent. Based on dual NPs, the interace
module ensures the line-speed orwarding o interace trafc.
With multi-core and multi-thread architecture, the service
processing module ensures the high-speed concurrent
processing o multiple services, such as the Network Address
Translation (NAT), Application Speciic Packet Filter (ASPF),
anti-DDoS, and VPN services. The USG9300 series includes
the USG9310 and the USG9320. They have 8 and 16 slots
respectively and support multiple service modules. The
USG9300 adopts the distributed concurrent processing
mechanism, which greatly enhances product perormance.
Thereore, users can expand capacity with low investment.
High frewall perormance guaranteeing
key services
The three main indexes o the USG9300 throughput,
new connections per second, and maximum number o
Product Overview
With the emergence o the triple play, Web 2.0, P2P, video
streaming, and high deinition broadband, the need or
network bandwidth is rising exponentially. Gigabit and
10-Gigabit are no longer new concepts. Many switches
and routers have high-capacity 10G interaces. Large
enterprises and organizations, such as nancial organizations,
governments, and educational institutions are integrating
services and expanding their networks. Traditional irewalls
inevitably orm a bottleneck as they are not sufcient or high-
speed networks.
Based on its rich experience o hardware design, Huawei
Symantec has launched its proessional 10-Gigabit security
gateway device: the USG9300. Combining the proessional
network processor (NP) chip with distributed hardware, the
USG9300 eatures advanced NP+multi-system+distributed
architecture. The USG9300 provides rewalls with high Virtual
Private Network (VPN) perormance that satises requirements
or high reliability and perormance. The security o high-end
applications can be met with low CAPEX and the USG9300 can
be applied to high-speed networks, large nancial data centers,
large Web sites, governments, and the vertical networks o
large enterprises.
Product Family
USG9310 USG9320
-
8/9/2019 Secospace USG9300 (V100R001)
3/6
Secospace USG9300
concurrent connections lead the industry. The throughput
o one service processing module is 10G, the number o new
connections per second is 250000, and the maximum number
o concurrent connections is 4000000. The speciications o
one processing module already exceed that o a 10-Gigabit
rewall. The USG9300 has a maximum o 8 service processing
modules, and its overall throughput reaches 80G. The number
o new connections per second is 2000000; the maximum
number o concurrent connections is 32000000; and the
number o virtual irewalls is 1024. The high perormance
and scalability o the USG9300 can meet high-end users'
requirements or high perormance.
Stable and reliable security gateway
ensuring service consistency
Network security is vital or enterprises. The USG9300 supports
reliable networking unctions, such as the hot swapping o
redundant components (the interace, an, and power supply),
dual processing engines, active/standby mode, and active/
active mode. Dierent SPUs o the USG9000 support load
balancing and mutual hot backup, so an anomaly in a single
board will not compromise the entire system. Working in
tandem with the Huawei Symantec BYPASS devices, services
are not be interrupted even i a device becomes aulty or a
power ailure occurs. The mean time between ailures (MTBF)
o the USG9300 is up to 500000 hours, and the ailover time is
less than 0.1 second. Thus, service stability is guaranteed.
Extensive network interaces acilitating
networking
In addition to the high-density Ethernet interaces o 5 x GE, 10
x GE, 24 x GE, and 1 x 10GE, the USG9300 also supports the POS
interaces requently used in backbone networks, including 8 x
155M, 4 x 622M, 4 x 2.5G, and 1 x 10G. It can also connect with
Synchronous Digital Hierarchy (SDH) devices. These eatures
serve to enhance transmission eiciency. The USG9300 has
a maximum interace capacity o 160G, and provides eight
10GE interaces and 196 GE interaces. It supports cross-board
binding to meet the requirements or interace capacity and
density and complex networking scenarios, such as or large
enterprises, DCs, and MANs.
Optimal VPN perormance adapting to
requirements or encrypted transmission o
mass services
With the popularity o network applications, more services
need to be securely transmitted on the public network.
Subsequently, services that require mass the VPN access
gateway o 100-Gigabit emerge, such as mobile security
access, SMS push, and email push. The USG9300 provides a
maximum o 64G encryption and decryption and supports
320000 concurrent VPN tunnels to orm the industrys highest
perorming Virtual Access Gateway.
The USG9300 also supports IKEv2 and enhances the unctions
o user authentication, packet authentication, and NAT
traversal. Thereore, the USG9300 eliminates the hidden
hazards o man-in-the-middle attacks and DDoS attacks, and
supports wireless authentication protocols, such as EAP-SIM
and EAP-AKA. This guarantees wireless network security.
-
8/9/2019 Secospace USG9300 (V100R001)
4/6
Secospace USG9300
Typical Networking Scenario
Deense solution or a large IDC
USG9300
Internet
10G 10G
A Iarge-scale IDC
Basic services Value addedservices
Management &Maintenance services
Other services
Deense solution or vertical network headquarters o governments and large enterprises
USG9300
USG5000
USG2000
10-Gigabit link
Gigabit link
100M link
Headquarters
Private networks
Private networks
Provincial branches
Metroplitan branches
-
8/9/2019 Secospace USG9300 (V100R001)
5/6
Secospace USG9300
Product Specifcations
Model USG9310 USG9320
Number o slots8 slots, in which SPUs and LPUs can be
inserted.
16 slots, in which SPUs and LPUs can be
inserted.
Throughput 10G4 10G8
Number o concurrent connections 40000004 40000008
Number o new connections per second 2500004 2500008
VPN perormance 8G4 8G8
Number o VPN tunnels 400004 400008
Number o virtual rewalls 1024 1024
ReliabilityHot swapping o modules and components, dual-system hot backup, link aggregation, dual
main control boards, and BYPASS
Interace typeEthernet interace 5GE, 10GE, 110GE, 24GE (optical or electrical)
POS inter ace 8155M, 4622M, 42.5G, 110G
Maximum number
o interaces
Ethernet interace 96GE, 410GE 192GE, 810GE
POS interace 162.5G, 410G 322.5G, 810G
Dimensions (mm) (WDH) 442669886 4426691600
Weight 100kg 150kg
Power 700W 900W
Mean time between ailures (MTBF) 57 years 57 years
Application o mass wireless VPN access
AP
USG9300
Firewall/VPN
IPSec security tunnel
APDSLAM
Route AG
Intranet
Business server
Business server
Hundreds or thousands of APs
Mass concurrent VPN access
IKEv2 support
Public network
-
8/9/2019 Secospace USG9300 (V100R001)
6/6
Secospace USG9300
The inormation contained in this document is or reerence purpose only, do not constitute the warranty o any kind, experss or implied. It is
subject to change or withdrawal according to specic customer requirements and conditions.
All the trademarks, pictures, and brands mentioned in this document are the property o Huawei Symantec Technologies Co., Ltd or their
respective holders.
Copyright 2010 Huawei Symantec Technologies Co., Ltd. All rights reserved.
Version No.: M3-110019999-20100120-V-1.0
Secospace USG9300