HUAWEI Secospace USG2000 Datasheet

Issue Date Issue 1.0 2013-05-29

HUAWEI TECHNOLOGIES CO., LTD.

HUAWEI Secospace USG2000 Datasheet

Products Overview
The USG2000 series is Huawei's unified security gateway developed to meet the network security needs of various organizations including the government, enterprises, and data centers. Based on industry-leading software and hardware architectures, the USG2000 series offers user-based security policies which integrate the professional security technologies including IPS, anti-virus (AV), URL filtering, application control, and anti-spam (AS). This series supports IPv6 protection and related transition technology, and provides powerful, scalable, and sustainable security capabilities for customers in sectors as diverse as government, banking, power generation, telecommunications, petroleum, education, and manufacturing.

Product Features
Exceptional performance and high stability

Superior performance for mass service processing: a maximum of 2G firewall throughput, 500M VPN throughput, and high-capacity NAT, working at Routing mode, Transparent mode and Composite mode.

High-density ports for various application scenarios: up to 26-Gigabit and 16-Fast Ethernet high-density ports provide security on different networks, and help you with the creation of security zones.

Super-long MTBF, ensuring service continuity: Redundant configuration of key components, mature link switchover. A stable software platform for over 10 years' commercial use and more than 100,000 devices on live networks around the world makes for you a sustainable working environment.

Professional security for secure networks

Huawei Confidential Page2

HUAWEI Secospace USG2000 Datasheet

Industry-leading AV engine with 99% identification accuracy: Based on Symantec's extensive experience in AV technology, the AV engine features file-class content scanning. The USG2000 series integrates the AV technology with global-leading emulation environment and virtual execution technology to provide a 99% identification ratio, acknowledged by numerous international assessment organizations.

Professional IPS engine, disabling attack variants: With traditional attack code-based defenses, a huge signature database needs to be maintained and updated to defend against attack variants. This overloads the IPS engine and leads to substandard detection performance and a high rate of false negatives and false positives. The USG2000 series is backed by Symantecs advanced vulnerability defense technology and delivers virtual patches for vulnerabilities (instead of attack code), disabling various attack variants.

Comprehensive AS capabilities: Ensures the security of enterprise mail servers. Employees' emails are filtered based on the mail body, subject, keyword, or attachment to avoid information leak and the import of insecure factors.

Real-time updates by a professional team, defending against zero-day attacks: A globally deployed honeynet system, together with a professional team of over 300 people, make it possible to keep abreast of the latest, hottest, and most dangerous system and software vulnerabilities. You get rapid defense against zero-day attacks and a more secure office network.

Online behavior management, improving employee productivity

Plentiful website categories, building a green Internet access environment: The URL database containing 65 million website URLs and over 130 content categories helps to shield against Trojan horse-embedded and phishing sites, block pornographic and gambling sites, deliver green network environment, regulate employee online behaviors and prevent them from engaging in activities that would harm internal network security, and avoid lawful risks.

Sophisticated application management, creating an efficient office network: The USG2000 series identifies over 1500 application protocols. Multi-dimensional control measures based on the time, applications, users, bandwidth, and connection numbers ensure bandwidth for mission-critical services and improve the bandwidth usage. You can work more efficiently and have P2P, IM, game sites, and other websites under control.

Various reports: The USG2000 series displays user behaviors by user, application,
Huawei Confidential Page3

HUAWEI Secospace USG2000 Datasheet

traffic, and behavior to help you learn about network status.

Flexible configuration and quick deployment

User-oriented security policy: The USG2000 series provides authority control of fine granularity based on technologies such as user-based access control, traffic limiting, application control and content security, and policy-based routing. Free from the complexity of IP-based configuration, the USG2000 series is easy and flexible to configure and provides more accurate authority control.

Unified policy configuration: You can configure all policies on a centralized configuration interface, which simplifies speeds up, and ensures the completeness of the configuration.

Professional configuration wizard: The USG2000 series provides a Web-based configuration wizard and a friendly user interface to guide administrative operations.

Application Scenarios
Network Isolation and VPN Interconnection

Challenges for customers: Network areas are not clearly divided, access control is insufficient, and the data transmitted between mobile employees or branches and the headquarters is likely to be intercepted or tampered.

Highlights of the solution: delivers high throughput to avoid bottleneck at network borders, supports security zones to clearly divide networks, offers flexible packet filtering policies to accurately control communication, and decapsulates and checks packets of VPN users to ensure the security of data communication.

Huawei Confidential

Page4

HUAWEI Secospace USG2000 Datasheet

External Threat Prevention

Challenges for customers: Coming along with the abundant Internet resources are threats such as DDoS attacks, malicious intrusions and viruses.

Highlights of the solution: The capabilities of supporting large numbers of concurrent connections and new connections per second help to combat the numerous DDoS attacks. Empowered by Symantec's advanced IPS and anti-virus technologies as well as vulnerability-based and real-time updated signature database, the USG2000 series implements near-zero false positives and negatives and a detection ratio of higher than 99%; defends against diversified threats from the Internet, and ensures the security of the intranet.

Huawei Confidential

Page5

HUAWEI Secospace USG2000 Datasheet

Product Specifications
USG2110-F Model USG2110-F-W Expansion and I/O 1*10/100 WAN 2*10/100 WAN Fixed Ports 8*10/100 LAN 8*10/100 LAN Max Ethernet Ports Expansion slots 10FE / 9FE / 8*10/100 LAN 9FE / 1DMIC) 2 FIC(or 1DFIC) MIC: 1 x FE (RJ45), 5 x FE (RJ45), 1 x E1, 1 x CE1, 1 x Wi-Fi, 1 x SA, 2 x SA, 1 x ADSL2+, 4 x G.SHDSL.bis, 2 x G.SHDSL.bis, 1 x G.SHDSL.bis, 3G-WCDMA, 3G-CDMA2000 DMIC: 8 x FE (RJ45)+2 x GE (RJ45) Expansion Cards N FIC: 2 x E1, 2 x CE1, 4 x E1, 4 x CE1, 8 x E1, 8 x CE1, 2 x FE (RJ45+2 x FE (combo, 1 x GE (RJ45), 4 x GE (RJ45) DFIC: X86, 18 x FE (RJ45)+2 x GE (SFP, 16 x GE (RJ45+4 x GE (SFP USB Wi-Fi 3G Performance Throughputbps New connections Concurrent connections ACL Number of Virtual Firewalls AV Throughput (Proxy-based) IPS Throughput (HTTP) UTM Throughput Maximum VLAN IPSec VPN Throughput IPSec VPN tunnels 64 (GW-GW/Client-GW) SSL VPN Throughput Concurrent SSL-VPN Users Network Features 5M 20 5M 50 10M 100 64 2,000 180M 2,000 100,000 3,000 10 31.4M 24M 24M 15 40M 200M 3,000 200,000 3,000 10 31.4M 24M 24M 15 50M 300M 900M 20,000 1,000,000 20,000 100 500M 370M 370M 4,094 500M 2G Y(W Model) Y(USB) 1 Y Y(USB) CDMA2000(-C) Y WCDMA(-W) Y Y 1 Y(W Model) 2 Y 17FE+2GE 2 MIC(or 26GE+16FE 4 MIC(or 2DMIC) 1ADSL 1ADSL 8*10/100 LAN 1*10/100 WAN 1*10/100 WAN 2GE-Combo USG2110-A-W W-W/-C USG2160W USG2110-A-G USG2160 USG2230 USG2260

Huawei Confidential

Page6

HUAWEI Secospace USG2000 Datasheet

IPv4 IPv6 DNS6, DHCP6, PPPOE6, and ND-RA. Multicast VPN Traversal. VPN Key exchange Encryption/authentication DHCP NAT User define ALG. General TCP/UDP applications, FTP, SMTP, HTTP, RTSP, H323, SIP, MGCP, QQ, MSN, SQL, MMS, NetBIOS, ASPF Java/ActiveX Blocking, Port to application mapping (PAM), ILS, etc. Policy-based, Interface-based, IP-based, Segment-based, User-based, User Group-based, Application based, QOS Time-based., Guarantee/Max/Priority Bandwidth, DSCP marking, 802.1p. Authentication System DDNS Management High availability Load balancing Security Features Defends system vulnerabilities, defends against unauthorized download, spoofing software, and spyware/adware, IPS and provides protocol identification, includingHTTP, SMTP, FTP, POP3, IMAP, MSRPC, NETBIOS, SMB, MS_SQL, TELNET, IRC, DNS etc. Supports file identification and filtering (HTTP/POP3/ FTP), efficient virus scanning, and can detects more than AV 7,000,000 viruses. Supports local whitelist, local blacklist, remote real-time blacklist, content filtering, keyword filtering, and mail filtering AS based on the types, sizes, and numbers of attachments. Identifies more than 65 million URLs (blacklist/whitelist filtering, remote category filtering, user-defined category Web Content Filtering filtering, WEB content and keyword filtering, Java/ActiveX blocking, malicious URL filtering, and phishing site filtering. Identifies and manages over 1,500 application protocols covering all mainstream applications, such as QQ, ICQ, Application Control Amazon, KaZaa, Twitteri, MSN, GoogleTalk, Youtube, Facebook, BitTorrent, Yahoo,Gnutella, eDonkey and Skype etc. Flood attacks (SYN,UDP,ICMP,HTTP), Address scan,Port scan,IP Spoofing, ARP spoofing, LAND, Smurf, Fraggle, Anti-DDoS Winnuke, Ping of Death, Tear Drop. Supports transparent, routing, and composite deployment modes, and active/active and active/standby backup Deployment and Reliability modes. Hardware and Environment Yes Web GUI (HTTP, HTTPS), CLI (SSH, Console), SNMP v2/v3 Active-Active, Active-Passive Yes Local Database, Active Directory , LDAP, Radius, RSA SecurID IKE, IKEv2,Pre-shared Key, PKI (X.509, Digital Certificate) DES, 3DES, AES (128, 192, 256-bit), MD5, SHA-1/DH DHCP server, DHCP client, DHCP relay. 1:1, 1:N, N:1, N:N, PAT; Support NAT ALG FTP, H323, RAS, SIP, ICMP, RTSP, NetBios, ILS, PPTP, QQ, MSN and IGMP V1/2/3, PIM-DM, PIM-SM, and MSDP. Support IPSEC,L2TP,GRE,L2TP over IPSec,GRE over IPSecMPLS VPN; Hardware encryption; IPSec NAT 802.1Q, Static routing, WCMP, Policy-based routing, RIPv1/v2, OSFPv1/v2, BGP4, IS-IS, Link aggregation. Static routing, Policy-based routing, RIPv1/v2, OSPFv3, BGP4+, IS-ISv6, ICMPv6, ACL6, NAT64, 6RD, QoS6,

Huawei Confidential

Page7

HUAWEI Secospace USG2000 Datasheet

420mm255mm Dimensions(H x W x D) Weight Power Supply Operating Temperature Humidity Safety Certifications MTBF 280mm190mm35mm 44.45mm <2.0 kg 5.0 kg AC:100~240V, 50-60 Hz 0 to 45 (long-term), 5 to 55 (short-term) 5% to 95%, non-condensing CE,CB,UL,FCC-PART15,FCC-DOC,IC-SDOC,VCCI,C-TICK,RoHS,CCC,REACH,WEEE 12.67 year 5.4 kg 442mm420mm44.45mm

Huawei Confidential

Page8

HUAWEI Secospace USG2000 Datasheet

Order Information
Model 1.1
USG2110-F USG2110-F-W USG2110-A-W USG2110-A-GW-W USG2110-A-GW-C USG2160 USG2160W USG2230 USG2260

Part Description USG Host

USG2110-F AC Host2FE+8FE USG2110-F-W AC Host2FE+8FE, 802.11 a/b/g/n USG2110-A-W AC Host1FE,1ADSL+8FE, 802.11 a/b/g/n USG2110-A-GW-W AC Host 1FE,1ADSL+8FE, 802.11 a/b/g/n Built-in 3G-WCDMA USG2110-A-GW-W AC Host1FE,1ADSL+8FE, 802.11 a/b/g/nBuilt-in 3G-CDMA2000 USG2160 AC Host,1FE+8FE,2MIC USG2160 AC Host, 1FE+8FE,802.11 a/b/g/n,2MIC USG2230 AC Host,2GE Combo4MIC+2FIC USG2260 AC Host,2GE Combo4MIC+2FIC

1.2
MIC
MIC-1E1 MIC-1CE1 MIC-3G-WCDMA MIC-3G-CDMA2000 MIC-1G.shdsl MIC-2G.shdsl MIC-4G.shdsl MIC-1FE MIC-5FE MIC-1SA MIC-2SA MIC-ADSL2+ MIC-WIFI DMIC-8FE2GE

Interface Extension Module of the USG

1-port E1 interface card 1-port channelized E1 interface card 3G-WCDMA interface card 3G-CDMA2000 interface card 1 Channel G.shdsl Interface card 2 Channel G.shdsl Interface card 4 Channel G.shdsl Interface card 1-Port Fast Ethernet Electrical Interface card 5-Port Fast Ethernet Switch Electrical Interface card 1-Channel Sync/Async Serial Port 2-Channel Sync/Async Serial Port 1-port ADSL interface card 1-port Wi-Fi interface card 8FE(RJ45)+2GE(RJ45) Mixed Interface card Interface card Interface card

FIC
FIC-2E1 FIC-2CE1 FIC-4E1 FIC-4CE1 FIC-8E1 FIC-8CE1 FIC-2FE2FEC FIC-1GE-RJ45 FIC-4GE-RJ45 2-port E1 interface card 2-port channelized E1 interface card 4-port E1 interface card 4-port channelized E1 interface card 8-port E1 interface card 8-port channelized E1 interface card 2-port 100M+2-port 100M optical/electrical (mutually exclusive) interface card 1-port Gigabit interface card 2-port Gigabit interface card

DFIC
Huawei Confidential Page9

HUAWEI Secospace USG2000 Datasheet DFIC-16GE4SFP DFIC-18FE2SFP 16GE(RJ45)+4GE(SFP) Mixed Interface card 18FE(RJ45)+2GE(SFP) Mixed Interface card

USG LICENSE
LIC-VFW LIC-SSL Virtual firewall(5/10/25/50/100) SSL VPN(10/20/50/100)

USG UTM LICENSE

LIC-IPS LIC-AV LIC-AS LIC-URL LIC-4IN1 USG-IPS Update service(12,36 Months) USG-Anti-virus Update service(12,36 Months) USG-Anti-Spam Update service(12,36 Months) USG-URL Filter Update service(12,36Months) USG-IPS/AV/AS/URL Update service(12,36 Months)

Huawei Confidential

Page10

HUAWEI Secospace USG2000 Datasheet

Copyright Huawei Technologies Co., Ltd. 2012. All rights reserved.

No part of this document may be reproduced or transmitted in any form or by any means without prior written consent of Huawei Technologies Co., Ltd.

Trademarks and Permissions

and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd. All other trademarks and trade names mentioned in this document are the property of their respective holders.

Notice
The purchased products, services and features are stipulated by the commercial contract made between Huawei and the customer. All or partial products, services and features described in this document may not be within the purchased scope or the usage scope. Unless otherwise agreed by the contract, all statements, information, and recommendations in this document are provided AS IS without warranties, guarantees or representations of any kind, either express or implied. The information in this document is subject to change without notice. Every effort has been made in the preparation of this document to ensure accuracy of the contents, but all statements, information, and recommendations in this document do not constitute the warranty of any kind, express or implied.

Huawei Technologies Co., Ltd.

Address: Huawei Industrial Base Bantian, Longgang Shenzhen 518129 People's Republic of China Website: Email: http://www.huawei.com support@huawei.com

Huawei Confidential

Page11