Secospace USG5300

Secospace USG5300
Secospace USG5300
Product Overview
With the increasingly threatened network security, more
and more application- and service-based network security
problems obsess users. Security threats such as malicious
intrusions, phishing Web sites, Trojan horse programs, and P2P
applications flood on the network, which lowers the efficiency
of enterprise networks and threatens service security.
Huawei Symantec Technologies Co., Ltd. (hereinafter referred to
as Huawei Symantec) is dedicated to providing comprehensive
network security solutions for users. Huawei Symantec
organizes an industry-leading network protocol analysis team
and possesses the most comprehensive protocol library in
Product Family
USG5310/5320/5330/5350/5360
Product Features
Perfect Firewall Functions
•• Advanced Architecture and Platform
The USG5300 series adopts the advanced multi-core hardware
architecture and multi-thread concurrent processing, and
optimizes the security service processing flow, especially the
processing of header packets. All these features equip the
USG5300 series with an industry-leading firewall indicator —
the number of new connections per second, which enables
the USG5300 series to easily deal with mass network traffic.
Moreover, the USG5300 series separates data decapsulation
and in-depth detection, and concurrently implements multiple
types of in-depth detection, considerably promoting the
performance of the USG5300 series in in-depth detection
the industry. With these advantageous resources, Huawei
Symantec presents in-depth analysis of network threats
aiming at different protocols, and provides users with technical
support against varieties of network security problems.
The USG5300 series is a new-generation multi-function firewall
launched by Huawei Symantec. The USG5300 series delivers
extensive advanced security functions such as the firewall,
VPN, IPS, anti-virus, and URL filtering, and provides all-around
security protection to safeguard the efficient running of the
network system.
state. With ten years of successful commercial application, the
mature VRP software platform facilitates the USG5300 series
with robust and reliable security operating system.
•• Industry-leading Performance
Multi-core concurrent processing technology substantially
enhances the performance of the USG5300, which can process
dozens of threads concurrently. With three industry-leading
performance indexes, the USG5300 provides wonderful
performance experience for customers. In terms of new
connections per second, as key firewall performance index,
‘the new connections per second’, can highly reach to 150,000,
which is in an absolute leading position. The USG5300 can
quickly set up a large number of connections for network
Secospace USG5300
access, which provede the forwarding rate hight-speed and
low delay. In addition, this performance advantage enables
the USG5300 to effectively process burst and attack traffic. The
USG5300 can fully meet customers' requirements for high-
speed bandwidth increase.
•• Super-Capacity VPN
With the service extension, the number of branches and
employees on business trips increases, imposing more
requirements for encrypted data transmission. The USG5300
series supports the L2TP, GRE, and IPSec VPN functions,
facilitating flexible selection and configuration. Based on its
advanced hardware architecture, the USG5300 series provides
high VPN performance and 15000 VPN tunnels, freeing
users from worries about the performance of encrypted
data transmission. The data of various network applications,
including the heavy-traffic applications of video and audio,
can be transmitted at a high speed in the encrypted tunnel,
enabling users to experience the encrypted data transmission
of the Gbps level.
Note: The VPN function is optional. Customers can purchase related license to
apply this function.
•• Powerful DDoS Defense
Protecting key network services against DDoS attacks is a vital
security problem for organization-level users. With the large
number of new connections per second, the USG5300 series
defends against DDoS attacks at a speed of up to millions
of packets per second, providing effective DDoS defense
for users' service systems. Based on its powerful protocol
analysis capability, the USG5300 series accurately identifies
and controls many DDoS attacks such as SYN flood, UDP flood,
ICMP flood, DNS flood, and CC attacks, and also identifies and
defends against worm-infected traffic. In addition, integrating
Huawei Symantec-proprietary ICA, the USG5300 series
precisely identifies DDoS traffic without affecting users' access,
and provides genuine security protection on complicated
networks. All these demonstrate the USG5300 series an
industry-leading DDoS defense device.
•• Accurate P2P Traffic Control
P2P traffic, a broadband k iller, interrupts the ser vice
applications of organizations and has been the top concern
of most organizations. P2P traffic control has been a hard
practice due to the protocol flexibility. The USG5300 series,
based on the powerful network protocol analysis capability of
Huawei Symantec, precisely identifies up to 50 types of P2P
traffic. The USG5300 series supports the upgrade of the library,
and the number of protocols that can be identified increases
with the upgrade. In so doing, the USG5300 series controls the
P2P traffic of abundant protocols at a speed of the Kbps level.
Moreover, the USG5300 series controls P2P traffic in different
modes such as single user-based control, group-based control,
and global control, which effectively safeguards bandwidth
resources, helps users plan network traffic, and enhances the
application values of users' networks.
Leading UTM Functions
•• IPS Intrusion Detection
Using Symantec's advanced IPS detection engine, IPS
Intrusion Detection funtion can provide efficient and accurate
scanning capability of the network packet, Any IPS evasion
and deception techniques can also be accurately identified.
With advanced software and hardware platforms and a rich
signature library, USG5300 series unified security gateway can
rapidly and accurately identify the application layer attacks that
mixed in the normal flow. Symantec's global deployment of
honeypot systems can catch the latest attacks, worms, Trojans,
other threats and extract the signatures of those threats at the
first time, and timely provided updates for USG5300 series.
USG5300 series unified security gateway will have the zero-day
attack defense capability.
•• Anti-Virus Anti-Virus
Using Symantec's advanced virus detection engine, Anti-Virus
function provide high efficiency and precise antivirus ability for
hidden viruses in the network traffic. Advanced software and
hardware platforms and a rich Accessible Virus library make
USG5300 series unified security gateway unique advantages in
antivirus unique advantages, For compression shelling other
techniques to evade detection. USG5300 series unified security
gateway can also have powerful process ability.
Symantec's global distribution network of analysis virus
monitoring, and professional team of the virus, USG5300
Secospace USG5300

series of unified security gateways can obtain the latest virus
signatures and the latest anti-virus engines timely. USG5300
series unified security gateway can keep high efficiency and
precise antivirus ability.
•• URL Filtering
Using advanced matching engine, URL filtering function
greatly shortens the URLs match time, and makes the URL
filtering more efficient. Huge URL classification database
and powerful URL classification capability make URL filtering
function more accurate. Flexible security policy makes URL
filtering function apply to more scenarios. Friendly, easy
configuration, which greatly improved URL filtering function's
usability. All of above features make USG5300 series unified
security gateway provides powerful function and easy
operation and maintenance at the same time.
Eco-friendly Experience
"High performance and low power consumption" has been
a compulsive specification that guides the design of the
USG5300 series. The design of multiple parts is optimized for
lower power consumption. The power consumption of the
USG5300 series is only a quarter that of similar products, which
reduces the maintenance costs to a large extent.
The USG5300 series strictly follows the Restriction of the use
of certain Hazardous substances in Electrical and Electronic
Equipment (RoHS) released by the European Union, and is
made of nuisance- and pollution-free environmental materials,
bringing Eco-friendly user experience.

Typical Application

USG2000

Branch
Remote user IPSec VPN
IPSec VPN
Internet VPN tunnel

Fir Key service system

VP ewall
USG2000 URL Anti-v IPS N
filte irus
ring Link aggregation
SOHO
IPSec or L2TP VPN
USG5300

Data center Intranet

Online behavior management

Typical networking diagram of the USG5300

Secospace USG5300

Product Specifications
Model USG5310 USG5320 USG5330 USG5350 USG5360

Firewall Maximum throughput 1.5 Gbps 2 Gbps 4 Gbps 6 Gbps 8 Gbps

IPS Goodput (UDP) 600Mbps 800Mbps 1Gbps 1.3Gbps 1.5Gbps

AV Goodput 60Mbps 80Mbps 100Mbps 130Mbps 150Mbps

URL Filtering Support Support Support Support Support

Connections per second 50,000 60,000 80,000 100,000 150,000

Number of concurrent connections 1,600,000 1,600,000 1,600,000 2,000,000 2,000,000

Maximum VPN throughput 1 Gbps 2 Gbps 4 Gbps 5 Gbps 6 Gbps

Number of VPN tunnels 15,000 15,000 15,000 15,000 15,000

Maximum number of ACL rules 30,000 30,000 30,000 30,000 30,000

Maximum GTP throughput 1.5 Gbps 2 Gbps 4 Gbps 6 Gbps 8 Gbps

Maximum number of GTP tunnels 200,000 200,000 200,000 200,000 200,000

Maximum number of virtual firewalls 100 100 100 100 100

4 GE optical and electrical (mutually exclusive) interfaces

Fixed interface 1 console port
2 USB interfaces

Number of extension slots 2

4×FE (10/100M) interface module

Type of extension modules 2×GE optical and electrical interface module
4×GE interface module

Dimensions (mm) (W×D×H) 436×560×44.2

Weight 10 kg

AC: 100 V to 240 V

Input voltage
DC: -48 V to -60 V

Maximum/Average power 100/75 W

Mean Time Between Failures (MTBF) 37.54 years

Secospace USG5300

Secospace USG5300

The information contained in this document is for reference purpose only, do not constitute the warranty of any kind, experss or implied. It is
subject to change or withdrawal according to specific customer requirements and conditions.
All the trademarks, pictures, and brands mentioned in this document are the property of Huawei Symantec Technologies Co., Ltd or their
respective holders.

Copyright ©2010 Huawei Symantec Technologies Co., Ltd. All rights reserved.

Version No.: M3-110019999-20100120-V-1.0