Secospace USG2000

Secospace USG5100
Secospace USG2000

Product Overview Product Family

Huawei Symantec USG5100 series (hereafter referred to as
the USG5100), a self-developed unified security gateway, is
designed for the information security of large and medium-
sized enterprises, and non-operator networks. Integrating
USG5120
extensive advanced functions such as firewall, UTM, routing,
switching, wireless, and VPN, enables the USG5100 to provide
secure, flexible, and convenient networking and access
solutions. Multiple services can be deployed on the same node,
greatly reducing initial construction investment, and further
operation and maintenance costs of enterprise networks. USG5150

Product Features
Multi-Service Capability USG5100 to easily deal with high-volume network traffic.

•• Multi-service integration Moreover, the USG5100 separates data decapsulation and

The USG5100 integrates multiple functions such as firewall, in-depth detection. Concurrently the USG5100 implements

UTM, routing, switching, VPN, and wireless, greatly enhancing multiple types of in-depth detection, greatly promoting its in-

service integration capability. The USG5100 supports multiple depth detection state performance. With ten years' successful

extension slots, including four MIC slots, two FIC slots, and commercial application, the mature proprietary software

four DFIC slots, providing multiple modes for users to access platform equips the USG5100 with a robust, reliable security

the Internet including through the Ethernet electrical, optical, operating system.

ADSL2+, E1/CE1, and wireless (3G/WiFi) interfaces. •• Industry-leading performance

•• High interface density Multi-core parallel processing technology substantially

With extension modules, the USG5100 supports up to 84 GE enhances the USG5100's performance, allowing it to process

interfaces and 28 FE interfaces. This enables the USG5100's dozens of threads in a parallel manner. With three industry-

all-in-one capability, greatly reducing purchasing and leading per formance indicators, the USG5100 brings

maintenance costs for users. exceptional performance experience to users. In terms of

new connections per second – the key performance indicator
of any firewall – the USG5100, with 40000 new connections
Perfect Firewall Functions
per second, is a clear leader. The USG5100 rapidly sets up
•• Advanced architecture and platform
large numbers of connections for network access, increasing
The USG5100 adopts advanced multi- core hardware
forwarding rates and decreasing delay. In addition, this
architecture and multi-thread concurrent processing,
performance advantage enables the USG5100 to effectively
optimizing the security service processing flow, especially
deal with burst and attack traffic. Catering for different express
processing of initial packets. All these features equip the
forwarding applications, the USG5100 satisfies the ever
USG5100 with an industry-leading firewall indicator — the
increasing demand for high bandwidths on user networks.
number of new connections per second – enabling the
Secospace USG2000
•• High-capacity VPN
With the service extension, the number of branches and
employees on business trips increases, imposing more
requirements for encrypted data transmission. The USG5100
supports L2TP, GRE, SSL VPN and IPSec VPN functions, facilitating
flexible selection and configuration. Harnessing its advanced
hardware architecture, the USG5100 provides high VPN
performance and up to 2000 VPN tunnels, freeing users from
worries about the performance of encrypted data transmission.
The data of various network applications, including heavy-
traffic video and audio applications, can be transmitted at high
speed in the encrypted tunnel, enabling users with encrypted
data transmission experience of the Gbps level.
Note: The VPN function is optional. You can purchase related license to
apply this function.
•• Powerful anti-DDoS capability
Protecting key network services against DDoS attacks is a
major security challenge for organization-level users. With the
large number of new connections per second, the USG5100
defends against DDoS attacks at speeds reaching hundreds
of thousands of packets per second, providing effective DDoS
defense for users' service systems. Based on its powerful
protocol analysis capability, the USG5100 accurately identifies
and controls many DDoS attacks such as SYN flood, UDP
flood, ICMP flood, DNS flood, and CC attacks. It also identifies
and defends against worm-infected traffic. In addition, by
integrating Huawei Symantec's proprietary ICA, the USG5100
precisely identifies DDoS traffic without affecting users'
access, providing genuine security protection on complicated
networks. All these confirm the USG5100's reputation as an
industry-leading DDoS defense device.
•• Accurate P2P traffic control
P2P traffic, the bandwidth killer, interrupts service applications
Product Specifications
Model
Maximum throughput 2 Gbps
Maximum number of concurrent connections 2000000
of organizations and has been the top concern of most
organizations. Controlling P2P traffic is a headache due to
protocol flexibility. Based on the powerful network protocol
analysis capability of Huawei Symantec, the USG5100 precisely
identifies up to 50 types of P2P traffic. With the upgrades of the
signature database, the number of protocols the USG5100 can
identify increases accordingly, and the P2P traffic of abundant
protocols can be identified at a speed of the kbps level.
Moreover, the USG5100 controls P2P traffic in different modes
such as single user-based, group-based, and global control.
This effectively safeguards bandwidth resources, helps users
plan network traffic, and enhances the application values of
users' networks.
High Availability
•• Dual-system hot backup
The USG5100 supports the Huawei Symantec Redundancy
Protocol (HRP). A backup group includes a master device and
a backup device. HRP is responsible for the backup of key
configuration commands and session table status between the
master and slave devices. Therefore, when the master device is
faulty, the slave device smoothly takes over services ensuring
service continuity.
•• Load balancing
When one server cannot process the access requests of several
users, multiple servers can be used to share network traffic.
In this case, the USG5100 can be deployed at the egress of
the network where the servers reside, and users only need
access one IP address instead of the IP address of each server.
The USG5100 distributes access traffic to different servers
according to the configured algorithm, thus fully utilizing the
processing capacity of each server, ensuring server availability,
and achieving optimal network scalability.
USG5120 USG5150
4 Gbps
2000000
Secospace USG2000

Model USG5120 USG5150

Number of new connections per second 30000 40000

Fixed interface 2 Gigabit combo+2 GE 4 Gigabit combo

Number of extension slots 4 MIC+2 FIC+2 DFIC 4 MIC+2 FIC+4 DFIC

Type of extension modules G.SHDSL.bis/E1/CE1/2SA/4GE/5FE/2FE2FEC/18FE+2SFP/16GE+4SFP

Dimensions (mm) (W×D×H) 442×414×86.1 442×414×130.5

Standard configuration: 6.5 kg Standard configuration: 8.3 kg

Weight
Full configuration: ≤ 13.5 kg Full configuration: ≤ 18 kg

AC: 100 V to 240V, 50/60 Hz

Input voltage
DC: –48 V to –60V

Maximum/Average power 210 W 300 W

Mean Time Between Failures (MTBF) 12.67 years

Typical Networking

Operator OMC

USG5100
USG5100
3G uplink
FE

Internet

USG5100 WiFi
ADSL2+
USG5100 E1/CE1

Intranet

The information contained in this document is for reference purpose only, do not constitute the warranty of any kind, experss or implied. It is
subject to change or withdrawal according to specific customer requirements and conditions.
All the trademarks, pictures, and brands mentioned in this document are the property of Huawei Symantec Technologies Co., Ltd or their
respective holders.

Copyright ©2010 Huawei Symantec Technologies Co., Ltd. All rights reserved.

Version No.: M3-110019999-20100426-V-2.0