8/9/2019 Secospace USG9300 (V100R001)

1/6

Secospace USG9300

Secospace USG9300

V100R001

8/9/2019 Secospace USG9300 (V100R001)

2/6

Secospace USG9300

Product Features

Advanced NP+multi-system+distributed

architecture breaking traditional

perormance bottlenecks

The USG9300 adopts architecture in which the control

modules, interace modules, and service processing modules

are mutually independent. Based on dual NPs, the interace

module ensures the line-speed orwarding o interace trafc.

With multi-core and multi-thread architecture, the service

processing module ensures the high-speed concurrent

processing o multiple services, such as the Network Address

Translation (NAT), Application Speciic Packet Filter (ASPF),

anti-DDoS, and VPN services. The USG9300 series includes

the USG9310 and the USG9320. They have 8 and 16 slots

respectively and support multiple service modules. The

USG9300 adopts the distributed concurrent processing

mechanism, which greatly enhances product perormance.

Thereore, users can expand capacity with low investment.

High frewall perormance guaranteeing

key services

The three main indexes o the USG9300 throughput,

new connections per second, and maximum number o

Product Overview

With the emergence o the triple play, Web 2.0, P2P, video

streaming, and high deinition broadband, the need or

network bandwidth is rising exponentially. Gigabit and

10-Gigabit are no longer new concepts. Many switches

and routers have high-capacity 10G interaces. Large

enterprises and organizations, such as nancial organizations,

governments, and educational institutions are integrating

services and expanding their networks. Traditional irewalls

inevitably orm a bottleneck as they are not sufcient or high-

speed networks.

Based on its rich experience o hardware design, Huawei

Symantec has launched its proessional 10-Gigabit security

gateway device: the USG9300. Combining the proessional

network processor (NP) chip with distributed hardware, the

USG9300 eatures advanced NP+multi-system+distributed

architecture. The USG9300 provides rewalls with high Virtual

Private Network (VPN) perormance that satises requirements

or high reliability and perormance. The security o high-end

applications can be met with low CAPEX and the USG9300 can

be applied to high-speed networks, large nancial data centers,

large Web sites, governments, and the vertical networks o

large enterprises.

Product Family

USG9310 USG9320

8/9/2019 Secospace USG9300 (V100R001)

3/6

Secospace USG9300

concurrent connections lead the industry. The throughput

o one service processing module is 10G, the number o new

connections per second is 250000, and the maximum number

o concurrent connections is 4000000. The speciications o

one processing module already exceed that o a 10-Gigabit

rewall. The USG9300 has a maximum o 8 service processing

modules, and its overall throughput reaches 80G. The number

o new connections per second is 2000000; the maximum

number o concurrent connections is 32000000; and the

number o virtual irewalls is 1024. The high perormance

and scalability o the USG9300 can meet high-end users'

requirements or high perormance.

Stable and reliable security gateway

ensuring service consistency

Network security is vital or enterprises. The USG9300 supports

reliable networking unctions, such as the hot swapping o

redundant components (the interace, an, and power supply),

dual processing engines, active/standby mode, and active/

active mode. Dierent SPUs o the USG9000 support load

balancing and mutual hot backup, so an anomaly in a single

board will not compromise the entire system. Working in

tandem with the Huawei Symantec BYPASS devices, services

are not be interrupted even i a device becomes aulty or a

power ailure occurs. The mean time between ailures (MTBF)

o the USG9300 is up to 500000 hours, and the ailover time is

less than 0.1 second. Thus, service stability is guaranteed.

Extensive network interaces acilitating

networking

In addition to the high-density Ethernet interaces o 5 x GE, 10

x GE, 24 x GE, and 1 x 10GE, the USG9300 also supports the POS

interaces requently used in backbone networks, including 8 x

155M, 4 x 622M, 4 x 2.5G, and 1 x 10G. It can also connect with

Synchronous Digital Hierarchy (SDH) devices. These eatures

serve to enhance transmission eiciency. The USG9300 has

a maximum interace capacity o 160G, and provides eight

10GE interaces and 196 GE interaces. It supports cross-board

binding to meet the requirements or interace capacity and

density and complex networking scenarios, such as or large

enterprises, DCs, and MANs.

Optimal VPN perormance adapting to

requirements or encrypted transmission o

mass services

With the popularity o network applications, more services

need to be securely transmitted on the public network.

Subsequently, services that require mass the VPN access

gateway o 100-Gigabit emerge, such as mobile security

access, SMS push, and email push. The USG9300 provides a

maximum o 64G encryption and decryption and supports

320000 concurrent VPN tunnels to orm the industrys highest

perorming Virtual Access Gateway.

The USG9300 also supports IKEv2 and enhances the unctions

o user authentication, packet authentication, and NAT

traversal. Thereore, the USG9300 eliminates the hidden

hazards o man-in-the-middle attacks and DDoS attacks, and

supports wireless authentication protocols, such as EAP-SIM

and EAP-AKA. This guarantees wireless network security.

8/9/2019 Secospace USG9300 (V100R001)

4/6

Secospace USG9300

Typical Networking Scenario

Deense solution or a large IDC

USG9300

Internet

10G 10G

A Iarge-scale IDC

Basic services Value addedservices

Management &Maintenance services

Other services

Deense solution or vertical network headquarters o governments and large enterprises

USG9300

USG5000

USG2000

10-Gigabit link

Gigabit link

100M link

Headquarters

Private networks

Private networks

Provincial branches

Metroplitan branches

8/9/2019 Secospace USG9300 (V100R001)

5/6

Secospace USG9300

Product Specifcations

Model USG9310 USG9320

Number o slots8 slots, in which SPUs and LPUs can be

inserted.

16 slots, in which SPUs and LPUs can be

inserted.

Throughput 10G4 10G8

Number o concurrent connections 40000004 40000008

Number o new connections per second 2500004 2500008

VPN perormance 8G4 8G8

Number o VPN tunnels 400004 400008

Number o virtual rewalls 1024 1024

ReliabilityHot swapping o modules and components, dual-system hot backup, link aggregation, dual

main control boards, and BYPASS

Interace typeEthernet interace 5GE, 10GE, 110GE, 24GE (optical or electrical)

POS inter ace 8155M, 4622M, 42.5G, 110G

Maximum number

o interaces

Ethernet interace 96GE, 410GE 192GE, 810GE

POS interace 162.5G, 410G 322.5G, 810G

Dimensions (mm) (WDH) 442669886 4426691600

Weight 100kg 150kg

Power 700W 900W

Mean time between ailures (MTBF) 57 years 57 years

Application o mass wireless VPN access

AP

USG9300

Firewall/VPN

IPSec security tunnel

APDSLAM

Route AG

Intranet

Business server

Business server

Hundreds or thousands of APs

Mass concurrent VPN access

IKEv2 support

Public network

8/9/2019 Secospace USG9300 (V100R001)

6/6

Secospace USG9300

The inormation contained in this document is or reerence purpose only, do not constitute the warranty o any kind, experss or implied. It is

subject to change or withdrawal according to specic customer requirements and conditions.

All the trademarks, pictures, and brands mentioned in this document are the property o Huawei Symantec Technologies Co., Ltd or their

respective holders.

Copyright 2010 Huawei Symantec Technologies Co., Ltd. All rights reserved.

Version No.: M3-110019999-20100120-V-1.0

Secospace USG9300