Products
Contact Us
- Contact Person : Mr. Daisy Wang
- Company Name : Shanghai Chucheng Information Technology Co.,Ltd.
- Tel : 86-8621-58718070
- Fax : 86-8621-58714662
- Address : Shanghai,Shanghai,Room 110,No.389 JinWan Road,Shanghai ,China
- Country/Region : China
- Zip : 201206
Huawei USG6300 Next-Generation Firewall
Product Detailed
Related Categories:Agricultural Product Stock
With the proliferation of smart devices, such as smartphones and tablets, mobile apps, Web2.0, and social networking become integral parts of enterprise operation, the wide use of mobile devices improves the communication efficiency for enterprises, but blurs network borders and complicates security issues. Moreover, the traditional firewalls that implement access control only by IP address and port cannot cope with the ever-increasing application layer threats.Against this background, Huawei launches the USG6300 series next-generation firewall to address these issues. The USG6300 is designed for Small- to Medium-sized Businesses (SMBs), branch offices, and chain enterprises. The USG6300 provides fine-grained service access control and service acceleration through context awareness by Application, Content, Time, User, Attack, or Location (ACTUAL). The USG6300 integrates application-layer protection functions, such as Intrusion Prevention System (IPS) and antivirus with application identification technologies to improve the threat defense efficiency and accuracy. The USG6300 is a multi-purpose device that provides comprehensive protection to reduce the management cost. Fine-grained bandwidth management and QoS optimization greatly reduce enterprises' bandwidth leasing fees and ensure user experience in mission-critical services. In short, the USG6300 is a simple and efficient device that provides up-to-date, next-generation security. Product appearanceFigure 1-1 USG6300 Next-Generation FirewallsProduct characteristicsAccurate access controlCompared to traditional firewalls, the USG6300 provides fined-grained and more accurate access control. The USG6300 has the following features:Integrated protection:> The USG6300 implements access control and protection by Application, Content, Time, User, Attack, or Location (ACTUAL). It integrates application-layer defense and application identification. For example, the USG6300 can identify Oracle traffic and implement intrusion prevention specifically for Oracle traffic to increase efficiency and reduce false positive rates.Application-specific:
> The USG6300 accurately identifies over 6,000 applications (including mobile and web applications) and their functions, and then implements access control and service acceleration. For example, the USG6300 can identify the voice and data services of an instant message and apply different control policies for the services.User-specific:
> The USG6300 supports eight user authentication methods, such as RADIUS, LDAP, and AD authentication and synchronizes user information from the existing user authentication system. The USG6300 implements access control, QoS management, and in-depth protection by user.Location-specific:
> Based on the mappings between IP addresses and geographical locations, the USG6300 identifies the locations from which application traffic and attack traffic originates and promptly detects network exceptions. Then the USG6300 implements differentiated access control for locations, which can be user-defined for IP addresses.Overall protectionAs more information assets are accessible from the Internet, network attacks and information have been industrialized, requiring wider ranges of protections from next-generation firewalls. The USG6300 provides overall protection:Multi-purpose:
> The USG6300 integrates the traditional firewall, VPN, intrusion prevention, antivirus, data leak prevention, bandwidth management, and online behavior management functions all in one device, simplifying device deployment and improving management efficiency.IPS:
> The USG6300 can detect and defend against over 5,000 vulnerabilities. It can identify and defend against web application attacks, such as cross-site scripting and SQL injection attacks.Antivirus:
> The high-performance antivirus engine of the USG6300 can defend against over five million viruses and Trojan horses. The virus signature database is updated daily.Data leak prevention:
> The USG6300 identifies and filters the files and content to be transferred. It can identify more than 120 file types to prevent virus attacks that are launched by modifying file name extensions. It can restore and implement content filtering for over 30 types of files, such as Word, Excel, PPT, PDF, and RAR files to prevent leaks of critical enterprise information.SSL decryption:
> The USG6300 serves as a proxy and implements application-layer protection for SSL-encrypted traffic, such as IPS, AV, data leak prevention, and URL filtering.Anti-DDoS:
> The USG6300 can identify and defend against over 5 million viruses and over 10 types of DDoS attacks, such as SYN flood and UDP flood attacks.Online behavior management:
> The USG6300 implements cloud-based URL category filtering to prevent threats caused by users' access to malicious websites and control users' online behaviors, such as posting. The USG6300 has a pre-defined URL category database that contains over 85 million URLs. In addition, the USG6300 audits users' network access records, such as posting and FTP operations.Secure interconnection:
> The USG6300 supports various VPN features, such as IPSec, SSL, L2TP, MPLS, and GRE VPN to ensure high-availability and secure interconnection between enterprise headquarters and branch offices.QoS management:
> The USG6300 flexibly controls upper and lower traffic thresholds and implements policy-based routing and QoS marking by application. It supports QoS marking for URL categories. For example, the packets for accessing financial websites are assigned a higher priority.Load balancing:
> The USG6300 supports server load balancing. In a multi-egress scenario, the USG6300 can implement load balancing with the egresses for applications according to link quality, bandwidth, and weights.Virtualization:
> The USG6300 supports virtualization of multiple security services, such as firewall, intrusion prevention, antivirus, and VPN services and implements independent management for different users on the same physical device.Simple security managementNext-generation firewalls provide a wider range of protections and more accurate access control than traditional firewalls. As a result, the configuration of the next-generation firewalls is complex, imposing higher requirements on the experience and skills of administrators. To reduce administration complexity, the USG6300 provides the smart policy feature, which has the following functions:Rapid deployment policy:
> The built-in scenario policy template allows administrators to rapidly deploy common protection policies without heavily relying on their experience and skills. For example, to use the network storage, the administrator can use only the "network disk" policy template to set up a series of policies. The policies allow users to download applications of the network disk category and perform virus detection but prevents them from uploading files.Intelligent optimization policy:
> The USG6300 generates policy tuning suggestions based on network traffic and application risks in compliance with the minimum privilege principle. The function is helpful when an enterprise needs to transform a large number of port-based firewall policies to application-based next-generation firewall policies.Intelligent policy cleanup:
> The USG6300 automatically discovers redundant and inactive policies for policy cleanup.High protection performanceThe performance of the UTM that has the application-layer protection function enabled is deteriorated and cannot meet current application-layer protection requirements. In contrast, the next-generation firewalls can retain high-performance when providing multiple-level protection.The USG6300 uses the Intelligence Awareness Engine (IAE) to ensure high performance in case of multiple-level protection. The IAE uses three core technologies:Unified signature description language:
> Application, IPS, and antivirus signatures are described in a unified language so that the USG6300 can match traffic with these signatures concurrently to improve the traffic processing efficiency.Integrated architecture:
> Unlike the serial processing of UTM security functions, the security services of the USG6300 are parallel. Therefore, the USG6300 can have multiple security services enabled and still retain high performance.Hardware acceleration:
> The USG6300 uses dedicated hardware for resource-consuming computing, such as packet encryption and decryption and regular expression matching. For common services, the USG6300 still uses the CPU for computing.Networking and applicationsIntranet border protection
> Deploy next-generation firewalls on intranet borders to control access by user.
> Implement user- and application-based policy control on mobile users for refined permission management and logging.
> Implement content filtering and auditing on email transfer, IM, and file transfer to monitor social networking applications and prevent data leaks.Internet egress protection
> Deploy a next-generation firewall at the Internet egress to implement access control and prevent unauthorized access.
> Enable intrusion prevention and provide application-layer protection.
> Implement content filtering and auditing on email transfer, IM, and file transfer to monitor social networking applications and prevent data leaks.
> Implement user-, application-, and time-based QoS management to preferentially guarantee the service qualities for mission-critical users and services.
> Use URL categories and application blocking to prevent Trojan horse websites and non-work-related websites and monitor the accessible websites and network applications.Cloud data center border protection
> Deploy a next-generation firewall which virtualizes all security services and system resources to provide exceptional experience for each virtual system.
> Enable the intrusion prevention function to effectively block attacks and provide differentiated defense functions in different virtual systems.
> Enable anti-DDoS to remove DDoS traffic and protect data centers.Remote VPN access
> Deploy a next-generation firewall to establish reliable, controllable, and manageable tunnels for secure data transfer on the Internet.
> Provide SSL VPN across multiple platforms (including Windows, iOS, Android, Blackberry, and Symbian).Product specificationsModelUSG6320USG6330USG6350USG6360USG6370USG6380USG6390Fixed Ports8 GE4 GE + 2 Combo8 GE + 4 SFPMTBF19.06 years11.58 years11.96 yearsHeightDesktop1UDimensions (H x W x D)300 x 220 x 44.5442 x 421 x 43.6Weight (full configuration)1.7 kg10 kgHDD Optional, supports single 300 GB hard disks (hot-swappable)Redundant Power Supply OptionalAC Power Supply100V to 240VMaximum Power60W170WHardwareCB, CCC,CE-SDOC, ROHS, REACH and WEEE (EU), C-TICK, ETL, FCC and IC, VCCI, and BSMIICSA LabsFirewall, IPSFeaturesNAT, application-specific access control, VPN, intrusion prevention, antivirus, data leak prevention, bandwidth management, anti-DDoS, URL filtering, and anti-spamFunctionsFunctionsContext AwarenessApplication, Content, Time, User, Attack, Location (ACTUAL)–based awareness capabilitiesEight authentication methods (local, RADIUS, HWTACACS, SecureID, AD, CA, LDAP, and Endpoint Security)Application SecurityFine-grained identification of over 6,000 application protocols, application-specific action, and online update of protocol databasesCombination of application identification and virus scanning to recognize the viruses (more than 5 million), Trojan horses, and malware hidden in applicationsCombination of application identification and content detection to identify file types and sensitive information to prevent information leaksIntrusion PreventionProvides over 5,000 signatures for attack identificationProvides protocol identification to defend against abnormal protocol behaviorsSupports user-defined IPS signaturesWeb SecurityCloud-based URL filtering with a URL category database that contains over 85 million URLs in over 130 categoriesDefense against web application attacks, such as cross-site scripting and SQL injection attacksHTTP/HTTPS/FTP-based content awareness to defend against web virusesURL blacklist, whitelist, and keyword filteringEmail SecurityReal-time anti-spam to detect and filter out phishing emailsLocal whitelist and blacklist, remote real-time blacklist, content filtering, keyword filtering, and mail filtering by attachment type, size, and quantityVirus scanning and notification for POP3/SMTP/IMAP email attachmentsData SecurityData leak prevention based on content awarenessFile re-assembly and data filtering for more than 30 file types (including Word, Excel, PPT, and PDF), and file blocking for more than 120 file typesSecurity VirtualizationVirtualization of security features, forwarding statistics, users, management operations, views, and resources (such as bandwidths and sessions)Network SecurityDefense against more than 10 types of DDoS attacks, such as the SYN flood and UDP flood attacksVPN technologies: IPSec VPN, SSL VPN, L2TP VPN, MPLS VPN, and GRERoutingIPv4: static routing, RIP, OSPF, BGP, and IS-ISIPv6: RIPng, OSPFv3, BGP4+, IPv6 IS-IS, IPv6 RD, and ACL6Working Mode and AvailabilityTransparent, routing, or hybrid working mode and High Availability (HA), including Active/Active and Active/Standby modesIntelligent ManagementEvaluates the network risks based on the passed traffic and intelligently generates policies based on the evaluation to automatically optimize security policies. Supports policy matching ratio analysis and the detection of conflict and redundant policies to remove them, simplifying policy management.Provides a global configuration view and integrated policy management. The configurations can be completed on one page.Provides visualized and multi-dimensional report display by user, application, content, time, traffic, threat, and URL.Ordering informationModelDescriptionMain EquipmentUSG6310-ACUSG6310 AC Host (8 GE (RJ45), 2 GB Memory), with HW General Security Platform SoftwareUSG6310-BDL-ACUSG6310 AC Host (8 GE (RJ45), 2 GB Memory, with IPS-AV-URL Function Group Update Service Subscription 12 Months), with HW General Security Platform SoftwareUSG6320-ACUSG6320 Standard Configuration 8 x GE (RJ45) Desk Host (2 GB Memory, 1 external power adapter), with HW General Security Platform SoftwareUSG6320-BDL-ACUSG6320 AC Host (8 GE (RJ45), 2 GB Memory, with IPS-AV-URL Function Group Update Service Subscription 12 Months), with HW General Security Platform SoftwareUSG6330-ACUSG6330 AC Host (4 GE (RJ45) + 2 GE Combo, 4 GB Memory, 1 AC Power), with HW General Security Platform SoftwareUSG6330-BDL-ACUSG6330 AC Host (4 GE (RJ45) + 2 GE Combo, 4 GB Memory, 1 AC Power, with IPS-AV-URL Function Group Update Service Subscription 12 Months),with HW General Security Platform SoftwareUSG6350-ACUSG6350 AC Host (4 GE (RJ45) + 2 GE Combo, 4 GB Memory, 1 AC Power), with HW General Security Platform SoftwareUSG6350-BDL-ACUSG6350 AC Host (4 GE (RJ45) + 2 GE Combo, 4 GB Memory, 1 AC Power, with IPS-AV-URL Function Group Update Service Subscription 12 Months), with HW General Security Platform SoftwareUSG6360-ACUSG6360 AC Host (4 GE (RJ45) + 2 GE Combo, 4 GB Memory, 1 AC Power), with HW General Security Platform SoftwareUSG6360-BDL-ACUSG6360 AC Host (4 GE (RJ45) + 2GE Combo, 4 GB Memory, 1 AC Power, with IPS-AV-URL Function Group Update Service Subscription 12 Months), with HW General Security Platform SoftwareUSG6370-ACUSG6370 AC Host (8 GE (RJ45) + 4 GE (SFP), 4 GB Memory, 1 AC Power), with HW General Security Platform SoftwareUSG6370-BDL-ACUSG6370 AC Host (8 GE (RJ45) + 4 GE (SFP), 4 GB Memory, 1 AC Power, with IPS-AV-URL Function Group Update Service Subscription 12 Months), with HW General Security Platform SoftwareUSG6380-ACUSG6380 AC Host (8 GE (RJ45) + 4 GE (SFP), 4 GB Memory, 1 AC Power), with HW General Security Platform SoftwareUSG6380-BDL-ACUSG6380 AC Host (8 GE (RJ45) + 4 GE (SFP), 4 GB Memory, 1 AC Power, with IPS-AV-URL Function Group Update Service Subscription 12 Months), with HW General Security Platform SoftwareUSG6390-ACUSG6390 AC Host (8 GE (RJ45) + 4 GE (SFP), 4 GB Memory, 1 AC Power), with HW General Security Platform SoftwareUSG6390-BDL-ACUSG6390 AC Host (8 GE (RJ45) + 4 GE (SFP), 4 GB Memory, 1 AC Power, with IPS-AV-URL Function Group Update Service Subscription 12 Months), with HW General Security Platform SoftwareBusiness Module GroupWSIC-8GE8 GE Electric Ports Interface Card, with HW General Security Platform SoftwareWSIC-4GEBYPASS4 GE Electric Ports Bypass Card, with HW General Security Platform SoftwareWSIC-8GEF8 GE Optical Ports WSIC Interface Card, with HW General Security Platform SoftwareWSIC-2XG8GE2 x 10 GE Optical Ports + 8 GE Electric Ports Interface Card, with HW General Security Platform SoftwareHard disk GroupSM-HDD-SAS300G-B300 GB 10K RPM SAS Hard Disk for 1U rack GatewayOption Power GroupPower-AC-BThe AC power extension module -25°C to 60°C, -90V to 290V, -12V/14.2AOptical Transmitter Module CollectionOSX040N01Optical Transceiver, SFP+, 10G, Single-mode Module (1,550 nm, 40 km, LC)OSU015N00Optical Transceiver, eSFP, 2.5G, Single-mode Module (1,310 nm, 15 km, LC)SFP-GE-LX-SM1310Optical Transceiver, eSFP, GE, Single-mode Module (1,310 nm, 10 km, LC)eSFP-GE-SX-MM850Optical Transceiver, eSFP, GE, Multi-mode Module (850 nm, 0.5 km, LC)S-SFP-GE-LH40-SM1310Optical Transceiver, eSFP, GE, Single-mode Module (1,310 nm, 40 km, LC)OMXD30000Optical Transceiver, SFP+, 10G, Multi-mode Module (850 nm, 0.3 km, LC)OSX010000Optical Transceiver, SFP+, 10G, Single-mode Module (1,310 nm, 10 km, LC)OSX040N01Optical Transceiver, SFP+, 10G, Single-mode Module (1,550 nm, 40 km, LC)OSU015N00Optical Transceiver, eSFP, 2.5G, Single-mode Module (1,310 nm, 15 km, LC)SFP-GE-LX-SM1310Optical Transceiver, eSFP, GE, Single-mode Module (1,310 nm, 10 km, LC)Installation MaterialSU5M1RAIL01Cabinet Guide RailQW1P0FIBER06Optical adapter-LC/PC-LC/PC-Blue-Shell:Plastic-Sleeve:Zirconia-SquareSS-OP-D-LC-M-5Patch cord-LC/PC-LC/PC, Multi-mode, A1b, 2 mm to 5m, PVC, OrangeSS-OP-D-LC-M-10Patch cord-LC/PC-LC/PC, Multi-mode, A1b, 2 mm to 10m, PVC, OrangeSS-OP-D-LC-M-20Patch cord-LC/PC-LC/PC, Multi-mode, A1b, 2 mm to 20m, PVC, OrangeSS-OP-D-LC-S-6Patch cord-LC/PC-LC/PC, Single mode, G.652D, 2 mm to 6m, PVC, YellowSS-OP-D-LC-S-10Patch cord-LC/PC-LC/PC, Single mode, G.652D, 2 mm to 10m, PVC, YellowSS-OP-D-LC-S-20Patch cord-LC/PC-LC/PC, Single mode, G.652, 2 mm to 20m, PVC, YellowSS-OP-LC-SC-M-20Patch cord-LC/PC-SC/PC, Multi-mode, A1b, 2 mm to 20m, PVC, OrangeSS-OP-LC-SC-S-20Patch cord-LC/PC-SC/PC, Single mode, G.652, 2 mm to 20m, PVC, YellowSS-OP-LC-FC-M-10Patch cord-FC/PC-LC/PC, Multi-mode, A1b, 2 mm to 10m, PVC, OrangeSS-OP-LC-FC-S-10Patch cord-FC/PC-LC/PC, Single mode, G.652D, 2 mm to 10m, PVC, YellowFuntion LicenseLIC-VSYS-10-USG6000Quantity of Virtual System (10 Vsys), with HW General Security Platform SoftwareLIC-VSYS-20-USG6000Quantity of Virtual System (20 Vsys), with HW General Security Platform SoftwareLIC-VSYS-50-USG6000Quantity of Virtual System (50 Vsys), with HW General Security Platform SoftwareLIC-VSYS-100-USG6000Quantity of Virtual System (100 Vsys), with HW General Security Platform SoftwareLIC-SSL-100-USG6000Quantity of SSL VPN Concurrent Users (100 Users), with HW General Security Platform SoftwareLIC-SSL-200-USG6000Quantity of SSL VPN Concurrent Users (200 Users), with HW General Security Platform SoftwareLIC-SSL-500-USG6000Quantity of SSL VPN Concurrent Users (500 Users), with HW General Security Platform SoftwareLIC-SSL-1000-USG6000Quantity of SSL VPN Concurrent Users (1,000 Users), with HW General Security Platform SoftwareNGFW LicenseUSG6310/20 LicenseLIC-IPS-12-USG6300-01IPS Update Service Subscription 12 Months, with HW General Security Platform Software (Applies to USG6310/20)LIC-IPS-36-USG6300-01IPS Update Service Subscription 36 Months, with HW General Security Platform Software (Applies to USG6310/20)LIC-URL-12-USG6300-01URL Filtering Update Service Subscription 12 Months, with HW General Security Platform Software (Applies to USG6310/20)LIC-URL-36-USG6300-01URL Filtering Update Service Subscription 36 Months, with HW General Security Platform Software (Applies to USG6310/20)LIC-AV-12-USG6300-01Anti-Virus Update Service Subscription 12 Months, with HW General Security Platform Software (Applies to USG6310/20)LIC-AV-36-USG6300-01Anti-Virus Update Service Subscription 36 Months, with HW General Security Platform Software (Applies to USG6310/20)LIC-IPSAVURL-12-USG6300-01IPS-AV-URL Function Group Subscription 12 Months, with HW General Security Platform Software (Applies to USG6310/20)LIC-IPSAVURL-36-USG6300-01IPS-AV-URL Function Group Subscription 36 Months, with HW General Security Platform Software (Applies to USG6310/20)USG6330/50/60 LicenseLIC-IPS-12-USG6300-02IPS Update Service Subscription 12 Months, with HW General Security Platform Software (Applies to USG6330/50/60)LIC-IPS-36-USG6300-02IPS Update Service Subscription 36 Months, with HW General Security Platform Software (Applies to USG6330/50/60)LIC-URL-12-USG6300-02URL Filtering Update Service Subscription 12 Months, with HW General Security Platform Software (Applies to USG6330/50/60)LIC-URL-36-USG6300-02URL Filtering Update Service Subscription 36 Months, with HW General Security Platform Software (Applies to USG6330/50/60)LIC-AV-12-USG6300-02Anti-Virus Update Service Subscription 12 Months, with HW General Security Platform Software (Applies to USG6330/50/60)LIC-AV-36-USG6300-02Anti-Virus Update Service Subscription 36 Months, with HW General Security Platform Software (Applies to USG6330/50/60)LIC-IPSAVURL-12-USG6300-02IPS-AV-URL Function Group Subscription 12 Months, with HW General Security Platform Software (Applies to USG6330/50/60)LIC-IPSAVURL-36-USG6300-02IPS-AV-URL Function Group Subscription 36 Months, with HW General Security Platform Software (Applies to USG6330/50/60)USG6370/80 LicenseLIC-IPS-12-USG6300-03IPS Update Service Subscription 12 Months, with HW General Security Platform Software (Applies to USG6370/80)LIC-IPS-36-USG6300-03IPS Update Service Subscription 36 Months, with HW General Security Platform Software (Applies to USG6370/80)LIC-URL-12-USG6300-03URL Filtering Update Service Subscription 12 Months, with HW General Security Platform Software (Applies to USG6370/80)LIC-URL-36-USG6300-03URL Filtering Update Service Subscription 36 Months, with HW General Security Platform Software (Applies to USG6370/80)LIC-AV-12-USG6300-03Anti-Virus Update Service Subscription 12 Months, with HW General Security Platform Software (Applies to USG6370/80)LIC-AV-36-USG6300-03Anti-Virus Update Service Subscription 36 Months, with HW General Security Platform Software (Applies to USG6370/80)LIC-IPSAVURL-12-USG6300-03IPS-AV-URL Function Group Subscription 12 Months, with HW General Security Platform Software (Applies to USG6370/80)LIC-IPSAVURL-36-USG6300-03IPS-AV-URL Function Group Subscription 36 Months, with HW General Security Platform Software (Applies to USG6370/80)USG6390 LicenseLIC-IPS-12-USG6300-04IPS Update Service Subscription 12 Months, with HW General Security Platform Software (Applies to USG6390)LIC-IPS-36-USG6300-04IPS Update Service Subscription 36 Months, with HW General Security Platform Software (Applies to USG6390)LIC-URL-12-USG6300-04URL Filtering Update Service Subscription 12 Months, with HW General Security Platform Software (Applies to USG6390)LIC-URL-36-USG6300-04URL Filtering Update Service Subscription 36 Months, with HW General Security Platform Software (Applies to USG6390)LIC-AV-12-USG6300-04Anti-Virus Update Service Subscription 12 Months, with HW General Security Platform Software (Applies to USG6390)LIC-AV-36-USG6300-04Anti-Virus Update Service Subscription 36 Months, with HW General Security Platform Software (Applies to USG6390)LIC-IPSAVURL-12-USG6300-04IPS-AV-URL Function Group Subscription 12 Months, with HW General Security Platform Software (Applies to USG6390)LIC-IPSAVURL-36-USG6300-04IPS-AV-URL Function Group Subscription 36 Months, with HW General Security Platform Software (Applies to USG6390)Basic LicenseLIC-CONTENTContent Filtering Function