Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Contents
Product Description
Objective
Understand the network deployment position of USG 5300
Master the major function and feature of USG 5300
Master the hardware parameter of USG 5300
Understand the typical networking of USG 5300
USG 5300Introduction
Contents
Product Description
page 4
USG 9320
USG 9310
Eudemon 8080
Eudemon 8040
Eudemon 1000
e
ctur
e
t
i
h
e arc
i-cor
t
l
u
M
MAN 10 Gigabit
egresses
Eudemon 500
MAN traffic cleaning
Eudemon 300
USG 5360
Eudemon 200S
Eudemon 200
Eudemon 100E
ture
hitec
c
r
a
e
USG 5350
re
i-cor
Mult chitectu
USG 5330
e ar
i-cor ecture
t
l
u
M rchit
ea
USG 5320
o
c
i r ture
t
l
u
Large enterprises
M
ec
rchit
a
e
r
and Data centers
USG 3000
i-co
Mult
An authoritative
security product
testing organization in
the world
page 5
Multi-Core
processor
The built-in cores can process up to 30 concurrent threads, and thus the
forwarding performance is improved exponentially.
Tasks are shared among multiple modules so that resources can be flexibly
allocated. The application layer computation performance is very strong.
page 6
re
ectu
t
i
h
c
e ar
i-cor
t
l
u
M
page 7
U5320
Large and medium-
Applicable scenarios
U5330
U5350
U5360
Large and medium-sized
sized enterprises,
enterprises, campuses,
enterprises, campuses,
data centers
Throughput (bps)-large packets
2G
4G
6G
8G
1.6 G
2.2 G
3G
4G
1.2 G
1.6 G
2G
2G
60000
80000
100000
150000
1600000/3000000
1600000/3000000
2000000/4000000
2000000/4000000
Number of ACLs
Number of IPSec VPN connections
30000
30000
30000
30000
20000
20000
20000
20000
20000
20000
20000
20000
(standard/Maximum)
2G
2G
2G
2G
Reliability
100
hot backup
100
backup
Virtual firewall
100
hot backup
GTP filtering
Supported
Supported
Supported
Supported
P2P monitoring
supported
supported
supported
supported
WebUI
Supported
Supported
Supported
Supported
supported
supported
supported
supported
page 8
100
150000
USG5360
150000
100000
ASA5580-20
USG5350
100000
100000
USG5330
80000
50000
F1000-E
40000
ASA5550
10000
28000
ISG2000
ISG1000
23000
20000
Cisco
Juniper
F1000-A
20000
H3C
TG5664
TG5564
TG5464
TG5366
TG5266
TG5166
TG5328
TOPSEC
USG5320
HS
The USG5000 enjoys a noticeable advantage in this index. Products at each level of the USG5000 keep
ahead of those from other companies. The performance data of TOPSEC is unavailable, but according to
the hardware structures, the number of new connections per second of TOPSEC is no more than 20000.
page 9
60000
10 G
ASA5580-20
The official data is 10 G (huge packets). In
actual networks, the data is 5 G. The
product orientation of ASA5580-20 is
different from that of the USG5000. There is
no counterpart product from Cisco.
TG5664
USG5360
TG5564
6G
TG5464
TG5366
USG5350
TG5266
ISG2000
F1000-E
3G
TG5166
TG5328
F1000-A
1G
USG5330
ASA5550
ISG1000
Estimated value
Declared value
(Generally, the
actual value is
no more than
1/3 of the
declared one.)
H3C
TOPSEC
0.5 G
Cisco
USG5320
Juniper
page 10
HS
3G
ASA5580-20
ISG2000
2G
F1000-E
USG5360
USG5350
USG5330
USG5320
1G
ISG1000
F1000-A
Estimated value
TG5664
TG5564
TG5464
TG5366
TG5266
TG5166
TG5328
H3C
TOPSEC
Data unavailable
ASA5550
0.5 G
Cisco
Juniper
page 11
HS
220 220
220 220
200
200
150
100 100
100
100 100
65 65
50
50
25
0
ASA5550
ASA5580
ISG2000
F1000
TG5x66
TG5x64
USG5000
page 12
800
700
600
500
400
300
200
250250
250 250
190
190
150
100
80
100
62.5
250 250
125
83
80
25
100
75
16.6
0
ASA5550
ASA5580
ISG2000
F1000
TG5x66
TG5x64
USG5000
Power consumption of the USG5000 are the lowest in the industry, and this gives the USG5000 a noticeable
predominance. Especially, the power consumption of 1 G performance is the lowest among all products;
Concepts of saving-energy, lowering-consumption and environment-friendly are the main trend of society
development and attract attentions of the society and governments. The maintenance costs can be largely
reduced if customers adopt an energy-saving product.
page 13
Power consumption
page 14
Fan
Cabinet
Mainboard
Slot
Huawei Symantec Technologies Co., Ltd.
page 15
E2GE
SLOT2
HUAWEI
USG5300 Series
RUN
SLOT1
page 16
USG 5300Introduction
Contents
Product Description
page 17
USG5300 Feature
Strong NAT Technology
Translated into
addresses in NET 4
NET 1
Public IP address
USG5300
NET 3
Supporting NAT ALG and
implementing NAT traversal of
multiple types of application
protocols:
H.323 (including RAS and T.120)
SIP
MGCP
H.248
RTSP
...
Translated into
addresses in NET 2
Intranet IP 2
Intranet IP 3
Intranet IP 1
Group 1
Load balancing among multiple servers,
guaranteeing proportional distribution of
traffic among devices by using an efficient
distribution algorithm
The USG5300 provides customers with more flexible networking modes through
multiple NAT technologies and realizes better network planning.
page 18
USG5300 Feature
2
SYN
Flood
1 SYN Flood
2 UDP Flood
3 ICMP Flood
4 DNS Flood
5 SMURF
6 CC
7 Land
8 Fraggle
9 WinNuke
10 ICMP
ICMP
Network B
Botnet
Networ
kA
Flood
Botnet
CC
Service
system
Organization
network
USG5300
attack
Botnet
SMURF
redirection
Flood
Botnet
11
Botnet
The USG5300 can effectively protect customers key service systems and
improve the sustainability of customers services.
Huawei Symantec Technologies Co., Ltd.
page 19
USG5300 Feature
3
Link Bundling
USG5300
USG5300
Network B
Network A
Link bundling
Link bundling is enabled between devices to bundle multiple physical links into
one logical link.
Supporting standard 802.3ad, connectible with other network devices
Supporting bundling of up to 4 x 4 links
Load balancing and redundancy among links
page 20
USG5300 Feature
4
Service system
Controlling network
application traffic of
terminal users
USG5300
Remote user
Controlling multiple
protocols such as P2P,
HTTP, and FTP
Intranet
Most comprehensive P2P feature base in the industry, effective control of more than 20
types of P2P protocols
Supporting multiple modes of traffic control and combination of traffic control modes
Implementing reasonable network traffic planning and effectively controlling bandwidth
exhaustion by abnormal traffic, and thus protecting bandwidth resources
Huawei Symantec Technologies Co., Ltd.
page 21
USG5300 Feature
5
L2TP tunnel
RADIUS server
Branch
IPSec tunnel
Internal server
USG5300
The USG5300 delivers a very large VPN capacity. It supports 20000 concurrent
tunnels, and provides G level VPN transmission experience and high-speed
encryption of services with heavy traffic across customers networks.
Huawei Symantec Technologies Co., Ltd.
page 22
USG5300 Feature
5
Effectively
guaranteeing network
reliability and
preventing singlepoint failures
Based on standard VRRP, this feature can be easily generalized and flexibly
configured. It can be applied to multiple networking environments and can
effectively improve reliability of customers networks.
Huawei Symantec Technologies Co., Ltd.
page 23
USG5300 Feature
6
Network C
Multiple links
automatically balance
loads and implement
backup.
links
Network E
routing devices
RIP v1
RIP v2
OSPF
BGP
Network D
Network B
Network F
Network G
The Eudemon provides customers with both security and routing functions
to reduce customers investments and networking costs.
Huawei Symantec Technologies Co., Ltd.
page 24
USG5300 Feature
7
Virtual Firewall
...
VZONE
Trust
DMZ
DMZ
...
User defined zone
The virtualized platform can isolate multiple service systems and reduce security
risks. Multiple virtual systems can better use the device and greatly improve
customers product values.
Huawei Symantec Technologies Co., Ltd.
page 25
USG5300 Feature
8
Supporting
filtering of GTP
SGSN
GGSN
USG5300
page 26
USG5300 Feature
9
External
network
Collecting all logs
passing through this
device
USG5300
High-speed transmission
of log traffic in binary
format
Intranet
Log server
Intranet user
The USG5300 can work with log software to provide customers with clear
network access records for future analysis or searches.
Huawei Symantec Technologies Co., Ltd.
page 27
USG5300 Feature
10
Information
theft
Cooperate
with
Secospace
through USB
storage devices
Internet
IM
chatting
SA
PROXY server
SA
VPN gateway
Domain
server
management
Anti-virus server
SA
Patch server
USG5300
Invalid
external
connection
and games
SRS
Intranet
SC
SM
Service system
Blocking invalid connections in time
Terminating invalid network programs
Prohibiting USB storage devices
Manage and audit all behaviors of the terminal for monitoring the security status and providing
continuous defense.
Audit employee behaviors and enhance the security awareness among employees to facilitate
employees in focusing on their work and improving their efficiency.
page 28
Destination IP
Rank alarms in
based
real time to locate
Destination based
faulty equipment
port
timely
Source IP
based
Source port
Defensiveness
I based
Network
Management
System
eLog
log
log
Intranet
Switch
Firewall
Router
page 29
ternet
analysis
the
GetSave
to know
Cofirewall
query
mpan
y
template
defensiveness
situation with
ease and produce
proposals on
countermeasures
2008/06-2008/12
2008/11-2009/10
USG5000 V1R1
USG5000 V1R2
USG5000 V1R3
Added features:
Added features:
IPSec VPN
UTM
Functions based on
IPv6
SSL VPN
Payload balancing
among multiple
devices
MPLS VPN
Bandwidth control
page 30
USG 5300Introduction
Contents
Product Description
page 31
HQ
Cisco
Cisco
FE
Internet
Cisco
E1
ADSL
Juniper
USG5300
page 32
HQ
Internet
Cisco
E1
ADSL
Juniper
USG5300
page 33
USG5300 Scenarios
1
Typical Application
Eudemon 200E
Remote user
Branch
VPN tunnel
Link
aggregation
Eudemon 200E
SOHO office
USG5300
Data center
Intranet
page 34
USG5300 Scenarios
2
ISP A
ISP B
Management area
Partner area
USG5300
Financial
department area
External service
system
Intranet
Personnel
department area
Internal service
system
page 35
USG5300 Scenarios
3
Link Bundling
Links of key
services to the
DMZ are
aggregated.
Link
aggregation
Links are aggregated
at the egress to
external networks to
handle heavy traffic.
USG5300
Link
aggregation
Links to the core
switch in the intranet
are aggregated.
page 36
Intranet