Secospace USG2000 BSR/HSR Series

USG2100BSR/HSR

USG2200BSR/HSR

Product Overview
As a new-generation multi-service security routing gateway, Huawei Symantec's USG BSR/HSR product family transforms today's Small Business and Enterprise's workspace experience by delivering them high performance routing and switching, strong security enhancement, VPN, wireless access, and voice communication services in an integrated single platform. Based on advanced system architecture, the USG BSR/HSR product line has raised the bar for integrated networking and security solution to an unprecedented new level. It prepares modern SMB for the transition to cloud and virtualized applications or network services. The USG BSR/HSR family of products offers an integrated endto-end (E2E) security solution. Besides powerful routing and switching features, the USG BSR/HSR delivers multiple dedicated security functions, including stateful firewall, VPN, NAT, identity authentication, access control, and content security functions such as Anti-Virus, Anti-Spam and Web URL-Filtering etc.. These features together protect customers' digital assets from DDoS attacks, worms, Trojans, viruses, intrusions, and network violations. The integration of these functionalities with the full spectrum of WAN, LAN, 3G wireless, and WiFi, offers customers a complete solution with high performance switching and routing, multi-layered security, flexible WAN connectivity as well as a very valuable VoIP service.

Product Description
The USG BSR/HSR supports various I/O modules, which enable flexible configuration according to actual requirements, as well as allaround security defense and interconnection with diverse networks. Furthermore, the USG BSR/HSR supports LAN/WAN interfaces of diversified specifications and densities, including FE/GE, ADSL/ G.SHDSL, serial/T1/E1/CE1, WiFi/3G, and high-density switching modules. Thus, the USG BSR/HSR is adaptable to various application scenarios and can be easily deployed in all kinds of complex networking environments. The USG2100BSR/HSR series, including USG2120BSR, USG2130BSR/ HSR, USG2160BSR/HSR, provides a highly secure, scalable, flexible and reliable platform for multi-service integration at enterprise and branch offices for small-to-medium sized business. USG2100BSR/HSR Series offers customers the ultimate mobility by integrating WiFi and 3G interfaces. Customers enjoy the benefits of mobility on both sides of the network, with uncompromised level of security on network access and content controls. The USG2200BSR/HSR series can be deployed for small and medium enterprises either as internal security gateways or as security gateways to connect branch offices and headquarters. USG2205BSR/HSR and USG2220BSR/HSR are designed to be modular 1U devices with multiple expansion slots, allowing multiple interface type selections.

Product Features
Multi-service concurrent access and End-to-End integration
Based on the optimal combination of advanced multi-core hardware platform and carrier-class routing software platform, the USG2000BSR/ HSR integrates the functions of security, routing, switching, wireless access, and voice with high performance and robustness.

Secospace USG2000 BSR/HSR Series

With less dependence on single -function hardware, the USG2000BSR/HSR simplifies maintenance, saves energy, and lowers consumption, thus improving the operation efficiency and reducing operation and maintenance costs. Utilizing versatile and normalized modular components, the USG2000BSR/HSR improves the service interoperability. Relying on the highly flexible and scalable software and hardware, the USG2000BSR/HSR better protects enterprises' investment.

security zone, ACL, static/dynamic blacklist, and MAC-IP address binding functions; advanced stateful firewall functions provide defense against ARP spoofing, DoS/DDoS, SYN flood, host sweeping, and port scanning attacks. Integrated UTM functions:
IPS: provides efficient and precise deep packet inspection, and

accurately identifies IPS evasion and spoofing behaviors through Symantec advanced IPS detection engine.
AV: efficiently and precisely detects and removes hidden viruses

Extensive routing and link-level high availability

The following features enable the USG2000BSR/HSR to offer flexible network extension. The USG2000BSR/HSR provides extensive routing features, such as static routing and dynamic routing (RIP, OSPF, and BGP), and supports routing policies and routing iteration, which makes networking more flexible. With the policy-based per-session routing function, the USG2000BSR/HSR enables the seamless interworking of policy-based routing and security features (such as NAT and ASPF), supporting interface-level load balancing. With failover configuration, when one link fails, the traffic automatically switches to other normal links. The built-in Layer-2 forwarding chip on the USG2000BSR/HSR ensures the express switching capability at Layer 2. This feature enables Layer-2 switching and security functions on a single device.

in network traffic by virtue of Symantec cutting-edge virus detection engine.

AS: effectively blocks spam and purifies enterprises' mail systems,

thus preventing spam from interfering with normal services.

URL filtering and P2P/IM control: precisely identifies access

to illegitimate Web sites and over 60 P2P/IM applications, and provides alerting, traffic limiting, and blocking actions to guarantee bandwidth for normal services.

The USG2000BSR/HSR delivers powerful VPN function, and supports the following common VPNs for differentiated VPN applications:
L2TP IPSec VPN Dynamic VPN (DVPN) SSL VPN GRE MPLS VPN Note: the BSR series does not support UTM and SSL VPN functions.

Diversied VPNs

Excellent firewall functions support routing, transparent, and hybrid working modes; basic packet filtering functions include

Comprehensive dedicated technologies for network protection

Product Specications
Model Performance and Capacity Packet forwarding rate Firewall throughput (maximum at Mbps) IPsec VPN (3DES) IPsec VPN (AES) Number of new connections per second Maximum number of concurrent sessions Maximum number of security policies Maximum number of users USG2120BSR 160Kpps 150M 40M 40M 2000 80000 3000 50-80 USG2100BSR/HSR USBG2130BSR/HSR USG2160BSR/HSR 175Kpps 160M 50M 50M 2000 200000 3000 70-100 180Kpps 180M 60M 60M 2000 200000 3000 70-100 USG2200BSR/HSR USG2205BSR/HSR USG2220BSR/HSR 250Kpps 350M 300M 300M 20000 500000/1000000 3000 100-200 350Kpps 550M 500M 500M 20000 500000/1000000 3000 200-400

Secospace USG2000 BSR/HSR Series

Model Extension and I/O Interface for standard configuration Extension slot

USG2120BSR 1WAN+8FE 1MIC

USG2100BSR/HSR USBG2130BSR/HSR USG2160BSR/HSR

USG2200BSR/HSR USG2205BSR/HSR USG2220BSR/HSR 2GE Combo 4MIC+1FIC 4MIC+2FIC MIC: 1FE, 5FSW, 1E1, 1CE1, 1WiFi, 1SA, 2SA, 1ADSL2+, 4G.SHDSL.bis, 2G.SHDSL.bis, 1G.SHDSL.bis, 3G-WCDMA, 3G-CDMA2000 DMIC: 8FE2GE FIC: 2E1, 2CE1, 4E1, 4CE1, 8E1, 8CE1, 2F2C, 1GE, 4GE, 16FXS, 32FXS, 1GPON DFIC: X86, 18FSW-2SFP, 16GSW-4SFP USB Extension: WCDMA 3G, CDMA2000 3G

1MIC

2MIC

Interface module

MIC: 1E1, 1CE1, 1SA, 2SA, 1ADSL2+, 1FE, 5FSW, 4G.SHDSL.bis, 2G.SHDSL.bis, 1G.SHDSL.bis, 3G-WCDMA, 3G-CDMA2000 DMIC: 8FE2GE USB Extension: WCDMA 3G, CDMA2000 3G

Basic Firewall Features Working mode ASPF Access control Status validity check Blacklist and whitelist Security zone division Application protocol identification Anti-DDoS Bidirectional defense Dynamic fingerprint learning SYN flood SYN-ACK flood UDP flood HTTP flood Connection flood ICMP flood NAT Destination NAT/PAT Destination IP address (for NAT) on the same subnet with the IP address of the interface serving as the ingress Destination IP addresses and port numbers corresponding to one IP address and a specific port number (M:1P) Destination IP addresses corresponding to one IP address (M:1) Destination IP addresses corresponding to multiple IP addresses (M:M) No-PAT PAT Permanent mapping between addresses before and after NAT Address grouping of the source IP address pool NAT for source IP addresses beyond the interface subnet range NAT Server

Transparent, routing, and hybrid Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y

Y Y Y Y Y Y Y Y

Secospace USG2000 BSR/HSR Series

Model

Bidirectional NAT NAT ALG Extended NAT (infinite addresses) Policy-based destination NAT IPsec VPN IPSec VPN concurrent tunnels 64 DES, 3DES, and AES encryption Y MD5 and SHA-1 authentication Y Manually configured key, PKI, and IKEv2 Y Perfect Forward Secrecy (DH group) 125 Anti-replay attack Y Remote VPN access Y EAP authentication Y High Availability Master/Slave, master/master Y Configuration synchronization Y Firewall and IPSec VPN sessions Y synchronization Device fault detection Y Link fault detection Y User Identity Authentication and Access Control Built-in (internal) database Y RADIUS accounting Y Web-based authentication Y Public Key Infrastructure (PKI) PKI certificate format (PKCS #7 and #10) Y Automatic certificate registration (SCEP) Y Certificate Authority (CA) Y Self-signed certificate Y Routing BGP 10000 BGP peer 16 OSPF 10000 Scale of RIPv2 routing table 10000 Dynamic routing Y Static routing Y Source-based routing Y Policy-based routing Y Routing policy Y Number of policy-based routes 100 FIB 10000 Route iteration Y IPv6 Security OSPFv3 Y BGP4+ Y IPv6 IS-IS Y IPv6 policy-based routing Y GRE for BPG/OSPFv3/IS-IS Y Standard IPv6 ACL Y Extended IPv6 ACL Y IPv6 interface statistics Y NAT-PT (4 to 6 and 6 to 4) Y IPv6 ND/SEND Y

USG2120BSR Y Y Y Y

USG2100BSR/HSR USBG2130BSR/HSR USG2160BSR/HSR

USG2200BSR/HSR USG2205BSR/HSR USG2220BSR/HSR

2000

16000 128 16000 16000

100 16000

Secospace USG2000 BSR/HSR Series

Model

USG2120BSR

USG2100BSR/HSR USBG2130BSR/HSR USG2160BSR/HSR

USG2200BSR/HSR USG2205BSR/HSR USG2220BSR/HSR

Virtualization Maximum number of security zones 16 Maximum number of VLANs for each 4094 interface Management Web UI (HTTP/HTTPS) Y CLI (console) Y CLI (Telnet) Y CLI (SSH) Y U2000/VSM Y Hierarchical administrators Y Software upgrade Y Configuration rollback Y Logging/Monitoring Structured system log Y SNMPv3 Y Binary log Y Complementary log server (eLog) Y Dimensions, Power Supply, and Operating Environment Dimensions (W x D x H) 420*255*43.6 mm Weight 5Kg AC power supply DC power supply Power consumption Ambient temperature Ambient humidity Authentication Security authentication EMC authentication CB authentication RoHS FCC C-tick VCCI 90264VAC N 15W 040 5% to 95%, non-condensing Y Y Y Y Y Y Y 15W

442*414*43.6mm Bare device: 5.4 kg; Full configuration: 8 kg 90~264V 47~63Hz N Y 54w(BSR)/100w(HSR) 0 to 45 (runtime), 5 to 55 (transient condition) 5% to 95%, non-condensing

Subscription Information
Part Number 1.1 USG2120BSR-AC USG2130BSR-AC USG2130BSR-W-AC USG2160BSR-AC USG2160BSR-W-AC USG2205BSR-AC USG2220BSR-AC 1.2 USG2130HSR-AC USG2130HSR-W-AC USG2160HSR-AC Part Description BSR Series USG2120BSR AC Host, with HS General Security Platform Software USG2130BSR AC Host, with HS General Security Platform Software USG2130BSR AC Host, 802.11a/b/g/n, with HS General Security Platform Software USG2160BSR AC Host, with HS General Security Platform Software USG2160BSR AC Host, 802.11a/b/g/n, with HS General Security Platform Software USG2205BSR AC Host, with HS General Security Platform Software USG2220BSR AC Host, with HS General Security Platform Software HSR Series USG2130HSR AC Host, with HS General Security Platform Software USG2130HSR AC Host, 802.11a/b/g/n, with HS General Security Platform Software USG2160HSR AC Host, with HS General Security Platform Software Conguration Principle

Secospace USG2000 BSR/HSR Series

Part Number USG2160HSR-W-AC USG2205HSR-AC USG2220HSR-AC 1.3 MIC MIC-1E1 MIC-1CE1 MIC-3G-WCDMA MIC-3G-CDMA2000 MIC-1G.shdsl MIC-2G.shdsl MIC-4G.shdsl MIC-1FE MIC-5FE MIC-1SA MIC-2SA MIC-ADSL2+-MUL MIC-ADSL2+-SIN MIC-WIFI DMIC-8FE2GE FIC FIC-2E1 FIC-2CE1 FIC-4E1 FIC-4CE1 FIC-8E1 FIC-8CE1 FIC-2FE2FEC FIC-1GE-RJ45 FIC-4GE-RJ45 FIC-16FXS FIC-32FXS FIC-GPON DFIC DFIC-16GE4SFP DFIC-18FE2SFP DFIC-ESP-E DFIC-ESP-C USB extension card USB-3G-WCDMA USB-3G-CDMA2000

Part Description USG2160HSR AC Host, 802.11a/b/g/n, with HS General Security Platform Software USG2205HSR AC Host, with HS General Security Platform Software USG2220HSR AC Host, with HS General Security Platform Software Interface Extension Module of BSR/HSR Multi-Service Gateway 1-PORT E1 Interface Board(DB15), 3*1, with HS General Security Platform Software 1-PORT CE1 Interface Board(DB15), 3*1, with HS General Security Platform Software 3G-WCDMA Service Board, 3*1, with HS General Security Platform Software 3G-CDMA2000 Service Board, 3*1, with HS General Security Platform Software 1 Channel G.shdsl Interface Board, with HS General Security Platform Software 2 Channel G.shdsl Interface Board, with HS General Security Platform Software 4 Channel G.shdsl Interface Board, with HS General Security Platform Software 1-Port Fast Ethernet Electrical Interface Board(RJ45), 3*1, with HS General Security Platform Software 5-Port Fast Ethernet Switch Electrical Interface Board(RJ45), 3*1, with HS General Security Platform Software 1-Channel Sync/Async Serial Port Interface Card, 3*1, with HS General Security Platform Software 2-Channel Sync/Async Serial Port Interface Card, 3*1, with HS General Security Platform Software ADSL2+Multi-PVCs, 3*1, with HS General Security Platform Software ADSL2+ MIC, 3*1, with HS General Security Platform Software WLAN Service Board, with HS General Security Platform Software 8FE(RJ45)+2GE(RJ45) Mixed Interface Card, with HS General Security Platform Software 2-port Channelized E1 Interface Card, with HS General Security Platform Software 2-port E1&Fractional E1 Interface Card, with HS General Security Platform Software 4-port E1 Interface Card-DB44-75ohm, 1*1, with HS General Security Platform Software 4-port Channelized E1 Interface Card-DB44-75ohm, 1*1, with HS General Security Platform Software 8-port E1 Interface Card-DB44-75ohm, 1*1, with HS General Security Platform Software 8-port Channelized E1 Interface Card-DB44-75ohm, 1*1, with HS General Security Platform Software 2FE(RJ45)+2FE(RJ45&SFP) MIXED INTERFACE CARD, 1*1, with HS General Security Platform Software 1-port GE Electrical Interface Card(RJ45), with HS General Security Platform Software 4GE(RJ45)Electrical Interface Board, 1*1, with HS General Security Platform Software 16-port FXS interface board 32-port FXS interface board 1-port GPON FIC Board 16GE(RJ45)+4GE(SFP) Mixed Interface Card, with HS General Security Platform Software 18FE(RJ45)+2GE(SFP) Mixed Interface Card, with HS General Security Platform Software Safety Product, USG2200, SU11X86HS02, Enhanced Services Platform Enterprise Version, X86 Board, CPU T7500, 2GB Memory, 160G Enterprise Hard Disk Safety Product, USG2200, SU11X86HS01, Enhanced Services Platform Common Version, X86 Board, CPU T7500, 2GB Memory, 160G Universal Hard Disk SRG, SRGM1WCDMA, USB 3G WCDMA Card SRG, SRGM1CD2K, USB 3G CDMA2000

Conguration Principle

About this publication The information contained in this document is for reference purpose only, do not constitute the warranty of any kind,experss or implied. It is subject to change or withdrawal according to specific customer requirements and conditions. All the trademarks, pictures, and brands mentioned in this document are the property of Huawei Symantec Technologies Co.,Ltd or their respective holders.

Copyright 2010 Huawei Symantec Technologies Co., Ltd. All rights reserved. Version No.: M3-110019999-20101206-V-1.0