Secospace USG9300

V100R001

Secospace USG9300
Secospace USG9300

Product Overview Product Family

With the emergence of the triple play, Web 2.0, P2P, video
streaming, and high definition broadband, the need for
network bandwidth is rising exponentially. Gigabit and
10-Gigabit are no longer new concepts. Many switches
and routers have high-capacity 10G inter faces. Large
enterprises and organizations, such as financial organizations,
governments, and educational institutions are integrating
services and expanding their networks. Traditional firewalls
inevitably form a bottleneck as they are not sufficient for high-
speed networks.
Based on its rich experience of hardware design, Huawei
Symantec has launched its professional 10-Gigabit security
gateway device: the USG9300. Combining the professional
network processor (NP) chip with distributed hardware, the
USG9300 features advanced NP+multi-system+distributed
architecture. The USG9300 provides firewalls with high Virtual
Private Network (VPN) performance that satisfies requirements
for high reliability and performance. The security of high-end
applications can be met with low CAPEX and the USG9300 can
be applied to high-speed networks, large financial data centers,
large Web sites, governments, and the vertical networks of
large enterprises. USG9310 USG9320

Product Features
Advanced NP+multi-system+distributed anti-DDoS, and VPN services. The USG9300 series includes

architecture — breaking traditional the USG9310 and the USG9320. They have 8 and 16 slots

performance bottlenecks respectively and support multiple service modules. The

The USG9300 adopts architecture in which the control USG9300 adopts the distributed concurrent processing

modules, interface modules, and service processing modules mechanism, which greatly enhances product performance.

are mutually independent. Based on dual NPs, the interface Therefore, users can expand capacity with low investment.

module ensures the line-speed forwarding of interface traffic.

With multi-core and multi-thread architecture, the service High firewall performance — guaranteeing
processing module ensures the high-speed concurrent key services
processing of multiple services, such as the Network Address The three main indexes of the USG9300 — throughput,
Translation (NAT ), Application Specific Packet Filter (ASPF), new connections per second, and maximum number of
Secospace USG9300

concurrent connections — lead the industry. The throughput
of one service processing module is 10G, the number of new
connections per second is 250000, and the maximum number
of concurrent connections is 4000000. The specifications of
one processing module already exceed that of a 10-Gigabit
firewall. The USG9300 has a maximum of 8 service processing
modules, and its overall throughput reaches 80G. The number
of new connections per second is 2000000; the maximum
number of concurrent connections is 32000000; and the
number of virtual firewalls is 1024. The high performance
and scalability of the USG9300 can meet high-end users'
requirements for high performance.
Stable and reliable security gateway —
ensuring service consistency
Network security is vital for enterprises. The USG9300 supports
reliable networking functions, such as the hot swapping of
redundant components (the interface, fan, and power supply),
dual processing engines, active/standby mode, and active/
active mode. Different SPUs of the USG9000 support load
balancing and mutual hot backup, so an anomaly in a single
board will not compromise the entire system. Working in
tandem with the Huawei Symantec BYPASS devices, services
are not be interrupted even if a device becomes faulty or a
power failure occurs. The mean time between failures (MTBF)
of the USG9300 is up to 500000 hours, and the failover time is
less than 0.1 second. Thus, service stability is guaranteed.
enterprises, DCs, and MANs.
Optimal VPN performance — adapting to
requirements for encrypted transmission of
mass services
With the popularity of network applications, more services
need to be securely transmitted on the public network.
Subsequently, services that require mass the VPN access
gateway of 100-Gigabit emerge, such as mobile security
access, SMS push, and email push. The USG9300 provides a
maximum of 64G encryption and decryption and supports
320000 concurrent VPN tunnels to form the industry’s highest
performing Virtual Access Gateway.
The USG9300 also supports IKEv2 and enhances the functions
of user authentication, packet authentication, and NAT
traversal. Therefore, the USG9300 eliminates the hidden
hazards of man-in-the-middle attacks and DDoS attacks, and
supports wireless authentication protocols, such as EAP-SIM
and EAP-AKA. This guarantees wireless network security.

Extensive network interfaces — facilitating

networking
In addition to the high-density Ethernet interfaces of 5 x GE, 10
x GE, 24 x GE, and 1 x 10GE, the USG9300 also supports the POS
interfaces frequently used in backbone networks, including 8 x
155M, 4 x 622M, 4 x 2.5G, and 1 x 10G. It can also connect with
Synchronous Digital Hierarchy (SDH) devices. These features
serve to enhance transmission efficiency. The USG9300 has
a maximum interface capacity of 160G, and provides eight
10GE interfaces and 196 GE interfaces. It supports cross-board
binding to meet the requirements for interface capacity and
density and complex networking scenarios, such as for large
Secospace USG9300

Typical Networking Scenario

Internet

10G 10G

USG9300

A Iarge-scale IDC

Basic services Value added Management & Other services

services Maintenance services

Defense solution for a large IDC

10-Gigabit link
Gigabit link
100M link

USG9300 Headquarters

Private networks
USG5000

Provincial branches
Private networks
Metroplitan branches
USG2000

Defense solution for vertical network headquarters of governments and large enterprises
Secospace USG9300

Mass concurrent VPN access

IPSec security tunnel IKEv2 support
AP

Business server
Hundreds or thousands of APs Public network Intranet

DSLAM Route AG
AP USG9300
Firewall/VPN Business server

Application of mass wireless VPN access

Product Specifications
Model USG9310 USG9320

8 slots, in which SPUs and LPUs can be 16 slots, in which SPUs and LPUs can be
Number of slots
inserted. inserted.

Throughput 10G×4 10G×8

Number of concurrent connections 4000000×4 4000000×8

Number of new connections per second 250000×4 250000×8

VPN performance 8G×4 8G×8

Number of VPN tunnels 40000×4 40000×8

Number of virtual firewalls 1024 1024

Hot swapping of modules and components, dual-system hot backup, link aggregation, dual
Reliability
main control boards, and BYPASS

Ethernet interface 5×GE, 10×GE, 1×10GE, 24×GE (optical or electrical)

Interface type
POS interface 8×155M, 4×622M, 4×2.5G, 1×10G

Maximum number Ethernet interface 96×GE, 4×10GE 192×GE, 8×10GE

of interfaces POS interface 16×2.5G, 4×10G 32×2.5G, 8×10G

Dimensions (mm) (W×D×H) 442×669×886 442×669×1600

Weight 100kg 150kg

Power 700W 900W

Mean time between failures (MTBF) 57 years 57 years

Secospace USG9300

Secospace USG9300

The information contained in this document is for reference purpose only, do not constitute the warranty of any kind, experss or implied. It is
subject to change or withdrawal according to specific customer requirements and conditions.
All the trademarks, pictures, and brands mentioned in this document are the property of Huawei Symantec Technologies Co., Ltd or their
respective holders.

Copyright ©2010 Huawei Symantec Technologies Co., Ltd. All rights reserved.

Version No.: M3-110019999-20100120-V-1.0