Secospace USG5300

Secospace USG5300
Secospace USG5300
Product Overview
With the dramatic increase in threats to networks, users are
become ever more concerned by application- and service-
based network security problems. As security threats such
as malicious intrusions, phishing Web sites, Trojan horse
programs, and P2P applications proliferate, the efficiency of
enterprise networks is reduced and their security threatened.
Huawei Symantec Technologies Co., Ltd. (hereafter referred to
as Huawei Symantec) is dedicated to providing comprehensive
network security solutions for users. Huawei Symantec
organizes an industry-leading network protocol analysis team
Product Family
USG5310/5320/5330/5350/5360
Product Features
Perfect Firewall Functions
•• Advanced Architecture and Platform
Adopting an advanced multi-core hardware architecture
and multi-thread concurrent processing, the USG5300 series
optimizes the security service processing flow, especially the
processing of header packets. All these features equip the
USG5300 series with an industry-leading firewall indicator —
the number of new connections per second – enabling it to
easily deal with mass network traffic. Moreover, the USG5300
series separates data decapsulation and in-depth detection,
and concurrently implements multiple types of in-depth
detection, considerably promoting the performance of its in-
depth detection state. With ten years of successful commercial
application, the mature VRP software platform furnishes the
and possesses the industry’s most comprehensive protocol
library. These unique resources allow Huawei Symantec to
offer in-depth analysis of network threats aimed at different
protocols, and provides users with technical support to
combat a wide range of network security problems.
Developed by Huawei Symantec, the USG5300 series is a new-
generation multi-function firewall. Delivering comprehensive
advanced security functions such as VPN, IPS, anti-virus, and
URL filtering, it provides all-around security protection to
safeguard the efficient running of network systems.
USG5300 series with a robust, reliable security operating
system.
•• Industry-leading Performance
Multi-core concurrent processing technology substantially
enhances the USG5300’s per formance allowing it to
concurrently process dozens of threads. With three industry-
leading performance indexes, the USG5300 provides an
exceptional performance experience for customers. New
connections per second, the key firewall performance indicator,
can comfortably reach 150,000, setting a clear lead for the
industry. Quickly setting up a large number of connections for
network access, the USG5300 provides high-speed forwarding
rates and low delay. This performance advantage also enables
the USG5300 to effectively process burst and attack traffic – fully
Secospace USG5300
meeting customer demand for high-speed bandwidth increase.
•• Super-Capacity VPN
As an organization extends its service, the number of branches
and employees on business trips increases, imposing more
demands for encrypted data transmission. Supporting
L2TP, GRE, and IPSec VPN functions, the USG5300 series
facilitates flexible selection and configuration. Its advanced
hardware architecture allows for high VPN performance
and 15000 VPN tunnels, freeing users from worries about
the security of encrypted data transmission. The data of
various network applications, including heavy-traffic video
and audio applications, can be transmitted at high speed
in the encrypted tunnel, enabling users to enjoy Gbps-level
encrypted data transmission.
Note: The VPN function is optional. Customers can purchase related license
to apply this function.
•• Powerful DDoS Defense
Protecting key network services against DDoS attacks is a vital
security problem for organization-level users. With the large
number of new connections per second, the USG5300 series
defends against DDoS attacks at speeds of up to millions of
packets per second, providing effective DDoS defense for
users' service systems. Based on its powerful protocol analysis
capability, the USG5300 series accurately identifies and
controls many DDoS attacks such as SYN, UDP, ICMP, and DNS
floods, and CC attacks. It also identifies and defends against
worm-infected traffic. By integrating Huawei Symantec’s
proprietary ICA, the USG5300 series precisely identifies DDoS
traffic without affecting users' access, providing genuine
security protection on complicated networks. All these confirm
that the USG5300 series is the industry’s leading DDoS defense
solution.
•• Accurate P2P Traffic Control
P2P traffic is a broadband killer. Disrupting service applications,
it is a key concern for most organizations. In practice,
controlling P2P traffic is extremely difficult due to protocol
flexibility. Utilizing Huawei Symantec’s powerful network
protocol analysis capability, the USG5300 series precisely
identifies up to 50 types of P2P traffic. It supports library
upgrades and with each upgrade, the number of protocols
that can be identified increases. In so doing, the USG5300
series controls the P2P traffic of abundant protocols at Kbps-
level speeds. Moreover, the USG5300 series controls different
modes of P2P traffic such as single user-based, group-based,
and global control, effectively safeguarding bandwidth
resources. By helping users plan network traffic, it dramatically
enhances a network’s application value.
Leading UTM Functions
•• IPS Intrusion Detection
Using Symantec's advanced IPS detection engine, the IPS
Intrusion Detection function efficiently and accurately scans
network packets. Any IPS evasion and deception techniques
are also accurately identified. With advanced software and
hardware platforms, and a rich signature library, the USG5300
series unified security gateway rapidly and accurately identifies
any application layer attacks mixed in with normal traffic.
Symantec's global deployment of honeypot systems catches
the latest attacks, worms, Trojans and other threats, instantly
extracting their signatures and providing timely updates. The
USG5300 series unified security gateway offers zero-attack
defense capability.
•• Anti-Virus
Using Symantec's advanced virus detection engine, an Anti-
Virus function efficiently and accurately detects viruses
hidden in network traffic. Advanced software and hardware
platforms, and a rich Accessible Virus library provide the
USG5300 series with unique antivirus capabilities allowing it to
identify compression shelling and other techniques to evade
detection.
Symantec's global distribution network of analysis virus
monitoring, and professional team of the virus, USG5300
series of unified security gateways can obtain the latest virus
signatures and the latest anti-virus engines timely. USG5300
series unified security gateway can keep high efficiency and
precise antivirus ability.
•• URL Filtering
Using an advanced matching engine, the URL filtering
function greatly shortens URL match times and makes URL
filtering more efficient. A huge URL classification database
Secospace USG5300

and powerful URL classification capabilities allow for accurate
URL filtering. A flexible security policy allows the URL
filtering function to apply to most scenarios. Friendly, easy
configuration greatly improves the URL filtering function's
usability. Thanks to all these features, the USG5300 series
unified security gateway offers powerful functionality together
with ease of operation and maintenance.
been guiding principles in the design of the USG5300 series.
Numerous components have been optimized to reduce power
consumption. Indeed the USG5300 series uses only 25% of
the power consumed by similar products, greatly reducing
maintenance costs.
The USG5300 series strictly adheres to the European Union's
"Restriction on the use of Hazardous Substances in Electrical
and Electronic Equipment" (RoHS) code. Constructed of

Eco-friendly Experience pollution-free, environmentally-friendly materials, it will

"High performance and low power consumption" have enhance your green credentials.

Typical Networking

USG2000

Branch
Remote user IPSec VPN
IPSec VPN
Internet VPN tunnel

Fir Key service system

VP ewall
USG2000 URL Anti-v IPS N
filte irus
ring Link aggregation
SOHO
IPSec or L2TP VPN
USG5300

Data center Intranet

Online behavior management

Typical networking diagram of the USG5300

Secospace USG5300

Product Specifications
Model USG5310 USG5320 USG5330 USG5350 USG5360

Firewall Maximum throughput 1.5 Gbps 2 Gbps 4 Gbps 6 Gbps 8 Gbps

IPS Goodput(UDP) 600Mbps 800Mbps 1Gbps 1.3Gbps 1.5Gbps

AV Goodput 60Mbps 80Mbps 100Mbps 130Mbps 150Mbps

URL Filtering Support Support Support Support Support

Connections per second 50,000 60,000 80,000 100,000 150,000

Number of concurrent connections 1,600,000 1,600,000 1,600,000 2,000,000 2,000,000

Maximum VPN throughput 1 Gbps 2 Gbps 4 Gbps 5 Gbps 6 Gbps

Number of VPN tunnels 15,000 15,000 15,000 15,000 15,000

Maximum number of ACL rules 30,000 30,000 30,000 30,000 30,000

Maximum GTP throughput 1.5 Gbps 2 Gbps 4 Gbps 6 Gbps 8 Gbps

Maximum number of GTP tunnels 200,000 200,000 200,000 200,000 200,000

Maximum number of virtual firewalls 100 100 100 100 100

4 GE optical and electrical (mutually exclusive) interfaces

Fixed interface 1 console port
2 USB interfaces

Number of extension slots 2

4×FE (10/100M) interface module

Type of extension modules 2×GE optical and electrical interface module
4×GE interface module

Dimensions (mm) (W×D×H) 436×560×44.2

Weight 10 kg

AC: 100 V to 240 V

Input voltage
DC: -48 V to -60 V

Maximum/Average power 100/75 W

Mean Time Between Failures (MTBF) 37.54 years

Secospace USG5300

Secospace USG5300

The information contained in this document is for reference purpose only, do not constitute the warranty of any kind, experss or implied. It is
subject to change or withdrawal according to specific customer requirements and conditions.
All the trademarks, pictures, and brands mentioned in this document are the property of Huawei Symantec Technologies Co., Ltd or their
respective holders.

Copyright ©2010 Huawei Symantec Technologies Co., Ltd. All rights reserved.

Version No.: M3-110019999-20100426-V-2.0