huawei secospace usg2000&5100 how to beat · •the usg series supports multiple upstream...

HUAWEI TECHNOLOGIES CO., LTD.

enterprise.huawei.com

HUAWEI Secospace USG2000&5100 How

to Beat

Huawei Enterprise A Better Way

HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential


Key industries

Government sectors (including vertical industries such as the Information Commission and Tax Administration),

educational fields (such as colleges, high schools, middle schools, and primary schools), energy industry,

common affair sectors, large- and medium-sized enterprises, and SMBs.

Major vendors and their products

Cisco ASA series

Juniper SRX series

Checkpoint 2012/UTM-1 series

Fortinet FortiGate series

SECWORLD X/F/G series

The competition strategies, including company competition strategies and tender strategies, are described in

this document.

Key Information



Content

Basic Feature

Bidding Guidance

1

3

In-Depth Analysis 2



1

10

40

100

Gbit/s

4

Object of this competition analysis

20

USG9580

USG9560

USG9520

USG5530/50/60

USG5530S

USG5520S

USG5150

USG5120

USG2260

USG2230

USG2160

USG2110

8

6

2

USG Mid/Low-end Overview — Location in the USG Series



Headquarters of a small

enterprise

Large or medium-sized branch

USG Mid/Low-end Series Portfolio

USG2160

USG2230

USG2260

USG5120

USG5150

USG2110F/FW/AW/AGW

Remote site

Representative office

Representative

office

Small branch

Headquarters

Large branch



Regions and language coverage Target price

Performance range

Firewall throughput: 120 Mbit/s to 6 Gbit/s

Target industries and scenarios

Industry Enterprise, hotel Enterprise, government,

finance

Enterprise, government,

school

Enterprises,

government Finance

Scenario Egress protection at

network borders

Branch-headquarters

interconnection Intranet protection

Internet access

behavior

management

ATM access for banks

Product Positioning

•Regions: Inside China, Europe, the Middle East, Africa, Latin America, Russia, and other regions

•Language coverage: Chinese-speaking, English-speaking area, and other areas

Inside China: RMB 990 to 22,800

Outside China: $150 to $3,800

Inside China Outside China

Vertical industries Large- and medium-sized enterprises SMB Medium-sized

enterprises

Large- and medium-

sized enterprises

Including telecommunications,

government, finance, and energy sectors.

Including large-sized enterprises, educational

sectors, and broadcasting and television sectors 1-50 50-100 100-500

Target markets



Drive Egress Protection at

Network Borders

Branch-Headquarters

Interconnection

Intranet

Protection

Online Behavior

Management

ATM Access for

Banks

Lower TCO ★★★ ★★★ ★★★ ★★★ ★

Anti-virus ★★★ ★★ ★★★ ★★★ ★

Anti-attack ★★★ ★★ ★★★ ★★★ ☆

Anti-spam ☆☆ ★★ ★★ ★★★ ☆

Intrusion

prevention ★★★ ★★★ ★★★ ★★ ★★

Security zones ★★ ★★★ ★★★ ★★ ★

WLAN ★ ★★★ ★★★ ★★★ ★★★

VPN

interconnection ★ ★★★ ★★ ★★ ★★

Summary:

•Enterprise customers attach more importance to security and online behavior management.

•VPN is desired in ATM access for banks and branch-headquarters interconnection.

•Enterprise customers require lower TCO.

Target Scenario — Purchase Drive Analysis



Factor Egress Protection at

Network Borders

Branch-

Headquarters

Interconnection

Intranet

Protection

Online Behavior

Management

ATM Access for

Banks

(ATM Unattended)

Price ★★★ ★★★ ★★★ ★★★ ★★★

Availability ★★★ ★★★ ★★★ ★★★ ★★★

Anti-DDoS ★★★ ★★ ★★★ ★★ ★★

UTM ★★★ ★★ ★★★ ★★★ ★

High

performance ★★★ ★★★ ★★★ ★★★ ★★

After-sales

service ★★ ★★ ★★ ★★ ★

Energy saving ★★ ★★★ ★★★ ★★★ ★

Summary:

•Price and reliability are important factors in all scenarios.

•Enterprise customers attach great importance to UTM.

•DDoS is desired in egress and intranet protection.

Target Scenario — Product Selection Factors



Juniper Cisco Fortinet SECWORLD

Government √

Finance √ √ √ √

Education √

Energy

Enterprises √ √ √

Outside China √ √ √

(TOP N)

Major Peer Vendors



200 Mbit/s

USG2160-0.2

USG5150-0.9

USG5120-2.5

5550/5512-X-1.2 SRX240-1.5

SRX650-7

50B-0.1

80C-0.7

40C-0.2

110C/60C-1

200B-5

UTM-1 1070-3

4205/2205-3

UTM-1 570-2.5

Cisco Juniper Fortinet CheckPoint

400 Mbit/s

1 Gbit/s

4 Gbit/s

5520-0.45

5540-0.65

G30-6

SECWORLD

USG5150-4

USG2260-2

USG2110-

0.18

G7-4866-4.5

G7/F10-2

F6-3618-1.5

F6-0.8

F3-2804-0.3

F3-2683-0.2

F3-2643-0.15

5555-X-4

5510-0.3

5505-0.15

SRX220-0.95

SRX210-0.75

SRX100-0.65

20C-0.02

U270/130-1.5

EdgeN-1

Competition Between USG2000/5100 and Peer Vendors' Products

5512-X-1

5525-X-2

5545-X-3



Advanced and reliable UTM features

Symantec IPS and AV engines providing industry leading detection ratios

Diversified anti-spam and mail filtering, URL filtering, and Web content filtering functions

UTM virtualization, with firewall and UTM security defense policies configurable on each virtual firewall

Comprehensive Service Awareness

Capable of identifying more than 1200 application protocols

Massive security policies or data center for massive data exchange

Isolation of multiple security zones

Large capacity NAT (Large capacity NAT sessions and unlimited NAT)

Egresses of campus networks, large-sized intranets, Broadcasting & Television MANs, and Internet

IPv6

Universities, large institutes, laboratory networks, and carriers

Highlights



UTM

•IPS

Originates from Symantec core engine technology, IPS engine, which provides 3000 IPS signatures.

Provides security protection based on operating system vulnerabilities and security protection against redirected downloads from malicious websites, detects fake application programs, spyware, and adware, and identifies application protocols.

•AV

Originates from Symantec core engine technology, antivirus engine, which provides a database containing 7 million virus signatures. In 2009, Symantec IPS and antivirus engines detected more than 3 billion attacks, and Symantec antivirus engine detected more than 73 billion new malware.

Provides multi-thread scanning technology and the application program-irrelevant scanning technology that detects the irrelevance of modes, platforms, deployment places, and regional languages.

•Content security

Provides online behavior management to filter users' Web-based behaviors and outgoing mails by content, keyword, and file type, ensuring the work efficiency and network bandwidth.

Comprehensive Web filtering and malicious URL filtering using a URL category database that contains 65 million categories and real-time monitoring of 9 million domain names.

Has profound technology accumulation in Service Awareness and an industry-leading protocol analysis team, and identifies more than 10000 network protocols

Mail filtering: originates from Symantec mail filtering database and analyzes the sender/receiver address, mail body, keyword, and attachment based on the IP reputation database to eliminate spam.

UTM virtualization technology

Ease-of-use

•User-based unified security policy: delivers user-based access control, traffic limiting, application control, and content security, including IPS, antivirus, and online behavior control function, and provides a unified portal so that all security policies can be configured on one page.

•Zero configuration of the IPS/antivirus engine (automatic identification)

IPv6

•Industry-leading IPv6 support, including IPv6 features such as routes, QoS, ACLs, 4to6, and 6to4. The USG series has passed the highest IPv6 Ready authentication and supports all mainstream IPv6 transition solutions.

High-Density Interfaces

•The USG series supports multiple upstream access modes for the WAN and complete wireless networking. The device provides a maximum of 88 GE interfaces.

Highlights (Based on Product Selection Factors)



Overview of Peer Vendor’s Weaknesses

Competitor Weakness Cisco ASA Does not support Service Awareness

functions such as P2P rate limiting.

AV and IPS cannot be enabled at the same time.

Identifies far less protocols than USG.

The firewall performance, new connections per second,

concurrent connections are lower than those of USG.

More expensive. The price of USG is only 13% to

44% of the transaction price of ASA in the same

class.

Juniper SSG Does not support SSL VPN. The small packet throughput of SSG is far lower than that of

the USG.

More expensive. The price of the USG is only 30%

to 87% of the transaction price of the SSG in the

same class.

CheckPoint UTM-1 Does not support optical ports.

Does not support DC power supply or power

redundancy.

Only UTM-1 Edge N ADSL model supports

express 3G card. Other models do not

support built-in or USB 3G card.

UTM-1 Edge does not support SSL VPN.

UTM-1 series does not support expansion interface cards.

The firewall throughput of UTM-1 series is not as high as

claimed, and the small packet throughput is lower than that of

the USG.

The number of IPS signatures of the UTM-1 series is 1000+,

whereas that of the USG is 2500+.

The URL database of the UTM-1 contains only 25 million

URLs, whereas that of the USG contains 65 million.

The UTM-1 series does not support dynamic

routing, which may incur extra costs for customers

to buy more advanced network devices.


to 94% of the transaction price of UTM-1 in the

same class.

Fortinet FortiGate Has a lower port density. The new connections per second, concurrent connections,

and VPN throughput are lower than those of the USG.

The anti-virus product has a low detection ratio, and the IPS

product has a small number of new connections per second.


to 93% of the transaction price of the FortiGate in

the same class.

Sonicwall The lower-end and mid-range Sonicwall

products do not support GE optical ports.

The Sonicwall series does not support

expansion interface cards.

The Sonicwall series does not support MPLS

VPN.

The concurrent connections and new connections per second

of the Sonicwall products are lower than those of the USG.

The Service Awareness function of the Sonicwall

must be purchased separately; whereas that of the

USG is free of charge.

More expensive. The price of most USG products

is only 60% to 91% of the Sonicwall in the same

class.

Page 13


Huawei Enterprise A Better Way Hardware and Function Comparison

Vendor HW Cisco Juniper CheckPoint Fortinet Sonicwall

Model USG2110 ASA5505 SSG5-SH SSG20-SH UTM-1 EdgeN FGT 20C FGT 50/51B TZ-100 TZ-200

Transaction Price $148 $497 $450 $550 $270 ? $449 $148 $248

Fixed port 2 FE+8 FE 8 FE 7 FE 5 FE 6 GE 5 GE 5 FE 5 FE 5 FE

Expansion slot N 1 SSC N 2 Mini-PIM N N N N N

Firewall performance

(bit/s)

180 M 150 M 160 M 160 M 1 G 20 M 50 M 100 M 100 M

VPN performance 40 M 100 M 40 M 40 M 200 M 20 M 48 M 75 M 75 M

Number of concurrent

connections

100 K 10 K/25 K 16 K 16 K 60 K 10 K 25 K 12 K 6 K

Number of new

connections per

second

2 K 4 K 2.8 K 2.8 K ? 1 K 2 K 1 K 1 K

WI-FI Y N Supported by -

E

Supported by -

E

Supported by -W Supported by

Wi-Fi models

Y N Y

3G Y N N N Only ADSL models

support express 3G

data cards.

N N Y Y

SSL VPN 5 Y N N N Y Y 1(10) 1(5)

AV 31 M N Y Y Y 20 M 50 M 50 M 35 M

IPS 24 M 75 M Y Y 30 M 20 M 19 M 70 M 50 M

IPv6 Y Y Y Y Y Y Y Y Y

URL filtering Y N Y Y Y Y Y Y Y

MPLS Y N N N N N N N N

Height Desktop Desktop Desktop Desktop Desktop Desktop Desktop Desktop Desktop

USG2110 is absolutely unmatched in terms of performance and number of concurrent connections.

USG2110 has full security features and supports SSL and UTM.



Hardware and Function Comparison Vendor HW CheckPoint SonicWall

Model USG2160 UTM-1 Edge X TZ-210

Transaction Price $340 $340 $398

Fixed port 1 WAN+8 LAN 6 FE 2 GE+5 FE

Scalability 1 MIC N N

Firewall performance (bit/s) 200 M 190 M 200 M

VPN performance (bit/s) 50 M 35 M 75 M

Number of concurrent connections 200 K 8 K 30 K

Number of new connections per second 3 K ? 1.5 K

WI-FI Y N Y

3G Y N Y

SSL VPN 5(20) N 2 (10)

AV 31.4 M Y 70 M

IPS 24 M 5 M 110 M

IPv6 Y Y Y

URL filtering Y Y Y

MPLS Y N N

Height Non-standard 1 U Desktop Desktop

USG2160 is absolutely unmatched in terms of price, number of concurrent connections, and number of new connections per second.


USG2160 is scalable.


Huawei Enterprise A Better Way Hardware and Function Comparison Vendor HW Cisco Juniper Fortinet SonicWall

Model USG2230 ASA 5510 ASA 5520 SSG 140-

SH

SSG 320M-SH SSG 350M-SH SSG 520M-SH FGT 80C/CM NSA 220 NSA 240 NSA 250M NSA 2400

Transaction

Price

$520 $1,777 $3,997 $1,600 $2,000 $2,500 $3,250 $838 $548 $598 $748 $1,248

Fixed port 2 GE

Combo

6 GE+3 FE 8 GE+1 FE 8 FE+2

GE

4 GE 4 GE 4GE 9 GE 7 GE 3 GE+6

FE

5 GE 6 GE

Expansion slot 1 FIC+4

MIC

1 SSM 1 SSM 4 PIMs or

2 UPIMs

3 PIMs or 1 PIM

+ 1 uPIM

5 PIMs or 1 PIM

+ 2 uPIMs

6 PIMs or 2

PIMs + 2 uPIMs

Y N N N N

Firewall

performance

(bit/s)

900 M 300 M 450 M 350 M 450 M 550 M 650M 700 M 600 M 600 M 750 M 775 M

VPN

performance

300 M 170 M 225 M 100 M 175 M 225 M 300M 80 M 150 M 150 M 20 M 300 M

Number of

concurrent

connections

1000 K 50/130 K 28 K 48 K 64 K 128 K 128K 100 K 85 K 85 K 110 K 225 K

Number of new

connections per

second

20 K 9 K 12 K 8 K 10 K 12.5 K 10K 5 K 2 K 2 K 3 K 4 K

WIFI Y N N N N N N Wi-Fi model Y Y Y Y

3G Y N N N N N N Y Y Y Y N

SSL 5(100) Y Y N N N N Y 2 (15) 2 (15) 2 (15) 2 (25)

AV 500M 150 M 225 M Y Y Y Y 100 M 115 M 115 M 140 M 160 M

IPS 370M 150 M 225 M Y Y Y Y 350 M 195 M 195 M 250 M 275 M

IPv6 Y Y Y Y Y Y Y Y Y Y Y Y

URL filtering Y Y Y Y Y Y Y Y Y Y Y Y

MPLS Y N N N N N N N N N N N

Height 1U 1U 1U 1U 1U 2U 2U Desktop Desktop Desktop Desktop 1U

USG2230 is absolutely unmatched in terms of firewall performance, VPN performance, concurrent connections, and new connections per second, and its

price is higher only than NSA240/220.





Vendor HW Cisco Juniper Fortinet CheckPoint

SonicWa

ll

Model USG2260 ASA 5540 ASA 5550 SSG 550M-SH FGT

110C/111C

60C UTM-1 130 UTM-1

270

NSA

3500

Transaction price $1,138 $8,497 $9,997 $5,250 $1,847 $1,405 $1,400 $1,920 $1,698

Fixed WAN+LAN ports 2 GE Combo 8 GE+1 FE 16 GE+1 FE 4 GE 2 GE+8 FE 8 GE 4 GE+1 FE 4 GE 6 GE

Cards 2 FIC+4 MIC 1 SSM N 6 PIMs or 2 PIMs

+ 2 uPIMs

N Y N N N

Throughput(bit/s) 1.5 G 650 M 1.2 G 1 G 1 G 1 G 1.5 G 1.5 G 1.5 G

VPN performance(bit/s) 500 M 325 M 425 M 500 M 100 M 70 M 120 M 120 M 625 M

Concurrent connections 1000 K 400 K 650 K 256 K 400 K 80 K 600 K 600 K 325 K

New connections/s 20 K 25 K 36 K 15 K 10 K 3 K ? ? 7 K

WIFI Y N N N N Y (Wi-Fi

model)

N N Y

3G Y N N N N N N N Y

SSL 5(100) Y Y N ? Y Y Y 2(30)

AV 500M 500 M N Y 160 M 40 M Y Y 350 M

IPS 370M 500 M N Y 450 M 100 M 1 G 1 G 750 M

IPv6 Y Y Y Y Y Y Y Y Y

URL filtering Y Y N Y Y N Y Y Y

MPLS Y N N N N N N N N

Height 1U 1U 1U 2U 1U Desktop Desktop 1U 1U

USG2260 is absolutely unmatched in terms of price, VPN performance, and number of concurrent connections.





Vendor HW CheckPoint

Model USG5120 UTM-1 570

Transaction Price $1,898 $3,600

Fixed WAN + LAN ports 2GE +2GE Combo 6GE

Cards 2DFIC+2FIC+4MIC N

Firewall performance (bit/s) 2G 2.5G

VPN performance (bit/s) 1G 300M

Number of concurrent connections 1200K 650K

Number of new connections per second 40K ?

WIFI Y N

3G Y N

SSL VPN 5 (150) Y

AV 725M Y

IPS 770M 1.7 G

IPv6 Y Y

URL filtering Y Y

MPLS Y N

Height 2U 1U

USG5120 is absolutely unmatched in terms VPN performance, number of concurrent connections and new connections per second.




Huawei Enterprise A Better Way Hardware and Function Comparison Vendor HW CheckPoint SonicWall

Model USG5150 UTM-1 1070 UTM-1 2070 NSA 4500 NSA E5500

Transaction Price $3,798 $6,360 $8,360 $2,498 $4,998

Fixed WAN + LAN ports 4 GE Combo 6 GE 6 GE 6 GE 8 GE

Cards 4 DFIC+2 FIC+4 MIC N N N N

Firewall performance (bit/s) 3.9 G 3 G 3.5 G 2.75 G 3.9 G

VPN performance (bit/s) 2 G 350 M 450 M 1 G 1.7 G

Number of concurrent connections 1200 K 1100 K 1100 K 500 K 750 K

Number of new connections per

second

40 K ? ? 10 K 15 K

WIFI Y N N Y Y

3G Y N N Y Y

SSL VPN 5 (200) Y Y 2 (30) 2 (50)

AV 725M Y Y 690 M 1 G

IPS 770M 2.2 G 2.7 G 1.4 G 2 G

IPv6 Y Y Y Y Y

URL filtering Y Y Y Y Y

MPLS Y N N N N

Height 3U 1U 1U 1U 1U

USG5150 is absolutely unmatched in terms VPN performance, number of concurrent connections and new connections per second, and its price is higher

only than NSA4500.





Content

Basic Feature

Bidding Guidance

1

3

In-Depth Analysis 2



Model 5505 5510 5520 5540 5550 5512-X 5515-X 5525-X 5545-X 5555-X

Price RMB

2,380/$497

RMB14,680/$1,

777

RMB

33,580/$3,997

RMB

67,980/$8,497

RMB

79,980/$9,997 $1,998 $2,498 $4,498 $8,998 $12,498

Throughput

(bit/s) 150M 300M 450M 650M 1.2G 1G 1.2G 2G 3G 4G

New

connections

per second

4K 9K 12K 25K 36K 10K 15K 20K 30K 50K

Concurrent

connections 25K 130K 280K 400K 650K 100K 250K 500K 750K 1000K

Fixed ports 8FE 8FE+2GE 1FE+4GE 1FE+4GE 1FE+8GE+1SF

P 6GE 5GE 8GE 8GE 8GE

Maximum

interfaces Unscalable Unscalable Unscalable Unscalable Unscalable 12GE 12GE 14GE 14GE 14GE

Power supply Single AC Single AC Single AC Single AC Single AC Single AC Single AC Single AC Single AC Single AC

VPN tunnels 25 250 750 5,000 5,000 250 250 750 2,500 5,000

VPN

performance 100M 170M 225M 325M 425M 200M 250M 300M 400M 700M

IPv6 Y Y Y Y Y Y Y Y Y Y

IPS 75M 300M 450M 650M N 250M 400M 600M 900M 1.3G

Antivirus Y Y Y Y N N N N N N

URL filtering N Y Y Y N Y Y Y Y Y

Anti-spam N Y Y Y N Y Y Y

Y Y

Virtual firewall N 2(5) 2(20) 2(50) 2(100) N 2(5) 2(20) 2(50) 2(100)

Discount information: 70 percent off inside China and 50 percent off outside China Cisco ASA Series Specifications



Universal Beating Point

Industry-based Beating Point

Government Finance Energy Education Common

Affairs Enterprises

Beating points based on product/vendor selection factors

Low performance: Cisco ASA series provides low

performance in terms of the firewall throughput,

VPN, number of new connections, and number of

concurrent connections.

Incomprehensive UTM features: Supports only

IPS and requires expansion cards.

Low scalability: Provides only two slots, and

therefore having low scalability. The expansion

cards are fixed, namely, the firewall card and IPS

card.

High price: Cisco ASA series is sold at a high

price. Low-end Gigabit products are charged above

50000 USD.

Universal

beating points.

Regulations

compliance:

Chinese

governments are

brand-sensitive

and therefore

Cisco is hard to

pave its way in

Chinese markets.

Universal

beating

points.

•Universal beating points.

•Poor easy-to-use: Cisco series

provides only English GUIs.

Weak after-sales support

capability: Like Juniper, Cisco

provides poor after-sales support

capability, which causes

complaints from customers.

Universal beating points.

High price.

Poor easy-to-use: Cisco series provides

only English GUIs.

Weak after-sales support capability:

Like Juniper, Cisco provides poor after-

sales support capability, which causes

complaints from customers.

Universal Avoiding Point Industry-based Avoiding Point

Common Affairs Energy Education Finance Enterprises


High stability: Cisco products are famous for stability. Therefore, you are advised to

emphasize performance.

Advanced datacom capability: Cisco ASA series inherits IOS datacom features.

Therefore, you are advised to emphasize the security features.

High IPS performance: Cisco delivers the high IPS performance using cards. Therefore,

you are advised to emphasize the detection rate.

Industry-leading international brand: Cisco takes the leading role in switching and

routing and has established good brand image.

Universal

avoiding points.

Universal avoiding points.

For customers that already used Cisco products:

Cisco switching and routing products are widely used in

enterprise networks. Therefore, you are advised to divert

the customers' attention to the security products.

How to Beat Cisco — From the Dimension of Vendor



200 Mbit/s

400 Mbit/s

1Gbit/s

4Gbit/s

1. The ASA5585-10 is claimed to deliver 4 Gbit/s performance, 750,000 concurrent connections, and 8 x GE+2 x 10G interfaces in firewall

mode and doubled interfaces in IPS mode.

2. The ASA5585-10 with basic configurations costs 63,000 RMB (about 15,000 USD).

3. The USG5150 is recommended because of its strengths in UTM and interface scalability.

4. If the series is used to tackle with 10 Gigabit scenarios, you can use the USG5150 which still enjoys strength in price.

1. The ASG5550 is claimed to deliver 1.2 Gbit/s performance, 8 SFP, 4 GE and 1 FE interfaces. The USG5120 is recommended.

2. The ASA5550 does not provide interface scalability or UTM features, which is the major beating point.

3. The ASA5550 is expensive, nearly twice that of USG5120. Therefore, the USG5120 enjoys strengths in terms of price.

1. The ASG5540 and ASA5520 are claimed to deliver 650 Mbit/s and 450 Mbit/s performance respectively. The USG2230 is recommended.

2. Although the ASG5540 and ASA5520 support UTM, the antivirus and IPS functions cannot work together, which is the major beating point.

3. The ASG5540 and ASA5520 are expensive. Therefore, the USG2230 enjoys strengths in terms of price.

1. The ASA5510 is claimed to deliver 300 Mbit/s performance, and the interfaces cannot be expanded. The USG2160 is recommended.

2. The ASA5510 is priced as 1777 USD outside China, while the USG2160 is priced as 310 USD outside China. Therefore, the USG2160

enjoys strengths in terms of price.

1. The ASA5505 is claimed to deliver 150 Mbit/s performance, being the lowest model in the ASA series, and the interfaces cannot be

expanded. The USG2110 is recommended.

2. The ASA5505 does not support the URL, AS, or virtual firewall functions, which is the major beating point.

3. The ASA5505 is priced 497 USD in basic configurations, while the USG2110 is priced 148 USD. Therefore, the USG2110 enjoys strengths in

terms of price.

How to Beat Cisco — From the Dimension of Product

USG2160-0.2

USG2230-0.9

USG5120-2.5

USG5150-4

USG2260-2

USG2110-

0.18

5550/5512-X-1.2

5520-0.45

5540-0.65

5555-X-4

5510-0.3

5505-0.15

5512-X-1

5525-X-2

5545-X-3



Model SRX100 SRX220 SRX240 SRX650 SRX1400 SRX3400

Price: RMB 3758

$350

Unknown

$850

RMB 15,000

$1,500

RMB 70,000

$8000 Unknown

RMB 460,000 (20 G)

$47,000 (20G)

Single NPC and SPC

Throughput (bit/s) 700 M 950 M 1.5 G 7 G 10 G 20 G(MAX)

New connections per

second 2000 2800 9000 30,000 45,000 200,000

Concurrent connections 32,000 96,000 128,000 512,000 500,000 3,000,000

Fixed interface 8FE 8GE 16GE 4GE 6GE+4SFP/

3XFP+6GE+1SFP 6GE+4XFP

10-Gigabit interface N N N Y Y Y

Maximum interfaces 8FE 8GE+2SFP 16GE+2SFP 48GE 8*10GE

Power supply One AC power

module

One AC power

module One AC power module

Dual power supplies for

standard configuration





VPN throughput 65 M 100 M 250 M 1.5 G 2 G 6 G

VPN tunnels 128 512 1000 3000 Unknown 10,000

IPS throughput 60 M 100 M 230 M 900 M 2 G 6 G

AV throughput 25 M 34 M 85 M 350 M N N

SSL VPN N N N N N N

IPv6 Y Y Y Y Y Y

URL filtering Y Y Y Y N N

Anti-spam Y Y Y Y N N

Application security N N N N Y Y

Virtual firewall Y Y Y Y Y Y

User-based policy

unification N N N N N N

Juniper Product Specifications Discount information: 80 percent off inside China and 50 percent off outside China





Government Finance Energy Education Common

Affairs

Enterpri

ses

Beating points based on product selection factors

Low performance: Juniper SRX series is weak at the small-packet performance,

maximum number of new connections per second, and number of VPN tunnels.

High power consumption: Juniper SRX series consumes huge power. (The power

consumption of the SRX650 is 650 W.)

Poor series: Juniper SRX series comes with only two Gigabyte models.

Loose coupling with users: The security policies of Juniper SRX series are based on

IP addresses, but not users. Therefore, user-based QoS, routing, and firewall policies

are not supported.

Only models higher than the SRX1400 support application-based management

and control: Juniper SRX series supports more than 700 applications, whereas the

USG series supports more than 1000 applications.

Not supporting SSL VPN: Juniper SRX series does not support the SSL VPN

function. The function must be deployed on dedicated VPN devices.

Models higher than the SRX1400 lack certain functions: These models do not

support the antivirus, anti-spam, or URL filtering function.

Small number of URLs: The URL signature database of the SRX series supports

only 26,000,000 URLs, whereas the URL signature database of the USG supports

65,000,000 URLs.

Universal

beating

points.

Regulations

compliance:

Chinese

government

s are brand-

sensitive

and

therefore

Juniper is

hard to pave

its way in

Chinese

markets.

•Universal beating points.

•Poor easy-to-use: Cisco

series provides only English

GUIs.

Poor after-sales capacity:

Juniper after-sales services in

China are provided by sales

agents. Therefore, the service

quality is far from satisfactory.


High price.

Poor easy-to-use: Cisco series

provides only English GUIs.

Poor after-sales capacity:

Juniper after-sales services in

China are provided by sales

agents. Therefore, the service


Universal Avoiding Point

Industry-based Avoiding Point

Finance Energy Education Common

Affairs Enterprises

Beating points based on product selection factors

Layer-2 links, QoS, virtualization, and routing: Juniper SRX series inherits the

software strengths of Netscreen and MX router and therefore takes a leading role in

Layer-2 links, QoS, virtualization, and routing. Therefore, emphasize simplified

deployment.

Industry-leading technology: Based on Juniper's accumulation in Datacom and

Netscreen's experience in security, Juniper takes a leading role in network and security

technologies. Therefore, emphasize that Ethernet switches (EX) and routers are main

product lines, but not the SRX series.


Advanced datacom capability: The

datacom capability of the SRX is

powerful. Therefore, divert the

attention of customers to security

features.


For customers that already used Cisco

products: Juniper switching and routing

products are widely used in enterprise

networks. Therefore, you are advised to

divert the customers' attention to the

security features.

How to Beat Juniper — From the Dimension of Vendor



200 Mbit/s USG2160-0.2

USG2230-0.9

USG5120-2.5

SRX240-1.5

SRX650-7

400 Mbit/s

1Gbit/s

4Gbit/s USG5150-4

USG2260-2

USG2110-

0.18

SRX220-0.95

SRX210-0.75

SRX100-0.65

1. The SRX650 is claimed to deliver 7 Gbit/s performance. The standard configuration has four GE electrical interfaces and eight expansion slots.

The SRX650 supports POE, SFP, T1, E1, and UTM.

2. The SRX650 is priced at RMB 70,000 inside China and $8000 outside China.

3. The USG5520S is recommended. The USG5150, if used, enjoys strengths in both the price and interfaces.

1. The SRX240 is claimed to deliver 1.5 Gbit/s performance. The standard configuration has 16 GE electrical interfaces and has high interface

density. You can emphasize on the interface scalability.

2. The SRX240 is priced at 15,000 inside China and $1500 outside China.

3. You are advised to use the USG2260 and emphasize on the small packet performance, SSL VPN, and security functions.

1. The SRX220/210/100 delivers a performance of lower than 1 Gbit/s. The three series have subtle differences in terms of performance.

2. The three series are cost-effective. Therefore, emphasize on the small packet performance, SSL VPN, and security functions.

1. No counterpart is available. Juniper needs to use products of higher levels, which may bring disadvantages in price.

1. No counterpart is available. Juniper needs to use products of higher levels, which may bring disadvantages in price.

How to Beat Juniper — From the Dimension of Product

USG5520S-6



Model 20C 40C 60C 110C 200B 300C 310B 620B 1000C 1240B 3040B 3140B

Price $149 $199 $298 $1,113 $2,341 $3,903 $5,019 $8,997 ?- $13,497 ?- ?

Throughput of

Integrated

Device (bit/s)

20M 200M 1G 1G 5G 8G 8G 16G (20G) 20G 40G (44G) 40G 58G

Number of

new

connections

per second

1000 2000 3000 10,000 15,000 35,000 20,000 25,000 75,000 100,000 100,000 200,000

Number of

concurrent

connections

10,000 40,000 80,000 400,000 500,000 1M 6M 1M 2.5M 2M 4M 10M

Fixed

interface

1GE

WAN+4GE

LAN

5GE

LAN+2GE

WAN

8GE 2GE+8FE 8GE+8FE 10GE 10GE 20GE 2*10GE+20G

E

16GE+24SF

P

2GE+10SFP

+8XFP

12GE+10*10

G

10-Gigabit

interface N N N N N N N N Y N Y Y

Maximum

interfaces

1GE

WAN+4GE

LAN

5GE

LAN+2GE

WAN

8GE 2GE+8FE 28GE+8FE 10GE 18GE

24GE (one

4GE

accelerator)

2*10GE+20G

E

One more

4GE

accelerator

Unscalable Unscalable

Power supply

One AC

power

module

One AC

power

module

One AC

power

module

One AC

power

module

One AC

power

module

One AC

power

module

One AC/DC

power

module

One AC/DC

power

module

One AC

power

module

Dual AC/DC

power

modules

Dual AC/DC

power

modules

Dual AC/DC

power

modules

IPSec

throughput 20M 60M 70M 100M 2.5G 4.5G 6G 12G 8G 16G 17G 22G

SSL User N 40 50 100 200 500 300 500 3000 1500 22K 22k

IPS

performance 20M 40M 100M 450M 650M 1.2G 800M 2.5G 3.5G 5G 6G 7G

AV throughput

(proxy/flow

mode)

20M 20/40M 20/35M 65/160M 95/200M 200/550M 160/350M 350/700M 550M/1.5G 900M/1.5G 1.2G/2G 4.6G

URL filtering Y Y Y Y Y Y Y Y Y Y Y Y

Anti-spam Y Y Y Y Y Y Y Y Y Y Y Y

Virtual firewall

(default/maxi N 10 10 10 10 10 10 10 10 10(25) 10(250) 10(250)

Discount information: 89 to 86 percent off inside China and 55 percent off outside China Fortinet Product Specifications



Universal Beating Point Industry-based Beating Point

Government Education Finance Energy Common Affairs Enterprises


Forged performance: Although FortiGate ASIC

delivers excellent performance, the performance

deteriorates due to the limitations of x86 bus bandwidths

in the event of cross-ASIC flow forwarding (such as

communication between ETH1 and ETH5).

Poor datacom capability: The FortiGate series

delivers poor performance in routing and exchange, and

IPv6. For example, it does not support STP, NATPT, IS-

IS, or GRE.

Loose coupling with users: The FortiGate series

supports application-based firewall security policies, but

not user-based security policies.

Poor after-sales capacity: Fortinet after-sales services

in China are provided by sales agents. Therefore, the

service quality is far from satisfactory.

Universal

beating points.

Regulations

compliance:

Chinese

governments are

brand-sensitive

and therefore

Fortinet is hard to

pave its way in

Chinese markets.


Small number of new

connections per second:

Fortinet UTM products use the

x86 CPU, which provides a

small number of new

connections. This cannot

meet requirements of campus

networks characterized by

complicated traffic and large

number of new connections.


Unsatisfactory reliability: Fortinet UTM products use the

x86+FPGA architecture, whose stability and reliability are

lower than those of dedicated multi-core NPs.

Small number of new connections per second: Fortinet

UTM products uses the x86 CPU, which provides small

number of new connections.

Poor after-sales capacity: Fortinet after-sales services in

China are provided by sales agents. Therefore, the service


Universal Avoiding Point Industry-based Avoiding Point

Finance Energy Education Common Affairs Enterprises


Ease-of-use: FortiGate series is of excellent ease-of-use.

GUI-based configurations are simple whereas CLI-based

ones are complicated and irregular. Therefore, emphasize

the CLI defects.

Abundant features: The firewall, VPN (IPSec/SSL),

WAN optimization, DLP, and Service Awareness

functions are enabled by default on the FortiGate.

Emphasize the AV, AS, IPS, URL, and virtual firewall

functions.

Marvelous series: FortiGate series is extensive, ranging

from Megabit to 10 Gigabit. Therefore, emphasize the

requirements on a single product.


ASIC solution with outstanding performance:

Fortinet UTM products use the ASIC acceleration

solution, bringing high performance in test

environment. Guide customers based on the

preceding beating points.


Diversified UTM features: FortiGate series provides

various UTM features, including AV, IPS, AS, URL, Service

Awareness, and DLP. Therefore, emphasize the AV, IPS,

and URL functions.

Industry-leading UTM: As the initiator of UTM features,

Fortinet is devoted to improving feature extensity, which wins

high reputation. Therefore, emphasize the detection rate.

How to Beat Fortinet — From the Dimension of Vendor



200 Mbit/s 50B-0.1

80C-0.7

40C-0.2

110C/60C-1

200B-5

400 Mbit/s

1Gbit/s

4Gbit/s

20C-0.02

1. The FortiGate200B series is claimed to deliver 5 Gbit/s performance. The standard configuration has 8 GE and 8 FE interfaces, which is

scalable to 28 GE and 8 FE interfaces.

2. The maximum number of new connections per second of the FortiGate200B series is 15,000, and the maximum number of concurrent

connections is 500,000. Huawei USG series enjoys strengths in these aspects.

3. The USG5150 is recommended because of its strengths in the performance and maximum interfaces.

1. At this product level, the deployment of Huawei USG series is better than that of the FortiGate series in that Fortinet deploys only two 1 Gbit/s models and

is not applicable to 2 Gbit/s scenarios. Note that the performance may be modified.

2. The USG2260 is recommended because of its strengths in the maximum number of new connections per second, maximum number of concurrent

connections, VPN performance, and maximum interfaces.

3. Fortinet products at this level provide no interface scalability. Therefore emphasize interface scalability because the USG series enjoys strength in this

aspect.

1. The FortiGate50B and FortiGate20C series are the low-end models with claimed performance of 100 Mbit/s and 20 Mbit/s respectively.

2. The FortiGate50B uses the old hardware platform and the interfaces are accelerated through ASIC. The performance is low inevitably. The

USG2110 is recommended because of its strengths in performance and price.

3. The FortiGate20C supports GE interfaces by default. Therefore, emphasize that the GE interface is of no use in 20 Mbit/s scenarios.

1. The FortiGate40C is claimed to deliver 20 Mbit/s performance. The price is unknown.

2. The FortiGate40C is not scalable, whereas the USG 2100 series is scalable.

3. The USG2160 series enjoys strengths over the FortiGate40C in terms of the maximum number of concurrent connections.

1. At this product level, the deployment of Huawei USG series is better than that of FortiGate series in that Fortinet deploys only one 700 Mbit/s model.

2. The USG2230 is recommended because of its strengths in the maximum number of new connections per second, maximum number of concurrent

connections, VPN performance, and maximum interfaces.

3. Fortinet products at this level provide no interface scalability. Therefore emphasize on interface scalability because the USG series enjoys strength in this

aspect.

How to Beat Fortinet — From the Dimension of Product

USG2160-0.2

USG2230-0.9

USG5120-2.5

USG5150-4

USG2260-2

USG2110-

0.18

USG5520S-6





Government Common

Affairs Finance Energy Education Enterprises


GPL risks of open source codes: Nearly all

LEADSEC products employ open source codes and

have GPL restrictions. Once the source of the codes

is open, the vendor's reputation may deteriorate and

the vulnerabilities of the products may be exposed.

Poor UTM features: SECWORLD products do not

support URL category-based URL filtering or IPS.



Unsatisfactory reliability: SECWORLD

products are of the x86 architecture, which is

far less stable and reliable than the dedicated

multi-core architecture.

Unreliable Datacom features: SECWORLD

is specialized in security and the datacom

features of SECWORLD products is deemed

unreliable.


Low performance: SECWORLD

products use the multi-core x86

architecture. The actual performance is

poor.

Unreliable Datacom features:

SECWORLD is specialized in security

and the datacom features of

SECWORLD products is deemed

unreliable.



Finance Energy Government Common

Affairs Education Enterprises


Vicious competition: SECWORLD products are competitive

by means of prices. You are advised to make customers test

them to cheapen SECWORLD.

Modified website specifications: SECWORLD usually

modifies the specifications on websites based on the bidding

documents. Therefore, collect evidence (such as snapshots) in

advance.



Content filtering: SECWORLD supports keyword-based filtering.

Make customers aware that keyword-based content filtering is far

less practical than content filtering based on the URL signature

database.

How to Beat SECWORLD — From the Dimension of Vendor



Model P5075 P9075 P11065 P11075 P11085

Price 15,000 21,000 24,000 30,000 38,000

Throughput(bit/s) 9G 16G 15G 20G 30G

New connections per

second

Concurrent

connections 1.2M 1.2M 1.2M 1.2M 1.2M

Fixed interface 10GE 14GE 14GE 14GE 14GE

10-Gigabit interface Y Y Y Y Y

Maximum interfaces 4 SFP + 4 XFP 4 SFP + 4 XFP 4 SFP + 4 XFP 4 SFP + 4 XFP 4 SFP + 4 XFP

Power supply Dual power supplies for










IPSec throughput 2.4 G 3.7 G 3.7 G 4 G 4.5 G

SSL VPN Y Y Y Y Y

IPv6 Y Y Y Y Y

IPS Y Y Y Y Y

Antivirus Y Y Y Y Y

URL filtering Y Y Y Y Y

Anti-spam Y Y Y Y Y

Virtual firewall Y Y Y Y Y

SECWORLD Product Specifications





Government Education Finance Energy Common

Affairs

Enterpris

es


Forged performance: The performance of Checkpoint

UTM-1 series is far lower than what is claimed based on the

CPU model. Therefore, device test is recommended.

Low performance: Huawei products enjoys strengths in

the VPN and number of new connections per second.

No DC power supply: The Power-1 series supports only

the AC power supply.

Small number of IPS signatures: Checkpoint IPS

signature database contains only 1000 IPS signatures, which

is far less than Huawei IPS signature database that contains

2500 signatures.

Poor after-sales capacity: Checkpoint after-sales services

in China are provided by sales agents. Therefore, the service


Universal beating

points.

Regulations

compliance: Chinese

governments are brand-

sensitive and therefore

Checkpoint is hard to

pave its way in Chinese

markets.


Low interface density:

The interface density of

Checkpoint UTM-1 is low

and unscalable. As a result,

it does not suit the campus

networks deployed with

multiple servers.


Unsatisfactory reliability: Checkpoint UTM

products uses the x86 architecture, whose stability

and reliability are lower than that of dedicated multi-

core NPs.



Finance Energy Education Common Affairs Enterpris

es


Comprehensive UTM features: The UTM features of

Checkpoint products are comprehensive and roughly the

same as that of Fortinet products. Therefore, divert

customers' attention to the AV, IPS, and URL filtering

features.

Prominent IPS performance: Checkpoint delivers

excellent IPS performance. Therefore, emphasize IPS

detection ratios and false positives.

Universal avoiding points. Universal avoiding points.

How to Beat Checkpoint — From the Dimension of Vendor



200 Mbit/s

UTM-1 1070-3

4205/2205-3

UTM-1 570-2.5

400 Mbit/s

1Gbit/s

4Gbit/s

U270/130-1.5

EdgeN-1

1. The 4205 and 2205 are the new models in Checkpoint 2012 series, and are priced as $2695 and $1980 respectively. They

are claimed to deliver 3 Gbit/s performance. The USG5150 is recommended.

2. The UTM-1-1070 is an old model in the UTM series, with a claimed performance of 3 Gbit/s. It provides no scalability.

3. The UTM-1 570 is claimed to deliver 2.5 Gbit/s performance and provides no scalability.

4. The UTM270/130 and Edge-1 series deliver 1.5 Gbit/s and 1 Gbit/s performance respectively. The deployment of this

product level is refined. Use the USG series based on the price.

1. No counterpart is available at this product level.

1. No counterpart is available at this product level. Checkpoint may use the preceding products to compete with the USG2230.

How to Beat Checkpoint — From the Dimension of Product

USG2160-0.2

USG2230-0.9

USG5120-2.5

USG5150-4

USG2260-2

USG2110-

0.18

USG5520S-6



Content

Basic Feature

Bidding Guidance

1

3

In-Depth Analysis 2


Huawei Enterprise A Better Way Specifications

Model USG2110F/FW/AW/AGW USG2160/W USG2230 USG2260 USG5120 USG5150

Fixed WAN port 2 x 10/100 WAN/1 x 10/100

WAN+1ADSL 1 x 10/100 WAN 2 GE-Combo 2 GE-Combo

2 GE+2 GE-

Combo 4 GE-Combo

Fixed LAN port 8 x 10/100 LAN 8 x 10/100 LAN - - - -

Maximum Ethernet port density 10 FE/9 FE 14 FE 22 GE+20 FE 22 GE+20 FE 64 GE + 28 FE 84 GE +28 FE

Expansion slot None 1 MIC 4 MIC + 2 FIC 4 MIC+2 FIC 2 DFIC+2 FIC+4

MIC

4 DFIC+2

FIC+4 MIC

Packet forwarding rate (pps) 120 K 160 K 360 K 490 K 950 K 1.5 M

Throughput (bit/s) 180 M 200 M 900 M 1.5 G 2 G 3.9 G

New connections per second 2000 3,000 20,000 20,000 40,000 40,000

Concurrent connections 100,000 200,000 1,000,000 1,000,000 1,200,000 1,200,000

Number of ACL rules 3000 3000 20,000 20,000 20,000 20,000

USB port 1 (v2.0) 1 (v2.0) 2 (v2.0) 2 (v2.0) 2 (v2.0) 2 (v2.0)

L2TP/GRE/SSL/IPSec VPN Y Y Y Y Y Y

IPSec VPN throughput 40 M 50 M 300 M 500 M 1 G 2 G

Number of IPSec VPN tunnels 64 64 2000 2000 2000 2000

Number of SSL VPN users 20 20 100 100 150 200

MPLS VPN Y Y Y Y Y Y

Wi-Fi N/Y N/Y Y Y Y Y

3G Y Y Y Y Y Y


Huawei Enterprise A Better Way Specifications

Model USG2110F/FW/AW/AG

W

USG2160/W USG2230 USG2260 USG5120 USG5150

IPS Y Y Y Y Y Y

AV Y Y Y Y Y Y

URL filtering Y Y Y Y Y Y

AS Y Y Y Y Y Y

IPv6 Y Y Y Y Y Y

ESP platform N N Y Y Y Y

Hardware encryption Y Y Y Y Y Y

WAN port None

FE, ADSL2+,

G.SHDSL, E1/CE1,

SA,

FE, GE, ADSL2+, G.SHDSL, E1/CE1, SA, 3G

Dimensions

(H x W x D) 35 mm x 280 mm x 190 mm

45 mm x 420 mm x

255 mm 44.45 mm x 442 mm x 420 mm

86.1 mm x 442 mm x

414 mm

130.5 mm x 442 mm

x 414 mm

Weight < 2.0 kg 5.0 kg 5.4 kg 5.4 kg 6.5 kg 8.3 kg

Power supply

AC:100 V to 240 V

Single power supply, no

redundancy.

AC:100 V to 240V

Single power supply,

no redundancy.

AC: 85 V to 264 V


redundancy.

AC: 100 V to 240V

DC: –48 to –60V


redundancy.

AC: 100 V to 240 V

DC: –48 V to –60 V

Redundant power

supplies

MTBF 12.67 years 12.67 years 12.67 years 12.67 years 12.67 years 12.67 years



Bidding Guidance Strategies for USG2110

Item ASA 5505 Juniper SSG

5-SH

Juniper

SSG20-SH

CheckPoint

UTM-1 EdgeN

Fortinet FGT

20C

Fortinet FGT

50/51B

SonicWAll

Tz-100

SonicWAll

Tz-200

Catalog price $994 $900 $1100 $540 ? $816/$2,349 $296 $496

FW

throughput

≥ 170 M

•Force the

competitor to

use a higher

model (5510),

whose price is

357% the

current model.

•Force the

competitor to

use a higher

model (I40-SH),

whose price is

355% the current

model.

•Force the

competitor to

use a higher

model (I40-

SH), whose

price is 290%

the current

model.

•No counter

measure.

•Force the

competitor to

use a higher

model (80C).

•Force the

competitor to use

a higher model

(80C), whose

price is 187% the

current model.

•Force the

competitor to

use a higher

model (210),

whose price is

268% the

current model.

•Force the

competitor to

use a higher

model (210),

whose price is

160% the

current model.

Port number

≥ 10

•Force the

competitor to

use a higher

model.

•Squeeze out the

competitor.

•Force the

competitor to

use a higher

model.

•Squeeze out the

competitor.

•Squeeze out

the competitor.

•Squeeze out the

competitor.

•Squeeze out

the competitor.

•Squeeze out

the competitor.

3G •Squeeze out

the competitor.

•Squeeze out the

competitor.

•Squeeze out

the competitor.

•No counter

measure.

•Squeeze out

the competitor.

•Squeeze out the

competitor.

•No counter

measure.

•No counter

measure.

Wi-Fi •Squeeze out

the competitor.

•No counter

measure.

•No counter

measure.

•No counter

measure.

•No counter

measure.

•No counter

measure.

•Squeeze out

the competitor.

•No counter

measure.

MPLS •Squeeze out

the competitor.

•Squeeze out the

competitor.

•Squeeze out

the competitor.

•Squeeze out the

competitor.

•Squeeze out

the competitor.

•Squeeze out the

competitor.

•Squeeze out

the competitor.

•Squeeze out

the competitor.

Support for

AV

•Squeeze out

the competitor.

•No counter

measure.

•No counter

measure.

•No counter

measure.

•No counter

measure.

•No counter

measure.

•No counter

measure.

•No counter

measure.

Support for

URL

filtering

•Squeeze out

the competitor.

•No counter

measure.

•No counter

measure.

•No counter

measure.

•No counter

measure.

•No counter

measure.

•No counter

measure.

•No counter

measure.

Note: For peer vendor prices, refer to the Discount Information

About Mainstream Peer Vendors of the pricing center.




Item CheckPoint UTM-1 EdgeX SonicWall TZ-210

Catalog price $340 $796

Number of ports ≥ 9 •Squeeze out the competitor. •Squeeze out the competitor.

Number of concurrent

connections ≥ 150K •Squeeze out the competitor. •Squeeze out the competitor.

3G •Squeeze out the competitor. •No counter measure.

Wi-Fi •Squeeze out the competitor. •No counter measure.

Support for MPLS •Squeeze out the competitor. •Squeeze out the competitor.

Note: For peer vendor prices, refer to the Discount

Information About Mainstream Peer Vendors of the

pricing center.




Item

Cisco

ASA

5510

Cisco

ASA

5520

Juniper

SSG 140-

SH

Juniper

SSG320M-

SH

Juniper

SSH350M-

SH

Fortinet

FGT80C/80C

M

Sonicwall

NSA220

Sonicwal

l

NSA240

Sonicwall

NSA250

M

Sonicwal

l NSA

2400

Catalog price $3,554 $7,994 $3.200 $4,000 $5,000 $1, 524/$1,171 $1,096 $1,196 $1,496 $2,496

Forwarding

rate ≥ 900 M

•Squeeze

out the

competitor.

•Squeeze

out the

competitor.

•Squeeze out

the

competitor.

•Squeeze out

the competitor.

•Squeeze out

the competitor.

•Squeeze out the

competitor.

•Squeeze

out the

competitor.

•Squeeze

out the

competitor.

•Squeeze

out the

competitor.

•Squeeze

out the

competitor.

Port

expansion

•No

counter

measure.

•No counter

measure.

•No counter

measure.

•No counter

measure.

•No counter

measure.

•No counter

measure.

•Squeeze

out the

competitor.

•Squeeze

out the

competitor.

•Squeeze

out the

competitor.

•Squeeze

out the

competitor.

VPN

performance

≥ 300 M

•Squeeze

out the

competitor.

•Squeeze

out the

competitor.

•Squeeze out

the

competitor.

•Squeeze out

the competitor.

•Squeeze out

the competitor.

•Squeeze out the

competitor.

•Squeeze

out the

competitor.

•Squeeze

out the

competitor.

•Squeeze

out the

competitor.

•No

counter

measure.

3G

•Squeeze

out the

competitor.

•Squeeze

out the

competitor.

•Squeeze out

the

competitor.

•Squeeze out

the competitor.

•Squeeze out

the competitor.

•No counter

measure.

•No counter

measure.

•No

counter

measure.

•No counter

measure.

•Squeeze

out the

competitor.

Wi-Fi

•Squeeze

out the

competitor.

•Squeeze

out the

competitor.

•Squeeze out

the

competitor.

•Squeeze out

the competitor.

•Squeeze out

the competitor.

•No counter

measure.

•No counter

measure.

•No

counter

measure.

•No counter

measure.

•No

counter

measure.

Support for

MPLS

•Squeeze

out the

competitor.

•Squeeze

out the

competitor.

•Squeeze out

the

competitor.

•Squeeze out

the competitor.

•Squeeze out

the competitor.

•Squeeze out the

competitor.

•Squeeze

out the

competitor.

•Squeeze

out the

competitor.

•Squeeze

out the

competitor.

•Squeeze

out the

competitor.



pricing center.




Item Cisco ASA

5540

Cisco ASA

5550

Checkpoint

UTM-1 130

Checkpoint

UTM-1 270

Fortinet FGT

110C/111C

Fortinet FGT

60C

Sonicwall

3500

Catalog price $16,994 $19,994 $3,500 $4,800 $3, 407/$3,527 $1,171 $3,396

FW throughput ≥

1.5 G

•Squeeze out the

competitor.

•Squeeze out

the competitor.

•No counter

measure.

•No counter

measure.

•Squeeze out the

competitor.

•Squeeze out the

competitor.

•No counter

measure.

Port expansion •No counter

measure.

•Squeeze out

the competitor.

•Squeeze out the

competitor.

•Squeeze out the

competitor.

•Squeeze out the

competitor.

•Squeeze out the

competitor.

•Squeeze out the

competitor.

VPN performance

≥ 500 M

•Squeeze out the

competitor.

•Squeeze out

the competitor.

•Squeeze out the

competitor.

•Squeeze out the

competitor.

•Squeeze out the

competitor.

•Squeeze out the

competitor.

•No counter

measure.

3G •Squeeze out the

competitor.

•Squeeze out

the competitor.

•Squeeze out the

competitor.

•Squeeze out the

competitor.

•Squeeze out the

competitor.

•Squeeze out the

competitor.

•No counter

measure.

Wi-Fi •Squeeze out the

competitor.

•Squeeze out

the competitor.

•Squeeze out the

competitor.

•Squeeze out the

competitor.

•Squeeze out the

competitor.

•No counter

measure.

•No counter

measure.

Support for IPS •No counter

measure.

•Squeeze out

the competitor.

•No counter

measure.

•No counter

measure.

•No counter

measure.

•No counter

measure.

•No counter

measure.

Support for AV •No counter

measure.

•Squeeze out

the competitor.

•No counter

measure.

•No counter

measure.

•No counter

measure.

•No counter

measure.

•No counter

measure.

Support for URL

filtering

•No counter

measure.

•Squeeze out

the competitor.

•No counter

measure.

•No counter

measure.

•No counter

measure.

•Squeeze out the

competitor.

•No counter

measure.

Support for MPLS •Squeeze out the

competitor.

•Squeeze out

the competitor.

•Squeeze out the

competitor.

•Squeeze out the

competitor.

•Squeeze out the

competitor.

•Squeeze out the

competitor.

•Squeeze out the

competitor.



pricing center.




Item Juniper SSG 520M-SH Checkpoint UTM-1 570

Catalog $6,500 $9,000

FW throughput ≥ 2 G •Squeeze out the competitor. •No counter measure.

Port expansion •No counter measure. •Squeeze out the competitor.

VPN performance ≥ 1 G •Squeeze out the competitor. •Squeeze out the competitor.

3G •Squeeze out the competitor. •Squeeze out the competitor.

Wi-Fi •Squeeze out the competitor. •No counter measure.

Support for MPLS •Squeeze out the competitor. •Squeeze out the competitor.



pricing center.




Item Juniper SSG 550M Checkpoint UTM-1

1070

Checkpoint UTM-1

2070

Sonicwall NSA

4500

Sonicwall NSA

E5500

Catalog price $10,500 $15,900 $16,700 $4,996 $9,996

FW

throughput

≥ 3.9 G

•Squeeze out the

competitor.

•Squeeze out the

competitor.

•Squeeze out the

competitor.

•Squeeze out the

competitor. •No counter measure.

Port

expansion •No counter measure.

•Squeeze out the

competitor.

•Squeeze out the

competitor.

•Squeeze out the

competitor.

•Squeeze out the

competitor.

VPN

performanc

e ≥ 2 G

•Squeeze out the

competitor.

•Squeeze out the

competitor.

•Squeeze out the

competitor.

•Squeeze out the

competitor.

•Squeeze out the

competitor.

3G •Squeeze out the

competitor.

•Squeeze out the

competitor.

•Squeeze out the

competitor.

•No counter

measure. •No counter measure.

Wi-Fi •Squeeze out the

competitor.

•Squeeze out the

competitor.

•Squeeze out the

competitor.

•No counter

measure. •No counter measure.

Support for

MPLS

•Squeeze out the

competitor.

•Squeeze out the

competitor.

•Squeeze out the

competitor.

•Squeeze out the

competitor.

•Squeeze out the

competitor.



pricing center.

Copyright© 2012 Huawei Technologies Co., Ltd. All Rights Reserved. The information in this document may contain predictive statements including, without limitation, statements regarding the future financial and operating results, future product portfolio, new technology, etc. There are a number of factors that could cause actual results and developments to differ materially from those expressed or implied in the predictive statements. Therefore, such information is provided for reference purpose only and constitutes neither an offer nor an acceptance. Huawei may change the information at any time without notice.


huawei secospace usg2000&5100 how to beat · •the usg series supports multiple upstream...

Documents