huawei secospace usg6600 next-generation … usg6000 series next-generation firewall analyzes...
TRANSCRIPT
HUAWEI Secospace USG6600
Next-Generation Firewall Datasheet
Huawei Technologies Co., Ltd.
2013-8-26 Huawei Confidential Page 2 of 19
Copyright © Huawei Technologies Co., Ltd. 2012. All rights reserved.
No part of this document may be reproduced or transmitted in any form or by any means without prior written
consent of Huawei Technologies Co., Ltd.
Trademarks and Permissions
and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.
All other trademarks and trade names mentioned in this document are the property of their respective holders.
Notes:
The purchased products, services, and features are stipulated by the contract made between Huawei Technologies
Co., Ltd. and the customer. All or part of the products, services, and features described in this document may not be
within the purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information,
and recommendations in this document are provided "AS IS" without warranties, guarantees or representations of any
kind, either express or implied.
The information in this document is subject to change due to version upgrade or other reasons. Every effort has been
made in the preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute a warranty of any kind, express or implied.
Huawei Technologies Co., Ltd.
Address: Huawei Industrial Base Bantian, Longgang Shenzhen 518129, People's Republic of
China
Website: http://www.huawei.com
Tel: 4008302118
2013-8-26 Huawei Confidential Page 3 of 19
With the popularity of mobile working using smartphones and tablets, mobile apps, Web2.0,
and social networking become integral parts of enterprise operation. These changes in IT
environments greatly improve the communication efficiency for enterprises, but blurs
network borders and makes information security more challenging. Traditional security
gateway implements security control only based on IP addresses and ports, and cannot cope
with the ever-increasing application layer and web threats.
Against this background, Huawei launches the Secospace USG6000 series next-generation
firewall to address these challenges. With the awareness of applications, content, time, users,
attacks, and locations, the USG6000 series clearly maps the network environment to service
environment and provides application- and user-based security management and QoS
management functions. Based on application identification, the USG6000 series provides
powerful IPS, AV, and data leak prevention capabilities to efficiently and comprehensively
secure enterprise information.
Application protection is the core of the next-generation security. Configuring and managing
application protection require more administrators with higher skills, increasing maintenance
costs. However, the USG6000 series eliminates such concerns by using the industry-leading
SmartPolicy technology to automatically generates security policies based on the service
awareness result, making next-generation security simple, consistent, and cost-effective.
Product Appearance
Features and Highlights
Granular Application Access Control
In the Web2.0 era, social networking and IM applications are widely used for communication
and information sharing on enterprise networks. Massive applications are used, and most of
them use the same protocol (HTTP) and the same port. Traditional firewalls are aware of IP
addresses and ports, but not of user information, service environment, and application-layer
information. However, awareness is the basis of access control and security protection.
Firewalls require comprehensive context awareness to effectively take actions and protect
information security.
Huawei USG6000 series next-generation firewall analyzes intranet service traffic from six
dimensions, including application, content, time, user, attack, and location and implements
comprehensive network protection.
Application: Identifies 6000+ mobile and web applications using technologies, such
2013-8-26 Huawei Confidential Page 4 of 19
as feature identification, port identification, correlation identification, and behavior
identification. Application awareness, coupled with antivirus scanning, can
recognize traffic of different applications and detect the viruses, Trojan horses, and
malware hidden in applications.
User: Supports eight user authentication methods, including RADIUS, LDAP, and
AD authentication to associate traffic IP addresses and ports with users for per-user
traffic control.
Threat: Provides over 3000 signatures for attack identification. The USG6000 series
defends against web application attacks, such as cross-site scripting and SQL
injection attacks, identifies and defends against more than 10 types of DDoS attacks,
including SYN flood and UDP flood attacks, and identifies more than 5,000,000
viruses. With cloud-based URL filtering enabled, the USG6000 series provides over
85,000,000 predefined URLs to block malicious websites.
Content: Identifies and filters the files and content to be transferred. The USG6000
series not only reassembles and filters over 20 types of files, including Word, Excel,
PPT, PDF, and RAR, and identifies more than 60 types of file name extensions to
prevent data leaks and virus attacks even when the file name extensions are
intentionally modified.
Time: Records the time when traffic anomalies or security events occur to provide
evidence for audit.
Location: Identifies the location where the traffic is initiated to implement
differentiated traffic control in different regions. The USG6000 series supports
location customization based on IP addresses.
Based on the ACTUAL-awareness system, the USG6000 series next-generation firewall
accurately identifies threats hidden in applications and implements granular access control and
network protection.
Easy Security Management
Traditional security gateways and most next-generation firewalls can only passively execute
policies configured by administrators. However, in the real world, attacks are usually a step
ahead of network administrators. Therefore, completely relying on administrators cannot
protect network security in the long run. However, Huawei USG6000 series next-generation
firewall can proactively discover network risks and dynamically generate protection and
optimizing advises, like a security consultant. Proactive functions of security appliances are
better than completely relying on administrators in the long run.
2013-8-26 Huawei Confidential Page 5 of 19
Compared with the traditional security gateways, the next-generation firewall features
granular application control and in-depth application protection. Compared with traditional
firewalls, using 5-tuple-based policies on the next-generation firewall does not improve
network security. Next-generation firewalls has more powerful functions. However,
configuring and managing these functions require more administrators with higher skills,
which means a higher operation cost.
The USG6000 series resolves this issue using the SmartPolicy technology. After automatic
traffic pattern learning, the USG6000 automatically generates security policies using the
predefined knowledge base. Enterprise administrators need only a confirmation before the
firewall applies the policies to the network. The SmartPolicy function decreases the TCO by
30% using the following functions:
Dynamically discover security risks and automatically generate defense policies.
Discover invalid and redundant policies to remove them.
Discover incorrect policies, such as the policy in which the source and destination
zones are any, but the action is permit.
Excellent Performance
Nowadays, hackers are launching organized attacks for illegal gains. Therefore, in-depth
application protection, such as application-layer access control and intrusion prevention,
becomes a must for network protection. However, the throughput of UTM devices is poor
when application-layer protection is enabled.
2013-8-26 Huawei Confidential Page 6 of 19
In contrast, the USG6000 series uses the Intelligent Awareness Engine (IAE) to implement
Layer-7 protection and still deliver a throughput of a Layer-4 gateway. The traditional threat
detection engine implements per-packet inspection and is easy to evade. The IAE analyzes and
processes multiple services concurrently. The hardware acceleration module conducts core
application analysis and signature matching, concurrently processing each security services,
and updates the security status. This structure ensures the minimum compromise of the overall
performance with multiple security services enabled. In terms of hardware, the USG6000
series uses the dedicated multi-core platform for parallel processing. In addition, it uses the
hardware acceleration technology and the content security acceleration chip on the CPU to
function with the IAE for a higher detection efficiency. The combination of the intelligent
awareness engine and the elastic hardware structure enable the USG6000 series to deliver
10-Gigabit level threat prevention performance, meeting the security protection requirements
of large enterprise data centers.
Prevention of Unknown Threats
Unknown threats refer to the threats whose signatures are not yet extracted. These threats
attack networks mainly through email and web access. Unknown attacks may occur when a
user downloads a malicious email attachment, clicks a malicious URL link in an email
message, executes a malicious script, or downloads a malicious file. However, the security
devices cannot detect such attacks because they have no signatures to match them.
To address this issue, Huawei USG6000 series next-generation firewall uses the Power
Fortress Cloud detection system to detect unknown threats. This system simulates suspicious
samples collected around the world in the cloud sandbox and virtualization system to analyze
these samples, including behavior analysis and service awareness, to detect viruses, 0-day
attacks, phishing websites, botnets, and malicious websites. If any threat is found in a sample,
the system further identifies the threat by IP address, domain name, file, URL, location, spam,
2013-8-26 Huawei Confidential Page 7 of 19
user IP, and history. Then the system updates the global reputation detection and query system
in the cloud. With 7 x 24 pushing service of the Power Fortress Cloud-U cloud center for
security knowledge base updates, the USG6000 series can obtain the latest threat detection and
prevention capability to effective defend against unknown threats.
Typical Application Scenarios
Enterprise Intranet Management and Isolation
Security challenges:
1. Isolation of service departments or areas and mutual access management
2. Accurate user identification and access permission control
3. Identification of PCs, tablets, and mobile applications and unified network
behavior management
4. Prevention of confidential data leaks through social networking websites,
instant messaging, and Internet storage applications
Solution:
1. Deploy next-generation firewalls at internal network boarders.
2. Configure firewall policies to implement user-based access control on PC users.
3. Implement user- and application-based policy control on mobile users for
refined permission management and logging
4. Implement content filtering and auditing on email transfer, IM, and file transfer
to monitor social networking applications and prevent data leaks.
Internet Border Protection
Security challenges:
1. Anonymous access or access with forged identities from the Internet
2. Large-scale and organized DDoS attacks, paralyzing the service platform
3. Confidential data leaks through social networking websites, instant messaging,
and Internet storage applications
2013-8-26 Huawei Confidential Page 8 of 19
4. Employees' access to malicious websites, bringing threats to the intranet
5. Employees' access to non-work-related websites, affecting productivity
Solution:
1. Deploy a next-generation firewall at the Internet egress to implement access
control and prevent unauthorized access.
2. Enable intrusion prevention and provide 10-Gigabit level application-layer
protection.
3. Enable anti-DDoS to clean massive traffic and ensure service qualities.
4. Implement content filtering and auditing on email transfer, IM, and file transfer
to monitor social networking applications and prevent data leaks.
5. Implement user-, application-, and time-based QoS management to
preferentially guarantee the service qualities for mission-critical personnel and
services.
6. Use URL categories and application blocking to prevent Trojan horse websites
and non-work-related websites and monitor the accessible websites and
available network applications.
Data Center Isolation
Security challenges:
1. In the virtualization-based cloud computing environment, each virtual system
must be independently protected to provide services for multiple tenants or
provide different services for one tenant.
2. The big and centralized data faces unprecedented privacy challenges from
hackers.
3. Data centers must provide reliable services in real time. However, DoS attacks
occur frequently.
Solution:
1. Deploy a USG series next-generation firewall which virtualizes all security
services and system resources to provide exceptional experiences for each
virtual system.
2. Enable the 10-Gigabit level intrusion prevention function to effectively block
attacks and provide differentiated defense functions in different virtual systems.
3. Enable anti-DDoS to remove DDoS traffic and protect data centers.
Enterprise Branch Interconnection (VPN Remote Interconnection)
Security challenges:
1. The sensitive data exchanged between headquarters and branch offices faces
the risk of in-transit interception and tampering.
2. Intranet access from mobile devices is insecure.
Solution:
1. Deploy a USG series next-generation firewall which provides five VPN access
methods and over 10 encryption algorithms to establish a reliable, controllable,
and manageable tunnel for secure data transfer on the Internet.
2. Provide SSL VPN across multiple platforms (including Windows, IOS, Android,
Blackberry, and Symbian).
2013-8-26 Huawei Confidential Page 9 of 19
Specifications Model USG6650 USG6660 USG6680
Firewall throughput 20 Gbit/s 25 Gbit/s 40 Gbit/s
IPS throughput 10 Gbit/s 13 Gbit/s 20 Gbit/s
Threat prevention
throughput 10 Gbit/s 13 Gbit/s 20 Gbit/s
Concurrent sessions 8,000,000 10,000,000 12,000,000
New sessions per
second 300,000 350,000 400,000
IPSec VPN
throughput 12 Gbit/s 16 Gbit/s 20 Gbit/s
Virtual firewalls 500 500 1000
Expansion and I/O
Fixed port
2 x 10GE+8GE+8SFP 4 x 10GE+16GE+8SFP
Expansion Slots 6 x WSIC 2 x WSIC
Interface module WSIC: 2 x 10GE (SFP+)+8 x GE (RJ45), 8 x GE (RJ45), 8 x GE (SFP) 4 x GE
(RJ45) BYPASS
Functions
Context awareness
ACTUAL (Application, Content, Time, User, Attack, Location)–based
awareness capabilities
Eight authentication methods (local, RADIUS, HWTACACS, SecureID, AD,
CA, LDAP, and Endpoint Security)
Application security
Fine-grained identification of over 6000 application protocols,
application-specific action, and online update of protocol databases
Combination of application identification and virus scanning to recognize the
viruses (more than 5 millions), Trojan horses, and malware hidden in
applications
Combination of application identification and content detection to identify file
types and sensitive information to prevent information leaks
Intrusion prevention
Provides over 3000 signatures for attack identification.
Provides protocol identification to defend against abnormal protocol behaviors.
Supports user-defined IPS signatures.
Web security
Cloud-based URL filtering with a URL category database that contains over 85
million URLs in over 130 categories
Defense against web application attacks, such as cross-site scripting and SQL
injection attacks
HTTP/HTTPS/FTP-based content awareness to defend against web viruses
URL blacklist and whitelist and keyword filtering
Email security Real-time anti-spam to detect and filter out phishing emails
Local whitelist and blacklist, remote real-time blacklist, content filtering,
2013-8-26 Huawei Confidential Page 10 of 19
keyword filtering, and mail filtering by attachment type, size, and quantity
Virus scanning and notification for POP3/SMTP/IMAP email attachments
Data security
Data leak prevention based on content awareness
File reassembly and data filtering for more than 20 file types (including Word,
Excel, PPT, and PDF), and file blocking for more than 60 file types
Security
virtualization*
Virtualization of security features, forwarding statistics, users, management
operations, views, and resources (such as bandwidths and sessions)
Network security
Defense against more than 10 types of DDoS attacks, such as the SYN flood
and UDP flood attacks
VPN technologies: IPSec VPN, SSL VPN, L2TP VPN, MPLS VPN, and GRE
Routing IPv4: static routing, RIP, OSPF, BGP, and IS-IS
IPv6: RIPng, OSPFv3, BGP4+, IPv6 IS-IS, IPv6 RD, and ACL6
Working mode and
availability
Transparent, routing, or hybrid working mode and high availability (HA),
including the Active/Active and Active/Standby mode
Intelligent
management*
SmartPolicy: evaluates the network risks based on the passed traffic and
intelligently generates policies based on the evaluation to automatically
optimize security policies. Supports policy matching ratio analysis and the
detection of conflict and redundant policies to remove them, simplifying policy
management.
Provides a global configuration view and integrated policy management. The
configurations can be completed in one page.
Provides visualized and multi-dimensional report display by user, application,
content, time, traffic, threat, and URL.
Specifications
Height 3 U
Dimensions (H x W
x D) 130.5 mm x 442 mm x 415 mm
Weight (full
configuration) 24 kg
HDD Optional. Supports 300 GB hard disks (RAID1 and hot swappable).
Redundant power
supply Standard configuration
AC power supply 100 V to 240 V
DC power supply –48 V to–60 V
Maximum power 350 W
Operating
environment Temperature: 5℃ to 40℃/Humidity: 10% to 90%
Non-operating
environment Temperature: -40℃ to 70℃/Humidity: 5% to 95%
Note: The features marked with an asterisk (*) will be available soon.
2013-8-26 Huawei Confidential Page 11 of 19
Ordering Guide
USG6650 Quotation Items
Model Description
Main device
USG6650-AC
USG6650 AC
Host(8GE(RJ45)+8GE(SFP)+2*10GE(SFP+),16G Memory,2
AC Power),with HW General Security Platform Software
USG6650-BDL-AC
USG6650 AC
Host(8GE(RJ45)+8GE(SFP)+2*10GE(SFP+),16G Memory,2
AC Power,IPS/AV/URL/AS Function Group Update Service
Renewal Subscribe 12 Months per Set),with HW General
Security Platform Software
Interface card
WSIC-8GE 8GE Optical Ports WSIC Card,with HW General Security
Platform Software
WSIC-4GEBYPASS 4GE Electric Ports Bypass Card,with HW General Security
Platform Software
WSIC-8GEF 8GE Electric Ports Interface Card,with HW General Security
Platform Software
WSIC-2XG8GE 2*10GE Optical+8GE Electric Ports Interface Card,with HW
General Security Platform Software
Disk
SM-HDD-SAS300G-A 300GB 10K RPM SAS Hard Disk Unit
Optical transceiver
OSX040N01 Optical Transceiver,SFP+,10G,Single-mode
Module(1550nm,40km,LC)
OSU015N00 Optical Transceiver,eSFP,2.5G,Single-mode
Module(1310nm,15km,LC)
SFP-GE-LX-SM1310 Optical Transceiver,eSFP,GE,Single-mode
Module(1310nm,10km,LC)
eSFP-GE-SX-MM850 Optical Transceiver,eSFP,GE,Multi-mode
Module(850nm,0.5km,LC)
eSFP-FE-LX-SM1310 Optical Transceiver,eSFP,100M/155M,Single-mode
Module(1310nm,15km,LC)
S-SFP-FE-LH40-SM1310 Optical Transceiver,eSFP,FE,Single-mode
Module(1310nm,40km,LC)
2013-8-26 Huawei Confidential Page 12 of 19
S-SFP-FE-LH80-SM1550 Optical Transceiver,eSFP,FE,Single-mode
Module(1550nm,80km,LC)
S-SFP-GE-LH40-SM1310 Optical Transceiver,eSFP,GE,Single-mode
Module(1310nm,40km,LC)
OMXD30000 Optical Transceiver,SFP+,10G,Multi-mode
Module(850nm,0.3km,LC)
OSX010000 Optical Transceiver,SFP+,10G,Single-mode
Module(1310nm,10km,LC)
Outsourced components
SU5M1RAIL01 Cabinet Guide Rail
QW1P0FIBER06
Optical
adapter-LC/PC-LC/PC-Blue-Shell:Plastic-Sleeve:Zirconia-Squ
are
SS-OP-D-LC-M-5 Patch
cord-LC/PC-LC/PC-Multimode-A1b-2mm-5m-PVC-Orange
SS-OP-D-LC-M-10 Patch
cord-LC/PC-LC/PC-Multimode-A1b-2mm-10m-PVC-Orange
SS-OP-D-LC-M-20 Patch
cord-LC/PC-LC/PC-Multimode-A1b-2mm-20m-PVC-Orange
SS-OP-D-LC-S-6 Patch cord-LC/PC-LC/PC-Single
mode-G.652D-2mm-6m-PVC-Yellow
SS-OP-D-LC-S-10 Patch cord-LC/PC-LC/PC-Single
mode-G.652D-2mm-10m-PVC-Yellow
SS-OP-D-LC-S-20 Patch cord-LC/PC-LC/PC-Single
mode-G.652-2mm-20m-PVC-Yellow
SS-OP-LC-SC-M-20 Patch
cord-LC/PC-SC/PC-Multimode-A1b-2mm-20m-PVC-Orange
SS-OP-LC-SC-S-20 Patch cord-LC/PC-SC/PC-Single
mode-G.652-2mm-20m-PVC-Yellow
SS-OP-LC-FC-M-10 Patch
cord-FC/PC-LC/PC-Multimode-A1b-2mm-10m-PVC-Orange
SS-OP-LC-FC-S-10 Patch cord-FC/PC-LC/PC-Single
mode-G.652D-2mm-10m-PVC-Yellow
Basic license
USG6000-LFWSSL01 Quantity of SSL VPN Concurrent Users(100
Users),with HW General Security Platform Software
USG6000-LFWSSL02 Quantity of SSL VPN Concurrent Users(200 Users),with HW
General Security Platform Software
USG6000-LFWSSL03 Quantity of SSL VPN Concurrent Users(500 Users),with HW
General Security Platform Software
USG6000-LFWSSL04 Quantity of SSL VPN Concurrent Users(1000 Users),with HW
2013-8-26 Huawei Confidential Page 13 of 19
General Security Platform Software
USG6000-LFWSSL05 Quantity of SSL VPN Concurrent Users(2000 Users),with HW
General Security Platform Software
USG6000-LFWSSL06 Quantity of SSL VPN Concurrent Users(5000 Users),with HW
General Security Platform Software
USG6000-LFWSEC0 Encryption Function License,with HW General
Security Platform Software
NGFW license
USG6600-LFWIPS05 IPS Update Service Subscribe 12 Months,With HW
General Security Platform Software
USG6600-LFWIPS06 IPS Update Service Subscribe 36 Months,With HW General
Security Platform Software
USG6600-LFWURL05 URL Filtering Update Service Subscribe 12 Months,With HW
General Security Platform Software
USG6600-LFWURL06 URL Filtering Update Service Subscribe 36 Months,With HW
General Security Platform Software
USG6600-LFWAV05 Anti-Virus Update Service Subscribe 12 Months,With HW
General Security Platform Software
USG6600-LFWAV06 Anti-Virus Update Service Subscribe 36 Months,With HW
General Security Platform Software
USG6600-LFWIPSAVURL05 IPS-AV-URL-AS Function Group Subscribe 12
Months,with HW General Security Platform Software
USG6600-LFWIPSAVURL06 IPS-AV-URL-AS Function Group Subscribe 36 Months,with
HW General Security Platform Software
USG6000-LFWVSYS Virtual System
LIC-CONTENT Content Filter
USG6660 Quotation Items
Model Description
Main device
USG6660-AC
USG6660 AC
Host(8GE(RJ45)+8GE(SFP)+2*10GE(SFP+),16G Memory,2
AC Power),with HW General Security Platform Software
USG6660-BDL-AC
USG6660 AC
Host(8GE(RJ45)+8GE(SFP)+2*10GE(SFP+),16G Memory,2
AC Power,IPS/AV/URL/AS Function Group Update Service
Renewal Subscribe 12 Months per Set),with HW General
Security Platform Software
2013-8-26 Huawei Confidential Page 14 of 19
USG6660-DC
USG6660 AC
Host(8GE(RJ45)+8GE(SFP)+2*10GE(SFP+),16G Memory,2
AC Power),with HW General Security Platform Software
Interface card
WSIC-8GE 8GE Optical Ports WSIC Card,with HW General Security
Platform Software
WSIC-4GEBYPASS 4GE Electric Ports Bypass Card,with HW General Security
Platform Software
WSIC-8GEF 8GE Electric Ports Interface Card,with HW General Security
Platform Software
WSIC-2XG8GE 2*10GE Optical+8GE Electric Ports Interface Card,with HW
General Security Platform Software
Disk
SM-HDD-SAS300G-A 300GB 10K RPM SAS Hard Disk Unit
Optical transceiver
OSX040N01 Optical Transceiver,SFP+,10G,Single-mode
Module(1550nm,40km,LC)
OSU015N00 Optical Transceiver,eSFP,2.5G,Single-mode
Module(1310nm,15km,LC)
SFP-GE-LX-SM1310 Optical Transceiver,eSFP,GE,Single-mode
Module(1310nm,10km,LC)
eSFP-GE-SX-MM850 Optical Transceiver,eSFP,GE,Multi-mode
Module(850nm,0.5km,LC)
eSFP-FE-LX-SM1310 Optical Transceiver,eSFP,100M/155M,Single-mode
Module(1310nm,15km,LC)
S-SFP-FE-LH40-SM1310 Optical Transceiver,eSFP,FE,Single-mode
Module(1310nm,40km,LC)
S-SFP-FE-LH80-SM1550 Optical Transceiver,eSFP,FE,Single-mode
Module(1550nm,80km,LC)
S-SFP-GE-LH40-SM1310 Optical Transceiver,eSFP,GE,Single-mode
Module(1310nm,40km,LC)
OMXD30000 Optical Transceiver,SFP+,10G,Multi-mode
Module(850nm,0.3km,LC)
OSX010000 Optical Transceiver,SFP+,10G,Single-mode
Module(1310nm,10km,LC)
Outsourced components
SU5M1RAIL01 Cabinet Guide Rail
QW1P0FIBER06
Optical
adapter-LC/PC-LC/PC-Blue-Shell:Plastic-Sleeve:Zirconia-Squ
are
2013-8-26 Huawei Confidential Page 15 of 19
SS-OP-D-LC-M-5 Patch
cord-LC/PC-LC/PC-Multimode-A1b-2mm-5m-PVC-Orange
SS-OP-D-LC-M-10 Patch
cord-LC/PC-LC/PC-Multimode-A1b-2mm-10m-PVC-Orange
SS-OP-D-LC-M-20 Patch
cord-LC/PC-LC/PC-Multimode-A1b-2mm-20m-PVC-Orange
SS-OP-D-LC-S-6 Patch cord-LC/PC-LC/PC-Single
mode-G.652D-2mm-6m-PVC-Yellow
SS-OP-D-LC-S-10 Patch cord-LC/PC-LC/PC-Single
mode-G.652D-2mm-10m-PVC-Yellow
SS-OP-D-LC-S-20 Patch cord-LC/PC-LC/PC-Single
mode-G.652-2mm-20m-PVC-Yellow
SS-OP-LC-SC-M-20 Patch
cord-LC/PC-SC/PC-Multimode-A1b-2mm-20m-PVC-Orange
SS-OP-LC-SC-S-20 Patch cord-LC/PC-SC/PC-Single
mode-G.652-2mm-20m-PVC-Yellow
SS-OP-LC-FC-M-10 Patch
cord-FC/PC-LC/PC-Multimode-A1b-2mm-10m-PVC-Orange
SS-OP-LC-FC-S-10 Patch cord-FC/PC-LC/PC-Single
mode-G.652D-2mm-10m-PVC-Yellow
Basic license
USG6000-LFWSSL01 Quantity of SSL VPN Concurrent Users(100 Users),with HW
General Security Platform Software
USG6000-LFWSSL02 Quantity of SSL VPN Concurrent Users(200 Users),with HW
General Security Platform Software
USG6000-LFWSSL03 Quantity of SSL VPN Concurrent Users(500
Users),with HW General Security Platform Software
USG6000-LFWSSL04 Quantity of SSL VPN Concurrent Users(1000 Users),with HW
General Security Platform Software
USG6000-LFWSSL05 Quantity of SSL VPN Concurrent Users(2000 Users),with HW
General Security Platform Software
USG6000-LFWSSL06 Quantity of SSL VPN Concurrent Users(5000 Users),with HW
General Security Platform Software
USG6000-LFWSEC0 Encryption Function License,with HW General Security
Platform Software
NGFW license
USG6600-LFWIPS05 IPS Update Service Subscribe 12 Months,With HW General
Security Platform Software
USG6600-LFWIPS06 IPS Update Service Subscribe 36 Months,With HW General
Security Platform Software
USG6600-LFWURL05 URL Filtering Update Service Subscribe 12 Months,With HW
2013-8-26 Huawei Confidential Page 16 of 19
General Security Platform Software
USG6600-LFWURL06 URL Filtering Update Service Subscribe 36 Months,With HW
General Security Platform Software
USG6600-LFWAV05 Anti-Virus Update Service Subscribe 12 Months,With HW
General Security Platform Software
USG6600-LFWAV06 Anti-Virus Update Service Subscribe 36 Months,With HW
General Security Platform Software
USG6600-LFWIPSAVURL05 IPS-AV-URL-AS Function Group Subscribe 12 Months,with
HW General Security Platform Software
USG6600-LFWIPSAVURL06 IPS-AV-URL-AS Function Group Subscribe 36 Months,with
HW General Security Platform Software
USG6000-LFWVSYS Virtual System
LIC-CONTENT Content Filter
USG6680 Quotation Items
Model Description
Main device
USG6680-AC
USG6680 AC
Host(16GE(RJ45)+8GE(SFP)+4*10GE(SFP+),16G Memory,2
AC Power),with HW General Security Platform Software
USG6680-BDL-AC
USG6680 AC
Host(16GE(RJ45)+8GE(SFP)+4*10GE(SFP+),16G Memory,2
AC Power,IPS/AV/URL/AS Function Group Update Service
Renewal Subscribe 12 Months per Set),with HW General
Security Platform Software
USG6680-DC
USG6680 AC
Host(16GE(RJ45)+8GE(SFP)+4*10GE(SFP+),16G Memory,2
AC Power),with HW General Security Platform Software
Interface card
WSIC-8GE 8GE Optical Ports WSIC Card,with HW General Security
Platform Software
WSIC-4GEBYPASS 4GE Electric Ports Bypass Card,with HW General Security
Platform Software
WSIC-8GEF 8GE Electric Ports Interface Card,with HW General Security
Platform Software
WSIC-2XG8GE 2*10GE Optical+8GE Electric Ports Interface Card,with HW
General Security Platform Software
Disk
2013-8-26 Huawei Confidential Page 17 of 19
SM-HDD-SAS300G-A 300GB 10K RPM SAS Hard Disk Unit
Optical transceiver
OSX040N01 Optical Transceiver,SFP+,10G,Single-mode
Module(1550nm,40km,LC)
OSU015N00 Optical Transceiver,eSFP,2.5G,Single-mode
Module(1310nm,15km,LC)
SFP-GE-LX-SM1310 Optical Transceiver,eSFP,GE,Single-mode
Module(1310nm,10km,LC)
eSFP-GE-SX-MM850 Optical Transceiver,eSFP,GE,Multi-mode
Module(850nm,0.5km,LC)
eSFP-FE-LX-SM1310 Optical Transceiver,eSFP,100M/155M,Single-mode
Module(1310nm,15km,LC)
S-SFP-FE-LH40-SM1310 Optical Transceiver,eSFP,FE,Single-mode
Module(1310nm,40km,LC)
S-SFP-FE-LH80-SM1550 Optical Transceiver,eSFP,FE,Single-mode
Module(1550nm,80km,LC)
S-SFP-GE-LH40-SM1310 Optical Transceiver,eSFP,GE,Single-mode
Module(1310nm,40km,LC)
OMXD30000 Optical Transceiver,SFP+,10G,Multi-mode
Module(850nm,0.3km,LC)
OSX010000 Optical Transceiver,SFP+,10G,Single-mode
Module(1310nm,10km,LC)
Outsourced components
SU5M1RAIL01 Cabinet Guide Rail
QW1P0FIBER06
Optical
adapter-LC/PC-LC/PC-Blue-Shell:Plastic-Sleeve:Zirconia-Squ
are
SS-OP-D-LC-M-5 Patch
cord-LC/PC-LC/PC-Multimode-A1b-2mm-5m-PVC-Orange
SS-OP-D-LC-M-10 Patch
cord-LC/PC-LC/PC-Multimode-A1b-2mm-10m-PVC-Orange
SS-OP-D-LC-M-20 Patch
cord-LC/PC-LC/PC-Multimode-A1b-2mm-20m-PVC-Orange
SS-OP-D-LC-S-6 Patch cord-LC/PC-LC/PC-Single
mode-G.652D-2mm-6m-PVC-Yellow
SS-OP-D-LC-S-10 Patch cord-LC/PC-LC/PC-Single
mode-G.652D-2mm-10m-PVC-Yellow
SS-OP-D-LC-S-20 Patch cord-LC/PC-LC/PC-Single
mode-G.652-2mm-20m-PVC-Yellow
SS-OP-LC-SC-M-20 Patch
cord-LC/PC-SC/PC-Multimode-A1b-2mm-20m-PVC-Orange
2013-8-26 Huawei Confidential Page 18 of 19
SS-OP-LC-SC-S-20 Patch cord-LC/PC-SC/PC-Single
mode-G.652-2mm-20m-PVC-Yellow
SS-OP-LC-FC-M-10 Patch
cord-FC/PC-LC/PC-Multimode-A1b-2mm-10m-PVC-Orange
SS-OP-LC-FC-S-10 Patch cord-FC/PC-LC/PC-Single
mode-G.652D-2mm-10m-PVC-Yellow
Basic license
USG6000-LFWSSL01 Quantity of SSL VPN Concurrent Users(100 Users),with HW
General Security Platform Software
USG6000-LFWSSL02 Quantity of SSL VPN Concurrent Users(200 Users),with HW
General Security Platform Software
USG6000-LFWSSL03 Quantity of SSL VPN Concurrent Users(500 Users),with HW
General Security Platform Software
USG6000-LFWSSL04 Quantity of SSL VPN Concurrent Users(1000 Users),with HW
General Security Platform Software
USG6000-LFWSSL05 Quantity of SSL VPN Concurrent Users(2000 Users),with HW
General Security Platform Software
USG6000-LFWSSL06 Quantity of SSL VPN Concurrent Users(5000 Users),with HW
General Security Platform Software
USG6000-LFWSEC0 Encryption Function License,with HW General Security
Platform Software
NGFW license
USG6600-LFWIPS05 IPS Update Service Subscribe 12 Months,With HW General
Security Platform Software
USG6600-LFWIPS06 IPS Update Service Subscribe 36 Months,With HW General
Security Platform Software
USG6600-LFWURL05 URL Filtering Update Service Subscribe 12 Months,With HW
General Security Platform Software
USG6600-LFWURL06 URL Filtering Update Service Subscribe 36 Months,With HW
General Security Platform Software
USG6600-LFWAV05 Anti-Virus Update Service Subscribe 12 Months,With HW
General Security Platform Software
USG6600-LFWAV06 Anti-Virus Update Service Subscribe 36 Months,With HW
General Security Platform Software
USG6600-LFWIPSAVURL05 IPS-AV-URL Function Group Subscribe 12 Months,With HW
General Security Platform Software
USG6600-LFWIPSAVURL06 IPS-AV-URL Function Group Subscribe 36 Months,With HW
General Security Platform Software
USG6000-LFWVSYS Virtual System
LIC-CONTENT Content Filter
2013-8-26 Huawei Confidential Page 19 of 19
About This Publication
This publication is for reference only and shall not constitute any commitments or guarantees.
All trademarks, pictures, logos, and brands mentioned in this document are the property of
Huawei Technologies Co., Ltd. or a third party.
Copyright © Huawei Technologies Co., Ltd. All rights reserved.