Upload File

secospace usg9300 (v100r002)

prev
next
out of 6
Download Secospace USG9300 (V100R002)

Upload: utopia-media

Post on 29-May-2018

234 views

Category:

Documents


0 download

Report

TRANSCRIPT

  • 8/9/2019 Secospace USG9300 (V100R002)

    1/6

    Secospace USG9300

    Secospace USG9300

    V100R002

  • 8/9/2019 Secospace USG9300 (V100R002)

    2/6

    Secospace USG9300

    Product Features

    Advanced anti-DDoS system architecture to

    provide a professional anti-DDoS platform

    Huawei Symantec anti-DDoS solution eatures the industrys

    most advanced system architecture, embodying the detection,

    cleaning, and ATIC management centers. The detection

    center detects traic and inorms the management center

    o any abnormalities. The cleaning center diverts and cleans

    abnormal traic and injects the cleaned traic back into the

    original link. The ATIC management center globally manages

    all components o the anti-DDoS solution, including the

    service congurations and report displays o the detection and

    cleaning centers. The USG9300 is scalable and the deployment

    can be centralized or distributed.

    Product Family

    USG9310 USG9320

    Product Overview

    Distributed Denial o Service (DDoS) attacks have been on

    the rise since the second hal o 1999 and are currently very

    common. They can cause serious damage to an enterprise

    nancially, operationally, and waste valuable staf time.

    Huawei Symantec anti-DDoS solution is an advanced traic

    inspection and control system that oers a solid deense

    against DDoS attacks, comprehensive anti-DDoS operation

    eatures, lexible device orms, and a wide application range.

    The USG9300 is extremely reliable and protects high-end

    applications, such as links on Metropolitan Area Networks

    (MANs) or backbone networks.

  • 8/9/2019 Secospace USG9300 (V100R002)

    3/6

    Secospace USG9300

    Flexible device forms to ensure users'

    investment

    The detection and cleaning centers o Huawei Symantec anti-

    DDoS solution have been developed using the USG9000

    Enhanced Service Processing Unit (ESPU), which can be

    upgraded to either the cleaning or detection units through

    license control. The ESPU is based on multi-core and multi-

    thread architecture and can process huge volumes o trac to

    detect and clean DDoS attack trac.

    The USG9300 series comprises the USG9310 and the USG9320.

    The USG9310 has 8 slots and can accommodate 4 anti-DDoS

    ESPUs; the USG9320 has 16 slots and can accommodate 8

    anti-DDoS ESPUs. The USG9300 uses distributed concurrent

    processing to greatly improve the detection and cleaning

    capabilities o the integrated device and ensure low pre-phase

    investment and smooth expansion in the uture.

    Excellent anti-DDoS capability to deliver high

    performance in the industry

    To deend against Botnet-generated DDoS attacks, Huawei

    Symantec anti-DDoS solution processes high volumes o DDoS

    trac at the network layer based on application protocols. To

    resist traic attacks, a single rame o the USG9300 provides

    an 80G DDoS deense capability. Application layer attacks are

    blocked through multiple types o protocols such as HTTP,

    HTTPS, DNS, and SIP to ensure that services or customers are

    not interrupted.

    Extensive application scenarios to support

    comprehensive anti-DDoS deployment

    Huawei Symantec anti-DDoS solution is applicable to multiple

    anti-DDoS scenarios. It can protect the egress o backbone

    networks, deal with high trac volumes, cope with application

    layer congestion, and resist application layer attacks. Huawei

    Symantec anti-DDoS solution provides comprehensive policies

    and efective centralized management to meet the anti-DDoS

    requirements o large enterprises and data centers in multiple,

    complex environments.

    Management Center Management

    Server

    Data

    Collector

    Anti-DDoS

    Device

    Anti-DDoS

    Device

    Anti-DDoS

    Device

    Data

    Collector

    Data

    Collector

    Monitoring Trac

    Trac Log & Cleaning Log

    & Captured Packet

    Management Trac

  • 8/9/2019 Secospace USG9300 (V100R002)

    4/6

    Secospace USG9300

    Aggregater

    Cyber Bar

    NetFlow

    USG9300

    OineCleaning

    Full-networkMonitoring

    Customer

    Super Core

    Core

    IDC

    Enterprise

    USG9300o-line Cleaning

    Backbone Protection Area

    ManagementCenter

    Value-added ServiceArea Static Cleaning

    Value-added Service AreaDynamic Cleaning

    USG9300Full-trac-

    divisionCleaning

    USG9300O-line

    CleaningManagement

    Center

    Typical Networking Scenario

    Anti-DDoS networking

    Detection Unit

    and Cleaning

    Unit are in the

    same Chassis

    Enterprises

    BranchHeadquarterDSL

    Diversion/

    Re-injection

    Splitting/Mirror

    Aggregater

    Core

    Splitting/Mirror Trafc

    Diversion Trafc

    Re-injection Trafc

    Cleaning LogCleaningUnit

    Cleaning Log

    ManagementCenter

    Detection Log

    DetectionUnit

  • 8/9/2019 Secospace USG9300 (V100R002)

    5/6

    Secospace USG9300

    Product Specifcations

    Model USG9310 USG9320

    Number o slots 8 (4 DCUs and 4 LPUs can be congured) 16 (8 DCUs and 8 LPUs can be congured)

    Detection and cleaning capability 10G4 10G8

    Number o protected destination IP

    addresses

    Rened deense or 10000 destination IP addresses and 2000 VICs

    Common deense or 1000000 destination IP addresses

    DDoS attacks resisted

    Trac attacks

    SYN ood

    ACK ood

    SYN-ACK ood

    FIN/RST ood

    IP ragment ood

    UDP ood

    ICMP ood

    Smur attacks

    Application-layer attacks

    Connection ood

    DNS query ood

    DNS reply ood

    HTTP Get/Post ood

    CC attacks

    SIP ood

    HTTPS ood

    Scanning attacks

    Port scanning

    IP sweeping

    Tracert control packets

    IP source routing option attacks

    IP timestamp option attacks

    IP routing record option attacks

    Malormed packet attacks

    IP spoong

    Land attacks

    Fraggle attacks

    WinNuke

    Ping o Death

    Tear Drop

    IP option control

    IP ragmented control packets

    TCP label validity check

    Oversized ICMP control packets

    ICMP redirection control packets

    ICMP unreachable control packets

    ReliabilityHot swapping o modules and components, dual-system hot backup, link aggregation, and

    dual MPUs

    LPU typeEthernet interace 5GE, 10GE, 24GE, 110GE (optical/electronical interaces)

    POS interace 8155M, 4622M, 42.5G, 110G

    Maximum number

    o interaces

    Ethernet interace 96GE, 410GE 192GE, 810GE

    POS interace 162.5G, 410G 322.5G, 810G

    Dimensions (mm) (WDH) 442669886 4426691600

    Weight 100kg 150kg

    Power 700W 900W

    Mean time between ailures (MTBF) 57 years 57 years

  • 8/9/2019 Secospace USG9300 (V100R002)

    6/6

    Secospace USG9300

    The inormation contained in this document is or reerence purpose only, do not constitute the warranty o any kind, experss or implied. It is

    subject to change or withdrawal according to specic customer requirements and conditions.

    All the trademarks, pictures, and brands mentioned in this document are the property o Huawei Symantec Technologies Co., Ltd or their

    respective holders.

    Copyright 2010 Huawei Symantec Technologies Co., Ltd. All rights reserved.

    Version No.: M3-110019999-20100120-V-1.0

    Secospace USG9300


3_OptiX ASON V100R002 Deployment Guide

Huawei CloudEngine Series Switch V100R002 Security …ASE]CloudEngine... · Huawei CloudEngine Series Switch V100R002 Security Target Huawei Technologies Co., Ltd. Classification:

OSN500 Product Description(V100R002 01)

OptiX RTN 900 V100R002 Product Description-20100223-A

Data Performance Optimization Service V100R002 Delivery Guide V0.8 (20120320)

02-OptiX RTN 900 V100R002 Configuration Guide-20100119-A.ppt

eCNS600 V100R002 Feature Description - Huawei - … · eCNS600 V100R002 Feature Description Draft A ... A UE can be detached explicitly or implicitly. ... 3GPP TS 23.060,

CME System Description(V100R002)

OptiX RTN 900 V100R002 System Hardware 20100223 A

02 opti x rtn 900 v100r002 configuration guide-20100119-a

HUAWEI Secospace USG5500 Product Description

Secospace USG2100&2200&5100 V300R001 Quick Start 04

OptiX RTN 900 V100R002 Configuration Guide-20100119-A

AP Manager Product Description V100R002

01-OptiX RTN 900 V100R002 Product Description-20110518-A

OTC103101 OptiX BWS 1600G V100R002 Hardware Description ISSUE1.24

02 opti x rtn 900 v100r002 system hardware-20100223-a

OTA058101 OptiX ASON V100R002 New Features Introduction ISSUE 1.00

Secospace USG9300 (V100R001)

OptiX OSN 500 Configuration Guide(V100R002)

Secospace USG2110 V100R001C03SPC200 Upgrade Guide (English Document)

Product Description(V100R002 03)

OTF202101 OptiX RTN 910950 V100R002 Hardware Description ISSUE 1.00

14OTC103002 OptiX BWS 1600G V100R002 System Description ISSUE1.20

Huawei OptiX PTN 910 Commissioning Guide (V100R002)

OTC103202 OptiX BWS 1600G V100R002 Optical Power Calculation ISSUE1.23

Optix Metro 100 V100R002 System Description V1 20

02-OptiX RTN 900 V100R002 System Hardware-20100223-A

Português OptiX RTN 900 V100R002 Configuration Guide-200912

OptiX RTN 900 V100R002 Configuration Guide 200912

10-Optix Bws 1600g v100r002 Equipment Operation and Maintenance Issue1.20

Huawei Secospace USG6600 Series Next … Secospace USG6600 Series Next-Generation Firewall enterprise.huawei.com Specifications Model USG6650 USG6660 USG6680 Firewall …

3 - OTF202202 OptiX RTN 910950 V100R002 Routine Maintenance ISSUE1.00

Huawei - 4 OptiX RTN 900 V100R002 Sistem Hardware

Secospace USecospace USG2100