huawei usg5500 series unified security gateway sales ......huawei usg5500 series unified security...
Post on 02-Dec-2020
12 Views
Preview:
TRANSCRIPT
Doc. code
HUAWEI USG5500 series Unified
Security Gateway Sales Guide
Issue 1.0
Date 2012-10-20
HUAWEI TECHNOLOGIES CO., LTD.
Copyright © Huawei Technologies Co., Ltd. 2012. All rights reserved.
No part of this document may be reproduced or transmitted in any form or by any means without
prior written consent of Huawei Technologies Co., Ltd.
Trademarks and Permissions
and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd. All other
trademarks and trade names mentioned in this document are the property of their respective
holders.
Notice
The purchased products, services and features are stipulated by the commercial contract made
between Huawei and the customer. All or partial products, services and features described in this
document may not be within the purchased scope or the usage scope. Unless otherwise agreed by
the contract, all statements, information, and recommendations in this document are provided “AS
IS” without warranties, guarantees or representations of any kind, either express or implied.
The information in this document is subject to change without notice. Every effort has been made in
the preparation of this document to ensure accuracy of the contents, but all statements, information,
and recommendations in this document do not constitute the warranty of any kind, express or implied.
Huawei Technologies Co., Ltd.
Address: Huawei Industrial Base
Bantian, Longgang
Shenzhen 518129
People's Republic of China
Website: http://www.huawei.com
Email: support@huawei.com
HUAWEI USG5500 series Unified Security Gateway
Sales Guide
Contents
1 General Marketing Strategy........................................................................................................ 1
1.1 Product Positioning .......................................................................................................................................... 1
1.2 Product Series................................................................................................................................................... 1
1.3 License Policy .................................................................................................................................................. 2
2 Major Selling Points ..................................................................................................................... 3
2.1 Powerful and Reliable UTM – Effectively Protecting Key Services ............................................................... 3
2.2 Identifying 1000+ Application Protocols ......................................................................................................... 4
2.3 Full Service Integration – Configuring Software and Hardware Based on Demands and Supporting
Enhanced Extension ............................................................................................................................................... 4
2.4 Simply and Easy-to-Use UTM – Instance Use Upon Enabling, Dynamic Update, and Real-Time Assurance 4
3 Version Description ...................................................................................................................... 5
3.1 V300R001 Version Description ........................................................................................................................ 5
3.2 Hardware Platform and Version Support .......................................................................................................... 6
4 Competitive Strategy .................................................................................................................... 7
4.1 Guided Selling Points ....................................................................................................................................... 7
5 Marketing Opportunities and Typical Application Scenarios ............................................ 8
5.1 Hierarchical Protection ...................................................................................................... 错误!未定义书签。
5.2 Construction of e-Government Networks ......................................................................... 错误!未定义书签。
5.3 Network Border Protection .............................................................................................................................. 8
5.4 Security Interconnection Solutions for Enterprise and Organization Networks ............................................... 9
5.5 SSL VPN Solutions for Enterprise Networks ................................................................................................. 10
5.6 IDC Protection Solution ................................................................................................................................. 11
5.7 Integrated Security Solution for Enterprise Networks ................................................................................... 12
HUAWEI USG5500 series Unified Security Gateway Sales Guide
1 General Marketing Strategy
1.1 Product Positioning
The USG5500 series unified security gateways are self-developed by Huawei for the
mid-range security market. The USG5500 series use industry-leading software and hardware
architectures and integrate various security functions such as firewall, network address
translation (NAT), routing, switching, virtual private network (VPN), anti-virus (AV),
intrusion protection system (IPS), anti-spam (AS), uniform resource location (URL) filtering,
and application control. The USG5500 series are widely applied in the government, finance,
electricity, telecommunications, petroleum, education, and industry manufacturing industries.
The USG5500 series provide 6 Gbit/s to 32 Gbit/s processing capacity and support 10GE, GE,
USB-3G, and Bypass extension plug-in cards. The USG5500 series provide a maximum of 14
x 10GE interfaces and 64 x GE interfaces.
1.2 Product Series
The USG5520S is a 1 U device and provides 4 x GE electrical interfaces and 4 x GE Combo
interfaces. The USG5520S supports 2 x FIC extension slots. The USG5520S provides two
USB interfaces. The power supply of the USG5520S is AC and can works in AC 1+1
redundancy mode.
The USG5530S is a 1 U device and provides 4 x GE electrical interfaces and 4 x GE Combo
interfaces. The USG5530S supports 2 x FIC extension slots. The USG5530S provides two
USB interfaces. The power supply of the USG5530S is AC and can works in AC 1+1
redundancy mode.
The USG5530 is a 3 U device and provides 4 x GE electrical interfaces and 4 x GE Combo
interfaces. The USG5530 supports 1 x DMIC and 6 x FIC extension slots. The USG5530
provides two USB interfaces. The power supply of the USG5530 is AC and can works in AC
1+1 redundancy mode.
The USG5550 is a 3 U device and provides 4 x GE electrical interfaces and 4 x GE Combo
interfaces. The USG5550 supports 1 x DMIC and 5 x FIC extension slots. The USG5550
provides two USB interfaces. Two USG5550 types, that is, AC and DC, are available. The
power supply of the USG5550 works in 1+1 redundancy mode.
The USG5560 is a 3 U device and provides 4 x GE electrical interfaces, 4 x GE Combo
interfaces and 8 x GE optical interfaces. The USG5560 supports 5xFIC extension slots. The
HUAWEI USG5500 series Unified Security Gateway Sales Guide
USG5560 provides two USB interfaces. Two USG5560 types, that is, AC and DC, are
available. The power supply of the USG5560 works in 1+1 redundancy mode.
1.3 License Policy
The licenses for the V300R001 version are as follows:
License for controlling the number of SSL VPN concurrent users
License for controlling the number of virtual firewalls
The preceding licenses are resource licenses. After a customer purchases a certain
number of resources for corresponding functions, the licenses can be accumulated for
life-long use. The following table lists the upper limits of authorized resources.
Upper Limit of SSL VPN Concurrent Users
Upper Limit of Virtual Firewalls
USG5500 series 500 100
License for the AV upgrade service
License for the IPS upgrade service
License for the AS upgrade service
License for the URL filtering upgrade service
License for the 4-in-1 service (AV, IPS, AS, and URL)
The preceding unified treat management (UTM) licenses are service duration licenses. A
customer can purchase the upgrade service duration for the corresponding service. The
upgrade service is provided for free for initial service purchase.
Licenses are bound with devices. A license file can be activated on only a device. Multiple devices
cannot share a license.
HUAWEI USG5500 series Unified Security Gateway Sales Guide
2 Major Selling Points
2.1 Powerful and Reliable UTM – Effectively Protecting Key Services
The UTM integrates the advanced IPS and AV technologies developed by Symantec. The
UTM uses various decompression algorithms and integrates exclusive engine technologies
such as virtual engine, script resolution engine, and PDF engine. The UTM merges various
anti-detection technologies and uses Huawei dedicated integrated detection engine. By
continuously upgrading the feature library, the UTM supports a detection ratio higher than 99%
and achieves real security protection. With the user-centered policy configurations, the UTM
supports policy configuration for specific users. In this manner, the policy matching and
locating become accurate and the anti-detection becomes difficult.
The IPS uses the advanced IPS detection engine developed by Symantec and can effectively
and accurately scan network packets. The IPS can accurately identify anti-IPS detection and
spoofing activities.
The AV module uses the advanced virus detection engine developed by Symantec and can
detect viruses hidden in network traffic. The AV module supports effective and accurate virus
scanning capability.
The AS module can effectively intercept spam and clean enterprises' mail systems. By
blocking spam, the AS module helps enterprises improve work efficiency. The AS module can
control the sending and receiving of anonymous mails, control mail senders and receivers,
filter mail titles or key words in texts, and control internal employees' mail behaviors such as
attachment names, types, size, and quantity.
The web filtering module supports URL-based filtering and Web key word-based filtering.
The URL filtering function uses the advanced matching engine, which greatly shortens the
URL matching duration and improves the URL filtering efficiency. The Web key word
function can filter key words of searching engines, Web pages, and POST packets and control
the upload and download file names, types, and size, and control the HTTP POST packets.
The UTM virtualization function integrates the UTM functions and the virtual firewalls. The
UTM virtualization function provides independent policy configurations and advanced
security protection for each virtual firewall.
HUAWEI USG5500 series Unified Security Gateway Sales Guide
2.2 Identifying 1000+ Application Protocols
Huawei deploys multiple attack defense labs, Honeynet, and Honeypot systems. The Service
awareness helps you learn the latest security threaten and attack information and extract
threaten and attack features for upgrading products, maintaining high product security, and
ensuring continuous increase of investments.
Huawei builds the industry-leading security analysis and research teams. After many years of
experience accumulation, Huawei leads the industry in application protocol identification
field. TheService awareness can accurately identify 1000+ mainstream application protocols.
You can control network traffic based on actual network and service status. In this manner,
network bandwidth is saved and reliability of major services is ensured.
2.3 Full Service Integration – Configuring Software and Hardware Based on Demands and Supporting Enhanced Extension
The USG5500 series integrate the traditional firewall, UTM, routing, and switching functions
and support extension of 10GE interfaces. The USG5500 series support the maximum VPN
access functions in the industry, including the Layer 2 Tunneling Protocol (L2TP), IP Security
(IPsec), Secure Sockets Layer (SSL), Generic Routing Encapsulation (GRE), and
Multiprotocol Label Switching (MPLS) L3 VPNs. In actual applications, you can select
appropriate software and hardware based on network and service requirements. Flexible and
rich extension capability can fulfill continuously-changing software and hardware
requirements, protect customers' investments, and help enterprises in development.
2.4 Simply and Easy-to-Use UTM – Instance Use Upon Enabling, Dynamic Update, and Real-Time Assurance
Huawei collects and summarizes practical experience of USG series globally and stipulates
the optimal pre-defined detection policies. If you do not have customized requirements, you
can enable the related functions on the user-friendly graphical user interface (GUI) rather than
configuring a large amount of data. The USG series are easy to use. The USG series also
support customized policy configurations. You can use the integrated policy configuration
method to customize policy configurations. The integrated policy configuration method
decreases the number of policy configurations and provides unified policy configuration
entrance that avoids missing policies. The integrated policy configuration method simplifies
configurations and maintenance.
The global upgrade center focuses on network security events in real time and dynamically
updates various detection libraries and feature libraries, and provides various attack defense
methods in real time. The global upgrade center provides available and easy-to-use attack
defense devices.
HUAWEI USG5500 series Unified Security Gateway Sales Guide
3 Version Description
3.1 V300R001 Version Description
The V300R001 version integrates the medium and low-end products, including the
USG2000/5100 and USG5500 series. The V300R001 version provides the following
functions:
User management
Integrated policies and traffic control policies
Enhanced QoS (HQoS and Tunnel QoS)
Enhanced IPsec VPN (IPsec VPN two-node cluster hot backup, IPsec VPN tunnelization,
and CA)
UTM virtualization
Web content filtering (filtering by key words of Web pages, searching engines, and
POST packets, controlling the file names, types, and size of uploaded or downloaded
files, and controlling HTTP POST packets) (This function does not require a license.)
Mail filtering (controlling the sending and receiving of anonymous mails, controlling
mail senders and receivers, filtering mail titles or key words in texts, and controlling
internal attachment names, types, size, and quantity) (This function does not require a
license.)
FTP filtering (upload or download control)
Enhanced IPv6 (enhanced NAT64, 6RD, DNS6, ND-RA, IPv6 DHCP (server, relay, and
client), IPv6 PPPoE (client), and IPv6 QoS)
Static LACP
BFD
Routing enhancement (user-based policy routing, application-based policy routing,
WCMP weighted equivalent routing, manually triggering re-calculation of dynamic
routing protocols, and manually refreshing routes)
Alarm synchronization
Multi-dimensional reports based on users, applications, traffic, and network behaviors
(This function requires the VSM)
HUAWEI USG5500 series Unified Security Gateway Sales Guide
3.2 Hardware Platform and Version Support
The following table lists the mapping between hardware platforms and software versions.
Hardware Platform Software Version
USG5500 series 1 U platform V3R1
USG5500 series 3 U platform V3R1
1. All models of the USG5500 series use dual power supplies (optional AC and DC
power supplies) according to the standard configuration.
2. The USB 3G data cards support USB 3G extension. Huawei does not sell USB 3G
data cards. You can purchase USB 3G data cards based on the models specified in
the quoter.
3. Extension interface cards
Plug-in Card/Product USG5520S USG5530S USG5530 USG5550 USG5560
USB 3G Supported Supported Supported Supported Supported
DMIC 2x10GE (SFP+) Not supported Not supported Supported Supported Not supported
FIC 2x10GE (SFP+) Supported Supported Supported Supported Supported
8xGE (SFP) Supported Supported Supported Supported Supported
8xGE (RJ45) Supported Supported Supported Supported Supported
2x10GE (SFP+) +
8xGE (RJ45)
Supported Supported Supported Supported Supported
4xGEx (RJ45) Bypass Supported Supported Supported Supported Supported
2 Line (LC/UPC)
BYPASS
Supported Supported Supported Supported Supported
DFIC 16GE4S Supported Supported Supported Supported Supported
18FE2S Supported Supported Supported Supported Supported
HUAWEI USG5500 series Unified Security Gateway Sales Guide
4 Competitive Strategy
4.1 Guided Selling Points
1. The hardware platform uses an advanced multi-core architecture.
2. The USG5500 series support complete UTM function modules.
3. The USG5500 series support various VPN functions such as the L2TP, IPsec, SSL, GRE,
and MPLS L3 VPNs.
4. The USG5500 series support the IPsec VPNs in two-node cluster hot backup mode.
5. The USG5500 series provide various types of interfaces and interface densities.
6. The USG5500 series support the BFD function.
7. The USG5500 series support the IPv6 function.
HUAWEI USG5500 series Unified Security Gateway Sales Guide
5 Marketing Opportunities and Typical Application Scenarios
5.1 Network Border Protection
The major functions are as follows:
Network border protection
Security zone division
Intrusion protection
AV on the networks
Online behavior management
VPN access
Application industries:
Egress of government, finance, education, electricity, railway, energy, and enterprise networks
and interconnection of industry networks
HUAWEI USG5500 series Unified Security Gateway Sales Guide
5.2 Security Interconnection Solutions for Enterprise and Organization Networks
The USG5500 series support various VPN functions such as the L2TP, IPsec, SSL, GRE, and
MPLS L3 VPNs. The USG5500 series completely support the Access VPN, Intranet VPN,
and Extranet VPN solutions. The USG5500 series use professional encryption and decryption
chips to improve the encryption and decryption performance. With the advanced IPsec
mechanism, the USG5500 series provide various services for communication parties such as
access control, connectionless integrity, data source authentication, anti-replay, encryption,
and classification-based data stream encryption.
Mobile office: The USG5500 series support the Access VPN function such as the L2TP,
IPsec, and SSL VPNs. Employees on a business trip can securely access VPNs anytime
and anywhere.
VPN interconnection between branch networks and headquarter networks: The
USG5500 series use professional built-in encryption and decryption chips and provide
high-performance VPN hardware acceleration capability. The USG5500 series meet the
site-to-site VPN requirements, ensure data transmission security, and facilitate internal
resource sharing.
HUAWEI USG5500 series Unified Security Gateway Sales Guide
5.3 SSL VPN Solutions for Enterprise Networks
The major functions are as follows:
The SSL VPN supports complete identity authentication, access authorization, and
behavior audit to ensure the user validity and achieve flexible access control policies.
Data transmitted between remote users and enterprise internal networks is encrypted to
protect sensitive information and avoid information leakage.
The SSL VPN supports various remote access services, for example, Web resource
access, file system access, C/S application access, and all IP-layer service access that is
irrelevant to applications.
Administrators do not need to install, configure, and maintain software on clients. You
can access the VPN over standard browsers. This feature greatly improves the work
efficiency of remote employees (for example, employees on a business trip).
The virtual gateway function ensures that different departments or user groups can
independently access each other.
Detailed logs facilitate real-time audit and management on user or administrator
operations.
HUAWEI USG5500 series Unified Security Gateway Sales Guide
5.4 IDC Protection Solution
The Internet data center (IDC) uses more than one GE link or 10GE link as the network egress,
which requires that the security gateway at the IDC egress provide high-density GE and 10GE
interfaces. To ensure smooth, continuous, and stable IDC services, the egress security gateway
must supports large-capacity NAT and high-density attach defense capabilities. The egress
security gateway must also ensure the security protection and stability of key service servers.
The USG5500 series provide a maximum of 14x10GE interfaces and 64xGE interfaces and
support infinite NAT addresses (depending on the upper limit of session quantity). The DDoS
function can defend millions of attack packets per second and the carrier-level stability fully
meets the security protection requirements.
HUAWEI USG5500 series Unified Security Gateway Sales Guide
5.5 Integrated Security Solution for Enterprise Networks
At present, enterprise networks face severe security potential risks and threatening from
various fields. External security threatens such as the DDoS attack, hacker intrusion, horse
viruses, spam, and information leakage greatly threaten the network security. In addition,
internal network abuse also causes a series of problems, for example, non-service-related
access, point-to-point (P2P) download, and viruses brought by instant message programs.
These problems introduce a large number of viruses, decrease the bandwidth utilization, and
decrease the work efficiency. Common firewalls cannot handle these complex security
problems. As new generation security gateways, the USG5500 series integrate various
functions based on the high performance and reliability, for example, firewall, DDoS attack
defense, NAT, VPN, P2P, IPS, AV, URL filtering, and AS. The USG5500 series can effectively
address existing issues on enterprise networks.
top related