Ship to USA and Canada ONLY

Huawei USG6000V Virtual  Firewalls

Huawei USG6000V (Universal Service Gateway) is based on NFV virtualization architecture as an integrated services gateway to provide high-performance data forwarding capabilities, support for multi-tenancy, and an extensive network of value-added service capabilities, such as router, FW, VPN, IPS, AV , LB, etc., according to the networked business needs, on-demand usage, and flexibility of deployment.

Huawei virtual firewall USG6000V

Highlights

The wide use of cloud computing technology speeds up the convergence of IT and CT technologies.
Demands increase sharply on public and private cloud deployment, rapid service provisioning, on-demand
service migration, and customized attack defense. Conventional hardware-based service gateways are
gradually hard to meet the deployment requirements in the cloud network architecture.

Huawei USG6000V is a virtual (software-based) service gateway based on the network functions
virtualization (NFV). It features high virtual resource usage because the virtualization technology allows a
large number of tenants to concurrently use the resources. In addition, the USG6000V provides abundant
virtualized gateway services, such as routing, VPN, firewall, load balancing, intrusion prevention, and
antivirus services. It can be flexibly deployed to meet service requirements.

Huawei USG6000V series virtual service gateways apply to cloud data centers and provides one-stop
gateway services for tenants. The high efficiency and multi-tenant feature of the product simplifies gateway
deployment for a large number of tenants and reduces deployment costs. Additionally, the USG6000V is
compatible with multiple mainstream virtualization platforms and provides abundant APIs, meeting the
requirements of cloud data centers for rapid service provisioning and on-demand use of services.

Abundant Gateway Features

Services of cloud data center tenants become diversified, which poses higher requirements for virtual
gateways of the tenants. The USG6000V provides the following features:

  • Function integration: Integrates the traditional firewall, VPN, intrusion prevention, and antivirus
    functions, simplifying deployment and improving management efficiency.

  •  Intrusion prevention system (IPS): Detects and prevents exploits of over 5000 vulnerabilities. It defends
    against web application attacks, such as XSS and SQL injection attacks.

  • Antivirus: Prevents over 5 million viruses and Trojan horses using the high-performance antivirus engine
    and the daily-updated virus signature database.

  • Anti-DDoS: Identifies and defends against over 5 million viruses and 10 types of DDoS attacks, such as
    SYN flood and UDP flood attacks.

  • Secure interconnection: Provides abundant VPN features to ensure reliable and secure interconnection
    between enterprise headquarters and branches. The USG6000V supports IPSec VPN, L2TP VPN, MPLS
    VPN, and GRE.

  • QoS management: Flexibly manages the upper and lower traffic thresholds and supports applicationspecific
    policy-based routing and QoS marking to preferentially forward traffic of specified URL categories, such as financial websites.

  • Load balancing: Supports server load balancing. In a multi-ISP scenario, the USG6000V can implement
    load balancing for applications according to link quality, bandwidth, and weights.

  •  Virtualization: Supports virtualization of multiple types of security services, including firewall, intrusion prevention,
    antivirus, and VPN services. Users can enjoy isolated and tailor-made management on one physical device.

Efficient Computing Resource Use

The USG6000V uses the intelligent awareness engine (IAE) with a new architecture to parse and process
services concurrently for users' high-performance experience when multiple defense methods are used. The
IAE has the following core technologies:

  •  Integrated description language: A unified description language is used for describing application
    identification, intrusion prevention, and antivirus services. These services are processed at a time, freeing
    the administrator from repeated operations.
  •  Integrated processing architecture: Unlike the UTM that processes services one after another, the
    USG6000V performs various security service checks simultaneously, minimizing the adverse impact on
    the overall performance.
  • Algorithm optimization based on cooperation in the industry: Through technical cooperation, the
    algorithms for using virtualized resources are optimized, improving application-layer defense efficiency
    and ensuring optimal performance with multi-defense.

Service Load Balancing

The USG6000V series uses multiple efficient algorithms and allows customers to select services to be load
balanced as required, improving resource usage.

  • Abundant load balancing algorithms: Supports abundant load balancing algorithms. The algorithms vary
    with application scenarios. The USG6000V supports the following algorithms: round robin, weighted round
    robin, least connections, weighted least connections, random, source address hash, destination address hash,
    and source address and port hash. These algorithms apply to Layer-4 to Layer-7 server load balancing.
  • Efficient health check algorithms: Supports various health check algorithms for all-around detection
    and check on the operating status of servers and applications from the network layer to application
    layer. Health check algorithms apply to load balancing of Layer-4 to Layer-7 servers.

Excellent Openness Capabilities and Compatibility

The USG6000V uses standard APIs and provides ultra-lightweight deployment experience. Its deployment
in data centers is free of shipment or cabling and accelerates service deployment. The USG6000V supports
migration among virtualization platforms and all-around NBI protocols, so that the product can widely
interconnect with various standard controllers for automatic service orchestration.

  • Various virtualization platforms: Supports mainstream virtualization platforms, such as the VMware,
    KVM, XEN, and UVP. The USG6000V fully exerts virtualization advantages to implement rapid
    deployment, batch deployment, mirroring backup, rapid recover, and flexible migration.
  • Multiple file formats: Supports software packages in multiple formats (including .vmdk, .iso, .qcow2,
    and .ovf) for deployment in various environments.
  • API friendliness: Supports the management using NETCONF and RESTful NBIs and the OpenStack
    platform for NFV interconnection.
  • Flexible deployment platform: Supports deployment through the virtual machine management
    platform or network management platform, or local deployment.

Typical Application Scenario

USG6000V deployment scenario

  • A USG6000V is deployed on the virtual network egress of cloud data center tenants. Virtualized features
    of service and system resources are deployed on the USG6000V, so that the USG6000V provides
    independent gateway services for each tenant.
  •  The high-performance product provides abundant features for a great number of tenants simultaneously.
    Each tenant can experience customized services.
  •  Load balancing algorithms provided in the load balancing feature help improve the computing resource
    usage of tenants.

Specification

Model

USG6000V1

USG6000V2

USG6000V4

USG6000V8

VCPU

1

2

4

8

Functions

User Bandwidth Management and QoS Optimization

Manages each user’s/IP’s use of bandwidth to ensure high quality for critical business and key user Web experience.

Control methods include: limiting the maximum bandwidth or guaranteeing minimum bandwidth, modifying the application forwarding priority, application-based policy routing.

Intelligent Management

Uses pre-defined templates for common attack defense scenarios to rapidly deploy security policies, reducing learning costs.

Automatically evaluates risks in security policies and intelligently provides optimization suggestions.

Detects policy conflicts and redundancy to identify redundant policies and policies that have not been used for a long time. This implementation effectively controls the policy quantity.

Application Identification and Control

Recognizes 6,000+ applications and access control accuracy to applications, such as distinguishing WEIXIN words and voice.

User Authentication

Supports multiple user authentication methods, including local authentication, RADIUS, Hwtacacs, SecureID, AD, CA, LDAP, EndPoint Security, and more.

Rich Reporting

Visualization of multi-dimensional report rendering and support for multi-dimensional user, application, content, time, traffic, threats, and URL.

Routing Features

Fully supports IPV4/IPV6 under multiple routing protocols such as RIP, OSPF, BGP, IS-IS, etc.

Secure Virtualization

Supports virtualization of multiple types of security services, including firewall, intrusion prevention, antivirus, and VPN services. Users can enjoy isolated and tailor-made management on one physical device.

Deployment and Reliability

Supports active/active, active/standby HA features.