Huawei USG6000V Virtual  Firewalls

Huawei USG6000V (Universal Service Gateway) is based on NFV virtualization architecture as an integrated services gateway to provide high-performance data forwarding capabilities, support for multi-tenancy, and an extensive network of value-added service capabilities, such as router, FW, VPN, IPS, AV , LB, etc., according to the networked business needs, on-demand usage, and flexibility of deployment.

Huawei virtual firewall USG6000V

Highlights

The wide use of cloud computing technology speeds up the convergence of IT and CT technologies.
Demands increase sharply on public and private cloud deployment, rapid service provisioning, on-demand
service migration, and customized attack defense. Conventional hardware-based service gateways are
gradually hard to meet the deployment requirements in the cloud network architecture.

Huawei USG6000V is a virtual (software-based) service gateway based on the network functions
virtualization (NFV). It features high virtual resource usage because the virtualization technology allows a
large number of tenants to concurrently use the resources. In addition, the USG6000V provides abundant
virtualized gateway services, such as routing, VPN, firewall, load balancing, intrusion prevention, and
antivirus services. It can be flexibly deployed to meet service requirements.

Huawei USG6000V series virtual service gateways apply to cloud data centers and provides one-stop
gateway services for tenants. The high efficiency and multi-tenant feature of the product simplifies gateway
deployment for a large number of tenants and reduces deployment costs. Additionally, the USG6000V is
compatible with multiple mainstream virtualization platforms and provides abundant APIs, meeting the
requirements of cloud data centers for rapid service provisioning and on-demand use of services.

Abundant Gateway Features

Services of cloud data center tenants become diversified, which poses higher requirements for virtual
gateways of the tenants. The USG6000V provides the following features:

Efficient Computing Resource Use

The USG6000V uses the intelligent awareness engine (IAE) with a new architecture to parse and process
services concurrently for users' high-performance experience when multiple defense methods are used. The
IAE has the following core technologies:

Service Load Balancing

The USG6000V series uses multiple efficient algorithms and allows customers to select services to be load
balanced as required, improving resource usage.

Excellent Openness Capabilities and Compatibility

The USG6000V uses standard APIs and provides ultra-lightweight deployment experience. Its deployment
in data centers is free of shipment or cabling and accelerates service deployment. The USG6000V supports
migration among virtualization platforms and all-around NBI protocols, so that the product can widely
interconnect with various standard controllers for automatic service orchestration.

Typical Application Scenario

USG6000V deployment scenario

Specification

Model

USG6000V1

USG6000V2

USG6000V4

USG6000V8

VCPU

1

2

4

8

Functions

User Bandwidth Management and QoS Optimization

Manages each user’s/IP’s use of bandwidth to ensure high quality for critical business and key user Web experience.

Control methods include: limiting the maximum bandwidth or guaranteeing minimum bandwidth, modifying the application forwarding priority, application-based policy routing.

Intelligent Management

Uses pre-defined templates for common attack defense scenarios to rapidly deploy security policies, reducing learning costs.

Automatically evaluates risks in security policies and intelligently provides optimization suggestions.

Detects policy conflicts and redundancy to identify redundant policies and policies that have not been used for a long time. This implementation effectively controls the policy quantity.

Application Identification and Control

Recognizes 6,000+ applications and access control accuracy to applications, such as distinguishing WEIXIN words and voice.

User Authentication

Supports multiple user authentication methods, including local authentication, RADIUS, Hwtacacs, SecureID, AD, CA, LDAP, EndPoint Security, and more.

Rich Reporting

Visualization of multi-dimensional report rendering and support for multi-dimensional user, application, content, time, traffic, threats, and URL.

Routing Features

Fully supports IPV4/IPV6 under multiple routing protocols such as RIP, OSPF, BGP, IS-IS, etc.

Secure Virtualization

Supports virtualization of multiple types of security services, including firewall, intrusion prevention, antivirus, and VPN services. Users can enjoy isolated and tailor-made management on one physical device.

Deployment and Reliability

Supports active/active, active/standby HA features.

 

Huawei USG6000V

  • First in the industry to provide routing, firewall, VPN, intrusion prevention, anti-virus, load balancing in an integrated service gateway
  • High-performance virtual machine data forwarding, forwarding optimization algorithm, DPDK + SRIOV integration with Virtual Machines (VMs) offers a maximum support of 80G;
  • Supports 1+1/N+1 redundant deployment
  • Multi-tenant, VM unit supports up to 500 tenants

Competivie products include Cisco ASAv, Fortinet fortiGate-VM, Palo Alto Networks VM-100, VM-200, VM-300, VM-1000-HV.