USG6305/USG6310S/USG6320 Next-Generation Firewalls — Best-in-Class Access Security for Small Businesses

USG6305/USG6310S/USG6320 Next-Generation Firewalls

Product characteristics

Huawei USG6305/USG6310S/USG6320 next-generation firewalls are desktop-mounted security gateways designed for small businesses, branch offices, and chain stores. The firewalls integrate multiple security capabilities, such as intrusion prevention and antivirus, and support multiple routing protocols for both IPv4 and IPv6. They provide wired and wireless access and are best suited for networks with up to 100 users. The firewalls in this series are small, light, and cost-effective, reduce management costs, and ensure secure and efficient access for users.

Comprehensive protection

  • Multiple security functions, including firewall, VPN, intrusion prevention, and online behavior management, for complete versatility
  • Refined bandwidth management based on application and website category to prioritize bandwidth for mission-critical services
  • Access to a URL category database of over 120 million URLs, used to prevent access to malicious and illegitimate websites and allow/block access to whitelisted/blacklisted websites

Simple management

  • Zero-configuration deployment using USB disks to improve deployment efficiency
  • Web-based configuration and centralized management through the eSight network management system

Flexible bandwidth management

  • Differentiated user bandwidth and quota management for fair and prioritized bandwidth usage
  • Application-based bandwidth management to prioritize bandwidth for mission-critical applications
  • Modification of URL category priority

Targeted marketing

  • Push of ads and questionnaires for marketing
  • Customization of the authentication portal page to provide marketing information or apps that are specific to local business offices

Networking and applications

Comprehensive and integrated protection for small businesses

  • NGFWs are deployed on egresses to provide GE and Wi-Fi interfaces in the downlink, GE interfaces in the uplink, and 3G/4G LTE backup uplinks. 4G LTE backup VPN tunnels or two LTE uplinks can be created for redundancy.
  • NGFWs can be deployed with the Agile Controller to form a branch access security solution that provides unified authentication of wired and wireless users and portal customization. Centralized service management eases the difficulty of managing branch offices while still allowing for platform customization for branches to perform targeted marketing.
  • Refined bandwidth management based on application and website category can prioritize bandwidth for mission-critical services.

Product Appearance

Model Interfaces

USG6305


1. USB Port
2. Micro-SD Card Slot
3. Console Port
4. 4 x GE (RJ45) Ports

USG6310S


1. USB Port
2. Micro-SD Card Slot
3. Console Port
4. 8 x GE (RJ45) Ports

USG6320


1. USB Port
2. Console Port
3. 8 x GE (RJ45) Ports

Product specifications

Software Features

Function Description
Integrated Protection Integrates firewall, VPN, intrusion prevention, antivirus, data leak prevention, bandwidth management, and URL filtering functions, and provides a global configuration view and integrated policy management
Application Identification and Control Identifies common applications, supports application-specific access control, and combines application identification with intrusion prevention, antivirus, and data filtering to improve detection performance and accuracy
Intrusion Prevention and Web Protection Obtains the latest threat information in a timely manner for accurate detection and prevention of vulnerability exploits and web attacks, such as cross-site scripting and SQL injection attacks
Data Leak Prevention Inspects files to identify the file type, such as Word, Excel, PowerPoint, and PDF, based on file contents, and filters sensitive content
Bandwidth Management Manages per-user and per-IP bandwidth in addition to identifying service applications to prioritize mission-critical services and users through methods such as peak bandwidth and committed bandwidth, policy-based routing (PBR), and application forwarding priority adjustment
URL Filtering Can access a URL category database of over 120 million URLs to manage access by URL category, such as blocking malicious URLs and accelerating access to specified categories
Behavior and Content Audit Audits and traces the sources of URL access based on the user IP address and requested content
Intelligent Uplink Selection Supports service-specific PBR and intelligent uplink selection based on multiple load balancing algorithms (for example, based on bandwidth ratio and link health status) in multi-homing scenarios
VPN Encryption Supports multiple highly reliable VPN features, such as IPsec VPN, SSL VPN, L2TP VPN, and GRE
Supports IPsec intelligent link selection and dynamic IPsec tunnel switchover to improve link availability
SSL Encrypted Traffic Detection Serves as a proxy to detect and defend against threats in SSL-encrypted traffic using application-layer protection methods such as intrusion prevention, antivirus, data filtering, and URL filtering
User Authentication Supports multiple user authentication methods, including local, RADIUS, HWTACACS, SecurID, AD, CA, LDAP, and Endpoint Security
Security Virtualization Allows users to create and manage virtual security services, including firewall, intrusion prevention, and antivirus services, on the same physical device
Policy Management Provides predefined common-scenario defense templates to facilitate security policy deployment
Automatically evaluates risks in security policies and provides tuning suggestions
Detects redundant and conflicting policies to remove unnecessary and incorrect policies
Provides the firewall policy management solution in partnership with FireMon to reduce O&M costs and potential faults*
Diversified Reports Provides visualized and multi-dimensional reports by user, application, content, time, traffic, threat, and URL1
Generates network security analysis reports on the Huawei security center platform to evaluate the current network security status and provide optimization suggestions*
Routing Supports IPv4 static routes, policy-based routing, routing policies, multicast, RIP, OSPF, BGP, and IS-IS
Supports IPv6 static routes, policy-based routing, routing policies, RIPng, OSPFv3, BGP4+, and IPv6 IS-IS
Working Mode Transparent, routing, and hybrid working modes
Device Management Capability Built-in Web UI: Provides abundant device management and maintenance functions, including log report, configuration, and troubleshooting
eSight network management: Manages the performance, alarms, resources, configurations, and topology of the entire network
Agile Controller: implements application- and user-specific security policy control in the Huawei SDN Agile Network Solution*
LogCenter security event management system: Provides functions such as security posture awareness, report management, log audit, and centralized alarm management
API: Supports both NETCONF* and RESTCONF northbound APIs to enable users to centrally configure and maintain firewalls via an upper-level controller to simply the O&M
Agile Cloud Management Platform*: The Huawei Agile Cloud Network Solution consists of a cloud management platform and a series of cloud-based network devices. Customers can purchase the cloud management license for firewall management and maintenance services instead of buying network management software and hiring network administrators. For firewall functions supported in cloud network management mode, see HUAWEI USG6300 Series Cloud Management Firewall Data Sheet

1: The USG6305 and USG6310S series support log storage in SD cards. If no SD card is inserted, you can view and export system and service logs. By inserting an SD card, you can also view, export, customize, and subscribe to reports. The USG6320 supports the query and export of system and service logs but does not support report query, export, customization, or subscription

Functions marked with * are supported only in USG V500R001 and later versions


System Performance and Capacity

Model USG6305 USG6310S USG6320
IPv4 Firewall Throughput(1,518/512/64-byte , UDP ) 0.8 Gbit/s, 0.8 Gbit/s, 0.12 Gbit/s 1.2 Gbit/s, 1 Gbit/s, 0.12 Gbit/s 2 Gbit/s, 2 Gbit/s, 0.4 Gbit/s
IPv6 Firewall Throughput(1,518/512/84-byte , UDP) 0.8 Gbit/s, 0.8 Gbit/s, 0.15 Gbit/s 1.2 Gbit/s, 1 Gbit/s, 0.15 Gbit/s 2 Gbit/s, 2 Gbit/s, 0.4 Gbit/s
Firewall Throughput (packets per second) 0.18 Mpps 0.18 Mpps 0.6 Mpps
Firewall Latency (64-byte, UDP) 100 µs 100 µs 35 µs
FW + SA* Throughput2 300 Mbit/s 400 Mbit/s 1.2 Gbit/s
FW + SA + IPS Throughput2 150 Mbit/s 200 Mbit/s 700 Mbit/s
FW + SA + Antivirus Throughput2 100 Mbit/s 150 Mbit/s 700 Mbit/s
FW + SA + IPS + Antivirus + URL Throughput2 100 Mbit/s 150 Mbit/s 500 Mbit/s
FW+SA+IPS+Antivirus Throughput (real world)3 80 Mbit/s 100 Mbit/s 400 Mbit/s
Concurrent Sessions (HTTP1.1)1 200,000 250,000 500,000
New Sessions/Second (HTTP1.1)1 4,000 6,000 20,000
IPsec VPN Throughput1 (AES-128 + SHA1, 1,420-byte) 300 Mbit/s 400 Mbit/s 600 Mbit/s
Maximum IPsec VPN Tunnels (GW to GW) 500 1,000 2,000
Maximum IPsec VPN Tunnels (client to GW) 500 1,000 2,000
SSL Inspection Throughput4 12 Mbit/s 15 Mbit/s 15 Mbit/s
SSL VPN Throughput5 20 Mbit/s 25 Mbit/s 40 Mbit/s
Concurrent SSL VPN Users (default/maximum) 100/100 100/100 100/200
Security Policies (maximum) 1,000 1,000 3,000
Virtual Firewalls (default/maximum) 10/10 10/10 10/20
High Availability Configurations NA Active/Active, Active/ Standby
URL Filtering: Categories More than 130
URL Filtering: URLs Can access a database of over 120 million URLs in the cloud
Automated Threat Feed and IPS Signature Updates Yes, an industry-leading security center from Huawei (http://sec.huawei.com/sec/web/index.do)
Third-Party and Open-Source Ecosystem6 Open APIs for integration with third-party products through RESTCONF and NETCONF interfaces
Other third-party management software based on SNMP, SSH, and syslog
Collaboration with third-party tools, such as FireMon
Centralized Management Centralized configuration, logging, monitoring, and reporting is performed by Huawei eSight and LogCenter
VLANs (maximum) 4,094
Virtual Interfaces (maximum) 1,024

1. Performance is tested under ideal conditions based on RFC 2544 and RFC 3511. The actual result may vary with deployment environments

2. Antivirus, IPS, and SA performances are measured using 100 KB of HTTP files

3. Throughput is measured with the Enterprise Traffic Model

4. SSL inspection throughput is measured with IPS-enabled and HTTPS traffic using TLS v1.2 with AES256-SHA

5. SSL VPN throughput is measured using TLS v1.2 with AES128-SHA

6. USG6000 V100R001 supports only the RESTCONF interface and cannot interwork with third-party tools

*SA indicates Service Awareness


Hardware Specifications

Model USG6305 USG6310S USG6320
Dimensions (H x W x D) 44 mm x 300 mm x 220 mm 44 mm x 300 mm x 220 mm 44.5 mm x 300 mm x 220 mm
Form Factor/Height Desktop Desktop Desktop
Fixed Interfaces 4 x GE (RJ45) 8 x GE (RJ45) 8 x GE (RJ45)
USB 2.0 Port Supported Supported Supported
4G LTE The USB port houses a 4G LTE data card The USB port houses a 4G LTE data card The USB port houses a 4G LTE data card
MTBF 14.08 years 14.08 years 19.06 years
Weight (full configuration) 1.55 kg 1.55 kg 1.58 kg
Power Consumption (average/maximum) 7.5W/11.8W 8.8W/13.1W 23.2W/28.5W
Heat Dissipation 40 BTU/h 45 BTU/h 97 BTU/h
Noise - 48 dBA
Power Supplies External Power Adapter, 24W External Power Adapter, 36W
AC Power Supply 100V to 240V, 50 Hz/60 Hz
Operating Environment (temperature/humidity) Temperature: 0°C to 45°C Humidity: 5% to 95%, non-condensing
Non-operating Environment Temperature: -40°C to 70°C Humidity: 5% to 95%, non-condensing
Operating Altitude (maximum) 5,000 meters
Non-operating Altitude (maximum) 5,000 meters

1: The following bands are supported: FDD BAND 1, 2, 3, 4, 5, 7, 8, and 20


Certifications

Certifications
Software ICSA Labs: Firewall, IPS, IPsec, and SSL VPN
CC: EAL4+
Hardware CB, CCC, CE-SDOC, ROHS, REACH & WEEE (EU), RCM, ETL, FCC & IC, VCCI, and BSMI (USG6320)
Regulatory Compliance Products comply with CE markings per directives 2014/30/EU and 2014/35/EU
Safety UL 60950-1
CSA-C22.2 No. 60950-1
EN 60950-1
IEC 60950-1
GB4943.1
EMC: Emissions AS/NZS CISPR 22
CISPR 22 Class B
EN 55022 Class B
ETSI EN 300 386
ETSI EN 301 489 (USG6305-W/6310S-W/6310S-WL-OVS)
IEC 61000-6-3/EN 61000-6-3
IEC 61000-6-4/EN 61000-6-4
IEC 61000-3-2/EN 61000-3-2
IEC 61000-3-3/EN 61000-3-3
FCC CFR47 Part 15 Subpart B Class B
ICES-003 Class B
VCCI V-3 Class B
CNS 13438 Class B (USG6320)
GB9254 Class B
EMC: Immunity EN 55024
CISPR 24
ETSI EN 300 386
ETSI EN 301 489 (USG6305-W/6310S-W/6310S-WL-OVS)
IEC 61000-6-1/EN 61000-6-1
IEC 61000-6-2/EN 61000-6-2
CNS 13438 Class B (USG6320)
YD/T993

Ordering information

Product Model Description
USG6305 USG6305-AC USG6305 AC Host (4 GE (RJ45), 1 GB Memory)
USG6310S USG6310S-AC USG6310S AC Host (8 GE (RJ45), 1 GB Memory)
USG6320 USG6320-AC USG6320 AC Host (8 GE (RJ45), 2 GB Memory)
USG6320 USG6320-BDL-AC USG6320 AC Host (8 GE (RJ45), 2 GB Memory, with IPS-AV-URL Function Group Update Service Subscribe 12 Months)
Function License
SSL VPN Users LIC-SSL-100-USG6000 Quantity of SSL VPN Concurrent Users (100 Users)
Virtual Firewall LIC-VSYS-10-USG6000 Quantity of Virtual Firewall (10 Vsys)
NGFW License
USG6305 License LIC-IPSAVURL-12-USG6305 Resource-USG6305-IPS-AV-URL Function Group Subscription 12 Months (applies to USG6305)
LIC-IPSAVURL-36-USG6305 Resource-USG6305-IPS-AV-URL Function Group Subscription 36 Months (applies to USG6305)
USG6310S License LIC-IPSAVURL-12-USG6310S Resource-USG6310S-IPS-AV-URL Function Group Subscription 12 Months (applies to USG6310S)
LIC-IPSAVURL-36-USG6310S Resource-USG6310S-IPS-AV-URL Function Group Subscription 36 Months (applies to USG6310S)
USG6320 License LIC-IPS-12-USG6300-01 IPS Update Service Subscription 12 Months (applies to USG6310/USG6320)
LIC-IPS-36-USG6300-01 IPS Update Service Subscription 36 Months (applies to USG6310/USG6320)
LIC-URL-12-USG6300-01 URL Filtering Update Service Subscription 12 Months (applies to USG6310/USG6320)
LIC-URL-36-USG6300-01 URL Filtering Update Service Subscription 36 Months (applies to USG6310/USG6320)
LIC-AV-12-USG6300-01 Anti-Virus Update Service Subscription 12 Months, with HW General Security Platform Software (applies to USG6310/USG6320)
LIC-AV-36-USG6300-01 Anti-Virus Update Service Subscription 36 Months (applies to USG6310/USG6320)
LIC-IPSAVURL-12-USG6300-01 IPS-AV-URL Function Group Subscription 12 Months (applies to USG6310/USG6320)
LIC-IPSAVURL-36-USG6300-01 IPS-AV-URL Function Group Subscription 36 Months (applies to USG6310/USG6320)
Basic License
Content Filtering LIC-CONTENT Content Filtering Function

For more information, visit http://e.huawei.com/en or contact your local Huawei sales office.