USG6370/USG6380/USG6390 Next-Generation Firewalls

USG6370/USG6380/USG6390 Next-Generation Firewalls

Product characteristics

Huawei USG6370/USG6380/USG6390 next-generation firewalls provide high-performance security protection for medium-sized businesses and branch offices with 800 to 1,500 users. The firewalls provide VPN, intrusion prevention, and antivirus functions, and can ensure high performance even when multiple security functions are enabled. With comprehensive application control and advanced threat prevention, the firewalls provide cost-effective and all-around security protection for users.

Comprehensive and integrated protection

  • Multiple security functions, including firewall, VPN, intrusion prevention, and online behavior management, for complete versatility
  • Accurately identify more than 6,000 applications to deliver fine-grained access control and improve the quality of key services
  • Detection and prevention of unknown threats, such as zero-day attacks, using sandbox mode and the reputation system*

Simple security management

  • Predefined common-scenario defense templates to facilitate security policy deployment
  • Automatically generate policy-tuning suggestions based on risks in network traffic and applications in accordance with the least privilege principle
  • Intelligent detection of redundant and invalid policies

Third-party proven security capability

  • Obtained Firewall, IPS, IPsec, and SSL VPN certifications from the ICSA Labs.
  • Obtained the highest-level CC certificate (EAL4+), ranking among the highest security levels in the world.

Intelligent link selection for Internet access

  • Select the optimal egress based on services, applications, bandwidth, ISPs, and link priorities to fully utilize link resources, improve Internet access experience, and reduce bandwidth settlement fees.
  • Detect link and tunnel quality in real time and intelligently adjust traffic distribution based on detection results to improve service quality and stability.
  • Create a predefined ISP address library, from which the optimal Internet access link is selected to ensure a quality Internet access experience.

Networking and applications

Intranet control and security isolation for medium-sized businesses

  • Firewalls are deployed on the Internet egress and between enterprise departments to protect medium-sized businesses. The firewalls use firewall policy control, data filtering, and audit functions to monitor social network applications, prevent data leaks, and protect the enterprise network.
  • Intrusion prevention is enabled on the firewall deployed on the Internet egress for real-time application-layer threat prevention.
  • The firewall provides refined bandwidth management based on applications and website categories to prioritize bandwidth for mission-critical services.
  • The firewall manages online user behavior based on URL categories and applications to block access to infected websites and websites irrelevant to work.

Product appearance

Model Interfaces

USG6370/USG6380/USG6390


1. Two x USB Ports
2. Console Port
3. One x GE (RJ45) Management Port
4. Eight x GE (RJ45) Ports
5. Four x GE (SFP) Ports

Product specifications

Software Features

Function Description
Integrated Protection Provides firewall, VPN, intrusion prevention, antivirus, data leak prevention, bandwidth management, Anti-DDoS, URL filtering, and anti-spam functions
Application Identification and Control Identifies common applications, supports application-specific access control, and combines application identification with intrusion prevention, antivirus, and data filtering to improve detection performance and accuracy
Intrusion Prevention and Web Protection Obtains the latest threat information in a timely manner for accurate detection and prevention of vulnerability exploits and web attacks, such as cross-site scripting and SQL injection attacks
Antivirus Rapidly detects over five million types of viruses through the daily-updated signature database
Anti-APT* Interworks with the sandbox to detect and block malicious files
Data Leak Prevention Inspects files to identify the file type, such as Word, Excel, PowerPoint, and PDF, based on file contents, and filters sensitive content
Bandwidth Management Manages per-user and per-IP bandwidth in addition to identifying service applications to prioritize mission-critical services and users through methods such as peak bandwidth and committed bandwidth, Policy-Based Routing (PBR), and application forwarding priority adjustment
URL Filtering Can access a URL category database of over 120 million URLs to manage access by URL category, such as blocking malicious URLs and accelerating access to specified categories
Behavior and Content Audit Audits and traces the sources of URL access based on the user IP address and requested content
Load Balancing Supports server load balancing and link load balancing, fully utilizing existing network resources
Intelligent Uplink Selection Supports service-specific PBR and intelligent uplink selection based on multiple load balancing algorithms (for example, based on bandwidth ratio and link health status) in multi-homing scenarios
VPN Encryption Supports multiple highly reliable VPN features, such as IPsec VPN, SSL VPN, L2TP VPN, and GRE.
Supports IPsec intelligent link selection and dynamic IPsec tunnel switchover to improve link availability
SSL Encrypted Traffic Detection Serves as a proxy to detect and defend against threats in SSL-encrypted traffic using application-layer protection methods such as intrusion prevention, antivirus, data filtering, and URL filtering
Anti-DDoS Defends against more than 10 types of common DDoS attacks, including SYN flood and UDP flood attacks
User Authentication Supports multiple user authentication methods, including local, RADIUS, HWTACACS, SecurID, AD, CA, LDAP, and Endpoint Security
Security Virtualization Allows users to create and manage virtual security services, including firewall, intrusion prevention, and antivirus services, on the same physical device
Policy Management Provides predefined common-scenario defense templates to facilitate security policy deployment
Automatically evaluates risks in security policies and provides tuning suggestions
Detects redundant and conflicting policies to remove unnecessary and incorrect policies
Provides the firewall policy management solution in partnership with FireMon to reduce O&M costs and potential faults*
Diversified Reports Provides visualized and multi-dimensional reports by user, application, content, time, traffic, threat, and URL1
Generates network security analysis reports on the Huawei security center platform to evaluate the current network security status and provide optimization suggestions*
Routing Supports IPv4 static routes, policy-based routing, routing policies, multicast, RIP, OSPF, BGP, and IS-IS
Supports IPv6 static routes, policy-based routing, routing policies, RIPng, OSPFv3, BGP4+, and IPv6 IS-IS
Working Mode and High Availability Supports multiple working modes (transparent, routing, and hybrid), high availability modes (active/active and active/standby), and link high-availability technologies (IP-Link, BFD, and Link-group)
Device Management Capability Built-in Web UI: Provides abundant device management and maintenance functions, including log report, configuration, and troubleshooting
eSight network management: Manages the performance, alarms, resources, configurations, and topology of the entire network
Agile Controller: Implements application- and user-specific security policy control in the Huawei SDN Agile Network Solution*
LogCenter security event management system: Provides functions such as security posture awareness, report management, log audit, and centralized alarm management
API: Supports both NETCONF* and RESTCONF northbound APIs to enable users to centrally configure and maintain firewalls via an upper-level controller to simply the O&M

1. If no hard disk is inserted, you can view and export system and service logs. By inserting a hard disk, you can also view, export, customize, and subscribe to reports

Functions marked with * are supported only in USG V500R001 and later versions


System Performance and Capacity

Model USG6370 USG6380 USG6390
IPv4 Firewall Throughput1 (1,518/512/64-byte, UDP) 4/4/1.2 Gbit/s 6/6/1.2 Gbit/s 8/8/1.2 Gbit/s
IPv6 Firewall Throughput1 (1,518/512/84-byte, UDP) 4/4/1.6 Gbit/s 6/6/1.6 Gbit/s 8/8/1.6 Gbit/s
Firewall Throughput (packets per second) 1.8 Mpps 1.8 Mpps 1.8 Mpps
Firewall Latency (64-byte, UDP) 25 µs 25 µs 25 µs
FW + SA* Throughput2 4 Gbit/s 5 Gbit/s 6 Gbit/s
FW + SA + IPS Throughput2 2 Gbit/s 2 Gbit/s 2 Gbit/s
FW + SA + Antivirus Throughput2 2 Gbit/s 2 Gbit/s 2 Gbit/s
FW + SA + IPS + Antivirus + URL Throughput2 1.4 Gbit/s 1.6 Gbit/s 1.8 Gbit/s
FW + SA + IPS + Antivirus Throughput (real world)3 1 Gbit/s 1.2 Gbit/s 1.4 Gbit/s
Concurrent Sessions (HTTP1.1)1 4,000,000 4,000,000 4,000,000
New Sessions/Second (HTTP1.1)1 60,000 70,000 80,000
IPsec VPN Throughput1 (AES-128 + SHA1, 1,420-byte) 3 Gbit/s 3 Gbit/s 3 Gbit/s
Maximum IPsec VPN Tunnels (GW to GW) 4,000 4,000 4,000
Maximum IPsec VPN Tunnels (client to GW) 4,000 4,000 4,000
SSL Inspection Throughput4 90 Mbit/s 90 Mbit/s 90 Mbit/s
SSL VPN Throughput5 200 Mbit/s 200 Mbit/s 200 Mbit/s
Concurrent SSL VPN Users (default/maximum) 100/1,000 100/1,000 100/1,000
Security Policies (maximum) 15,000 15,000 15,000
Virtual Firewalls (default/maximum) 10/100 10/100 10/100
URL Filtering: Categories More than 130
URL Filtering: URLs Can access a database of over 120 million URLs in the cloud
Automated Threat Feed and IPS Signature Updates Yes, an industry-leading security center from Huawei (http://sec.huawei.com/sec/web/index.do)
Third-Party and Open-Source Ecosystem6 Open APIs for integration with third-party products through RESTCONF and NETCONF interfaces
Other third-party management software based on SNMP, SSH, and syslog
Collaboration with third-party tools, such as FireMon
Collaboration with Anti-APT solution
Centralized Management Centralized configuration, logging, monitoring, and reporting is performed by Huawei eSight and LogCenter
VLANs (maximum) 4,094
Virtual Interfaces (maximum) 1,024
High Availability Configurations Active/Active, Active/Standby

1. Performance is tested under ideal conditions based on RFC 2544 and RFC 3511. The actual result may vary with deployment environments

2. Antivirus, IPS, and SA performances are measured using 100 KB of HTTP files

3. Throughput is measured with the Enterprise Traffic Model

4. SSL inspection throughput is measured with IPS-enabled and HTTPS traffic using TLS v1.2 with AES256-SHA

5. SSL VPN throughput is measured using TLS v1.2 with AES128-SHA

6. USG6000 V100R001 supports only the RESTCONF interface and cannot interwork with sandbox or third-party tools

*SA indicates Service Awareness


Hardware Specifications

Model USG6370 USG6380 USG6390
Dimensions (H x W x D) 44.4 mm x 442 mm x 421 mm
Form Factor/Height 1U
Fixed Interfaces 8 x GE (RJ45) + 4 x GE (SFP)
USB 2.0 Port Supported
Expansion Slot 2 WSIC*
Expansion I/O WSIC: 2 x 10 GE (SFP+) + 8 x GE (RJ45), 8 x GE (RJ45), 8 x GE (SFP), 4 x GE (RJ45) BYPASS
Maximum Number of Interfaces 24 x GE (RJ45) + 4 x GE (SFP) + 4 x 10 GE (SFP+) or 20 x GE (SFP) + 8 × GE (RJ45)
MTBF 11.96 years
Weight (full configuration) 8.6 kg
Local Storage Optional: Supports a 300 GB or 600 GB hard disk (the hard disk is hot-swappable, but the hard disk card is not)
AC Power Supply 100V to 240V, 50 Hz/60 Hz
Power Consumption (average/maximum) 56.13W/133.74W
Heat Dissipation 456 BTU/h
Power Supplies Single 170W AC power supply; optional dual AC power supplies
Operating Environment (temperature/humidity) Temperature: 0°C to 45°C (without optional HDD);
5°C to 40°C (with optional HDD) Humidity: 5% to 95% (without optional HDD), non-condensing;
5% to 90% (with optional HDD), non-condensing
Non-operating Environment Temperature: –40°C to 70°C
Humidity: 5% to 95% (without optional HDD), non-condensing;
5% to 90% (with optional HDD), non-condensing
Operating Altitude (maximum) 5,000 meters (without optional HDD); 3,000 meters (with optional HDD)
Non-operating Altitude (maximum) 5,000 meters (without optional HDD); 3,000 meters (with optional HDD)
Noise 63 dBA

*WISC is not hot-swappable


Certifications

Certifications
Software ICSA Labs: Firewall, IPS, IPsec, and SSL VPN CC: EAL4+
Hardware CB, CE-SDOC, ROHS, REACH & WEEE (EU), RCM, ETL, FCC & IC, VCCI, and BSMI
Regulatory Compliance Products comply with CE markings per directives 2014/30/EU and 2014/35/EU
Safety UL 60950-1
CSA-C22.2 No. 60950-1
EN 60950-1
IEC 60950-1
EMC: Emissions EN 55022 Class A
ETSI EN 300 386
IEC 61000-3-2/EN 61000-3-2
IEC 61000-3-3/EN 61000-3-3
FCC CFR47 Part 15 Subpart B Class A
ICES-003 Class A
VCCI V-3 Class A
CNS 13438 Class A
EMC: Immunity EN 55024
ETSI EN 300 386
CNS 13438 Class A

Ordering information

Product Model Description
USG6370 USG6370-AC USG6370 AC Host (8 GE (RJ45) + 4 GE (SFP), 4 GB Memory, 1 AC Power)
USG6370 USG6370-BDL-AC USG6370 AC Host (8 GE (RJ45) + 4 GE (SFP), 4 GB Memory, 1 AC Power, with IPS-AV-URL Function Group Update Service Subscription 12 Months)
USG6380 USG6380-AC USG6380 AC Host (8 GE (RJ45) + 4 GE (SFP), 4 GB Memory, 1 AC Power)
USG6380 USG6380-BDL-AC USG6380 AC Host (8 GE (RJ45) + 4 GE (SFP), 4 GB Memory, 1 AC Power, with IPS-AV-URL Function Group Update Service Subscription 12 Months)
USG6390 USG6390-AC USG6390 AC Host (8 GE (RJ45) + 4 GE (SFP), 4 GB Memory, 1 AC Power)
USG6390 USG6390-BDL-AC USG6390 AC Host ( 8 GE (RJ45) + 4 GE (SFP), 4 GB Memory, 1 AC Power, with IPS-AV-URL Function Group Update Service Subscription 12 Months)
Business Module Group
WSIC WSIC-8GE 8 GE Electric Ports Interface Card
WSIC WSIC-4GEBYPASS 4 GE Electric Ports Bypass Card
WSIC WSIC-8GEF 8 GE Optical Ports Interface Card
WSIC WSIC-2XG8GE 2 x 10 GE Optical Ports + 8 GE Electric Ports Interface Card
Hard Disk Group
HDD SM-HDD-SAS300G-B 300 GB 10K RPM SAS Hard Disk for 1U rack Gateway
SM-HDD-SAS600G-B 600 GB 10K RPM SAS Hard Disk for 1U rack Gateway
Power Module
Power Power-AC-B 170W AC power module
Function License
Virtual Firewall LIC-VSYS-10-USG6000 Quantity of Virtual Firewall (10 Vsys)
Virtual Firewall LIC-VSYS-20-USG6000 Quantity of Virtual Firewall (20 Vsys)
Virtual Firewall LIC-VSYS-50-USG6000 Quantity of Virtual Firewall (50 Vsys)
Virtual Firewall LIC-VSYS-100-USG6000 Quantity of Virtual Firewall (100 Vsys)
SSL VPN Concurrent Users LIC-SSL-100-USG6000 Quantity of SSL VPN Concurrent Users (100 Users)
LIC-SSL-200-USG6000 Quantity of SSL VPN Concurrent Users (200 Users)
LIC-SSL-500-USG6000 Quantity of SSL VPN Concurrent Users (500 Users)
LIC-SSL-1000-USG6000 Quantity of SSL VPN Concurrent Users (1,000 Users)
NGFW License
IPS Update Service LIC-IPS-12-USG6300-03 IPS Update Service Subscription 12 Months (applies to USG6370/80)
LIC-IPS-36-USG6300-03 IPS Update Service Subscription 36 Months (applies to USG6370/80)
LIC-IPS-12-USG6300-04 IPS Update Service Subscription 12 Months (applies to USG6390)
LIC-IPS-36-USG6300-04 IPS Update Service Subscription 36 Months (applies to USG6390)
URL Filtering Update Service LIC-URL-12-USG6300-03 URL Filtering Update Service Subscription 12 Months (applies to USG6370/80)
LIC-URL-36-USG6300-03 URL Filtering Update Service Subscription 36 Months (applies to USG6370/80)
LIC-URL-12-USG6300-04 URL Filtering Update Service Subscription 12 Months (applies to USG6390)
LIC-URL-36-USG6300-04 URL Filtering Update Service Subscription 36 Months (applies to USG6390)
Anti-Virus Update Service LIC-AV-12-USG6300-03 Anti-Virus Update Service Subscription 12 Months (applies to USG6370/80)
LIC-AV-36-USG6300-03 Anti-Virus Update Service Subscription 36 Months (applies to USG6370/80)
LIC-AV-12-USG6300-04 Anti-Virus Update Service Subscription 12 Months (applies to USG6390)
LIC-AV-36-USG6300-04 Anti-Virus Update Service Subscription 36 Months (applies to USG6390)
IPS-AV-URL Function Group LIC-IPSAVURL-12-USG6300-03 IPS-AV-URL Function Group Subscription 12 Months (applies to USG6370/80)
LIC-IPSAVURL-36-USG6300-03 IPS-AV-URL Function Group Subscription 36 Months (applies to USG6370/80)
LIC-IPSAVURL-12-USG6300-04 IPS-AV-URL Function Group Subscription 12 Months (applies to USG6390)
LIC-IPSAVURL-36-USG6300-04 IPS-AV-URL Function Group Subscription 36 Months (applies to USG6390)
Basic License
Content Filtering LIC-CONTENT Content Filtering Function

For more information, visit http://e.huawei.com/en or contact your local Huawei sales office.