Huawei USG6510E/USG6510E-POE/USG6530E New-Generation Firewalls

Huawei USG6510E/USG6510E-POE/USG6530E New-Generation Firewalls

Overview

Huawei USG6510E, USG6510E-POE and USG6530E are new-generation desktop firewalls designed for small enterprises, industry branches, and chain business organizations. In addition to the traditional firewall management mode, the cloud management mode is supported. The cloud management mode provides plug-and-play, automated service configuration, automated and visualized O&M, and big data analysis for a large number of branches to access the network securely. The network processing chip based on the ARM architecture provides pattern matching and encryption/decryption service processing acceleration capabilities, which greatly improve the performance for firewalls to process content security detection and IPSec services.

Product highlights

Comprehensive and integrated protection

  • Integrates the traditional firewall, VPN, intrusion prevention, antivirus, data leak prevention, bandwidth management, and online behavior management functions all in one device.
  • Provides refined bandwidth management and guarantees bandwidth for key services based on applications and website categories, so that key services can be preferentially forwarded.

Quick deployment, simple O&M, cloud management

  • Initiates authentication and registration to the cloud management platform to implement plug-and-play and simplify network creation and deployment.
  • Uses remote service configuration management, device monitoring, and fault management, implementing cloud-based management of mass devices and simplifying O&M.

Chip-based performance improvement

  • Uses the network processing chip based on the ARM architecture, improving forwarding performance significantly.
  • Enables chip-level pattern matching and accelerates encryption/decryption, improving the performance for processing IPS, antivirus, and IPSec services.

Deployment

Cloud-based management

  • Firewalls proactively register with and are quickly incorporated into the cloud management platform for quick device deployment without manual attendance.
  • Remote service configuration management, device monitoring, and fault management are used to implement cloud-based management of mass devices and simplify O&M.



Access to enterprise networks

  • The devices support USB-based deployment, simplifying device deployment. Centralized management is supported to reduce device O&M costs.
  • IPSec VPN ensures access security. IPSec intelligent uplink selection automatically detects link quality and performs intelligent tunnel switching to ensure service continuity.
  • The devices can work with the Agile Controller to form a branch access security solution that provides services such as user authentication and portal customization. This solution implements unified authentication, unified O&M, and unified log management. Centralized service management eases the difficulty of managing branch offices while allowing for platform customization for branches to perform targeted marketing.



Hardware

USG6510E (desktop device)

Ports:

  • 8 x GE (RJ45) port
  • 2 x GE (RJ45) port*
  • 2 x GE (SFP)
  • Micro-SD card slot
  • 1 x USB 2.0
  • Console port

USG6510E-POE(desktop device)

  • 4 x GE (RJ45) port, Supports PoE
  • 4 x GE (RJ45) port
  • 2 x GE (RJ45) port*
  • 2 x GE (SFP) port
  • Micro-SD card slot
  • 1 x USB 2.0
  • Console port

USG6530E (desktop device)

  • 8 x GE (RJ45) port
  • 2 x GE (RJ45) port*
  • 2 x 10 GE (SFP+) port
  • Micro-SD card slot
  • 1 x USB 2.0
  • Console port

Software features

Feature Description
Integrated Protection Integrates firewall, VPN, intrusion prevention, antivirus, data leak prevention, bandwidth management, and URL filtering functions. Provides a global configuration view and integrated policy management.
Application Identification and Control Identifies common applications, supports application-specific access control. The firewall combines application identification with intrusion detection, antivirus, and data filtering, improving detection performance and accuracy.
Cloud-Based Management Mode The firewall initiates authentication and registration to the cloud management platform to implement plug-and-play and simplify network creation and deployment.
Service configuration, device monitoring, and fault management can be performed remotely, implementing the management of mass devices in the cloud.
Cloud Application Security Awareness Controls enterprise cloud applications in a refined and differentiated manner to meet enterprises’ requirements for cloud application management.
Intrusion Prevention and Web Protection Accurately detects and defends against vulnerability-specific attacks based on up-to-date threat information. The firewall can defend against web-specific attacks, including SQL injection and XSS attacks.
Antivirus Rapidly detects over 5 million types of viruses based on the daily-updated virus signature database.1
Data Leak Prevention (DLP) Inspects files to identify the file types, such as Word, Excel, PowerPoint, and PDF, based on file content, and filters the file content.
Bandwidth Management Manages per-user and per-IP bandwidth in addition to identifying service applications to ensure the network access experience of key services and users. Control methods include limiting the maximum bandwidth, ensuring the minimum bandwidth, and changing application forwarding priorities.
URL Filtering Provides a URL category database with over 120 million URLs and accelerates access to specific categories of websites, improving access experience of high-priority websites.
Supports DNS filtering, in which accessed web pages are filtered based on domain names.
Supports the SafeSearch function to filter resources of search engines, such as Google, to guarantee access to only healthy network resources.
Behavior and Content Audit Audits and traces the sources of the accessed content based on users.
Load-Balancing Supports link load-balancing to make full use of existing network resources.
Intelligent Uplink Selection Supports service-specific PBR and intelligent uplink selection based on multiple load-balancing algorithms (for example, based on bandwidth ratio and link health status) in multi-egress scenarios.
VPN Encryption Supports multiple highly available VPN features, such as IPSec VPN, SSL VPN, L2TP VPN, and GRE, and provides the Huawei-developed VPN client SecoClient for SSL VPN, L2TP VPN, and L2TP over IPSec VPN remote access.
DSVPN Dynamic Smart VPN (DSVPN) establishes VPN tunnels between branches whose public addresses are dynamically changed, reducing the networking and O&M costs of the branches.
SSL-Encrypted Traffic Detection Detects and defends against threats in SSL-encrypted traffic using application-layer protection methods, such as intrusion prevention, antivirus, data filtering, and URL filtering.
User Authentication Supports multiple user authentication methods, including local, RADIUS, HWTACACS, AD, and LDAP. The firewall supports built-in Portal and Portal redirection functions. It can work with the Agile Controller to implement multiple authentication modes.
Security Virtualization Supports virtualization of multiple types of security services, including firewall, intrusion prevention, antivirus, and VPN. Users can separately conduct personal management on the same physical device.
Policy Management Manages and controls traffic based on VLAN IDs, quintuples, security zones, regions, applications, URL categories, and time ranges, and implements integrated content security detection.
Provides predefined common-scenario defense templates to facilitate security policy deployment.
Provides security policy management solutions in partnership with FireMon and AlgoSec to reduce O&M costs and potential faults.
Diversified Reports Provides visualized and multi-dimensional report display by user, application, content, time, traffic, threat, and URL.
Generates network security analysis reports on the Huawei security center platform to evaluate the current network security status and provide optimization suggestions.
Routing Supports multiple types of routing protocols and features, such as RIP, OSPF, BGP, IS-IS, RIPng, OSPFv3, BGP4+, and IPv6 IS-IS.
Deployment Mode Supports transparent, routing, and hybrid working modes.

1. The USG6510E supports the detection of 2 million viruses.


Specifications

System performance and capacity

Model USG6510E USG6510E-POE USG6530E
IPv4 Firewall Throughput (1,518/512/64-byte and UDP)1 1.2/1.2/1 Gbit/s 1.2/1.2/1Gbit/s 4/4/1.2 Gbit/s
IPv6 Firewall Throughput (1,518/512/84-byte and UDP)1 1.2/1.2/1 Gbit/s 1.2/1.2/1 Gbit/s 4/4/1 Gbit/s
Firewall Throughput (packets per second) 1.5 Mpps 1.5 Mpps 1.8 Mpps
Firewall Latency (64-byte and UDP) 50 µs 50 µs 50 µs
FW + SA* Throughput2 0.75 Gbit/s 0.75Gbit/s 2 Gbit/s
FW + SA + IPS Throughput2 0.6 Gbit/s 0.6 Gbit/s 1.5 Gbit/s
FW + SA + IPS + Antivirus Throughput2 0.6 Gbit/s 0.6 Gbit/s 1.5 Gbit/s
Full protection Throughput3 0.45 Gbit/s 0.45 Gbit/s 1.1 Gbit/s
Full protection Throughput (Realworld)4 0.3 Gbit/s 0.3 Gbit/s 0.6 Gbit/s
Concurrent Sessions (HTTP 1.1)1 300,000 300,000 500,000
New Sessions/Second (HTTP 1.1)1 20,000 20,000 30,000
IPsec VPN Throughput1 (AES-256 + SHA256, 1,420-byte) 1 Gbit/s 1 Gbit/s 2 Gbit/s
Maximum IPsec VPN Tunnels (GW to GW) 1,000 1,000 2,000
Maximum IPsec VPN Tunnels (Client to GW) 1,000 1,000 2,000
SSL Inspection Throughput5 200 Mbit/s 200 Mbit/s 300 Mbit/s
SSL VPN Throughput6 200 Mbit/s 200 Mbit/s 300 Mbit/s
Concurrent SSL VPN Users (default/maximum) 100/100 100/100 100/500
Security Policies (maximum) 1,000 1,000 15,000
Virtual Firewalls 10 10 20
URL Filtering: Categories More than 130
URL Filtering: URLs Can access a database of over 120 million URLs in the cloud
Automated Threat Feed and IPS Signature Updates Supported through an industry-leading security center from Huawei
(http://sec.huawei.com/sec/web/index.do)
Third-Party and Open-Source Ecosystem Open API for integration with third-party products, providing RESTful and NetConf interface
Other third-part management software based on SNMP, SSH, and Syslog
Co-operation with third-party tools, such as Tufin, Algosec, and Firemon
Collaboration with Anti-APT solution
Centralized Management Centralized configuration, logging, monitoring, and reporting is performed by Huawei eSight and eLog
VLANs (maximum) 4,094
VLANIF Interfaces (maximum) 256 1,024

1. Performance is tested under ideal conditions based on RFC2544, 3511. The actual result may vary with deployment environments.

2. Antivirus, IPS, and SA performances are measured using 100 KB HTTP files

3. Full protection throughput is measured with Firewall, SA, IPS, Antivirus, and URL enabled, Antivirus, IPS, and SA performances are measured using 100 KB HTTP files.

4. Full protection throughput is measured with Firewall, SA, IPS, and Antivirus enabled, Enterprise Mix Traffic Model.

5. SSL inspection throughput is measured with IPS-enabled and HTTPS traffic using TLS v1.2 with AES128-GCM-SHA256.

6. SSL VPN throughput is measured using TLS v1.2 with AES128-SHA.

*SA: Service Awareness.



Hardware specifications

Model USG6510E USG6510E-POE USG6530E
Dimensions (H x W x D) 44 mm x 250 mm x 210 mm
Form Factor/Height Desktop
Fixed Interface 2 x GE (SFP) + 10 x GE 2 x GE (SFP) + 10 x GE (GE0/0/0 to GE 0/0/3 support PoE) 2 x 10 GE (SFP+) + 10 x GE
USB 2.0 Port 1 x USB 2.0 Port
MTBF 57.29 years
Weight (full configuration) 1.5 kg
Local Storage Optional, a 128 GB Micro-SD card can be added
AC Power Supply 100V to 240V, 50/60Hz
Power Consumption (average/maximum) 17.3W/19.6W 82.8W/85.1W 19.3W/21.1W
Heat Dissipation 67 BTU/h 291 BTU/h 72.1 BTU/h
Power Supplies External Power Adapters
Operating Environment
Temperature: 0°C to 45°C;
Humidity: 5% to 95% (non-condensing)
Non-operating Environment Temperature: –40°C to +70°C
Humidity: 5% to 95% (non-condensing)
Operating Altitude (maximum) 5,000 meters
Non-operating Altitude (maximum) 5,000 meters
Noise 0 dBA


Certifications

Certifications
Hardware CB, CE-SDOC, ROHS, REACH & WEEE (EU), RCM, NRTL, FCC & IC, CCC, and VCCI


Regulatory, safety, and EMC compliance

Certifications
Regulatory Compliance Products comply with EU directives 2014/30/EU (Low Voltage Directive), 2014/35/EU (EMC Directive), and 2011/65/EU (RoHS Directive).
Safety
  • UL 60950-1
  • CSA-C22.2 No. 60950-1
  • EN 60950-1
  • IEC 60950-1
EMC: Emissions
  • EN55032 Class A
  • CISPR 32 Class A
  • ETSI EN 300 386
  • AS/NZS CIPSR 32
  • CAN/CSA-CISPR 32-17
  • IEC 61000-3-2/EN 61000-3-2
  • IEC 61000-3-3/EN 61000-3-3
  • FCC CFR47 Part 15 Subpart B Class A
  • ICES-003 Class A
  • VCCI V-3 Class A
EMC: Immunity
  • EN 55024
  • CISPR 24
  • ETSI EN 300 386

Ordering guide

Product Model Description
USG6510E USG6510E-AC USG6510E AC Host (2 x GE (SFP) + 10 x GE, AC Power)
USG6510E-POE USG6510E-POE-AC USG6510E-POE AC Host (2 x GE (SFP) + 10 x GE, AC Power)
USG6530E USG6530E-AC USG6530E AC Host (2 x 10 GE (SFP+) + 10 x GE, AC Power)
Function License
SSL VPN Concurrent Users LIC-USG6KE-SSLVPN-100 Quantity of SSL VPN Concurrent Users (100 Users)
LIC-USG6KE-SSLVPN-200 Quantity of SSL VPN Concurrent Users (200 Users)
LIC-USG6KE-SSLVPN-500 Quantity of SSL VPN Concurrent Users (500 Users)
Virtual Firewall LIC-USG6KE-VSYS-10 Quantity of Virtual Firewall (10 Vsys)
LIC-USG6KE-VSYS-20 Quantity of Virtual Firewall (20 Vsys)
NGFW License
Threat Protection Bundle (IPS, AV, and URL) LIC-USG6510E-TP-1Y Threat Protection Subscription 12 Months (Applies to USG6510E)
LIC-USG6510E-TP-3Y Threat Protection Subscription 36 Months (Applies to USG6510E)
LIC-USG6530E-TP-1Y-OVS Threat Protection Subscription 12 Months (Applies to USG6530E)
LIC-USG6530E-TP-3Y-OVS Threat Protection Subscription 36 Months (Applies to USG6530E)
Cloud Sandbox Inspection LIC-USG6530E-CS-1Y Cloud Sandbox Inspection 12 Months (Applies to USG6530E)
LIC-USG6530E-CS-3Y Cloud Sandbox Inspection 36 Months (Applies to USG6530E)

About this publication

This publication is for reference only and shall not constitute any commitments or guarantees. All trademarks, pictures, logos, and brands mentioned in this document are the property of Huawei Technologies Co., Ltd. or a third party.

For more information, visit http://e.huawei.com/en/products/enterprise-networking/security.