• USG9500 Series Terabit-Level Next-Generation Firewall

    USG9500 Series
    Terabit-Level Next-Generation Firewall

    Terabit-level performance combined with multiple security service integration.


  • Overview
  • Features
  • Specifications
  • Resources
  • Support

USG9500 Series Terabit-Level Next-Generation Firewall

Huawei’s next-generation all-in-one DC firewall, the USG9500, delivers terabit-level performance to cloud service providers and large-scale enterprise campus networks.

It is typically deployed at the egress of cloud computing data centers, large enterprises, and campus networks to provide industry-leading protection capabilities. Boasting 99.999% reliability and integrating essential security features such as Network Address Translation (NAT), Virtual Private Network (VPN), Intrusion Protection System (IPS), virtualization, and Service Awareness (SA), the USG9500 reduces equipment room investment and Total Cost of Ownership (TCO) per Mbit/s, while enabling enterprises to construct cloud computing–oriented DCs with advanced security protection.

Superior Performance

Terabit-Level Performance

Industry-leading dual-terabit-level firewall offering 1.92 Tbit/s throughput and 2.56 billion concurrent connections.

Business Protection

Security Service Integration

Includes enhanced security features such as service awareness, virtualization, and IPv6 security, while also integrating NAT, VPN, IPS, and Anti-DDoS services to reduce TCO.

Continuous Security

High Availability

Advanced hardware and software design supports dual-MPU, hot standby, and load balancing, delivering 99.999% availability. The hot-swappable components ensure continuous online upgrades and capacity expansion.


Model USG9520 USG9560 USG9580
Expansion Slots 3 8 16
Maximum Firewall Throughput 120 Gbit/s 960 Gbit/s 1.92 Tbit/s
Maximum Number of Concurrent Sessions 160,000,000 1,280,000,000 2,560,000,000
Basic Functions Routing/Transparent/Composite mode, state validation detection, blacklist and whitelist, access control, Application Specific Packet Filter (ASPF), security zone division, virtual firewall, smart route, and load balancing
NAT/CGN Destination NAT/PAT, NAT NO-PAT, source NAT-IP address persistence, source IP address pool grouping, NAT Server, bi-directional NAT, NAT Application Layer Gateway (NAT-ALG), unlimited IP address expansion, policy-based destination NAT, port range pre-allocation, hair pinning mode, SMART NAT, NAT64, DS-Lite, and 6RD (IPv6 Rapid Deployment)
NGFW Functions Supports intrusion detection and prevention, URL filtering, antivirus, data loss prevention, etc.
PKI PKI certificate requests (PKCS 10), Certificate Authority (CA)
PKI authentications: EAP-SIM, EAP-AKA
PKI protocols: SCEP, OCSP, and CMPv2
Self-signed certificate
Virtual System 4,096-Virtual Firewall (VFW) definition, VLAN virtualization, security zones virtualization, user-defined virtual resources, route between VFW, and VFW-based traffic CAR
DDoS Mitigation SYN-flood, ICMP-flood, TCP-flood, UDP-flood, and DNS-flood
Port-scan, Smurf, Tear-drop, and IP-Sweep
IPv6-extension-header defense, TTL detection, TCP-mss detection, and attack log output
Data Leak Prevention (DLP) Identifies and filters the transferred files and contents. The USG9500 can identify more than 120 file types, regardless of whether filename extensions are maliciously changed. In addition, the USG9500 can restore and implement content filtering for over 30 types of files, such as Word, Excel, PPT, PDF, and RAR files, to prevent leaks of critical enterprise information.


Technical Support