USG6330/USG6350/USG6360 Next-Generation Firewalls

USG6330/USG6350/USG6360 Next-Generation Firewalls

Product characteristics

Huawei USG6330/USG6350/USG6360 next-generation firewalls are security gateways designed for small- and medium-sized businesses and branch offices with 200 to 800 users. The firewalls provide VPN, intrusion prevention, and antivirus functions for comprehensive and integrated network protection, effectively reducing management costs. Refined bandwidth management improves bandwidth efficiency and ensures quality experiences for key services. These firewalls provide continuous next-generation network security in an easy and efficient way.

Comprehensive and integrated protection

  • Multiple security functions, including firewall, VPN, intrusion prevention, and online behavior management, for complete versatility
  • Refined bandwidth management based on application and website category to prioritize bandwidth for mission-critical services
  • Detection and prevention of unknown threats, such as zero-day attacks, using sandbox mode and the reputation system*

Simple management and rapid deployment

  • Zero-configuration deployment using USB disks to improve deployment efficiency
  • Predefined common-scenario defense templates to facilitate security policy deployment
  • Intelligent detection of redundant and invalid policies
  • Supports cloud-based management and enables Huawei Agile Controller-Cloud Manager to manage and configure the firewalls

Flexible bandwidth management

  • Differentiated user bandwidth and quota management for fair and prioritized bandwidth usage
  • Application-based bandwidth management to prioritize bandwidth for mission-critical applications
  • Modification of URL category priority

Networking and applications

Secure interconnections between enterprise branches

  • Inspect services in six dimensions (application, user, content, threat, time, and location) and provide refined service access control at the Internet egress.
  • Establish IPsec or L2TP over IPsec permanent tunnels for branches and partners with fixed VPN gateways (L2TP over IPsec tunnel is recommended if account authentication is required).
  • Provide SSL VPN for remote access of people on the move and implement fine-grained control over the resources accessible to users.
  • Authenticate VPN tunnel users to ensure they are legitimate and authorized.
  • Enable intrusion prevention, antivirus, file blocking, and data filtering functions to prevent remote access users from introducing network threats or leaking information.

Product appearance

Model Interfaces

USG6330/USG6350/USG6360


1. USB Port
2. Console Port
3. One x GE (RJ45) Management Port
4. Four x GE (RJ45) Ports
5. Two x GE (Combo) Ports

Product specifications

Software Features

Function Description
Integrated Protection Provides firewall, VPN, intrusion prevention, antivirus, data leak prevention, bandwidth management, Anti-DDoS, URL filtering, and anti-spam functions
Application Identification and Control Identifies common applications, supports application-specific access control, and combines application identification with intrusion prevention, antivirus, and data filtering to improve detection performance and accuracy
Intrusion Prevention and Web Protection Obtains the latest threat information in a timely manner for accurate detection and prevention of vulnerability exploits and web attacks, such as cross-site scripting and SQL injection attacks
Antivirus Rapidly detects over five million types of viruses through the daily-updated signature database
Anti-APT* Interworks with the sandbox to detect and block malicious files
Data Leak Prevention Inspects files to identify the file type, such as Word, Excel, PowerPoint, and PDF, based on file contents, and filters sensitive content
Bandwidth Management Manages per-user and per-IP bandwidth in addition to identifying service applications to prioritize mission-critical services and users through methods such as peak bandwidth and committed bandwidth, Policy-Based Routing (PBR), and application forwarding priority adjustment
URL Filtering Can access a URL category database of over 120 million URLs to manage access by URL category, such as blocking malicious URLs and accelerating access to specified categories
Behavior and Content Audit Audits and traces the sources of URL access based on the user IP address and requested content
Load Balancing Supports server load balancing and link load balancing, fully utilizing existing network resources
Intelligent Uplink Selection Supports service-specific PBR and intelligent uplink selection based on multiple load balancing algorithms (for example, based on bandwidth ratio and link health status) in multi-homing scenarios
VPN Encryption Supports multiple highly reliable VPN features, such as IPsec VPN, SSL VPN, L2TP VPN, and GRE. Supports IPsec intelligent link selection and dynamic IPsec tunnel switchover to improve link availability
SSL Encrypted Traffic Detection Serves as a proxy to detect and defend against threats in SSL-encrypted traffic using application-layer protection methods such as intrusion prevention, antivirus, data filtering, and URL filtering
Anti-DDoS Defends against more than 10 types of common DDoS attacks, including SYN flood and UDP flood attacks
User Authentication Supports multiple user authentication methods, including local, RADIUS, HWTACACS, SecurID, AD, CA, LDAP, and Endpoint Security
Security Virtualization Allows users to create and manage virtual security services, including firewall, intrusion prevention, and antivirus services, on the same physical device
Policy Management Provides predefined common-scenario defense templates to facilitate security policy deployment
Automatically evaluates risks in security policies and provides tuning suggestions
Detects redundant and conflicting policies to remove unnecessary and incorrect policies
Provides the firewall policy management solution in partnership with FireMon to reduce O&M costs and potential faults*
Diversified Reports Provides visualized and multi-dimensional reports by user, application, content, time, traffic, threat, and URL1
Generates network security analysis reports on the Huawei security center platform to evaluate the current network security status and provide optimization suggestions*
Routing Supports IPv4 static routes, policy-based routing, routing policies, multicast, RIP, OSPF, BGP, and IS-IS 
Supports IPv6 static routes, policy-based routing, routing policies, RIPng, OSPFv3, BGP4+, and IPv6 IS-IS
Working Mode and High Availability Supports multiple working modes (transparent, routing, and hybrid), high availability modes (active/active and active/standby), and link high-availability technologies (IP-Link, BFD, and Link-group)
Device Management Capability Built-in Web UI: Provides abundant device management and maintenance functions, including log report, configuration, and troubleshooting
eSight network management: Manages the performance, alarms, resources, configurations, and topology of the entire network
Agile Controller: Implements application- and user-specific security policy control in the Huawei SDN Agile Network Solution*
LogCenter security event management system: Provides functions such as security posture awareness, report management, log audit, and centralized alarm management
API: Supports both NETCONF* and RESTCONF northbound APIs to enable users to centrally configure and maintain firewalls via an upper-level controller to simply the O&M

1. If no hard disk is inserted, you can view and export system and service logs. By inserting a hard disk, you can also view, export, customize, and subscribe to reports

Functions marked with * are supported only in USG V500R001 and later versions


System Performance and Capacity

Model USG6330 USG6350 USG6360
IPv4 Firewall Throughput(1,518/512/64-byte, UDP) 1 Gbit/s, 1 Gbit/s, 0.4 Gbit/s 2 Gbit/s, 2 Gbit/s, 0.4 Gbit/s 3 Gbit/s, 2.5 Gbit/s, 0.4 Gbit/s
IPv6 Firewall Throughput(1,518/512/84-byte, UDP) 1 Gbit/s, 1 Gbit/s, 0.5 Gbit/s 2 Gbit/s, 2 Gbit/s, 0.5 Gbit/s 3 Gbit/s, 3 Gbit/s, 0.5 Gbit/s
Firewall Throughput (packets per second) 0.6 Mpps 0.6 Mpps 0.6 Mpps
Firewall Latency (64-byte, UDP) 40 µs 40 µs 40 µs
FW + SA* Throughput2 1 Gbit/s 1.2 Gbit/s 1.4 Gbit/s
FW + SA + IPS Throughput2 500 Mbit/s 950 Mbit/s 1.1 Gbit/s
FW + SA + Antivirus Throughput2 500 Mbit/s 950 Mbit/s 1.1 Gbit/s
FW + SA + IPS + Antivirus + URL Throughput2 300 Mbit/s 400 Mbit/s 500 Mbit/s
FW + SA + IPS + Antivirus Throughput (real world)3 300 Mbit/s 350 Mbit/s 400 Mbit/s
Concurrent Sessions (HTTP1.1)1 1,500,000 2,000,000 3,000,000
New Sessions/Second (HTTP1.1)1 30,000 30,000 30,000
IPsec VPN Throughput1 (AES-128 + SHA1, 1,420-byte) 700 Mbit/s 800 Mbit/s 900 Mbit/s
Maximum IPsec VPN Tunnels (GW to GW) 4,000 4,000 4,000
Maximum IPsec VPN Tunnels (client to GW) 4,000 4,000 4,000
SSL Inspection Throughput4 16 Mbit/s 16 Mbit/s 16 Mbit/s
SSL VPN Throughput5 50 Mbit/s 50 Mbit/s 50 Mbit/s
Concurrent SSL VPN Users (default/maximum) 100/500 100/500 100/500
Security Policies (maximum) 15,000 15,000 15,000
Virtual Firewalls (default/maximum) 10/50 10/50 10/50
URL Filtering: Categories More than 130
URL Filtering: URLs Can access a database of over 120 million URLs in the cloud
Automated Threat Feed and IPS Signature Updates Yes, an industry-leading security center from Huawei (http://sec.huawei.com/sec/web/index.do)
Third-Party and Open-Source Ecosystem6 Open APIs for integration with third-party products through RESTCONF and NETCONF interfaces
Other third-party management software based on SNMP, SSH, and syslog
Collaboration with third-party tools, such as FireMon
Collaboration with Anti-APT solution
Centralized Management Centralized configuration, logging, monitoring, and reporting is performed by Huawei eSight and LogCenter
VLANs (maximum) 4,094
Virtual Interfaces (maximum) 1,024
High Availability Configurations Active/Active, Active/Standby

1. Performance is tested under ideal conditions based on RFC 2544 and RFC 3511. The actual result may vary with deployment environments

2. Antivirus, IPS, and SA performances are measured using 100 KB of HTTP files

3. Throughput is measured with the Enterprise Traffic Model

4. SSL inspection throughput is measured with IPS-enabled and HTTPS traffic using TLS v1.2 with AES256-SHA

5. SSL VPN throughput is measured using TLS v1.2 with AES128-SHA

6. USG6000 V100R001 supports only the RESTCONF interface and cannot interwork with sandbox or third-party tools

*SA indicates Service Awareness


Hardware Specifications

Model USG6330 USG6350 USG6360
Dimensions (H x W x D) 44.4 mm x 442 mm x 421 mm
Form Factor/Height 1U
Fixed Interfaces 4 x GE (RJ45) + 2 x GE (Combo)
USB 2.0 Port Supported
Expansion Slot 2WSIC*
Expansion I/O WSIC: 2 x 10 GE (SFP+) + 8 x GE (RJ45), 8 x GE (RJ45), 8 x GE (SFP), and 4 x GE (RJ45) BYPASS
Maximum Number of Interfaces 22 x GE (RJ45) + 4 x 10 GE (SFP+) or 18 x GE (SFP) + 4 x GE (RJ45)
MTBF 11.58 years
Weight (full configuration) 7.9 kg
Local Storage Optional. Supports a 300 GB or 600 GB hard disk (the hard disk is hot-swappable, but the hard disk card is not)
AC Power Supply 100V to 240V, 50 Hz/60 Hz
Power Consumption (average/maximum) 30.7W/107.83W
Heat Dissipation 368 BTU/h
Power Supplies Single 150W AC power supply; optional 170W AC power supply
Operating Environment (temperature/humidity) Temperature: 0°C to 45°C (without optional HDD) 
5°C to 40°C (with optional HDD)
Humidity: 5% to 95% (without optional HDD), non-condensing 
5% to 90% (with optional HDD), non-condensing
Non-operating Environment Temperature: -40°C to 70°C
Humidity: 5% to 95% (without optional HDD), non-condensing;
5% to 90% (with optional HDD), non-condensing
Operating Altitude (maximum) 5,000 meters (without optional HDD); 3,000 meters (with optional HDD)
Non-operating Altitude (maximum) 5,000 meters (without optional HDD); 3,000 meters (with optional HDD)
Noise 54.1 dBA

*WISC is not hot-swappable


Certifications

Certifications
Regulatory Compliance Products comply with CE markings per directives 2014/30/EU and 2014/35/EU
Safety UL 60950-1
CSA-C22.2 No. 60950-1
EN 60950-1
IEC 60950-1
EMC: Emissions AS/NZS CISPR 22
CISPR 22 Class A
EN 55022 Class A
ETSI EN 300 386
IEC 61000-6-4/EN 61000-6-4
IEC 61000-3-2/EN 61000-3-2
IEC 61000-3-3/EN 61000-3-3
FCC CFR47 Part 15 Subpart B Class A
ICES-003 Class A
VCCI V-3 Class A
CNS 13438 Class A
EMC: Immunity EN 55024
CISPR 24
ETSI EN 300 386
IEC 61000-6-2/EN 61000-6-2
CNS 13438 Class A

Ordering information

Product Model Description
USG6330 USG6330-AC USG6330 AC Host (4 GE (RJ45) + 2 GE Combo, 4 GB Memory, 1 AC Power)
USG6330 USG6330-BDL-AC USG6330 AC Host (4 GE (RJ45) + 2 GE Combo, 4 GB Memory, 1 AC Power, with IPS-AV-URL Function Group Update Service Subscription 12 Months)
USG6350 USG6350-AC USG6350 AC Host (4 GE (RJ45) + 2 GE Combo, 4 GB Memory, 1 AC Power)
USG6350 USG6350-BDL-AC USG6350 AC Host (4 GE (RJ45) + 2 GE Combo, 4 GB Memory, 1 AC Power, with IPS-AV-URL Function Group Update Service Subscribe 12 Months)
USG6360 USG6360-AC USG6360 AC Host (4 GE (RJ45) + 2 GE Combo, 4 GB Memory, 1 AC Power)
USG6360 USG6360-BDL-AC USG6360 AC Host (4 GE (RJ45) + 2 GE Combo, 4 GB Memory, 1 AC Power, with IPS-AV-URL Function Group Update Service Subscription 12 Months)
Business Module Group
WSIC WSIC-8GE 8 GE Electric Ports Interface Card
WSIC WSIC-4GEBYPASS 4 GE Electric Ports Bypass Card
WSIC WSIC-8GEF 8 GE Optical Ports Interface Card
WSIC WSIC-2XG8GE 2 x 10 GE Optical Ports + 8 GE Electric Ports Interface Card
Hard Disk Group
HDD SM-HDD-SAS300G-B 300 GB 10K RPM SAS Hard Disk for 1U rack Gateway
SM-HDD-SAS600G-B 600 GB 10K RPM SAS Hard Disk for 1U rack Gateway
Function License
Virtual Firewall LIC-VSYS-10-USG6000 Quantity of Virtual Firewall (10 Vsys)
LIC-VSYS-20-USG6000 Quantity of Virtual Firewall (20 Vsys)
LIC-VSYS-50-USG6000 Quantity of Virtual Firewall (50 Vsys)
SSL VPN Concurrent Users LIC-SSL-100-USG6000 Quantity of SSL VPN Concurrent Users (100 Users)
LIC-SSL-200-USG6000 Quantity of SSL VPN Concurrent Users (200 Users)
LIC-SSL-500-USG6000 Quantity of SSL VPN Concurrent Users (500 Users)
NGFW License
IPS Update Service LIC-IPS-12-USG6300-02 IPS Update Service Subscription 12 Months (applies to USG6330/USG6350/USG6360)
LIC-IPS-36-USG6300-02 IPS Update Service Subscription 36 Months (applies to USG6330/USG6350/USG6360)
URL Filtering Update Service LIC-URL-12-USG6300-02 URL Filtering Update Service Subscription 12 Months (applies to USG6330/USG6350/USG6360)
LIC-URL-36-USG6300-02 URL Filtering Update Service Subscription 36 Months (applies to USG6330/USG6350/USG6360)
Anti-Virus Update Service LIC-AV-12-USG6300-02 Anti-Virus Update Service Subscription 12 Months (applies to USG6330/USG6350/USG6360)
LIC-AV-36-USG6300-02 Anti-Virus Update Service Subscription 36 Months (applies to USG6330/USG6350/USG6360)
IPS-AV-URL Function Group LIC-IPSAVURL-12-USG6300-02 IPS-AV-URL Function Group Subscription 12 Months (applies to USG6330/USG6350/USG6360)
LIC-IPSAVURL-36-USG6300-02 IPS-AV-URL Function Group Subscription 36 Months (applies to USG6330/USG6350/USG6360)
Basic License
Content Filtering LIC-CONTENT Content Filtering Function

For more information, visit http://e.huawei.com/en or contact your local Huawei sales office.