National Research and Education Network
Education Cloud Data Center
Multi-Channel HD Telemedicine Solution
Over The Top/Multi-Tenant Data Center (OTT/MTDC)
Internet Exchange Point (IXP)
Internet Access Provider (IAP)
Design & Simulation
Planning & Analytics
Oil & Gas IoT
HPC & Operations Management
Digital Urban Rail
Enterprise Data Center
Server - Intelligent Computing
Enterprise Cloud Communications
Network Management System
Ubiquitous Connectivity Makes Digital Transformation Possible
Economical and Powerful AI Computing
Secure And Resilient Solutions
Leading New ICT
211 Fortune Global 500 Companies Choose Huawei as Digital Transformation Partner
Buy from Huawei
If you want to get more information about your project, you can submit your information and we will contact you as soon as possible.
If your company has signed an eDeal contract with Huawei, please buy your required product/solution via the link below.
Buy from resellers
Search for a nearby reseller and get direct contact information.
Become a Partner
Resources and Support
Huawei Authorized Learning Partner
Huawei Authorized Information and Network Academy
The USG9500 is a new-generation, terabit-level, all-in-one DC firewall from Huawei for cloud service providers, large-scale DCs, and large-scale enterprise campus networks.
The USG9500 provides terabit-level processing performance and 99.999% reliability. It integrates multiple security features such as Network Address Translation (NAT), Virtual Private Network (VPN), Intrusion Protection System (IPS), virtualization, and Service Awareness (SA) to help enterprises construct cloud computing–oriented DCs under border security protection and reduce the equipment room investment and Total Cost of Ownership (TCO) per Mbit/s.
Industry’s leading dual-terabit-level firewall with a maximum of 1.92 Tbit/s throughput and 2.56 billion concurrent connections.
Provides traditional functions, such as NAT, VPN, IPS, and Anti-DDoS, as well as enhanced functions, such as service awareness, virtualization, and IPv6 security. With multiple services integrated, the USG9500 effectively reduces TCO.
Employs excellent software and hardware design to support dual-MPU, hot standby, and load balancing, delivering 99.999% high availability. The hot-swappable components ensure continuous online upgrade and capacity expansion.
|Maximum Firewall Throughput||120 Gbit/s||960 Gbit/s||1.92 Tbit/s|
|Maximum Number of Concurrent Sessions||160,000,000||1,280,000,000||2,560,000,000|
|Basic Functions||Routing/Transparent/Composite mode, state validation detection, blacklist and whitelist, access control, Application Specific Packet Filter (ASPF), security zone division, virtual firewall, smart route, and load balancing|
|NAT/CGN||Destination NAT/PAT, NAT NO-PAT, source NAT-IP address persistence, source IP address pool grouping, NAT Server, bi-directional NAT, NAT Application Layer Gateway (NAT-ALG), unlimited IP address expansion, policy-based destination NAT, port range pre-allocation, hair pinning mode, SMART NAT, NAT64, DS-Lite, and 6RD (IPv6 Rapid Deployment)|
|NGFW Functions||Supports intrusion detection and prevention, URL filtering, antivirus, data loss prevention, etc.|
|PKI||PKI certificate requests (PKCS 10), Certificate Authority (CA)
PKI authentications: EAP-SIM, EAP-AKA
PKI protocols: SCEP, OCSP, and CMPv2
|Virtual System||4,096-Virtual Firewall (VFW) definition, VLAN virtualization, security zones virtualization, user-defined virtual resources, route between VFW, and VFW-based traffic CAR|
|DDoS Mitigation||SYN-flood, ICMP-flood, TCP-flood, UDP-flood, and DNS-flood
Port-scan, Smurf, Tear-drop, and IP-Sweep
IPv6-extension-header defense, TTL detection, TCP-mss detection, and attack log output
|Data Leak Prevention (DLP)||Identifies and filters the transferred files and contents. The USG9500 can identify more than 120 file types, regardless of whether filename extensions are maliciously changed. In addition, the USG9500 can restore and implement content filtering for over 30 types of files, such as Word, Excel, PPT, PDF, and RAR files, to prevent leaks of critical enterprise information.|