If you need help, please click here:
Huawei’s next-generation all-in-one DC firewall, the USG9500, delivers terabit-level performance to cloud service providers and large-scale enterprise campus networks.
It is typically deployed at the egress of cloud computing data centers, large enterprises, and campus networks to provide industry-leading protection capabilities. Boasting 99.999% reliability and integrating essential security features such as Network Address Translation (NAT), Virtual Private Network (VPN), Intrusion Protection System (IPS), virtualization, and Service Awareness (SA), the USG9500 reduces equipment room investment and Total Cost of Ownership (TCO) per Mbit/s, while enabling enterprises to construct cloud computing–oriented DCs with advanced security protection.
Industry-leading dual-terabit-level firewall offering 1.92 Tbit/s throughput and 2.56 billion concurrent connections.
Includes enhanced security features such as service awareness, virtualization, and IPv6 security, while also integrating NAT, VPN, IPS, and Anti-DDoS services to reduce TCO.
Advanced hardware and software design supports dual-MPU, hot standby, and load balancing, delivering 99.999% availability. The hot-swappable components ensure continuous online upgrades and capacity expansion.
|Maximum Firewall Throughput||120 Gbit/s||960 Gbit/s||1.92 Tbit/s|
|Maximum Number of Concurrent Sessions||160,000,000||1,280,000,000||2,560,000,000|
|Basic Functions||Routing/Transparent/Composite mode, state validation detection, blacklist and whitelist, access control, Application Specific Packet Filter (ASPF), security zone division, virtual firewall, smart route, and load balancing|
|NAT/CGN||Destination NAT/PAT, NAT NO-PAT, source NAT-IP address persistence, source IP address pool grouping, NAT Server, bi-directional NAT, NAT Application Layer Gateway (NAT-ALG), unlimited IP address expansion, policy-based destination NAT, port range pre-allocation, hair pinning mode, SMART NAT, NAT64, DS-Lite, and 6RD (IPv6 Rapid Deployment)|
|NGFW Functions||Supports intrusion detection and prevention, URL filtering, antivirus, data loss prevention, etc.|
|PKI||PKI certificate requests (PKCS 10), Certificate Authority (CA)
PKI authentications: EAP-SIM, EAP-AKA
PKI protocols: SCEP, OCSP, and CMPv2
|Virtual System||4,096-Virtual Firewall (VFW) definition, VLAN virtualization, security zones virtualization, user-defined virtual resources, route between VFW, and VFW-based traffic CAR|
|DDoS Mitigation||SYN-flood, ICMP-flood, TCP-flood, UDP-flood, and DNS-flood
Port-scan, Smurf, Tear-drop, and IP-Sweep
IPv6-extension-header defense, TTL detection, TCP-mss detection, and attack log output
|Data Leak Prevention (DLP)||Identifies and filters the transferred files and contents. The USG9500 can identify more than 120 file types, regardless of whether filename extensions are maliciously changed. In addition, the USG9500 can restore and implement content filtering for over 30 types of files, such as Word, Excel, PPT, PDF, and RAR files, to prevent leaks of critical enterprise information.|
If you are already a Partner, please click here to get more marketing resources.
Click here to visit the Partner zone to check enquiry status, manage orders, get support, or learn more about Huawei Partners.