USG9500 Terabit-level Next-Generation Firewall
World’s fastest data center firewall ensures secure services for large data centers, cloud computing environments, and enterprise campus networks. Integrated switching, routing, and security enable smooth upgrades, easy virtualization, and terabit-level processing capability – all with carrier-grade reliability in a compact, space-saving form factor.
NP + multi-core + distributed architecture integrates security, virtualization, and comprehensive service awareness with continuous database updates to optimize protection.
Minimize security risks, ensure ongoing protection, and reduce TCO with Huawei’s NSS-tested data center firewall.
Slash TCO and get ongoing, industry-leading security, high availability, terabit-level processing, and top performance with the world’s fastest data center firewall.
- Integrated device provides up to 1.44 Tbit/s throughput and supports up to 1.44 billion concurrent sessions, delivering an industry-leading 160 Gbit/s Stream Processing Units (SPUs) while saving 75% of rack space
- Integrates multiple services and provides traditional functions (such as NAT, VPN, IPS, and anti-DDoS) and enhanced functions (such as service awareness, virtualization, and IPv6 security) to significantly reduce TCO
- Dual-MPU, hot standby, and load balancing ensure 99.999% uptime availability. Hot-swappable components enable online upgrades and capacity expansion without service interruption
- The first Terabit, next-generation firewall to be tested by the NSS, the USG9500 is currently the world’s fastest firewall
Product | USG9520 | USG9560 | USG9580 |
Expansion Slots | 3 | 8 | 16 |
Maximum Firewall Throughput | 120 Gbit/s | 720 Gbit/s | 1.44 Tbit/s |
Maximum Number of Concurrent Sessions | 120 million | 720 million | 1.44 billion |
Basic Functions | Routing/Transparent/Composite mode, state validation detection, blacklist and whitelist, access control, Application Specific Packet Filter (ASPF), security zone division, virtual firewall, smart route, and load balancing | ||
NAT/CGN | Destination NAT/PAT, NAT NO-PAT, source NAT-IP address persistency, source IP address pool grouping, NAT Server, bi-directional NAT, NAT-ALG (Application Layer Gateway), unlimited IP address expansion, policy-based destination NAT, port range pre-allocation, hair pinning mode, SMART NAT, NAT64, DS-Lite, and 6RD (IPv6 Rapid Deployment) | ||
NGFW Functions | Supports intrusion detection and prevention, URL filtering, antivirus, data loss prevention, etc. | ||
PKI | PKI certificate requests (PKCS 10), Certificate Authority (CA)
PKI authentication: EAP-SIM, EAP-AKA PKI protocol: SCEP, OCSP, and CMPv2 |
||
Virtual System | 4,096-Virtual Firewall (VFW) definition, VLAN virtualization, security zones virtualization, user-defined virtual resources, route between VFW, and VFW-based traffic CAR | ||
DDoS Mitigation | SYN-flood, ICMP-flood, TCP-flood, UDP-flood, and DNS-flood
Port-scan, Smurf, Tear-drop, and IP-Sweep IPv6-extension-header defense, TTL detection, TCP-mss detection, and attack log output |