Secospace USG9100

Secospace USG9100
Secospace USG9100

Product Overview
With the emergence of the triple play, Web 2.0, P2P, video networks. Traditional firewalls inevitably form a bottleneck as
streaming, and high definition broadband, the need for network they are not sufficient for high-speed networks.
bandwidth is rising exponentially. Gigabit and 10-Gigabit are Based on its rich experience of hardware design, Huawei Symantec
no longer new concepts. Many switches and routers have high- has launched its professional 10-Gigabit security gateway device:
capacity 10G interfaces. Large enterprises and organizations, the Secoway USG9100 series. Employing a dedicated network
such as financial organizations, governments, and educational multi-core chip and distributed hardware platform, the USG9100
institutions, are integrating services and expanding their features advanced multi-core+ATCA architecture.

Product Family

USG9110 USG9120

Product Features
Advanced multi-core+ATCA architecture — open, services, such as NAT, Application Specific Packet Filter (ASPF),

high performance, and low power consumption and anti-DDoS. The USG9100 series includes the USG9110

The USG9100 adopts advanced Eco-friendly ATCA architecture. and the USG9120. These two models have eight and 24 slots

Power consumption for processing 1G traffic is under 20 W. respectively and support multiple service modules or interface

The USG9100 reduces TCO and is easily expandable in terms modules. They adopt a distributed concurrent processing

of industry-standard architecture, performance, interfaces, mechanism, which greatly enhances the product performance.

storage modules, and third-party software and hardware. Thus, users can expand capacity with low investment.

The USG9100 adopts architecture in which the control, interface,

and service processing modules are mutually independent. Highest firewall performance — guaranteeing
Dedicated to traffic forwarding, the interface module ensures the key services
line-speed processing of interface traffic. The service processing The three main indexes of the USG9100 — throughput,
module is based on the multi-core and multi-thread architecture new connections per second, and maximum number of
and ensures the high-speed concurrent processing of multiple concurrent connections — lead the industry. The throughput
Secospace USG9100

of one service processing module is 10G, the number of new of the USG9100 is up to 38.05 years and the failover time is less
connections per second is 250000, and the maximum number than 0.1 second. Thus, service stability is guaranteed.
of concurrent connections is 4000000. The specifications of
one processing module already exceed that of a 10-Gigabit Extensive network interfaces — facilitating
firewall. The USG9120 has a maximum of 12 service processing networking
modules, its overall throughput reaches 120G, the number of In addition to the high-density Ethernet interfaces of 8 x GE and 1
new connections per second is 3000000, the maximum number x 10GE, the USG9100 also supports the POS interfaces frequently
of concurrent connections is 48000000, and the number of used in backbone networks, including 4 x 2.5G and 1 x 10G. It can
virtual firewalls is 1024. The high performance and scalability of also connect with Synchronous Digital Hierarchy (SDH) devices.
the USG9100 meets the performance requirements of high-end These features serve to enhance transmission efficiency. The
users, such as the financial, public, and energy sectors. USG9100 provides twelve 10GE interfaces and 96 GE interfaces
and supports cross-board binding to meet the requirements
Stable and reliable security gateway — for interface capacity and density and complex networking
ensuring service consistency scenarios, such as for large enterprises, IDCs, and MANs.
Network security is vital for enterprises. The USG9100 supports The USG9100 also supports IKEv2 and provides enhanced user
reliable networking functions, such as the hot swapping of authentication, packet authentication, and NAT traversal. The
redundant components (the interface, fan, and power supply), USG9100 eliminates the hidden hazards of man-in-the-middle
dual processing engines, active/standby mode, and active/active and DDoS attacks, and supports wireless authentication
mode. Different SPUs of the USG9100 support load balancing protocols, such as EAP-SIM and EAP-AKA. Thus, wireless
and mutual hot backup. The mean time between failures (MTBF) network security is ensured.

Typical Networking Scenario

X network CNC backbone line

10G link

Large IDCs

Data storage area Service area Management Others

maintenance area

Security defense of a large IDC

Secospace USG9100

Product Specifications
Model USG9110 USG9120

4 pairs, in which SPUs and LPUs can be 12 pairs, in which SPUs and LPUs can be
Number of slots
inserted. inserted.

Throughput 10G×4 10G×12

Number of concurrent connections 4000000×4 4000000×12

Number of new connections per second 250000×4 250000×12

Number of virtual firewalls 1024 1024

Reliability Hot swapping of modules and components, dual-system hot backup, and link aggregation

Ethernet interface 8×GE, 1×10G LAN, 1×10G WAN

LPU type
POS interface 4×2.5G, 1×10G

Maximum number Ethernet interface 32×GE, 4×10GE 96×GE, 12×10GE

of interfaces POS interface 16×2.5G, 4×10G 48×2.5G, 12×10G

Dimensions (mm) (W×D×H) 442×438×221.5 440×400×620

Weight ≤ 35kg ≤ 80kg

Mean time between failures (MTBF) 38.05 years 38.05 years

