huawei usg product pre-sales specialist · pdf file3 5 15 sustainable growth huawei...
TRANSCRIPT
Version: V1.2(20140311)
HUAWEI USG Product Pre-sales
Specialist Training
2
Contents Click to add Title 1 Huawei and Enterprise Overview
Click to add Title 5 Success Stories
Click to add Title 3 Product Highlights
Click to add Title 4 Competition Analysis
Click to add Title 6 Ordering Guide
Click to add Title 7 How to Obtain Documents
Click to add Title 2 Market Overview and Positioning
3
5
15
Sustainable Growth
Huawei Technologies releases an annual report with consolidated financial statements
audited by KPMG. — From Huawei annual report audited by KPMG
Sales revenue (billion USD)
0
10
20
25
30
35
Who is Huawei?
Leading global ICT solutions
provider
Rank 315th on the 2013 Global
Fortune 500
Customer-centric culture
World-class management,
process, and practice
2009
21.5
2010
27.6
2011
32.4
2012
35.4
2013(Unaudited)
39.5
40
4
Worldwide Expertise
16 R&D Centers
170+ Countries
14 Regional HQs
28 Joint Innovation Centers
150,000 Employees Worldwide
45 Training Centers
5
Unprecedented Reach through Innovative Technologies
Enable 3.5 billion end users
6
Continuous Investment in Innovation
USD $5.45 billion in 2013
USD $25.4 billion over 10 years (from 2004 to 2013)
70,000 R&D employees
16 R&D centers
R&D investment Standards and patents
Continuous increase in percentage of R&D
investment to total sales revenue
Membership in 170+ international
standards organizations such as IEEE,
IETF, DMTF, Continua, and HL7
180+ positions in international standards
organizations
5,000 standards proposals in 2013 Standards
44,168 patent applications in China; 14,555
PCT patent applications and 18,791 patent
applications outside of China.
36,511 patent applications granted (by
December 31, 2013) Patents
0
5%
10%
15%
14% 9.7% 9.7% 11.6%
2013 2009 2010 2011
13.7%
2012
7
Industry-Recognized Innovation Awards
Corporate Use of Innovation Award
The Economist
Excellence in
Standards Development Award
CE12800 series DC switches won
the Best of Show Award in the Data
Center and Storage Category
Interop
Top 5 most innovative companies
in the world
Fast Company
Best LTE Commercial Performance
Award,
Best Contribution to LTE R&D Award
Informa
HVS high-end storage and IVS won
the Red Dot Design Award
WLAN AP products won the IF Industrial
Design Award
Red Dot & IF
IEEE
8
ICT Penetration Globalizes Huawei
Enlightenment
(1993-1997)
Centralization
(1998-2002)
Internationalization
(2003-2008)
Globalization
(2009-…)
Worldwide network, regional data centers, global IT support, IT security, VPN, VOIP
Cloud computing, unified communications, global telepresence, BYOD
Nationwide backbone network, enterprise-class data center
Nationwide DDN WAN, OA
9
Contents
2 Market Overview and Positioning
Click to add Title 5 Success Stories
Click to add Title 3 Product Highlights
Click to add Title 4 Competition Analysis
Click to add Title 6 Ordering Guide
Click to add Title 7
Click to add Title 1 Huawei and Enterprise Overview
How to Obtain Documents
10
Annual Revenue Statistics of Global Security Products - Infonetics
5.8 billion
Market Shares of Security Vendors- Infonetics
Cisco 1824.2 McAfee 460.4
Checkpoint 786.8 Fortinet 262.3
Juniper 705.2 Huawei 229.0
Unit: Million dollars
Global Security Products Market
In 2011, the global security products revenue reached $5.8 billion, increased 3.3% compared with 2010 revenue. Huawei accounts for
3.9% in the global market and ranks No.6.
11
Infonetics Forecast of the Global Security Device Market
1. In 2014, the global firewall, VPN, and UTM markets are expected to reach $3.1 billion.
2. Middle-range and low-end security gateways will account for 71% of the global security gateway market with $2.2
billion.
Note: $0 to $5000 security gateways are low-end. $5000 to $30,000 security gateways are middle-range.
Security Device Market Forecast — Infonetics
Middle-Range and Low-End Security Gateway Market
Analysis
Low-end and middle-range firewalls
$30,000
$10,000
$5,000
$1500
$500
Million dollars
12
Main Scenario of Huawei security gateway of USG
Customers
Enterprise Government Financial Energy Transportation education
Big volume NAT(FW)
Export access control
(FW)
Internet export
Different sub-network
access control (FW)
Threat isolate
Intranet isolate
Security area isolate
Services access
control
DC area isolate
Expert VPN
connection (FW)
Branch access control
(FW)
Branch vertical connect
13
Typical Application — Security Protection of Private
Government Network
Private province government network
City 1 City N
District/County 1 District/County N
…
… …
Municipal governments
District/County
governments
USG5000/USG2000
USG5000
USG2000
Existing Issues
Private government networks are not
isolated.
Governmental intranet and Internet
communication is not protected.
Multiple internal service systems have
vulnerabilities.
Solution
Add antivirus (AV) isolation at borders for
security.
Manage unified network security.
Solution Values
Private government networks are isolated
securely.
The solution prevents viruses professionally
and effectively.
The solution controls the range of security
events effectively.
The solution upgrades vulnerabilities and
patches with unified management. District/County 1 District/County N
14
Typical Application — Security Isolation of the Data
Center
Application
server
IP SAN
Database
server
FC SAN
NAS node FC switching plane IP switching plane
NAS
FC SAN
IP SAN
Backup device: S2600
Geographic redundancy center
Redundancy array: S5500
WAN
Network
redundancy and
virtualized device:
VIS6000
Unified storage
device: N8000
Main data center
Core switch
USG5000
Data center
switch
Existing Issues
Unsecure heavy traffic isolation
Not guaranteed service continuity
No anti-DDoS defense
No visualized application
management
Solution
10-GB device for security isolation of
the data center
Hot standby deployment
Solution Values
Security isolation of 32 Gbit/s traffic
on one host
Professional 10 Gbit/s anti-DDoS
capability
Microsecond-level delay and hot
standby
Zero packet loss ratio to ensure
service continuity
Visualized service management
15
Typical Application — Network Admission Protection
Core switch
Access switch
USG5000
Terminal access
control gateway
Access switch
Terminal security management system
Access
switch
Switch
USG5000 USG5000
Server area
Router
IDS
NIP1000
WAN Existing Issues
Terminals have vulnerabilities.
Authorized users access unauthorized
resources.
Unauthorized access is not controlled.
Numerous terminals are hard to
manage.
Solution
Provide a professional gateway
solution with excellent adaptability.
Manage devices centrally with quick
deployment.
Support comprehensive terminals.
Provide HA and flexible control.
Solution Values
Forces terminals to protect service
systems.
Improves network security and
usability.
Improves efficiency and saves costs.
16
Headquarters
RADIUS & CA
Intranet
Branch Branch
VSM management system
Remote site
Internet
USG5000/USG2000 USG5000/USG2000
USG5000 USG5000
Existing Issues
Unsecure access for branches and mobile
working
Unsecure data transmission on the Internet
VPN Solution
Multiple VPN technologies, such as IPSec,
L2TP, GRE, SSL, and MPLS
Online expansion of the number of tunnels
Carrier-class reliability
Solution Values
Secure, flexible, and reliable VPN access
Centralized service management
Typical Application — Secure VPN Access to Branches
17
Contents
2 Market Overview and Positioning
Click to add Title 5 Success Stories
Click to add Title 4 Competition Analysis
Click to add Title 6 Ordering Guide
Click to add Title 7
Click to add Title 1 Huawei and Enterprise Overview
How to Obtain Documents
3 Product Highlights
18
Flexible interface Extensive interface and flexible card High performance and sound reliability
SOHO and Branch Office Small and Medium-sized
Enterprise
Large Enterprise
USG2100
USG2200
USG5100
USG2110
Cost-effectiveness
USG5500
Huawei UTM+ Products Overview
19
Huawei UTM+ Solution
Firewall
UTM
Content filtering
Traffic control
Online behavior management
Huawei UTM+ Features
Multiple services integrated
Simple, effective, and unified management
Low TCO
Improved support and response
Router
Internet
UTM+
Antivirus
IPS
Firewall Software Group AS
Huawei UTM+ Solution
20
Leading Architecture Diversified Functions
Integration of software and hardware Integration of the advanced multi-core hardware structure, multi-thread
concurrent processing, and real-time multi-task secure VSP
Flow optimization
Optimizing the security processing procedure, especially for the first packet,
enabling the USG to possess the industry-leading number of new connections per
second
Separation of data encapsulation and in-depth inspection, enabling concurrent
inspection and greatly improving performance during inspection
Leading Architecture Platform Thread 0
Core 4
Thread 1
Thread 2
Thread 3
Thread 0
Core 5
Thread 1
Thread 2
Thread 3
Thread 0
Core 6
Thread 1
Thread 2
Thread 3
Thread 0
Core 7
Thread 1
Thread 2
Thread 3
Thread 0
Core 0
Thread 1
Thread 2
Thread 3
Thread 0
Core 1
Thread 1
Thread 2
Thread 3
Thread 0
Core 2
Thread 1
Thread 2
Thread 3
Thread 0
Core 3
Thread 1
Thread 2
Thread 3
A maximum of 32 eight-core virtual CPU concurrent processing combined with the accelerated chip to
ensure industry-leading performance
High software flexibility High processing performance Low power consumption per unit Hardware acceleration engine
Multi-core Advantage
Architecture — Multi-Core Hardware with High
Performance
21
Leading Architecture Diversified Functions
•The kernel implements only traditional forwarding, and the security module
is plugged into the route engine.
•Data passively flows into the security module with the interference of the
route engine.
•The architecture is insecure, and data processing is inefficient.
Traditional Inserted UTM+ Kernel Integrated UTM+ Secure Kernel
•The security capability is integrated into the system kernel to proactively
perform security check.
• Data passes through the security kernel during the forwarding process.
•Modules work concurrently, ensuring high efficiency and security.
Router engine
Firewall/VPN module
IPS AV URL AS Policy management
User UI
Firewall
DPI
AV
IPS
UR
L
AS
Architecture — Efficient Software
22
Leading Architecture Diversified Functions
IP addresses are not related to user roles.
Policies cannot vary with users using one terminal..
Policy objectives can be apply to a specific
user.
Policies can be customized based on a user's
requirements.
Accuracy
Policies are bound to IP addresses and cannot
adapt to network changes.
Fixed policies do not support mobile working.
Security policies are decoupled from the network
structure.
Security policies support mobile working.
Flexibility
IP addresses do not match the enterprise structure,
which are hard to manage.
Complicated policies are hard to implement.
Management hierarchy matches the enterprise
structure.
Laws and regulations integrate management
policies seamlessly.
Ease of use
User Management
Local or third-party user management
Architecture management and
synchronization
User status management
User Authentication
Local or third-party authentication
Pre-authentication or session authentication
Multiple authentication methods, such as web,
AD, RADIUS, and LDAP
Security Policy
Architecture Based on Users
Architecture — Security Policies Based on Users
User-based policy
User-based audit
23
Leading Architecture Diversified Functions
Application Identification
Vulnerability Scanning Efficient Content Parsing
Identify
Parse Scan
Identification of over 240 protocols
and multiple disguised data
Industry-leading IPS engine of Symantec
• Provides vulnerability-based signature, effectively prevents attack variants, and provides low false positives.
• Possesses unique identification capability and requires no low-efficiency blind scanning.
• Adds over 2000 vulnerability signatures.
Regulation-based parsing, requiring
no blind scanning
Vulnerability-based signatures
with minimum signature
correlation and low false positive
UTM+ Functions — IPS Engine Based on Vulnerabilities
24
Leading Architecture Diversified Functions
Advantages of Symantec AV Engine
Static Heuristic Engine Global Leading AV Engine
Machine self-learning technology
File
scanning Attribute
extracting Attribute
calculation Signature
association
MQ Workflow
File attributes cover embedded resources, paragraph
structures, and digital signatures. Currently, the number of
defined file attributes exceeds 125.
Leading
technologies
Uses the file-level engine to ensure the completeness of virus detection. The FTP
scanning is added.
Employs the emulation execution technology, exposing viruses and the variants.
Provides massive virus detection capability and detects over 7 million viruses.
High detection
rate
Provides a virus detection ratio of 99%.
Uses the automatic learning engine, provides capabilities of scanning over 125 types of
signatures, and detects viruses and virus variants quickly.
Quick response Uses the blade engine and can be updated just like the signature.
New script engines can be applied to the operating AV engine.
UTM+ Functions — Global Leading AV Engine
Key
word
engin
e
Hash e
ngin
e
Script
engin
e .
..
Script
engin
e .
..
Script
engin
e .
..
Anti-u
npackin
g e
ngin
e
PD
F e
ngin
e
Blade engine
MQ static heuristic engine
File scanning and attribute extracting
Emulation environment
25
Leading Architecture Diversified Functions
Visualized management
Applications
Virus
Trojan
horse
Worm
Virus/Attack: block
Virus Trojan
horse
Worm Time
Key applications: bandwidth priority
Acceptable applications: traffic control
Forbidden applications: block
User (group) Content
Professional security defense
Comprehensive traffic control
Intelligent traffic
management:
Application control
User identification
Content detection
Time
fragmentation
Management
visualization
UTM+ Functions — Comprehensive Traffic Control
26
Leading Architecture Diversified Functions
Malicious URL database: 42 KB
Phishing URL database: 13 KB
Local hotspot database: 100 KB
URL signature database: 65 MB
Accurate rate: 96%
Fine-grained predefined category:
130 types
User-defined categories supported
Supported languages:
10 languages
URL filtering
Accurate Wide
Fine-grained Comprehensive
Content filtering
Web content filtering
Search keyword filtering
FTP filtering
Mail filtering
Real-time blackhole list (RBL) filtering
Recipient, sender, title, content, and attachment filtering
Attachment content filtering
URL filtering
Intelligent
online behavior
management
Traffic control
Content filtering
Mail filtering Report analysis
Behavior audit
UTM+ Functions — Intelligent Online Behavior
Management
27
Leading Architecture Diversified Functions
Application scenario
Data center security service, cloud computing
security service, and isolation of multiple user
services
Functions
Firewall, NAT, VPN, IPS, AV,
URL, DPI, AS, and content filtering
Important index
Multiple virtual UTMs can allocate
resources flexibly.
A maximum of 100 virtual UTMs
can be supported.
Management and maintenance
Every virtual UTM is configured with
independent settings and a
management system.
Department A Department B Department C
UTM gateway
UTM+ Functions — UTM Virtualization
28
Leading Architecture Diversified Functions
• UTM+ requires only one-key configuration.
One-key configurations
Deploy Enable
Enable IPS
Enable AV
√
√
Step 2 Step 1 Step 3 Step 4
Deploy Analyze Optimize Enable
• Network design
• Deployment
debugging
•Log analysis
• Data mining
•Parameter modification
• Policy association
•Defense mode
•Policy application
Traditional UTM configurations are complex and require much labor and time.
Integrated Policy
Integrated management with parameters at a glance
Simplified configurations that improve productivity
VSM and eLog in standard configurations, managing three
network elements by default
UTM+ Functions — One-Key Configuration
29
eLog
Intranet
Network Admin
USG2000/5000
Sophisticated log analysis and timely alarm
Real-time device and network traffic monitoring
Large capacity and reliable log storage
Diversified reports
UTM+ Functions — Simple Management and Abundant Log Statistics
30
Main Scenario of Huawei AntiDDoS
Metro
DC
DC
High performance
Rapid response Accurate defense:over 100 DDoS, global cases Can be operated as a valued-added service.
Enterprise network Internet Export
Cleaning in DDoS traffic
Cut out traffic from bots
Traffic model show and
security graph show.
IGW
Industry performance 200G
Second-Level response
Accurate defense:over 100 DDoS, global cases
Can be operated as a valued-added service.
Customers
Government Financial ICPs Media
Scenarios
Carries Metro interface and IGW.
Web-Site and public platform of Government
Deployed on the edge of the network to protect the enterprise’s services and network.
Online trading and e-bank system of financial
ICPs Data-Center protect
AS Security service of IDC and value added.
Carries
AntiDDoS
AntiDDoS
AntiDDoS
31
Contents
4 Competition Analysis
Click to add Title 5 Success Stories
Click to add Title 2 Market Overview and Positioning
Click to add Title 3 Product Highlights
Click to add Title 6 Ordering Guide
Click to add Title 7 How to Obtain Documents
Click to add Title 1 Huawei and Enterprise Overview
32
Competitiveness of Low-end and Medium-sized USGs and Vendors'
Products USG Juniper
SRX
CISCO
ASA
Fortinet
FG
TOPSEC
NGFW
Venusense
s
USG
H3C
Secpath
LEADSEC SECWORL
D
USG5530S
SRX1400 5585-S20 310B/300C
TG5230 3610D 5434
G60 5834
TG470C 4000D 5A34
USG5530
620B/600C
TG470C
4600D K7000 TG5330
TG5628
USG5550
SRX3400 5585-S40 1000C
TG5728 8000E 8000
X100
TG5622
5200
9201 10000E
USG5560
SRX3600 1240B F5000 X300
33
Competitiveness of Low-end and Medium-sized USGs and Vendors'
Products USG Juniper
SRX
CISCO
ASA
Fortinet
FG TOPSEC
NGFW
Venusenses
USG H3C
Secpath
SECWORLDp
ower
SECWORLD Neusoft
Neteye
USG2130
SSG5/
SSG20
(160M) 5505
100A TG-1403 F100-S
V-160
FW4010
USG2160 200A TG-1503 F100-A
USG2210
SSG140(350M)/
SSG320(450)
5510
300A
TG-1508
300B
F100-E V-214 SecGate3600-
F3 FW4016 TG-1608 V-318
USG2220
SSG350(550
M)/SSG520(6
50M)
5520
100C
TG-4324
V-224
SecGate3600-
F4 FW4032 400A V-418
USG2230 SRX210/
SSG550(1G
+)
5540
500A TG-4424 600C V-324 SecGate3
600-F5 FW4120
USG2250
800
TG-4430 800C V-514 SecGate3
600-F6 V-424
USG5120
SRX240 5550 800
TG-4628 800C F1000-C Power V-3816
SecGate3600-
G4 FW4032
USG5150
TG-5030
F1000-S Power V-4414
USG5160 F1000-A
34
Advanced and reliable UTM features
The Symantec IPS and AV engines provide industry-leading detection ratios.
Provides diversified mail filtering and URL filtering functions.
Virtualizes the UTM function, with UTM security defense policies configurable on each virtual firewall.
Comprehensive DPI
Capable of identifying more than 1000 application protocols
Massive security policies or data center for massive data exchange
Isolation of multiple security zones
Large capacity NAT (Large capacity NAT sessions and unlimited address translation)
Egresses of campus networks, large-sized intranets, Broadcasting & Television MANs, and Internet
IPv6
Universities, large institutes, laboratory networks, and carriers
Highlights
35
Universal Beating Point
Industry-specific Beating Point
Government Finance Energy Education Public
Utilities Enterprise
Beating points based on product selection factors
Low performance: Juniper SRX series delivers low performance in processing small packets
and creating new connections and VPN tunnels.
High power consumption: Juniper SRX series consumes huge power. (The power
consumption of the SRX650 is 650 W.)
Poor series: Juniper SRX series comes with only two Gigabyte models.
Loose coupling with users: The security policies of Juniper SRX series are based on IP
addresses, but not users. Therefore, user-based QoS, routing, and firewall policies are not
supported.
Only models higher than the SRX1400 support application-based management and
control: Juniper SRX series supports more than 700 applications, whereas the USG series
supports more than 1000 applications.
Not supporting SSL VPN: Juniper SRX series does not support the SSL VPN function. The
function must be deployed on dedicated VPN devices.
Models higher than the SRX1400 lack certain functions: These models do not support the
antivirus, anti-spam, or URL filtering function.
Small number of URLs: The URL signature database of the SRX series supports only
26,000,000 URLs, whereas the URL signature database of the USG supports 65,000,000 URLs.
Universal
beating points.
Regulations
compliance:
Chinese
governments are
brand-sensitive
and therefore
Juniper is hard to
pave its way in
Chinese markets.
•Universal beating points.
•Poor easy-to-use: Cisco
series provides only English
GUIs.
Poor after-sales capacity:
Juniper after-sales services in
China are provided by sales
agents. Therefore, the service
quality is poor.
Universal beating points.
High price.
Poor easy-to-use: Cisco series
provides only English GUIs.
Poor after-sales capacity: Juniper
after-sales services in China are
provided by sales agents. Therefore,
the service quality is poor.
Universal Avoiding Point
Industry-specific Avoiding Point
Finance Energy Education Public
Utilities Enterprise
Beating points based on product selection factors
Layer-2 links, QoS, virtualization, and routing: Juniper SRX series inherits the software
strengths of Netscreen and MX router and therefore takes a leading role in Layer-2 links, QoS,
virtualization, and routing. Therefore, emphasize simplified deployment.
Industry-leading technology: Based on Juniper's accumulation in Datacom and Netscreen's
experience in security, Juniper takes a leading role in network and security technologies.
Therefore, emphasize that Ethernet switches (EX) and routers are main product lines, but not the
SRX series.
Universal avoiding points.
Advanced datacom capability: The
datacom capability of the SRX is powerful.
Therefore, divert the attention of customers
to security features.
Universal avoiding points.
For customers that already used Cisco
products: Juniper switching and routing
products are widely used in enterprise
networks. Therefore, you are advised to divert
the customers' attention to the security
features.
HTB Juniper — From Vendor Perspective
36
USG5530
USG5530S
USG5550
USG5560
USG9000
SRX1400*
SRX3400*
SRX3600*
8Gbps
12Gbps
15Gbps
20Gbps
1. The SRX1400 is a new product that Juniper launched in the end of 2010. It is aimed for data centers and is claimed to provide 10 G
performance. This series supports GE and XGE bundles and also supports IPS.
2. The GE bundle is 6 x GE+4 x SFP, and the XGE bundle is 6 x GE+1 x SFP+3 x 10G. The price is unknown yet.
3. Huawei uses the USG5530 to beat Juniper. This series features low price, large interface number, and high firewall performance. So far,
the information about the SRX1400 is still limited.
1. No counterpart is available. Juniper may use the SRX 1400 and SRX3400 as the counterparts.
2. The USG5550 features a large interface number, high performance, and low price.
1. The SRX3400 is a cost-effective distributed product of Juniper and houses a maximum of 2 x NPC+4 x SPC. The performance of the entire
device ranges from 10G to 20G.
2. The SRX3400 is equipped with 8 x GE+4 x SFP (standard configuration) and provides such cards as 16 x GE, 16 x SFP, and 2 x 10G. The
SRX3400 provides a maximum of four interface slots and supports IPS.
3. The SRX3400 with 20G performance costs 570,000 RMB in China and 41,000 USD outside China, whereas that with 10G performance costs
35,000 RMB in China and 25,000 USD outside China.
4. The USG5560 in centralized mode takes advantages in prices and UTM features. Moreover, the interfaces and performance delivered by the
USG5560 are in the same level as its counterparts.
1. Both the SRX3600 and SRX3400 are SRX3000 series, which house a maximum of 3 x NPC+7 x SPC. The performance of the entire system
ranges from 10G to 30G.
2. The SRX3600 is equipped with 8 x GE+4 x SFP (standard configuration) and provides such cards as 16 x GE, 16 x SFP, and 2 x 10G. The
SRX3600 provides a maximum of 7 interface slots and supports IPS.
3. The SRX3600 with 20G performance costs 640,000 RMB in China and 36,000 USD outside China, whereas that with 30G performance costs
86,000 RMB in China and 48,000 USD outside China.
4. You are advised to use the USG9000 series to beat the SRX3600.
HTB Juniper — From Product Perspective
37
200 Mbps
USG2130/260
-0.2
USG2230-0.8
USG5120-2
USG5160-6
SRX240-1.5
SRX650-7
CheckPoint
400 Mbps
1Gbps
4Gbps USG5150-4
USG2250-1
USG2220-0.6
USG2210-0.4
USG2110-
0.12
SRX220-0.95
SRX210-0.75
SRX100-0.65
1. The SRX650 is claimed to deliver 7G performance. The standard configuration has four GE electrical ports and eight expansion slots. The
SRX650 supports POE, SFP, T1, E1, and UTM.
2. The SRX650 is priced at 70,000 RMB inside China and 8000 USD outside China.
3. You are advised to use the USG5160. The USG5530 can also be used if the customer has high requirements on the performance and
interfaces.
1. The SRX240 is claimed to deliver 1.5G performance. The standard configuration has 16 GE electrical interfaces and has high interface density.
You can emphasize on the interface expansibility.
2. The SRX240 is priced at 15,000 RMB inside China and 1500 USD outside China.
3. You are advised to use the USG2250 and emphasize on the small packet performance, SSL VPN, and security functions.
1. The SRX220/210/100 delivers a performance of lower than 1G. The three series have subtle differences in terms of performance.
2. The three series are cost-effective. Therefore, emphasize on the small packet performance and the SSL VPN function.
1. No counterpart is available. Juniper needs to use products of higher levels, which may bring disadvantages in price.
1. No counterpart is available. Juniper needs to use products of higher levels, which may bring disadvantages in price.
HTB Juniper — From Product Perspective
38
Universal Beating Point
Industry-specific Beating Point
Government Finance Energy Education Public
Utilities Enterprise
Beating points based on product/vendor selection factors
Low performance: Cisco ASA series delivers poor
performance in the firewall throughput, VPN, new
connections, and concurrent connections.
Incomprehensive UTM features: Supports only
IPS and requires expansion interface cards.
Low scalability: Provides only two slots, and
therefore having low scalability. The expansion
cards are fixed, namely, the firewall card and IPS
card.
High price: Cisco ASA series is sold at a high
price. Low-end Gigabit products are charged above
50000 USD.
Universal beating
points.
Regulations
compliance: Chinese
governments are
brand-sensitive and
therefore Cisco is hard
to pave its way in
Chinese markets.
Universal
beating
points.
•Universal beating points.
•Poor easy-to-use: Cisco series
provides only English GUIs.
Weak after-sales capacity: Like
Juniper, Cisco provides poor after-
sales support, which causes
complaints from customers.
Universal beating points.
High price.
Poor easy-to-use: Cisco series
provides only English GUIs.
Weak after-sales capacity: Like
Juniper, Cisco provides poor after-sales
support, which causes complaints from
customers.
Universal Avoiding Point
Industry-specific Avoiding Point
Public Utilities Energy Educatio
n Finance Enterprise
Beating points based on product/vendor selection factors
High stability: Cisco products are famous for stability. Therefore, you are advised to
emphasize on the performance.
Advanced datacom capability: Cisco ASA series inherits IOS datacom features.
Therefore, you are advised to emphasize the security features.
High IPS performance: Cisco delivers the high IPS performance using cards.
Therefore, you are advised to emphasize the detection rate.
Industry-leading international brand: Cisco takes the leading role in switching and
routing and has established good brand image.
Universal
avoiding
points.
Universal avoiding points.
For customers that already used Cisco products: Cisco
switching and routing products are widely used in enterprise
networks. Therefore, you are advised to divert the customers'
attention to the security features.
HTB Cisco — From Vendor Perspective
39
USG5530
USG5530S
USG5550
USG5560
8Gbps
12Gbps
15Gbps
20Gbps
1. The ASA5585-40 is claimed to deliver 20G performance, 2,000,000 concurrent connections, and 6 x GE+4 x 10G interfaces in firewall
mode and doubled interfaces in IPS mode.
The ASA5585-40 with basic configurations costs 308,000 RMB in China and about 70,000 USD outside China.
3. The USG5560 is recommended because of its strengths in UTM and interface scalability.
1. The ASA5585-20 is claimed to deliver 10G performance, 1,000,000 concurrent connections, and 8 x GE+2 x 10G interfaces in
firewall mode and doubled interfaces in IPS mode.
2. The ASA5585-10 with basic configurations costs 130,000 RMB in China and about 30,000 USD outside China.
3. The USG5530 or USG5530S is recommended because of its strengths in UTM and interface scalability.
ASA5585-60*
ASA5585-20*
ASA5585-40*
1. The ASA5585-60 is claimed to deliver 35G performance, 2,000,000 concurrent connections, and 6 x GE+4 x 10G interfaces in firewall
mode and doubled interfaces in IPS mode.
The ASA5585-60 with basic configurations costs 500,000 RMB in China and about 113,000 USD outside China. The USG9300 is
recommended for outshining the counterpart.
3. The USG5560, if used, still has strengths in the price, interfaces, and UTM.
1. No counterpart is available. Even though Cisco may use the ASA5585-20 or ASA5580-20 as the counterparts, the USG5550 still can beat
Cisco because of the low price.
HTB Cisco — From Product Perspective
40
200 Mbps
USG2130/260
-0.2
USG2230-0.8
USG5120-2
USG5160-6
5550-1.2
400 Mbps
1Gbps
4Gbps
5520-0.45
5540-0.65
USG5150-4
USG2250-1
USG2220-0.6
USG2210-0.4
USG2110-
0.12
5585-10-4*
5510-0.3
5505-0.15
1. The ASA5585-10 is claimed to deliver 4G performance, 750,000 concurrent connections, and 8 x GE+2 x 10G interfaces in firewall
mode and doubled interfaces in IPS mode.
2. The ASA5585-10 with basic configurations costs 63,000 RMB in China and about 15,000 USD outside China.
3. The USG5150 is recommended because of its strengths in UTM and interface scalability.
4. If the series is used to tackle with 10 Gigabit scenarios, you can use the USG5530s, which still has strengths in price.
1. The ASA5550 is claimed to deliver 1.2G performance, 8 x SFP+4 x GE+FE. The USG5120 is recommended.
2. The ASA5550 does not provide interface scalability or UTM features, which is the major beating point.
3. The ASA5550 is expensive, nearly twice that of the USG5120. Therefore, the USG5120 has strengths in terms of price.
1. The ASA5540 is claimed to deliver 650M performance, and the ASA5520 is claimed to deliver 450M performance. The USG2230 and
USG2220 are recommended.
2. Although the ASA5540 and ASA5520 support UTM, the antivirus and IPS functions cannot work together, which is the major beating point.
The ASA5540 and ASA5520 are expensive. Therefore, the USG has strengths in terms of price.
1. The ASA5510 is claimed to deliver 300M performance, and the interfaces cannot be expanded. The USG2210 is recommended.
2. The ASA5510 is priced at about 1777 USD outside China, while the USG is priced at 1000 USD outside China. Therefore, the USG
has strengths in terms of price.
1. The ASA5505 is claimed to deliver 150M performance, being the lowest model in the ASA series, and the interfaces cannot be
expanded. The USG2130 is recommended.
2. The ASA5505 does not support URL filtering, AS, and virtual firewall functions, which is the major beating point.
3. The ASA5505 with basic configurations is priced at 497 USD, while the USG2130 is priced at 384 USD. Therefore, the USG2130
has strengths in terms of price.
HTB Cisco — From Product Perspective
41
Contents
5 Success Stories
4 Competition Analysis
Click to add Title 2 Market Overview and Positioning
Click to add Title 3 Product Highlights
Click to add Title 6 Ordering Guide
Click to add Title 7 How to Obtain Documents
Click to add Title 1 Huawei and Enterprise Overview
42
Challenges
Features
Values
Security isolation of large volumes of traffic
at the data center
Visualized application management at the
data center
Deploys four USG5560s online and one for
backup
A maximum of 32 Gbit/s single-device
throughout
10 Gbit/s anti-DDoS capability
Identifies 1000+ application protocols
USG5500 implements zero-delay and zero
packet loss through hot standby, ensuring
service continuity.
China Central Television (CCTV)
43
Challenges
Features
Values
Frequent malicious attacks and virus
outbursts
Requires high performance and high
detection ratio
Deploys 13 USG5530Ss and 66
USG5320s to construct private network
defense
Up to 99% AV detection ratio
Dedicated anti-DDoS
UTM products defend the security of
governmental private networks.
Heilongjiang Provincial Department of Finance
44
VPN tunnel
IPSec encryption
VPN tunnel for Backup
Challenges
Features
Values
The Data Center of Ministry of the Interior faces thousands of
network attacks and intrusions everyday.
Almost 500 remote offices need to connect to the ministry HQ.
The information transferred and stored is confidential and sensitive.
Information leak is unacceptable.
Deploy USG5150 at the datacenter of HQ. Enable the UTM features.
Deploy USG2210/USG2110 at each remote office.
Build VPN tunnel between the HQ and office. Information transferred is
encrypted.
Security protection for HQ and remote office.
Secure and reliable connection between HQ and branches. Prevent critical
information leak.
All in One, simplifying the network structure and reducing purchase costs.
Internet
GDC1 GDC2
USG2110 USG2210
USG5150
Office A Office B Office C
VPN Solution for Poland Ministry of the Interior
45
Contents
4 Competition Analysis
Click to add Title 5 Success Stories
Click to add Title 2 Market Overview and Positioning
Click to add Title 3 Product Highlights
Click to add Title 6 Ordering Guide
Click to add Title 7 How to Obtain Documents
Click to add Title 1 Huawei and Enterprise Overview
46
USG5500 Series
Large Enterprises
USG5500 Specifications
• Positioning: High-end Gigabit and low-end 10 Gigabit UTMs
• Function: USG V3R1 features
A maximum of 32G firewall performance, user-specific security policies, enhanced UTM functions, and content-based security
filtering
Powerful online behavior management, IPv6 supported, and dual AC/DC power supplies
USG5550 and USG5560 delivered with FPGA accelerators
• Interface: Added USB-3G cards for the series, high and low-density GE cards, 10GE interface cards, optical and electrical interface
bypass cards, and up to 56GE+14*10G USG5500 interfaces
Specifications Height Power Supply Fixed Interface Expansion Slot
USG5530S 1U Dual AC power
supplies 4GE+4GE Combo 2*FIC
USG5530 3U Dual AC power
supplies 4GE+4GE Combo 1*DMIC+4*FIC+2*DFIC
USG5550 3U Dual AC/DC
power supplies 4GE+4GE Combo 1*DMIC+4*FIC+1*DFIC
USG5560 3U Dual AC/DC
power supplies 4GE+4GE
Combo+8GE SFP 1*DMIC+4*FIC+1*DFIC
47
USG5100 Series
Medium-sized Enterprises (600 to 1000U)
USG5100 Specifications
• Positioning: High-performance Gigabit UTMs
• Function: USG V3R1 features
A maximum of 6G firewall performance, user-specific security policies, enhanced UTM functions, and content-based security
filtering
Powerful online behavior management, IPv6 supported, DC models, and dual power supplies for 5150/5160
• Interface: Added electrical interface bypass cards, high or low-density GE cards, and multiple open service platforms (x86 cards)
Abundant WAN interface cards, including FE, GE, Serial, E1, ADSL2+, G.SHDSL, 3G, and Wi-Fi cards.
Specifications Height Power Supply Maximum Interface
USG5120 2U AC/DC 64GE+20FE
USG5150 3U Dual AC/DC
power supplies 84GE+28FE
USG5160 3U Dual AC/DC
power supplies 84GE+28FE
48
USG2200 Series
Small and Medium-sized Enterprise (100 to 600U)
USG2200 Specifications
• Positioning: High-performance 100M UTMs
• Function: USG V3R1 features
A maximum of 1G firewall performance, user-specific security policies, enhanced UTM functions, and content-based
security filtering
Powerful online behavior management, IPv6 supported, and DC models
• Interface: High or low-density GE cards, multiple open service platforms (x 86 cards), and abundant WAN interface cards,
including FE, GE, Serial, E1, ADSL2+, G.SHDSL, 3G, and Wi-Fi cards
Specifications Height Power Supply Maximum Interface
USG2210 1U AC 22GE+20FE
USG2220 1U AC 22GE+20FE
USG2230 1U AC 22GE+20FE
USG2250 1U AC/DC 22GE+20FE
USG2250 1U AC/DC 22GE+20FE
49
USG2100 Series
Branches of Small Enterprises (30 to 100U)
USG2100 Specifications
• Positioning: Entry-level 100M UTMs
• Function: USG V3R1 features
A maximum of 200M firewall performance, user-specific security policies, enhanced UTM functions, and content-based
security filtering
Powerful online behavior management, IPv6 supported, and DC models
• Interface: 1FE+8 FE fixed, 1/2 x expansion slot (2130/2160)
Abundant WAN interface cards, including Serial, E1, ADSL2+, FE, GE, G.SHDSL, 3G, and buitl-in Wi-Fi (-w models) cards
Specifications Height Power Supply Fixed Interface
USG2130/ USG2130W
1U AC 1FE+8 FE
USG2160/ USG2160W
1U AC 1FE+8 FE
50
USG2110 Series
Branches of Small Enterprises (2 to 30U)
USG2110 Specifications
• Positioning: SOHO desktop UTMs
• Function: USG V3R1 features
A maximum of 120M firewall performance, user-specific security policies, enhanced UTM functions, and content-based
security filtering
Powerful online behavior management, IPv6 supported, and DC models
• Interface: 1FE+8 FE fixed
Built-in Wi-Fi (-w models)
Specifications Fixed Interface
USG2110-F/ USG2110-F-W
2FE(WAN)+4FE(LAN)
USG2110-A-W 1ADSL+1FE(WAN)+8FE(LAN)
USG2110-A-GW-W 1ADSL+1FE(WAN)+8FE(LAN)+1*3G
51
Abundant UTM+ Interfaces
MIC-1E1\CE1 MIC-1SA
High-speed Interface
Wireless Interface Low-speed Interface
MIC-Wi-Fi
MIC-2SA MIC-1ADSL2+ MIC-1/2/4G.SHDHL
MIC-1FE MIC-5FE
DMIC-8FE+2GE
FIC-1GE FIC-4GE FIC-2F2C
FIC-4E1\CE1 FIC-2E1\CE1
FIC-8E1\CE1
DFIC Interface Card
DFIC-ESP
DFIC-16GE+4SFP
DFIC-18FE+2SFP
FIC-8GE电
FIC-2*10G+8GE DMIC-2*10G
FIC-2*10G
DMIC-2*10G
FIC-8GE electrical FIC-2*10G+8GE
4GE electrical interface bypass card
Dual optical interface bypass card
52
USG2000/5000 Configuration Guide
1. Select a host. 2 Select expansion interfaces (optional) 3. Value-added functions (optional)
Layer-3 Ethernet interfaces:
1FE/1GE/4FE/2FE2FEC.
Layer-2 Ethernet interfaces:
5FE/16GE4SF/18FE2SFP.
WAN interfaces:
E1/CE1/ADSL/G.SHDSL/Serial.
3G interfaces: supports USG and
built-in cards, and
WCDMA/CDMA2000/TD-
SCDMA.
SSL VPN license
(5/10/20/50/100/150/200/
500)
VFW license (5/10)
UTM license (1/2/3/YS)
IPS license
AV license
AS license
URL Filtering license
UTM four-in-one
license
4. Materials
Optical module
Optical fiber connector
Cable
Cable
References:
1. Network throughput
2. Number of users
3. Interfaces
Bypass cards: USG5000 only.
Wireless expansion base
53
References for Selecting USGs Series Product Name Interface Throughput Recommended Number of Users
USG2100
USG2110-x 2FE+8FE 180M 30 to 50
USG2130 1FE+8FE 200M 50 to 150
USG2160 1FE+8FE 200M 100 to 200
USG2200
USG2210 2GE combo 400M 200 to 400
USG2220 2GE combo 600M 300 to 500
USG2230 2GE combo 800M 400 to 600
USG2250 2GE combo 1G 500 to 700
USG5100
USG5120 2GE+2GE combo 2G 600 to 800
USG5150 4GE combo 4G 800 to1000
USG5160 4GE combo 6G 1000 to1200
USG5500
USG5530S 4GE+4GE combo 10G 10000
USG5530 4GE+4GE combo 15G 15000
USG5550 4GE+4GE combo 25G 20000
USG5560 4GE+8GE optical+4GE
combo 32G 25000
54
USG Interface Cards Interface Card Compatibility
USG2130/-W USG2160/-W USG2210 USG22220 USG22230 USG22250 USG5120 USG5150 USG5160 Interface delivered
with the host
1FE(WAN)+8FE(LAN
) 1FE(WAN)+8FE(LAN) 2GE Combo 2GE Combo 2GE Combo 2GE Combo 2GE+2GE Combo 4GE Combo 4GE Combo
Number of slots 1MIC 2MIC 4MIC+2FIC 4MIC+2FIC 4MIC+2FIC 4MIC+2FIC 4MIC+2FIC+2DFIC 4MIC+2FIC+4DFIC 4MIC+2FIC+4DFIC
MIC interface card
MIC-1E1 ● ● ● ● ● ● ● ● ●
MIC-1CE1 ● ● ● ● ● ● ● ● ●
MIC-1ADSL2+ ● ● ● ● ● ● ● ● ●
MIC-1FE ● ● ● ● ● ● ● ● ●
MIC-5FSW ● ● ● ● ● ● ● ● ●
MIC-1SA ● ● ● ● ● ● ● ● ●
MIC-2SA ● ● ● ● ● ● ● ● ●
MIC-4G.SHDSL.bis ● ● ● ● ● ● ● ● ●
MIC-2G.SHDSL.bis ● ● ● ● ● ● ● ● ●
MIC-1G.SHDSL.bis ● ● ● ● ● ● ● ● ●
MIC-3G ● ● ● ● ● ● ● ● ●
MIC-1Wi-Fi ● ● ● ● ● ● ● ● ●
DMIC-8FE2GE ● ● ● ● ● ● ● ● ●
Interface card conflicts For all models, each device supports only one interface card for 3G and Wi-Fi.
FIC interface card
FIC-2E1 ○ ○ ● ● ● ● ● ● ●
FIC-2CE1 ○ ○ ● ● ● ● ● ● ●
FIC-4E1 ○ ○ ● ● ● ● ● ● ●
FIC-4CE1 ○ ○ ● ● ● ● ● ● ●
FIC-8E1 ○ ○ ● ● ● ● ● ● ●
FIC-8CE1 ○ ○ ● ● ● ● ● ● ●
FIC-1GE ○ ○ ● ● ● ● ● ● ●
FIC-4GE ○ ○ ● ● ● ● ● ● ●
FIC-2F2C ○ ○ ● ● ● ● ● ● ●
DFIC interface card
DFIC-18FE+2SFP ○ ○ ● ● ● ● ● ● ●
DFIC-16GE+4SFP ○ ○ ● ● ● ● ● ● ●
55
Contents
4 Competition Analysis
Click to add Title 5 Success Stories
Click to add Title 2 Market Overview and Positioning
Click to add Title 3 Product Highlights
Click to add Title 6 Ordering Guide
Click to add Title 7 How to Obtain Documents
Click to add Title 1 Huawei and Enterprise Overview
56
How to Get Huawei Document Resource
Weapon1: Enterprise Website
http://enterprise.huawei.com/en/
Weapon2: Document Email
Channel Partner Program
– To learn Partner Policy
Partnership
– To be a partner
Material & Toolkit
– To find material and toolkit
Special Partner Zone
– ISV
Weapon 3: Document User Guide
Where can I find it
and give feedback?
57
How to Use Huawei Document Resources
Where can I find it
and give feedback
Web
http://enterprise.huawei.com/en
Product Main Slide (High-
level Version)
Product Main Slide (Tech-
level Version)
Sales Strategy Quick
Reference
Sales Strategy
Guidance
Product Brochure
(Brief edition)
Product
Datasheet
Quick
Reference
Module
Brochure
Feature Brochure
Product Photo
Article
Product Video
Case Study
Certificate Report
Function List
Product Comparison
List
Ordering Guide
EOM&EOS
Notice
Product Description
Product
Hardware Description
Test Report
(3rd party)
User Report
Product Pre-sale
Training Materials
FAQ
White Paper
Presentations Sales Guide Brochures Brand Case Studies Bidding Training White Papers
58
How to Get Pre-sale Help
Call Center
Huawei Experts
Team
Partners
Partners
7*24 hours presales email and
telephone support
Products and solutions consulting http://enterprise.huawei.com
/en/about/contact
Copyright©2012 Huawei Technologies Co., Ltd. All Rights Reserved.
The information in this document may contain predictive statements including, without limitation, statements regarding the future financial and operating results, future product
portfolio, new technology, etc. There are a number of factors that could cause actual results and developments to differ materially from those expressed or implied in the predictive
statements. Therefore, such information is provided for reference purpose only and constitutes neither an offer nor an acceptance. Huawei may change the information at any time
without notice.
HUAWEI ENTERPRISE ICT SOLUTIONS A BETTER WAY