Вы находитесь на странице: 1из 6

Secospace USG2000

Secospace USG2000
Secospace USG2000

Product Overview Product Family

Huawei Symantec Secospace USG2000 is a series of new-
generation high-performance unified security gateways
designed by Huawei Symantec to meet the security
requirements of small and medium-sized enterprises. The
USG2000 is a low-end and mid-range gateway based on
Huawei VRP software platform that comes with a range of
features, including: firewall, anti-DDoS, IPS, anti-spam, and P2P USG2130
traffic blocking and limiting, IM software control, WLAN WiFi
(802.11b, 802.11g, or 802.11g/b), and 3G access. The USG2000
supports L2TP, IPSec, SSL, and MPLS VPN services. The USG2000
provides high-performance security protection at the egresses USG2160
of small and medium-sized enterprises, branches of large
enterprises, networks for counties and cities, and Internet
cafes. The USG2000 is an ideal security protection device for
small and medium-sized enterprise networks and ensures that
normal operations are maintained. USG2210/USG2220/USG2230/USG2250

Product Features
Integrator of low-end and mid-range unified optimal performance. This architecture ensures the high-

security gateways — integrating multiple speed concurrent processing of services, such as IPS, anti-

functions, promoting efficiency, and saving spam, NAT, ASPF, anti-DDoS, and VPN. In addition, the multi-

investment core architecture ensures the smooth use and outstanding

The USG2000 has extensive functionality, including: firewall performance of UTM functions.

protection, anti-DDoS, IPS, anti-spam, P2P traffic blocking and

limiting, and IM software control. In addition, the USG2000 Comprehensive VPN solution — adapting to
supports L2TP, IPSec, SSL, and MPLS VPN services. The USG2000 encrypted transmission of multiple services
integrates major security functions into one device, which The USG2000 supports multiple VPN networking technologies
helps customers improve their security capabilities and work such as GRE, L2TP, IPSec, SSL, and MPLS. The USG2000
efficiency and save investment. adopts built-in high-performance hardware encryption and
decryption chips, thus delivering industry-leading encryption

Advanced embedded multi-core architecture performance among counterpart products.

— providing high-performance user The USG2000 supports a wide range of encryption algorithms,

experience including DES, 3DES, and AES to ensure high-intensity

The USG2000 adopts embedded multi-core architecture for encrypted transmission. In addition, the USG2200 supports
Secospace USG2000

Supporting the routing mode, transparent mode,

and composite mode
Supporting ASPF, NAT, QoS, and ACLs

Supporting 3G Supporting complete VPN solutions

Wireless VPN
Supporting WiFi in L2TP, GRE, IPSec, SSL, and MPLS

SYN Flood
Intrusion Prevention
UDP Flood
ICMP Flood USG2000 System1000+: Supporting the
detection of the signature
DNS Flood
Intrusion library that has more than
Prevention 1000 signatures
CC protection
System IPS Supporting the examination
on five major protocols
Automatic online upgrade of
the signature library
ICMP protection
P2P MSN control
Supporting the real-time blocking Blocking and traffic control of BT,
RBL blacklist and traffic Thunder, eMule, and PPLive
control Game and stock software control
Automatic online upgrade of the
signature library

IKEv2 and enhances the functions of user authentication, 19 FE interfaces.

packet authentication, and NAT traversal. Therefore, the hidden As well as two combo GE interfaces, the USG2210/2220/2230/2250
hazards of man-in-the-middle attacks and DoS attacks are provides four MIC extension slots and two extension slots
eliminated. for the flexible interface card (FIC). The MIC extension slots
The VPN feature of the USG2200 series, provided by license, is can house different interface cards such as 1 x FE, 1 x E1/
optional. Customers can apply for such licenses from Huawei CE1, 5 x FE-SW, 1 x ADSL2+, 1 x SA, and 1 x WiFi. The FIC
Symantec as required. extension slots can house different interface cards such as
1 x GE and 2 x E1/CE1. The maximum interface density of the

Extensive interface types and high interface USG2210/2220/2230/2250 is 4 GE+10 FE+2 E1/CE1 interfaces.

density — enabling flexible networking

The USG2110 provides one FE WAN interface and four FE LAN WiFi and 3G — meeting the customer
interfaces to meet the requirements of small and medium- requirements in WLAN and WWAN
sized enterprises. In addition to one fixed FE WAN interface and networking
eight FE LAN interfaces, the USG2130 has one extension slot The USG2000 supports WLAN WiFi (802.11b, 802.11g, or
for the mini interface card (MIC), while the USG2160 provides 802.11g/b), automatic rate adaptation, wireless channel
two MIC extension slots. The MIC extension slots can house selection, transmit power control, encryption, broadcast
different interface cards such as 1 x FE, 1 x E1/CE1, 5 x FE-SW, suppression, hidden service set identifier (SSID), battery
1 x ADSL2+, and 1 x SA. Both the USG2130 and the USG2160 saving mode, and management maintenance. In addition, the
provide the 3G interface card. The maximum interface density USG2000 supports the encryption modes of WPA-PSK, WPA2-
of the USG2130 is 14 FE interfaces and that of the USG2160 is PSK, WEP, AES, and TKIP. The USG2000 provides two omni-
Secospace USG2000

directional antennas to realize antenna gain. The UTM signature library, which is automatically upgraded
The USG2130/2160 supports WWAN 3G access through USB through the worldwide accessible upgrade server, effectively
interfaces, and WCDMA, CDMA2000, and TD-SCDMA models. protects enterprises against worms, spam, intrusion and
The USG2130/2160 supports 2G to super-3G data transmission attacks that exploit network vulnerabilities. The USG2130/2160
mode. The transmission mode of the USG2000 is compatible supports the IPS 1000+ signature library and the identification
with HSDPA/WCDMA 2100M/1900M/850M and GSM/GPRS/ of five major protocols; that is, HTTP, SMTP, POP3, IMAP4, and
EDGE 1900M/1800M/900M/850M. FTP. The USG2130/2160 supports the blocking and limiting of
traffic from tens of applications, such as BT, Thunder, eMule,

UTM functions automatically upgrading and PPLive. The USG2130/2160 can identify and control game

the signature library — helping customers and stock software, and multiple versions of QQ and MSN

control the intranet security and promote based on time and IP addresses. In addition, the USG2130/2160

work efficiency has an inbuilt anti-spam function.

Typical Networking Scenario

Enterprise headquarter


Enterprise A Enterprise C
(20 Users) (20Users)
USG2000 E1 ADSL2+ USG2000

Enterprise B Partner
(50 Users) 50Users

Typical networking of the USG2000

Secospace USG2000

Product Specifications
Item USG2110 USG2130/USG2160 USG2210/2220/2230/2250

IPSec VPN Supported Supported Supported

SSL VPN Not supported Supported Supported

Vitual firewall Not supported Supported Supported

Integrated interface 1 FE WAN+4 FE LAN 9 FE 2 combo GE

Extension slot Not supported 1 MIC+1 Express/2 MIC+1 Express 4 MIC+2 FIC

MIC: MIC: 1FE/5FE /1E1/1CE1/1SA/1ADSL2+/1WiFi

Extension interface card Not supported
1FE/5FE/1E1/1CE1/1SA/1ADSL2+ FIC: 1GE/2E1/2CE1

USB interface Not supported 1 (v2.0) 2 (v2.0)

WiFi feature Not supported Supported Supported

WAN interface FE FE, ADSL2+, SA, E1/CE1, 3G FE, GE, ADSL2+, E1/CE1, SA

AC (USG2210/2220/2230)
Power AC AC
AC/DC (USG2250)

Dimensions (mm) (W×D×H) 280×190×35 420×255×44.2 442×420×44.2

Secospace USG2000

Secospace USG2000

The information contained in this document is for reference purpose only, do not constitute the warranty of any kind, experss or implied. It is
subject to change or withdrawal according to specific customer requirements and conditions.
All the trademarks, pictures, and brands mentioned in this document are the property of Huawei Symantec Technologies Co., Ltd or their
respective holders.

Copyright ©2010 Huawei Symantec Technologies Co., Ltd. All rights reserved.

Version No.: M3-110019999-20100120-V-1.0