USG6525E-AC Overview Huawei HiSecEngine USG6500E series fixed-configuration next-generation firewalls are enterprise-class firewalls designed for small and medium-sized enterprises and chain organizations. Compare to Similar Items Product Code USG6525E-AC USG6555E-AC USG6565E-AC USG6585E-AC Dimensions (H x W x D) mm 43.6 x 442 x 420 43.6 x 442 x 420 43.6 x 442 x 420 43.6 x 442 x 420 Form Factor/Height 1U 1U 1U 1U Fixed Interface 2 x 10GE (SFP+) + 8 x GE Combo + 2 x GE WAN 2 x 10GE (SFP+) + 8 x GE Combo + 2 x GE WAN 2 x 10GE (SFP+) + 8 x GE Combo + 2 x GE WAN 2 x 10GE (SFP+) + 8 x GE Combo + 2 x GE WAN External Storage Optional, SSD (M.2) card supported, 64 GB/240 GB Optional, SSD (M.2) card supported, 240 GB Optional, SSD (M.2) card supported, 240 GB Optional, SSD (M.2) card supported, 240 GB Firewall Throughput1 (1518/512/64-byte, UDP) 2/2/2 Gbit/s 4/4/3.6 Gbit/s 6/6/3.6 Gbit/s 9/8/4 Gbit/s FW + SA + IPS Throughput2 1.5 Gbit/s 2.1 Gbit/s 2.2 Gbit/s 2.2 Gbit/s FW + SA + IPS + Antivirus Throughput2 1.5 Gbit/s 2.0 Gbit/s 2.2 Gbit/s 2.2 Gbit/s Concurrent Sessions (HTTP1.1)1 3,000,000 4,000,000 4,000,000 4,000,000 New Sessions/Second (HTTP1.1)1 70,000 78,000 80,000 80,000 USG6525E-AC Specification USG6525E-AC Specification Description USG6525E AC Host (2*10GE (SFP+) + 8*GE Combo + 2*GE WAN, AC power) Dimensions (H x W x D) mm 43.6 x 442 x 420 Form Factor/Height 1U Fixed Interface 2 x 10GE (SFP+) + 8 x GE Combo + 2 x GE WAN Dedicated management port Yes USB Port 1 x USB 2.0 + 1 x USB 3.0 Weight (Full Configuration) 5.8 kg External Storage Optional, SSD (M.2) card supported, 64 GB/240 GB AC Power Supply 100V to 240V Typical power consumption of the machine 35 W Power Supplies Single AC power supply, optional dual AC power supplies Operating Environment (Temperature/Humidity) Temperature: 0C to 45C Humidity: 5% to 95%, non-condensing Non-operating Environment Temperature: -40C to +70C Humidity: 5% to 95%, non-condensing Firewall Throughput1 (1518/512/64-byte, UDP) 2/2/2 Gbit/s Firewall Latency (64-byte, UDP) 18 s FW + SA + IPS Throughput2 1.5 Gbit/s FW + SA + IPS + Antivirus Throughput2 1.5 Gbit/s Concurrent Sessions (HTTP1.1)1 3,000,000 New Sessions/Second (HTTP1.1)1 70,000 Maximum IPsec VPN Tunnels (GW to GW) 4,000 Maximum IPsec VPN Tunnels (Client to GW) 4,000 IPsec VPN Throughput1 (AES-256 + SHA256, 1420-byte) 2 Gbit/s SSL Inspection Throughput3 300 Mbit/s Concurrent SSL VPN Users (Default/Maximum) 100/500 Security Policies (Maximum) 15,000 Virtual Firewalls 50 URL Filtering: Categories More than 130 URL Filtering: URLs A database of over 120 million URLs in the cloud Automated Threat Feedback and IPS Signature Updates Yes Third-Party and Open-Source Ecosystem Open API for integration with third-party products, providing RESTful and NetConf interfaces Other third-part management software based on SNMP, SSH, and Syslog Cooperation with third-party tools, such as Tufin, AlgoSec and FireMon Collaboration with anti-APT solution Centralized Management Centralized configuration, logging, monitoring, and reporting is performed by Huawei eSight and eLog VLANs (Maximum) 4094 VLANIF Interfaces (Maximum) 1024 1. The performance is tested under ideal conditions based on RFC2544 and RFC3511. The actual result may vary with deployment environments. 2. The Antivirus, IPS, and SA performance is measured using 100 KB HTTP files. 3. SSL inspection throughput is measured with IPS enabled and HTTPS traffic using TLS v1.2 with AES128-GCM-SHA256. *SA: indicates service awareness. Local Storage Optional, SSD (M.2) card supported, 64 GB/240 GB Integrated Protection Provides firewall, VPN, intrusion prevention, antivirus, data leak prevention, bandwidth management, anti-DDoS, URL filtering, and anti-spam functions. Application Identification and Control Identifies more than 6,000 applications with the access control granularity to application functions, for example, distinguishing between WeChat text and voice. Combines application identification with intrusion detection, antivirus, and data filtering, improving detection performance and accuracy. Bandwidth Management Manages per-user and per-IP bandwidth in addition to identifying service applications to ensure the network access experience of key services and users. Control methods include limiting the maximum bandwidth, ensuring the minimum bandwidth, applying PBR, and changing application forwarding priorities. Intrusion Prevention and Web Protection Obtains the latest threat information in a timely manner for accurate detection and defense against vulnerability-based attacks. The device can defend against web-specific attacks, including SQL injection and XSS attacks. AAPT Interworks with the local or cloud sandbox to detect and block malicious files. Encrypted traffic does not need to be decrypted. It can associate with the big data analysis platform CIS to detect threats in encrypted traffic. It proactively responds to malicious scanning behavior and associates with the CIS for behavior analysis to quickly detect and record malicious behavior, protecting enterprise against threats in real time. Cloud Management Mode Initiates authentication and registration to the cloud management platform to implement plug-and-play and simplify network creation and deployment. Remote service configuration management, device monitoring, and fault management are used to implement cloud-based management of mass devices. Cloud Application Security Awareness Controls enterprise cloud applications in a refined and differentiated manner to meet enterprises requirements for cloud application management.
