Huawei USG6620-AC Next-Generation Firewall Supports 300 GB Or 600 GB Hard Disk USG6620-AC Overview Huawei USG6620 Next-Generation Firewall USG6620-AC includes 8*GE (RJ-45) ports, 4*GE SFP ports, 8GB memory and 1 AC power supply. Huawei USG6620-AC firewall is designed for large- and medium-sized enterprises and next-generation data centers. Huawei USG6600 series firewall provides fine-grained service access control and service acceleration through context awareness by Application, Content, Time, User, Attack, or location (ACTUAL). Moreover, Huawei USG6600 integrates application-layer protection functions, such as Intrusion Prevention System (IPS) and antivirus with application identification technologies to improve the threat defense efficiency and accuracy. The USG6600 accurately identifies over 6000 applications (including mobile and web applications) and their functions, and then implements access control and service acceleration. For example, the USG6600 can identify the voice and data services of an instant message and apply different control policies for the services. The USG6600 is a multi-purpose device that provides comprehensive protection to reduce the management cost. Fine-grained bandwidth management and QoS optimization greatly reduce enterprises bandwidth leasing fees and ensure user experience in mission-critical services. In short, the USG6600 is a simple and efficient device that provides up-to-date next-generation security. USG6620-AC Specification USG6620 Specifications Fixed port 8 GE + 4 SFP Height 1U Dimensions (H x W x D) 442 mm x 421 mm x 43.6 mm Weight (full configuration) 10 kg HDD Optional. Supports single 300 GB hard disks (hot swappable). Redundant Power Supply Optional AC Power Supply 100V to 240V Maximum Power 170W Features NAT, application-specific access control, VPN, intrusion prevention, antivirus, data leak prevention, bandwidth management, anti-DDoS, URL filtering, and anti-spam Functions Context Awareness Application, Content, Time, User, Attack, Location (ACTUAL)based awareness capabilities Eight authentication methods (local, RADIUS, HWTACACS, SecureID, AD, CA, LDAP, and Endpoint Security) Application Security Fine-grained identification of over 6000 application protocols, application-specific action, and online update of protocol databases Combination of application identification and virus scanning to recognize the viruses (more than 5 millions), Trojan horses, and malware hidden in applications Combination of application identification and content detection to identify file types and sensitive information to prevent information leaks Intrusion Prevention Provides over 5,000 signatures for attack identification. Provides protocol identification to defend against abnormal protocol behaviors. Supports user-defined IPS signatures. Web Security Cloud-based URL filtering with a URL category database that contains over 85 million URLs in over 80 categories Defense against web application attacks, such as cross-site scripting and SQL injection attacks HTTP/HTTPS/FTP-based content awareness to defend against web viruses URL blacklist and whitelist and keyword filtering Email Security Real-time anti-spam to detect and filter out phishing emails Local whitelist and blacklist, remote real-time blacklist, content filtering, keyword filtering, and mail filtering by attachment type, size, and quantity Virus scanning and notification for POP3/SMTP/IMAP email attachments Data Security Data leak prevention based on content awareness File reassembly and data filtering for more than 30 file types (including Word, Excel, PPT, and PDF), and file blocking for more than 120 file types Security Virtualization Virtualization of security features, forwarding statistics, users, management operations, views, and resources (such as bandwidths and sessions) Network Security Defense against more than 10 types of DDoS attacks, such as the SYN flood and UDP flood attacks VPN technologies: IPSec VPN, SSL VPN, L2TP VPN, MPLS VPN, and GRE Routing IPv4: static routing, RIP, OSPF, BGP, and IS-IS IPv6: RIPng, OSPFv3, BGP4+, IPv6 IS-IS, IPv6 RD, and ACL6 Working Mode and Availability Transparent, routing, or hybrid working mode and High Availability (HA), including the Active-Active and Active-Standby mode Intelligent Management Evaluates the network risks based on the passed traffic and intelligently generates policies based on the evaluation to automatically optimize security policies. Supports policy matching ratio analysis and the detection of conflict and redundant policies to remove them, simplifying policy management. Provides a global configuration view and integrated policy management. The configurations can be completed in one page. Provides visualized and multi-dimensional report display by user, application, content, time, traffic, threat, and URL. The USG6600 provides unified network security for large and medium-sized enterprises, organizations, and data centers. Integrated firewall, VPN, intrusion prevention, antivirus, and data leakage prevention deliver high-performance protection. Identifies more than 6,300+ applications and analyzes intranet service traffic across six dimensions, automatically generating security policy suggestions. Optimize security management and boost application-layer protection with the USG6600 Series Firewall. USG6600 is certified by ICSA Labs in Firewall, IPS, IPSec, SSL VPN and AV categories, is certified at CC EAL4+ level, and earned the Recommended Rating from NSS Labs. Business