Sunteți pe pagina 1din 6

Secospace USG2000 BSR/HSR Series

Secospace USG2000 BSR/HSR Series USG2100BSR/HSR Product Overview As a new-generation multi-service security routing

USG2100BSR/HSR

Product Overview

As a new-generation multi-service security routing gateway, Huawei Symantec's USG BSR/HSR product family transforms today's Small Business and Enterprise's workspace experience by delivering them high performance routing and switching, strong security enhancement, VPN, wireless access, and voice communication services in an integrated single platform. Based on advanced system architecture, the USG BSR/HSR product line has raised the bar for integrated networking and security solution to an unprecedented new level. It prepares modern SMB for the transition to cloud and virtualized applications or network services. The USG BSR/HSR family of products offers an integrated end-

Product Description

The USG BSR/HSR supports various I/O modules, which enable flexible configuration according to actual requirements, as well as all- around security defense and interconnection with diverse networks. Furthermore, the USG BSR/HSR supports LAN/WAN interfaces of diversified specifications and densities, including FE/GE, ADSL/ G.SHDSL, serial/T1/E1/CE1, WiFi/3G, and high-density switching modules. Thus, the USG BSR/HSR is adaptable to various application scenarios and can be easily deployed in all kinds of complex networking environments. The USG2100BSR/HSR series, including USG2120BSR, USG2130BSR/ HSR, USG2160BSR/HSR, provides a highly secure, scalable, flexible

Product Features

Multi-service concurrent access and End-to-End integration

Based on the optimal combination of advanced multi-core hardware

on the optimal combination of advanced multi-core hardware USG2200BSR/HSR to-end (E2E) security solution. Besides
on the optimal combination of advanced multi-core hardware USG2200BSR/HSR to-end (E2E) security solution. Besides
on the optimal combination of advanced multi-core hardware USG2200BSR/HSR to-end (E2E) security solution. Besides

USG2200BSR/HSR

to-end (E2E) security solution. Besides powerful routing and switching features, the USG BSR/HSR delivers multiple dedicated security functions, including stateful firewall, VPN, NAT, identity authentication, access control, and content security functions such

as Anti-Virus, Anti-Spam and Web URL-Filtering etc

These features

together protect customers' digital assets from DDoS attacks, worms, Trojans, viruses, intrusions, and network violations. The integration

of these functionalities with the full spectrum of WAN, LAN, 3G wireless, and WiFi, offers customers a complete solution with high performance switching and routing, multi-layered security, flexible WAN connectivity as well as a very valuable VoIP service.

and reliable platform for multi-service integration at enterprise and branch offices for small-to-medium sized business. USG2100BSR/HSR Series offers customers the ultimate mobility by integrating WiFi and 3G interfaces. Customers enjoy the benefits of mobility on both sides of the network, with uncompromised level of security on network access and content controls. The USG2200BSR/HSR series can be deployed for small and medium enterprises either as internal security gateways or as security gateways to connect branch offices and headquarters. USG2205BSR/HSR and USG2220BSR/HSR are designed to be modular 1U devices with multiple expansion slots, allowing multiple interface type selections.

platform and carrier-class routing software platform, the USG2000BSR/ HSR integrates the functions of security, routing, switching, wireless access, and voice with high performance and robustness.

Secospace USG2000 BSR/HSR Series

With less dependence on single-function hardware, the

USG2000BSR/HSR simplifies maintenance, saves energy, and

lowers consumption, thus improving the operation efficiency and

reducing operation and maintenance costs.

Utilizing versatile and normalized modular components, the

USG2000BSR/HSR improves the service interoperability.

Relying on the highly flexible and scalable software and hardware,

the USG2000BSR/HSR better protects enterprises' investment.

Extensive routing and link-level high availability

The following features enable the USG2000BSR/HSR to offer flexible

network extension.

The USG2000BSR/HSR provides extensive routing features, such

as static routing and dynamic routing (RIP, OSPF, and BGP), and

supports routing policies and routing iteration, which makes

networking more flexible.

With the policy-based per-session routing function, the

USG2000BSR/HSR enables the seamless interworking of policy-based

routing and security features (such as NAT and ASPF), supporting

interface-level load balancing. With failover configuration, when one

link fails, the traffic automatically switches to other normal links.

The built-in Layer-2 forwarding chip on the USG2000BSR/HSR

ensures the express switching capability at Layer 2. This feature

enables Layer-2 switching and security functions on a single device.

Comprehensive dedicated technologies for network protection

Excellent firewall functions support routing, transparent, and

hybrid working modes; basic packet filtering functions include

Product Specifications

security zone, ACL, static/dynamic blacklist, and MAC-IP address

binding functions; advanced stateful firewall functions provide

defense against ARP spoofing, DoS/DDoS, SYN flood, host

sweeping, and port scanning attacks.

Integrated UTM functions:

IPS:

provides efficient and precise deep packet inspection, and

accurately identifies IPS evasion and spoofing behaviors through

Symantec advanced IPS detection engine.

AV: efficiently and precisely detects and removes hidden viruses

in network traffic by virtue of Symantec cutting-edge virus

detection engine.

AS: effectively blocks spam and purifies enterprises' mail systems,

thus preventing spam from interfering with normal services.

precisely identifies access

to illegitimate Web sites and over 60 P2P/IM applications,

URL filtering and P2P/IM control:

and provides alerting, traffic limiting, and blocking actions to

guarantee bandwidth for normal services.

Diversified VPNs

The USG2000BSR/HSR delivers powerful VPN function, and

supports the following common VPNs for differentiated VPN

applications:

L2TP

IPSec VPN

Dynamic VPN (DVPN)

SSL VPN

GRE

MPLS VPN

Note: the BSR series does not support UTM and SSL VPN functions.

Model

 

USG2100BSR/HSR

USG2200BSR/HSR

USG2120BSR

USBG2130BSR/HSR

USG2160BSR/HSR

USG2205BSR/HSR

USG2220BSR/HSR

Performance and Capacity

Packet forwarding rate

160Kpps

175Kpps

180Kpps

250Kpps

350Kpps

Firewall throughput (maximum at Mbps)

150M

160M

180M

350M

550M

IPsec VPN (3DES)

40M

50M

60M

300M

500M

IPsec VPN (AES)

40M

50M

60M

300M

500M

Number of new connections per second

2000

2000

2000

20000

20000

Maximum number of concurrent sessions

80000

200000

200000

500000/1000000

500000/1000000

Maximum number of security policies

3000

3000

3000

3000

3000

Maximum number of users

50-80

70-100

70-100

100-200

200-400

Secospace USG2000 BSR/HSR Series

Model

 

USG2100BSR/HSR

USG2200BSR/HSR

USG2120BSR

USBG2130BSR/HSR

USG2160BSR/HSR

USG2205BSR/HSR

USG2220BSR/HSR

Extension and I/O

Interface for standard configuration

1WAN+8FE

2GE Combo

Extension slot

1MIC

1MIC

2MIC

4MIC+1FIC

4MIC+2FIC

   

MIC:

MIC:

1FE, 5FSW, 1E1, 1CE1, 1WiFi, 1SA, 2SA,  1ADSL2+, 4G.SHDSL.bis, 2G.SHDSL.bis, 1G.SHDSL.bis, 3G-WCDMA, 3G-CDMA2000 DMIC:

8FE2GE

1E1, 1CE1, 1SA, 2SA, 1ADSL2+, 1FE, 5FSW, 4G.SHDSL.bis, 2G.SHDSL.bis, 1G.SHDSL.bis, 3G-WCDMA, 3G-CDMA2000

Interface module

DMIC:

FIC:

8FE2GE

2E1, 2CE1, 4E1, 4CE1, 8E1, 8CE1, 2F2C, 1GE, 4GE, 16FXS, 32FXS, 1GPON DFIC:

USB Extension:

WCDMA 3G, CDMA2000 3G

 
 

X86, 18FSW-2SFP, 16GSW-4SFP USB Extension:

WCDMA 3G, CDMA2000 3G

Basic Firewall Features

Working mode

Transparent, routing, and hybrid

 

ASPF

Y

Access control

Y

Status validity check

Y

Blacklist and whitelist

Y

Security zone division

Y

Application protocol identification

Y

Anti-DDoS

Bidirectional defense

Y

Dynamic fingerprint learning

Y

SYN flood

Y

SYN-ACK flood

Y

UDP flood

Y

HTTP flood

Y

Connection flood

Y

ICMP flood

Y

NAT

Destination NAT/PAT

Y

Destination IP address (for NAT) on the same subnet with the IP address of the interface serving as the ingress

Y

Destination IP addresses and port numbers corresponding to one IP address and a specific port number

Y

(M:1P)

Destination IP addresses corresponding to one IP address (M:1)

Y

Destination IP addresses corresponding to multiple IP addresses (M:M)

Y

No-PAT

Y

PAT

Y

Permanent mapping between addresses before and after NAT

Y

Address grouping of the source IP address pool

Y

NAT for source IP addresses beyond the interface subnet range

Y

NAT Server

Y

Secospace USG2000 BSR/HSR Series

Model

 

USG2100BSR/HSR

USG2200BSR/HSR

USG2120BSR

USBG2130BSR/HSR

USG2160BSR/HSR

USG2205BSR/HSR

USG2220BSR/HSR

Bidirectional NAT

Y

NAT ALG

Y

Extended NAT (infinite addresses)

Y

Policy-based destination NAT

Y

IPsec VPN

IPSec VPN concurrent tunnels

64

2000

DES, 3DES, and AES encryption

Y

MD5 and SHA-1 authentication

Y

Manually configured key, PKI, and IKEv2

Y

Perfect Forward Secrecy (DH group)

125

Anti-replay attack

Y

Remote VPN access

Y

EAP authentication

Y

High Availability

Master/Slave, master/master

Y

Configuration synchronization

Y

Firewall and IPSec VPN sessions synchronization

Y

Device fault detection

Y

Link fault detection

Y

User Identity Authentication and Access Control

 

Built-in (internal) database

Y

RADIUS accounting

Y

Web-based authentication

Y

Public Key Infrastructure (PKI)

PKI certificate format (PKCS #7 and #10)

Y

Automatic certificate registration (SCEP)

Y

Certificate Authority (CA)

Y

Self-signed certificate

Y

Routing

BGP

10000

16000

BGP peer

16

128

OSPF

10000

16000

Scale of RIPv2 routing table

10000

16000

Dynamic routing

Y

Static routing

Y

Source-based routing

Y

Policy-based routing

Y

Routing policy

Y

Number of policy-based routes

100

100

FIB

10000

16000

Route iteration

Y

IPv6 Security

OSPFv3

Y

BGP4+

Y

IPv6 IS-IS

Y

IPv6 policy-based routing

Y

GRE for BPG/OSPFv3/IS-IS

Y

Standard IPv6 ACL

Y

Extended IPv6 ACL

Y

IPv6 interface statistics

Y

NAT-PT (4 to 6 and 6 to 4)

Y

IPv6 ND/SEND

Y

Secospace USG2000 BSR/HSR Series

 

Model

 

USG2100BSR/HSR

USG2200BSR/HSR

USG2120BSR

USBG2130BSR/HSR

USG2160BSR/HSR

USG2205BSR/HSR

USG2220BSR/HSR

Virtualization

 

Maximum number of security zones

16

Maximum number of VLANs for each

 

interface

4094

Management

 

Web UI (HTTP/HTTPS)

Y

CLI

(console)

Y

CLI

(Telnet)

Y

CLI

(SSH)

Y

U2000/VSM

Y

Hierarchical administrators

Y

Software upgrade

Y

Configuration rollback

Y

Logging/Monitoring

 

Structured system log

Y

SNMPv3

Y

Binary log

Y

Complementary log server (eLog)

Y

Dimensions, Power Supply, and Operating Environment

 

Dimensions (W x D x H)

420*255*43.6 mm

442*414*43.6mm

Weight

5Kg

Bare device: 5.4 kg; Full configuration: ≤8 kg

   

90~264V

AC

power supply

90264VAC

47~63Hz

DC

power supply

N

N

Y

Power consumption

15W

15W

54w(BSR)/100w(HSR)

Ambient temperature

040

0to 45(runtime), 5to 55(transient condition)

Ambient humidity

5% to 95%, non-condensing

 

5% to 95%, non-condensing

Authentication

 

Security authentication

Y

EMC authentication

Y

CB

authentication

Y

RoHS

Y

FCC

Y

C-tick

Y

VCCI

Y

Subscription Information

Part Number

Part Description

Configuration Principle

1.1

BSR Series

 

USG2120BSR-AC

USG2120BSR AC Host, with HS General Security Platform Software

 

USG2130BSR-AC

USG2130BSR AC Host, with HS General Security Platform Software

 

USG2130BSR-W-AC

USG2130BSR AC Host, 802.11a/b/g/n, with HS General Security Platform Software

 

USG2160BSR-AC

USG2160BSR AC Host, with HS General Security Platform Software

 

USG2160BSR-W-AC

USG2160BSR AC Host, 802.11a/b/g/n, with HS General Security Platform Software

 

USG2205BSR-AC

USG2205BSR AC Host, with HS General Security Platform Software

 

USG2220BSR-AC

USG2220BSR AC Host, with HS General Security Platform Software

 

1.2

HSR Series

 

USG2130HSR-AC

USG2130HSR AC Host, with HS General Security Platform Software

 

USG2130HSR-W-AC

USG2130HSR AC Host, 802.11a/b/g/n, with HS General Security Platform Software

 

USG2160HSR-AC

USG2160HSR AC Host, with HS General Security Platform Software

 

Secospace USG2000 BSR/HSR Series

Part Number

 

Part Description

Configuration Principle

USG2160HSR-W-AC

USG2160HSR AC Host, 802.11a/b/g/n, with HS General Security Platform Software

 

USG2205HSR-AC

USG2205HSR AC Host, with HS General Security Platform Software

 

USG2220HSR-AC

USG2220HSR AC Host, with HS General Security Platform Software

 

1.3

Interface Extension Module of BSR/HSR Multi-Service Gateway

 

MIC

MIC-1E1

1-PORT E1 Interface Board(DB15), 3*1, with HS General Security Platform Software

 

MIC-1CE1

1-PORT CE1 Interface Board(DB15), 3*1, with HS General Security Platform Software

 

MIC-3G-WCDMA

3G-WCDMA Service Board, 3*1, with HS General Security Platform Software

 

MIC-3G-CDMA2000

3G-CDMA2000 Service Board, 3*1, with HS General Security Platform Software

 

MIC-1G.shdsl

1

Channel G.shdsl Interface Board, with HS General Security Platform Software

 

MIC-2G.shdsl

2

Channel G.shdsl Interface Board, with HS General Security Platform Software

 

MIC-4G.shdsl

4

Channel G.shdsl Interface Board, with HS General Security Platform Software

 

MIC-1FE

1-Port Fast Ethernet Electrical Interface Board(RJ45), 3*1, with HS General Security Platform Software

 

MIC-5FE

5-Port Fast Ethernet Switch Electrical Interface Board(RJ45), 3*1, with HS General Security Platform Software

 

MIC-1SA

1-Channel Sync/Async Serial Port Interface Card, 3*1, with HS General Security Platform Software

 

MIC-2SA

2-Channel Sync/Async Serial Port Interface Card, 3*1, with HS General Security Platform Software

 

MIC-ADSL2+-MUL

ADSL2+Multi-PVCs, 3*1, with HS General Security Platform Software

 

MIC-ADSL2+-SIN

ADSL2+ MIC, 3*1, with HS General Security Platform Software

 

MIC-WIFI

WLAN Service Board, with HS General Security Platform Software

 

DMIC-8FE2GE

8FE(RJ45)+2GE(RJ45) Mixed Interface Card, with HS General Security Platform Software

 

FIC

FIC-2E1

2-port Channelized E1 Interface Card, with HS General Security Platform Software

 

FIC-2CE1

2-port E1&Fractional E1 Interface Card, with HS General Security Platform Software

 

FIC-4E1

4-port E1 Interface Card-DB44-75ohm, 1*1, with HS General Security Platform Software

 

FIC-4CE1

4-port Channelized E1 Interface Card-DB44-75ohm, 1*1, with HS General Security Platform Software

 

FIC-8E1

8-port E1 Interface Card-DB44-75ohm, 1*1, with HS General Security Platform Software

 

FIC-8CE1

8-port Channelized E1 Interface Card-DB44-75ohm, 1*1, with HS General Security Platform Software

 

FIC-2FE2FEC

2FE(RJ45)+2FE(RJ45&SFP) MIXED INTERFACE CARD, 1*1, with HS General Security Platform Software

 

FIC-1GE-RJ45

1-port GE Electrical Interface Card(RJ45), with HS General Security Platform Software

 

FIC-4GE-RJ45

4GE(RJ45)Electrical Interface Board, 1*1, with HS General Security Platform Software

 

FIC-16FXS

16-port FXS interface board

 

FIC-32FXS

32-port FXS interface board

 

FIC-GPON

1-port GPON FIC Board

 

DFIC

DFIC-16GE4SFP

16GE(RJ45)+4GE(SFP) Mixed Interface Card, with HS General Security Platform Software

 

DFIC-18FE2SFP

18FE(RJ45)+2GE(SFP) Mixed Interface Card, with HS General Security Platform Software

 

DFIC-ESP-E

Safety Product, USG2200, SU11X86HS02, Enhanced Services Platform Enterprise Version, X86 Board, CPU T7500, 2GB Memory, 160G Enterprise Hard Disk

 

DFIC-ESP-C

Safety Product, USG2200, SU11X86HS01, Enhanced Services Platform Common Version, X86 Board, CPU T7500, 2GB Memory, 160G Universal Hard Disk

 

USB extension card

USB-3G-WCDMA

SRG, SRGM1WCDMA, USB 3G WCDMA Card

 

USB-3G-CDMA2000

SRG, SRGM1CD2K, USB 3G CDMA2000

 

About this publication

The information contained in this document is for reference purpose only, do not constitute the warranty of any kind,experss or implied. It is subject to change or withdrawal according to specific customer requirements and conditions. All the trademarks, pictures, and brands mentioned in this document are the property of Huawei Symantec Technologies Co.,Ltd or their respective holders.

Copyright ©2010 Huawei Symantec Technologies Co., Ltd. All rights reserved.

Version No.: M3-110019999-20101206-V-1.0