T - Class Next Generation Internet Security Hardware Firewall USG9580 All In One

T-class next-generation firewall USG9580

Key characteristics

T-class performance, all-in-one, highly reliable network security protection

Provides the industry's highest performance 160Gbps service board, saving rack space by 75%, the whole machine can be extended to 1.44Tbps throughput and up to 1.44 billion concurrent;
Supports various interface types such as GE, 10GE, 40GE, and 100GE. The single slot density can be up to 48GE or 24*10GE. Distributed hardware framework and expansion card design, easy to expand, protect pre-investment;
Supports traditional features such as NAT, VPN, IPS, and Anti-DDoS, and enhanced features such as service awareness, virtualization, and IPv6 security. Multi-service integration, replacing one device with multiple devices, effectively reducing TCO;
Excellent hardware and software design, reliability up to 99.999%, support dual master control, dual-system hot backup, load balancing, full redundancy to avoid downtime, hot-swappable components to ensure continuous upgrade and expansion online.

Technical Parameters
 

parameter
USG9520
USG9560
USG9580
Basic characteristics
Support 6000+ application layer protocol identification and flow control, application layer packet filtering (ASPF), access control, state legitimacy detection, address translation, black and white list, virtual firewall
In a multi-egress scenario, intelligent routing, load balancing, and security domain division can be performed according to various load balancing algorithms (such as bandwidth ratio and link health status). In most scenarios, one device can replace the traditional firewall. Multiple network devices such as flow control and load balancing
NAT/CGN
Support large-scale address translation in various scenarios, with 400+ patents, feature support including destination NAT/PAT, NAT NO-PAT, source NAT-IP address persistency, source IP address pool group, NAT Server, bidirectional NAT, NAT- ALG, unrestricted IP address extension, policy-based destination NAT, port range pre-allocation, hairpin access mode, SMART NAT, NAT64, DS-Lite, 6RD (IPv6 Rapid Deployment), etc.
Application security features

Supports attack detection and prevention with over 5,000 vulnerability features. Support web attack recognition and protection, such as cross-site scripting attacks, SQL injection attacks, etc.
High-performance virus engine that protects more than 5 million viruses and Trojans, and the virus signature database is updated daily;
Cloud-based URL classification filtering, pre-defined classification library over 80 major categories, more than 85 million
VPN/PKI
Supports mainstream encryption and decryption protocols such as IPSec, GRE, L2TP, etc., supports manual key, PKI (X.509), IKEv2, redundant VPN gateway, EAP authentication, etc.
Virtual system
Support enterprise multi-tenant management, one physical host virtual 4096 virtual software system (VSYS), support VLAN virtualization, security domain virtualization, custom virtual resources, virtual system routing, virtual system-based traffic CAR, management virtualization , multi-tenant virtual resource isolation, etc.
DDoS attack protection
Supports a variety of DoS and DDoS attack defenses including the application layer: SYN Flood, SIP Flood, ICMP Flood, UDP Flood, DNS Query Flood, DNS Cache Poisoning Attack, DNS Reflection Attack, Connection Flood, HTTP Flood, HTTPS Flood, etc.
Supports DDOS traffic self-learning function, which can accurately define the traffic threshold baseline according to the actual situation of the existing network traffic.
Data leakage prevention
Identify and filter the transmitted files and content. 120+ common file types can be identified to prevent virus attacks by modifying the suffix name. Can restore Word and Excel, PPT, PDF, RAR and other 30+ files and content filtering to prevent corporate key information from leaking through files