USG6635E-AC Specification

Description

USG6635E AC Host (2*40GE (QSFP+) + 12*10GE (SFP+) + 16*GE, 2 AC power supplies)

Dimensions (H x W x D) mm

43.6 x 442 x 420

Form Factor/Height

1U

Fixed Interface

2 x 40GE (QSFP+) + 12 x 10GE (SFP+) + 16 x GE*

*Some 10G ports and 40G ports are mutually exclusive. The ports can be configured as follows: 2 x 40GE (QSFP+) + 8 x 10GE (SFP+) + 16 x GE (RJ45) + 1 x USB or 1 x 40GE (QSFP+) + 12 x 10GE (SFP+) + 16 x GE (RJ45) + 1 x USB.

USB Port

1 x USB 2.0

Weight (Full Configuration)

7.6 kg

External Storage

Optional, SSD (1 x 2.5 inch) supported, 240 GB/HDD 1TB

Power Supply

100 V to 240 V

Typical power consumption of the machine

136.1 W

Power Supplies

Dual AC power supplies

Operating Environment (Temperature/Humidity)

Temperature: 0°C to 45°C

Humidity: 5% to 95%, non-condensing

Non-operating Environment Temperature

-40°C to +70°C

Humidity: 5% to 95%, non-condensing

Firewall Throughput¹ (1518/512/64-byte, UDP)

30/30/30 Gbit/s

Firewall Latency (64-byte, UDP)

15 µs

FW + SA + IPS Throughput² 

13 Gbit/s

FW + SA + IPS + Antivirus Throughput² 

12 Gbit/s

Concurrent Sessions (HTTP1.1)¹

12,000,000

New Sessions/Second (HTTP1.1)¹ 

400,000

IPsec VPN Throughput¹ (AES-256 + SHA256, 1420-byte)

20 Gbit/s

SSL Inspection Throughput³

6 Gbit/s

Concurrent SSL VPN Users (Default/Maximum)

100/5000

Security Policies (Maximum)

40,000

Virtual Firewalls

500

URL Filtering: Categories

More than 130

URL Filtering: URLs

A database of over 120 million URLs in the cloud

Automated Threat Feedback and IPS

Signature Updates

Yes

Third-Party and Open-Source Ecosystem

Open API for integration with third-party products, providing

RESTful and NetConf interfaces

Other third-part management software based on SNMP, SSH, and Syslog

Co-operation with third-party tools, such as Tufin, AlgoSec, and FireMmon

Collaboration with anti-APT solution

Centralized Management

Centralized configuration, logging, monitoring, and reporting is performed by Huawei eSight and eLog

VLANs (Maximum)

4094

VLANIF Interfaces (Maximum)

1024

1. The performance is tested under ideal conditions based on RFC2544 and RFC3511. The actual result may vary with deployment environments.

2. The Antivirus, IPS, and SA performance is measured using 100 KB HTTP files.

3. SSL inspection throughput is measured with IPS enabled and HTTPS traffic using TLS v1.2 with AES128-GCM-SHA256.

*SA: indicates service awareness.

Local Storage

Optional, SSD (1 x 2.5-inch) supported, 240 GB/HDD (1 x 2.5-inch supported, 1 TB)

Integrated Protection

Provides firewall, VPN, intrusion prevention, antivirus, data leak prevention, bandwidth management, anti-DDoS, URL filtering, and anti-spam functions.

Application Identification and Control

Identifies more than 6,000 applications with the access control granularity to application functions, for example, distinguishing between WeChat text and voice. Combines application identification with intrusion detection, antivirus, and data filtering, improving detection performance and accuracy.

Bandwidth Management

Manages per-user and per-IP bandwidth in addition to identifying service applications to ensure the network access experiences of key services and users. Control methods include limiting the maximum bandwidth, ensuring the minimum bandwidth, applying PBR, and changing application forwarding priorities.

Intrusion Prevention and Web Protection

Obtains the latest threat information in a timely manner for accurate detection and defense against vulnerability-based attacks. The device can defend against web-specific attacks, including SQL injection and XSS attacks.

AAPT

Collaborates with the local or cloud sandbox to detect and block malicious files.
Supports the flow probe information collection function to collect traffic information and send the collected information to the Cybersecurity Intelligence System (CIS) for analysis, evaluation, and identification of threats and APT attacks.
Encrypted traffic does not need to be decrypted. The firewall can work with the CIS to detect threats in encrypted traffic.
The firewall can proactively respond to malicious scanning behavior and work with the CIS to analyze behavior, quickly detect and record malicious behavior, and protect enterprises against threats in real time.

Cloud Management Mode

Initiates authentication and registration to the cloud management platform to implement plug-and-play and simplify network creation and deployment.
Remote service configuration management, device monitoring, and fault management are used to implement cloud-based management of massive numbers of devices.

Cloud Application Security Awareness

Controls enterprise cloud applications in a refined and differentiated manner to meet enterprises’ requirements for cloud application management.