USG9500 Data Center Firewall

World’s fastest data center firewall ensures secure services in the cloud and for large data centers and enterprise campus networks. Integrated switching, routing, and security enable smooth upgrade, carrier-class reliability, comprehensive virtualization, and terabit-level processing capability.

NP+ multi-core + distributed architecture integrates security, virtualization, and service awareness. Ensures 99.999% high availability while easing equipment room space requirements.

Specifications

Product USG9520 USG9560 USG9580
Expansion Slots 3 8 16
Firewall Throughput 100 Gbit/s 480 Gbit/s 960 Gbit/s
Maximum Number of Concurrent Connections 80,000,000 480,000,000 960,000,000
Basic Functions Routing/Transparent/Composite mode, state validation detection, blacklist and whitelist, access control, Application Specific Packet Filter (ASPF), security zone division, virtual firewall, smart route, load balancing
NAT/CGN Destination NAT/PAT, NAT NO-PAT, source NAT-IP address persistency, source IP address pool grouping, NAT Server, bidirectional NAT, NAT-ALG (Application Layer Gateway), unlimited IP address expansion, policy-based destination NAT, port range pre-allocation, hair pinning mode, SMART NAT, NAT64, DS-Lite, 6RD (IPv6 Rapid Deployment)
IPS Protocol anomaly support, custom signature support, automatic attack database update, defense against worms, zero-day attacks, Trojans horses, and malware
PKI PKI certificate requests (PKCS 10), Certificate Authority (CA)PKI authentication: EAP-SIM, EAP-AKA

PKI protocol: SCEP, OCSP, CMPv2
Self-signed certificate
Virtual System 4,096-Virtual Firewall (VFW) definition, VLAN virtualization, security zones virtualization, user-defined virtual resources, route between VFW, VFW-based traffic CAR
DDoS Mitigation SYN-flood, ICMP-flood, TCP-flood, UDP-flood, DNS-floodPort-scan, Smurf, Tear-drop, IP-Sweep

IPv6-extension-header defense, TTL detection, TCP-mss detection, attack log output