Huawei USG9000 Functions Details

As a world leading Huawei networking products supplier, Hong Telecom Equipment Service LTD(HongTelecom) keeps regular stock of Huawei router and switch and all cards at very good price, also HongTelecom ship to worldwide with very fast delivery.

For related articles, visit the HongTelecom Blog and HongTelecom WordPress.

For real pictures of related product, visit the HongTelecom Gallery.

To buy related product, visit the HongTelecom Online Shop.

Introduction to the USG9000

At present, the USG9000 can work in three modes: routed mode, transparent mode, and composite mode.

  • routing mode In routing mode, the USG9000 uses the layer 3 for external connections, and all interfaces must be assigned with IP addresses. When the USG9000 is located between the internal network and the external network, you need to configure the interfaces, through which the USG9000 is connected with the internal network and the external network, with IP addresses on different network segments and re-plan the network topology. In this case, the USG9000 serves as a router. As shown in Figure 2-1, the USG9000 is connected with the internal network through an interface in the Trust zone, while it is connected with the external network through an interface in the Untrust zone. Note that the interface in Trust zone and the interface in Untrust zone reside in different two subnets.
    Figure 2-1  Networking in routing mode

    When working in routing mode, the USG9000 can complete ACL packet filtering. However, network topology needs to be changed. For example, internal network users need to change their gateways and routers' routing configurations need to be changed.

  • transparent mode In transparent mode, the USG9000 uses the layer 2 for external connections, and none of the interfaces can be assigned with IP addresses. In this case, the USG9000 is transparent to users in subnets and routers. That is, users do not feel the existence of the USG9000. As shown in Figure 2-2, the USG9000 is connected with the internal network through interfaces in the Trust zone, while it is connected with the external network through interfaces in the Untrust zone. Note that the internal network and the external network must reside in the same subnet.
    Figure 2-2  Networking in transparent mode

    If the USG9000 works in transparent mode, you do not need to change network topology. In transparent mode, you only need to place the USG9000 in the network like placing a bridge without need of modifying any existing configuration. Similar to the routing mode, IP packets also need to be filtered and checked in transparent mode, and internal users can be protected by the USG9000.

  • composite mode If there are both interfaces working in routing mode (such interfaces have IP addresses) and interfaces working in transparent mode (such interfaces have no IP address) in the USG9000, the USG9000 is working in composite mode. Composite mode is applied in the case of dual-system hot backup with transparent mode. The interface on which VRRP is enabled needs to be configured with an IP address, and other interfaces do not. Figure 2-3 shows a typical networking in composite mode.
    Figure 2-3  Networking in composite mode

    Master and backup USG9000s are connected with the internal network through interfaces in the Trust zone, while they are connected with the external network through interfaces in the Untrust zone. In addition, master and backup USG9000s connect each other and perform hot standby through VRRP. Note that the internal network and the external network must reside in the same subnet.

    Intrusion Prevention System (IPS)

    The IPS function prevents intrusion attacks on network terminal applications through the detailed resolution and anomaly detection of application protocols.

    • Intrusion Detection and Protection

      The IPS function monitors the status of traffic on the network, accurately and comprehensively detects intrusions, and responds to the intrusions according to related policies.

      The traditional firewall does not perform deep and comprehensive inspection on data at the application layer. For example, the Hypertext Transfer Protocol (HTTP) is widely used on the network. Therefore, HTTP data flows account for a large proportion of network data. The data flows, however, also bring many hidden security threats. Thus traditional firewall function fails to perform deep inspection on the data flows. In this case, you can use the IPS to inspect them. According to customized settings, IPS can block intrusions in a timely manner to secure the intranet. It also supports after-the-event auditing so that the information about the intrusions is recorded in real time.

      The IPS function of the USG9000 supports different IPS policies for application scenarios and the policies are extensive. You can customize different policies according to actual network conditions.

      • The IPS supports IP fragment reassembly and TCP flow reassembly, to prevent attacks from escaping the IPS inspection.
      • It can effectively identify application protocols running on non-well-known ports and inspect the protocol data to improve the rate of inspecting intrusions.
      • It also supports protocol anomaly analysis and feature inspection to inspect attacks such as worm viruses, Trojan horses, scanning, and spyware. Through command lines and Web pages, you can view attacks included in the signature database, query the attack description corresponding to each attack signature, and learn the impact of each attack on the network.
    • IPS Signature Database

      The USG9000 provides the pre-defined signature database, and also supports the self-defined signatures.

      The USG9000 provides an extensive IPS signature database, covering most current intrusion features, including worms, Trojan horses, and spyware. This can effectively detects intrusions. In addition, the USG9000 supports self-defined signatures that support regular expressions and provides strong grammatical capability. You can define signatures for certain intrusion attacks according to network traffic features, implementing effect security protection.

      The IPS function of the USG9000 responds quickly to newly detected attacks. The IPS database supports the online update. You can configure the USG9000 to proactively connect to the security service center on the specified time point for the update; or you can update the IPS database manually in real time. In the case that the USG9000 cannot access the security service center on the Internet, you can download the update package from the security service center to the USG9000, and then implement the offline update. In addition, the USG9000 supports the rollback of the IPS signature database.

    • IPS Logs

      All IPS logs, including logs related to intrusion attacks, system monitoring, and traffic statistics, are sent to the eLog server for storage and management. You can log in to the eLog server to view the log information and export reports.