HUAWEI HiSecEngine USG6500F Series AI Firewalls

HUAWEI HiSecEngine USG6500F Series AI Firewalls

As digitalization is sweeping the world, extensive connections, explosive growth of data, and booming
intelligent applications are profoundly changing the way we live and work. Enterprise services are going
digital and moving to the cloud, which promotes the transformation of enterprise networks while bringing
greater challenges to network security. As threats increase, unknown threats are ever-changing and highly
covert. As users' requirements for security services increase, performance and latency become
bottlenecks. With mass numbers of security policies and logs, threat handling and O&M are extremely
time-consuming. As the "first gate" on network borders, firewalls are the first choice for enterprise
security protection. However, traditional firewalls can only analyze and block threats based on signatures
and therefore are unable to effectively handle unknown threats. In addition, the effectiveness of threats
depends on the professional experience of O&M personnel. The single-point, reactive, and in-event
defense method cannot effectively defend against unknown threat attacks, let alone threats hidden in
encrypted traffic.
With new hardware and software architectures, Huawei HiSecEngine USG6500F series, in either desktop
or 1 U models, are next-generation AI firewalls that feature intelligent defense, outstanding performance,
and simplified O&M, effectively addressing the preceding challenges. The USG6500F series uses
intelligence technologies to enable border defense to accurately block known and unknown threats.
Equipped with multiple built-in security-dedicated acceleration engines, the USG6500F series firewalls
support enhanced forwarding, content security detection, and IPsec service processing acceleration. The
security O&M platform implements unified management and O&M of multiple types of security products,
such as firewalls, anti-DDoS devices, reducing security O&M OPEX. In addition, the USG6500F-DL series
support the LTE function, which can be used to implement flexible, efficient, and fast network deployment
in remote areas or mobile office scenarios.

1 Product Highlights
Excellent performance
By leveraging fresh-new hardware and software architectures of forwarding and control separation,
HiSecEngine USG6500F series AI firewalls dynamically allocate resources to service modules through the
adaptive security engine (ASE), maximizing resource utilization and improving overall service performance.
For core services, the HiSecEngine USG6500F series also supports network processor (NP), pattern
matching, and encryption/decryption engines. These engines greatly improve short-packet forwarding,
reduce the forwarding latency, and enhance application identification, intrusion prevention detection, and
IPSec service performance.

2025-05-25 Page 1 of 19
 HUAWEI HiSecEngine USG6500F Series AI Firewalls

Intelligent defense
HiSecEngine USG6500F series AI firewalls provide content security functions, such as application
identification, IPS, antivirus, and URL filtering to protect intranet servers and users against threats.
HiSecEngine USG6000F series also support to detect unknown threats by interworking with sandbox.
Traditional IPS signatures are manually produced through analysis, resulting in low productivity. Also, the
accuracy of the signatures depends heavily on expert experience. Huawei innovatively enables the IPS
signature production on the intelligent cloud by adopting intelligence technologies and utilizing expert
experience. Such an intelligent mode helps increase the signature productivity by 30 times compared with
manual production, reduce errors caused by manual analysis, and continuously improve the accuracy of
intrusion detection.
The built-in antivirus content-based detection engine (CDE) powered by intelligence technologies can
detect unknown threats and provide in-depth data analysis. With these capabilities, the CDE-boosted
firewall is able to gain insight into threat activities and quickly detect malicious files, effectively improving
the threat detection rate.
USG supports to detect and defend malware spreading and network attacks, like Worm, Virus, Trojan-
horse, Spyware, etc. malware spreading and botnet, DoS/DDoS, SQL injection, cross site attack,
ransomware,etc.

2025-05-25 Page 2 of 19
 HUAWEI HiSecEngine USG6500F Series AI Firewalls

Simplified O&M
The HiSecEngine USG6500F series provides a brand-new web UI, which intuitively visualizes threats as well
as displays key information such as device status, alarms, traffic, and threat events. With multi-
dimensional data drilling, the web UI offers optimal user experience, enhanced usability, and simplified
O&M.
The HiSecEngine USG6000F series firewalls can be centrally managed by the security management
platform SecoManager, implementing a shift from single-point defense to collaborative network
protection. The SecoManager provides policy tuning and intelligent O&M capabilities. It can also manage
security products, such as anti-DDoS devices to quickly eliminate network threats and improve security
handling effectiveness.
The HiSecEngine USG6500F series NGFW can also be managed by NCE-Campus, and NCE-Campus can also
support to manage switch, AR, POL device at the same time, even third party devices.

A wide range of network features

Huawei HiSecEngine USG6500F series also provides various network features such as VPN, IPv6, and
intelligent traffic steering.
⚫ Provides various VPN features such as IPsec VPN and SSL VPN, and supports multiple encryption
algorithms, such as DES, 3DES, AES, and SHA, ensuring secure and reliable data transmission.

2025-05-25 Page 3 of 19
 HUAWEI HiSecEngine USG6500F Series AI Firewalls

⚫ Provides secure and rich IPv6 network switchover, policy control, security protection, and service
visualization capabilities, helping government, media, carrier, Internet, and finance sectors
implement IPv6 reconstruction.
⚫ Provides dynamic and static intelligent traffic steering based on multi-egress links, selects the
outbound interface based on the specified link bandwidth, weight, or priority, forwards traffic to each
link based on the specified traffic steering mode, and dynamically tunes the link selection result in
real time to maximize the usage of link resources and improve user experience.
⚫ Most threats and attacks come from network traffic. Firewalls are deployed at the egress of the local
network to interwork with Huawei Qiankun security cloud service to implement automatic threat
analysis and handling. This ensures the interconnection between the intranet and extranet,
effectively intercepts traffic attacks, and automatically handles external attack sources. Protects
enterprise network resources.

Collaboration with Huawei Qiankun Security Cloud Service

⚫ Most threats and attacks come from network traffic. Firewalls are deployed at the egress of the local
network to interwork with Huawei Qiankun security cloud service to implement automatic threat
analysis and handling. This ensures the interconnection between the intranet and extranet,
effectively intercepts traffic attacks, and automatically handles external attack sources. Protects
enterprise network resources.

⚫ By associating with Huawei Qiankun security cloud service, the firewall can obtain security services
such as border protection and response on demand. Lightweight deployment and unified cloud O&M
effectively reduce hardware stacking and greatly reduce enterprise security investment and O&M
difficulties.

2 Deployment
Small data center border protection
⚫ Firewalls are deployed at egresses of data centers, and functions and system resources can be
virtualized. The firewall has multiple types of interfaces, such as 10G (SFP+), GE (RJ45) and GE(SFP)
interfaces. Services can be flexibly expanded without extra interface cards.

2025-05-25 Page 4 of 19
 HUAWEI HiSecEngine USG6500F Series AI Firewalls

⚫ The intrusion prevention capability effectively blocks a variety of malicious attacks and delivers
differentiated defense based on virtual environment requirements to guarantee data security.
⚫ VPN tunnels can be set up between firewalls and mobile workers and between firewalls and branch
offices for secure and low-cost remote access and mobile working.

Enterprise border protection

⚫ Firewalls are deployed at the network border. The built-in traffic probe can extract packets of
encrypted traffic to monitor threats in encrypted traffic in real time.
⚫ The policy control and data filtering functions of the firewalls are used to monitor social network
applications to prevent data breach and protect enterprise networks.

3 Product Appearance
Rich access capability: Ethernet, LTE/5G RU and GPON.

Figure:
HiSecEngine USG6510F-D/USG6530F-D

HiSecEngine USG6510F-DL/USG6530F-DL

HiSecEngine USG6510F-DPL/ USG6530F-DPL

HiSecEngine USG6560F-D

2025-05-25 Page 5 of 19
 HUAWEI HiSecEngine USG6500F Series AI Firewalls

HiSecEngine USG6525F/USG6555F/USG6565F/USG6585F

HiSecEngine USG6585F-B

4 Software Features
Feature Description

Integrates firewall, VPN, intrusion prevention, antivirus, bandwidth

Integrated protection management, Anti-DDoS, and URL filtering functions, and provides a global
configuration view and integrated policy management.

Application identification based on signatures, correlation, and behaviors

instead of ports; 6000+ preset applications, which can be further classified;
Application identification
support for user-defined applications; 50+ categories and 20+ risk labels for
and control
access control based on categories and labels; automatic update of the
application identification signature database

Supports traffic management and control based on the VLAN ID, 5-tuple,
security zone, region, application, and time range, and implements integrated
content security inspection.
Security policy
Provides predefined templates for common attack defense scenarios to
management
facilitate security policy deployment.
Supports interworking with third-party policy management software (FireMon
and Algosec) to facilitate security O&M.

Manages per-IP bandwidth based on service application identification to

Bandwidth management guarantee the network experience of key services and users. The management
and control can be implemented by limiting the maximum bandwidth,
guaranteeing the minimum bandwidth, and changing the application forwarding

2025-05-25 Page 6 of 19
 HUAWEI HiSecEngine USG6500F Series AI Firewalls

priority.

Obtains the latest threat information in a timely manner and accurately detects
and prevents vulnerability exploits; covers tens of thousands of CVE
vulnerabilities; prevents the exploit of vulnerabilities (such as those in Windows
and Unix/Linux operating systems, databases, Apache, IIS, and Tomcat as well as
middleware), web attacks (such as SQL injection, XSS, and RCE), botnets, remote
control, and Trojan horses; supports brute force cracking detection based on
Intrusion prevention user behavior; provides 25,000+ predefined signatures and supports user-
defined signatures and automatic signature database update; supports attack
forensics collection, full-flow packet obtaining (including three-way handshake
information), and attack fragment display to facilitate O&M; supports X-
Forwarded-For (XFF) field extraction.
The USG6500F-D series supports a maximum of 10000 IPS signatures.

Detects malware in files transmitted through protocols like HTTP, FTP, SMTP,
POP3, IMAP4, NFS, and SMB; detects Trojan horses, worms, spyware,
vulnerability exploits, adware, hacker tools, Rootkit, backdoors, grayware,
botnet programs, ransomware, phishing software, cryptojacking software, and
web shell programs; supports virus detection for Office files, executable files
Antivirus
(Windows/Linux/MacOS), script files, flash files, PDF files, RTF files, web pages,
and images; supports attack forensics collection; supports the inspection of
archive files of up to 100 nested compression levels in multiple compression
formats, such as tar, gzip, zip, rar, and 7z, and supports multiple actions, such as
alert, block, add declaration, and attachment deletion.

The heuristic antivirus engine uses detection technologies such as AI, semantic
analysis, and Emulator, coupled with threat and reputation information, to
Advanced malware detect packed malware, script morphing, and malware embedded in compound
prevention documents. It can detect billions of malware variants and supports automatic
update of the signature database. In addition, it can send suspicious files to the
local or cloud sandbox for further inspection to detect zero-day malware.

The URL category database on the cloud contains 560 million URLs in over 130
categories, such as news, games, gambling, drugs, and malicious web pages.
URLs cover over 100 languages, and key categories of URLs cover over 20
languages. The URL category query servers are deployed in multiple
countries/regions to provide high-speed and low-latency category query
services. User-defined URL/host whitelist and blacklist are supported. HTTPS
traffic can be filtered without decryption. TLS/SSL traffic can be decrypted
before filtering. HTTP/2 and QUIC traffic can be filtered, and URL categories can
Web security be imported in batches.

Supports Safe Search enforcement across five major search engines: YouTube,
Bing, Google, Yahoo, and Yandex, with mandatory filtering of illegal or
inappropriate content in search results.

URL access can be controlled based on users/user groups, time ranges, and
security zones to precisely manage users' online behaviors.

DNS security Based on massive threat information, technologies such as AI and knowledge
graph are used to detect malicious DNS requests, including C&C domain names,

2025-05-25 Page 7 of 19
 HUAWEI HiSecEngine USG6500F Series AI Firewalls

DGA-generated domain names, compromised sites, and malicious domain

names such as cryptojacking, ransomware, and phishing domain names. The
local malicious domain name database supports a maximum of 2 million
malicious domain names.
DNS category-based filtering, DNS safe search, and DNS redirection (sinkhole)
are also supported.

Supports the detection and prevention of viruses and advanced malware, such
as botnets, Trojan horses, worms, remote control tools, and spyware, and
Anti-botnet/spyware prevents the download of malware; quickly detects malicious traffic like C&C
based on signatures, IP addresses, and domain reputation information; displays
the roles of communication parties in botnet attack logs.

Huawei Intelligent Security Center leverages multiple AI algorithms and expert

analysis to generate massive threat information about IP addresses, domain
names, URLs, and files on a daily basis. The threat information is automatically
Threat information
synchronized to devices for threat detection to quickly block emerging attacks.
In addition, it can interconnect with third-party threat information sources to
enrich inspection rules.

Supports common industrial control protocols such as Modbus, S7, Profinet, and
OPC, identification and control of IoT devices such as cameras, and IoT asset risk
assessment. Supports vulnerability detection for IoT devices like cameras and
industrial control software and protocols like ICS/SCADA.
The traffic probe function, coupled with HiSec Insight situational awareness
OT/IoT security system, can learn the traffic behavior baseline of IoT assets and detect and
evaluate IoT asset risks.
1.For details about the list of supported OT protocols, see
https://isecurity.huawei.com/security/wiki/application (Business Systems > Industrial).
2. The USG6500F-D series does not support industrial control protocols.
3. Firewalls are deployed at Level 3.5 or above of the Purdue model.

Collects and parses metadata and attack forensics information, including

network-layer metadata (such as IP addresses, ports, and packet characteristics)
and application-layer metadata (such as field information obtained after in-
depth parsing of protocols like HTTP, DNS, TLS, and SSH), and sends the data to
Flow probe the HiSec Insight security situational awareness platform for further analysis by
using algorithms, such as deep learning and machine learning algorithms, to
detect potential, unknown, and advanced threats in network traffic.
The USG6500F-D series does not support Flow probe.

Uses technologies such as source IP address detection, fingerprint detection,

and dynamic traffic limiting to defend against over 10 common DDoS attacks
and over 20 single-packet attacks, such as SYN flood, UDP flood, ICMP flood,
Anti-DDoS HTTP flood, HTTPS flood, DNS flood, and SIP flood attacks, and supports traffic
baseline learning and IP reputation-based filtering.
The USG6500F-D series supports only single-packet attack defense.

Supports mail address filtering (covering the sender and recipient addresses)
Mail filtering
and SMTP mail sending rate limiting.

2025-05-25 Page 8 of 19
 HUAWEI HiSecEngine USG6500F Series AI Firewalls

Supports identification of 100+ real file types, user-defined file name

extensions, and file type-based upload/download control; supports keyword
DLP
filtering for Office documents, web pages, code, and TXT files; supports user-
defined keywords, regular expressions, and weight configuration.

Supports SaaS application identification and access control based on signatures,

DNS, IP addresses (IP address database of the top 50 SaaS applications), and
SaaS access control
first packets, and supports traffic steering based on SaaS applications, ensuring
good SaaS application experience.

Audits and regulates common user online behaviors, including FTP operations
Behavior audit (upload, download, and command), HTTP operations (posting, search, and
browsing), DNS, Telnet, SNMP, and email sending and receiving operations.

Supports service-specific PBR and intelligently selects the optimal link based on
Intelligent uplink selection multiple types of load balancing criteria (such as the bandwidth ratio and link
health status) in multi-ISP scenarios.

Supports various highly reliable VPN features, such as IPsec VPN, SSL VPN, and
VPN encryption GRE, and multiple encryption algorithms, such as DES, 3DES, AES, SHA, SM2,
SM3, and SM4.

Detects and defends against threats hidden in TLS/SSL-encrypted traffic,

SSL-encrypted traffic performs application-layer protection, such as intrusion prevention, antivirus,
inspection data filtering, and URL filtering, on decrypted TLS/SSL traffic, and supports URL
category whitelist.

Replaces the server to implement SSL encryption and decryption, reducing the
SSL offloading
server load and implementing load balancing of HTTP traffic.

Provides visualized and multi-dimensional reports by IP address, application,

Diversified reports
time, traffic, or threat.

Supports virtualization of multiple types of security services, including firewall,

Security virtualization intrusion prevention, antivirus, and VPN services; allows users to separately
conduct personalized management on the same physical device.

Supports multiple types of IPv4/IPv6 routing protocols, such as RIP, OSPF, BGP,
Routing
IS-IS, RIPng, OSPFv3, BGP4+, and IPv6 IS-IS.

Supports IPv4 Layer 3 multicast protocols, such as IGMP, MSDP, and PIM, and
IP multicast
provides point-to-multipoint services to reduce bandwidth consumption.

Supports transparent (Layer 2), routing (Layer 3), tap, and hybrid working
Deployment and reliability modes and high availability (HA), including the Active/Active and Active/Standby
modes.

Supports IPv6, Layer 4/Layer 7 server load balancing, and multiple session
persistence methods such as source IP address-based and HTTP cookie-based
session persistence; supports SSL offloading and encryption; combines services
Server load balancing
and security policies to improve service security; supports health check based
on multiple protocols such as TCP, RADIUS, DNS, and HTTP to detect server
status changes promptly.

Security center The built-in asset identification module can identify assets such as Windows,
Linux, Android, and iOS assets and cameras, perform correlation analysis on

2025-05-25 Page 9 of 19
 HUAWEI HiSecEngine USG6500F Series AI Firewalls

threat logs and assets, and display asset risk assessment results and the entire
kill chain.

Supports IS-IS for SRv6, BGP for SRv6, SRv6 BE, SRv6 TE policy, SRv6 midpoint
SRv6 protection, SRv6 microloop avoidance, SRv6 OAM, SRv6 SRH compression, SRv6
TI-LFA FRR, and EVPN L3VPN.

Provides a built-in secure SD-WAN solution for low-cost and business-level

Internet links.
Supports zero-touch provisioning (ZTP) through email to complete device
provisioning in minutes without requiring technical skills.

Secure SD-WAN Supports forward error correction (FEC) to prevent pixelated display and video
freezing at a 30% packet loss rate; supports real-time link switching based on
link quality ensure key application experience.
Supports multi-link routing and dual-CPE flexible networking to ensure
uninterrupted connections for site services; supports E2E IPsec encryption to
ensure secure service transmission.

Supports multiple authentication modes for Internet access users, including

local Portal authentication and single sign-on (SSO). In local Portal
authentication, the built-in Portal page of the device can be pushed to users,
User authentication and the account and password entered on the Portal page by a user can be sent
to the local database or RADIUS, HWTACACS, AD, or LDAP authentication server
for authentication. SSO includes RADIUS SSO and Agile Controller (NCE-Campus)
SSO.

Supports telemetry to automatically read information from hardware, such as

fans, power modules, optical modules, Ethernet ports, temperature sensors,
O&M capability
and drivers, and sends interface traffic statistics, CPU usage, and memory usage
to the collector.

Functions as a PPPoE client to provide Internet access services, including user

PPPoE
authentication and authorization and dynamic IP address allocation.

Firewall Interworking with Huawei Qiankun Security CloudService

Service Description

Intrusion detection and prevention: Leverages signatures to block application-

layer attacks, terminates the transfer of phishing emails and malware (such as
viruses and Trojan horses), detects compromised hosts on the internal network,
and disconnects these hosts from the Internet to protect the security and
stability of customer services.

Automatic event analysis: Combines intelligent analysis and manual analysis by

Border protection and experts to analyze security events to ensure the accuracy of attack blocking and
response service security alarms and optimize attack identification rules.

Whitelist and blacklist: Supports whitelist and blacklist configuration on the

Portal or app to protect services from threats.

Periodic security reports: Generates weekly and monthly reports on security

protection events and sends the reports to users by email.

Emergency notification: Identifies emergencies from security events and sends

2025-05-25 Page 10 of 19
 HUAWEI HiSecEngine USG6500F Series AI Firewalls

notifications to users via SMS and email.

5 Specifications
System Performance and Capacity

USG6510 USG6530 USG6560 USG6510F-DL USG6530F-DL

Model
F-D F-D F-D USG6510F-DPL USG6530F-DPL
2.5/2.5/2.5
5/5/3.6 Gbps 2.5/2.5/2.5
IPv4 Firewall Gbps 5/5/3.6 Gbps
with Gbps
Throughput1 with 12/12/3.6 with enhanced
enhanced with enhanced
(1518/512/64-byte, enhanced Gbps license:12/12/3.
license:12/12 license:6/6/3.6
UDP) license:6/6/ 6 Gbps
/3.6 Gbps Gbps
3.6 Gbps
2.5/2.5/2.5
5/5/3.6 Gbps 2.5/2.5/2.5
IPv6 Firewall Gbps 5/5/3.6 Gbps
with Gbps
Throughput1 with 12/12/3.6 with enhanced
enhanced with enhanced
(1518/512/84-byte, enhanced Gbps license:12/12/3.
license:12/12 license:6/6/3.6
UDP) license:6/6/ 6 Gbps
/3.6 Gbps Gbps
3.6 Gbps
2.5/2.5
5/5Gbps
Gbps 2.5/2.5 Gbps
Secure SD-WAN with 5/5Gbps
with with enhanced
Throughput(1400/512 enhanced 6.6/6.6 Gbps with enhanced
enhanced license:5/5
byte,UDP) 9 license:6/6 license:6/6 Gbps
license:5/5 Gbps
Gbps
Gbps
SD-WAN EVPN max
200 200 200 200 200
tunnels
Firewall Throughput
5.4 Mpps 5.4 Mpps 5.4 Mpps 5.4 Mpps 5.4 Mpps
(Packets Per Second)
Firewall Latency (64-
18 µs 18 µs 18 µs 18 µs 18 µs
byte, UDP)
FW + SA* Throughput2 1.8 Gbps 2.2 Gbps 3 Gbps 1.8 Gbps 2.2 Gbps
NGFW Throughput
1.6 Gbps 1.8 Gbps 2.2Gbps 1.6 Gbps 1.8 Gbps
(HTTP 100K)3
NGFW Throughput
1 Gbps 1.2 Gbps 1.3 Gbps 1 Gbps 1.2 Gbps
(Enterprise Mix) 4
Threat Protection
Throughput (HTTP 1.3 Gbps 1.5 Gbps 2 Gbps 1.3 Gbps 1.5 Gbps
100K)7

2025-05-25 Page 11 of 19
 HUAWEI HiSecEngine USG6500F Series AI Firewalls

Threat Protection
Throughput 800 Mbps 1 Gbps 1.2 Gbps 800 Mbps 1 Gbps
(Enterprise Mix)5
Concurrent Sessions 800,000 1,000,000 1,000,000 800,000 1,000,000
IPv6 Concurrent
200,000 500,000 500,000 200,000 500,000
Sessions1
New Sessions/Second
40,000/s 50,000 50,000 40,000/s 50,000
(HTTP1.1)1
IPv6 New
Sessions/Second 8000/s 30,000 30,000 8,000 30,000
(HTTP1.1)1
IPsec VPN Throughput1
(AES-256 + SHA256, 2 Gbps 3.7 Gbps 3.7 Gbps 2 Gbps 3.7 Gbps
1420-byte)
Maximum IPSec VPN
1,000 2,000 2,000 1,000 2,000
Tunnels (GW to GW)
Maximum IPsec VPN
1,000 2,000 2,000 1,000 2,000
Tunnels (Client to GW)
SSL Inspection
400 Mbps 400 Mbps 550 Mbps 400 Mbps 400 Mbps
Throughput8
SSL VPN Throughput6 200 Mbps 300 Mbps 300 Mbps 200 Mbps 300 Mbps
Concurrent SSL VPN
Users 100/300 100/1000 100/1000 100/300 100/1000
(Default/Maximum)
Firewall Policies
3,000 3,000 3,000 3,000 3,000
(Maximum)
Virtual Firewalls 10 20 20 10 20
URL Filtering:
More than 130
Categories
URL Filtering: URLs A database of over 560 million URLs in the cloud
Automated IPS Yes, an industry-leading security center from Huawei
Signature Updates (https://isecurity.huawei.com/security/service/ips)
Third-Party and Open- Open API for integration with third-party products, providing NETCONF interfaces.
Source Ecosystem Other third-party management software based on SNMP, SSH, and Syslog
VLANs (Maximum) 4094
VLANIF Interfaces
4094
(Maximum)

Model USG6525F USG6555F USG6565F USG6585F USG6585F-B

IPv4 Firewall 2.5/2.5/2.5 10/10/5 Gbps
5/5/3.6 Gbps 7/7/3.6 Gbps 9/9/4 Gbps
Throughput1 Gbps with enhanced

2025-05-25 Page 12 of 19
 HUAWEI HiSecEngine USG6500F Series AI Firewalls

(1518/512/64-byte, license:20/18/5
UDP) Gbps
IPv6 Firewall 10/10/5 Gbps
Throughput1 2.5/2.5/2.5 with enhanced
5/5/3.6 Gbps 7/7/3.6 Gbps 9/9/4 Gbps
(1518/512/84-byte, Gbps license:20/18/5
UDP) Gbps
Secure SD-WAN
Throughput(1400/512 2.5/2.5 Gbps 5/5 Gbps 6/6 Gbps 9/6.6 Gbps 10/6.8 Gbps
byte,UDP) 9
SD-WAN EVPN max
200 200 200 200 200
tunnels
Firewall Throughput
3.75 Mpps 5.4 Mpps 5.4 Mpps 6 Mpps 7.5Mpps
(Packets Per Second)
Firewall Latency (64-
18 µs 18 µs 18 µs 18 µs 15 µs
byte, UDP)
FW + SA* Throughput2 2.2 Gbps 3 Gbps 3 Gbps 3 Gbps 4.5Gbps
NGFW Throughput
1.8 Gbps 2.1 Gbps 2.2 Gbps 2.2 Gbps 3.3Gbps
(HTTP 100K)3
NGFW Throughput
1.2 Gbps 1.2 Gbps 1.2 Gbps 1.3 Gbps 2Gbps
(Enterprise Mix) 4
Threat Protection
Throughput (HTTP 1.5 Gbps 1.8 Gbps 2 Gbps 2 Gbps 3Gbps
100K)7
Threat Protection
Throughput (Enterprise 1 Gbps 1 Gbps 1.1 Gbps 1.2 Gbps 1.8Gbps
Mix)5
Concurrent Sessions 3,000,000 4,000,000 4,000,000 4,000,000 4,000,000
IPv6 Concurrent
3,000,000 3,000,000 3,000,000 3,000,000 3,000,000
Sessions1
New Sessions/Second
80,000 80,000 80,000 80,000 120,000
(HTTP1.1)1
IPv6 New
Sessions/Second 80,000 80,000 80,000 80,000 120,000
(HTTP1.1)1
IPsec VPN Throughput1
(AES-256 + SHA256, 2.5 Gbps 3.7 Gbps 3.7 Gbps 3.7 Gbps 5.6 Gbps
1420-byte)
Maximum IPSec VPN
4,000 4,000 4,000 4,000 4,000
Tunnels (GW to GW)
Maximum IPsec VPN
4,000 4,000 4,000 4,000 4,000
Tunnels (Client to GW)

2025-05-25 Page 13 of 19
 HUAWEI HiSecEngine USG6500F Series AI Firewalls

SSL Inspection
550 Mbps 550 Mbps 550 Mbps 550 Mbps 830 Mbps
Throughput8
SSL VPN Throughput6 300 Mbps 500 Mbps 500 Mbps 500 Mbps 750 Mbps
Concurrent SSL VPN
Users 100/1000 100/2000 100/2000 100/2000 100/2000
(Default/Maximum)
Firewall Policies
15,000
(Maximum)
Virtual Firewalls 100
URL Filtering:
More than 130
Categories
URL Filtering: URLs A database of over 560 million URLs in the cloud
Automated IPS Yes, an industry-leading security center from Huawei
Signature Updates (https://isecurity.huawei.com/security/service/ips)
Third-Party and Open- Open API for integration with third-party products, providing NETCONF interfaces
Source Ecosystem Other third-party management software based on SNMP, SSH, and Syslog
VLANs (Maximum) 4094
VLANIF Interfaces
4094
(Maximum)

1. Performance is tested under ideal conditions based on RFC2544, 3511. The actual result may vary with deployment
environments.

2. SA performances are measured using 100 KB HTTP files.

3. NGFW throughput is measured with Firewall, SA, and IPS enabled; the performance is measured using 100 KB HTTP files.

4. NGFW throughput is measured with Firewall, SA, and IPS enabled; the performance is measured using the Enterprise Mix
Traffic Model.

5. The threat protection throughput is measured with Firewall, SA, IPS, and AV enabled; the performance is measured using
the Enterprise Mix Traffic Model.

6. SSL VPN throughput is measured using TLS v1.2 with AES128-SHA.

7. NGFW throughput is measured with Firewall, SA, IPS, and AV enabled, the performances are measured using 100 KB HTTP
files.

8. SSL inspection throughput is measured with IPS-enabled and HTTPS traffic using TLS v1.2 with
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256.

9. The SD-WAN tunnel is packed with GRE over IPSec.

*SA: indicates service awareness.

6 Hardware Specifications

Model USG6510F-D USG6530F-D USG6510F-DL

2025-05-25 Page 14 of 19
 HUAWEI HiSecEngine USG6500F Series AI Firewalls

Chassis Height Desktop

Dimensions (W x D x H) mm 250 x 210 x 43.6 320 x 220 x 43.6

10*GE RJ45 + 2*10GE 4*GE SFP + 8*GE RJ45 +

Fixed Interface 10*GE RJ45 + 2*GE SFP
SFP+ LTE

USB Port 1 x USB 2.0

Weight 1.55 kg 2.34 kg
Hardware Optional, 64 GB microSD card available for purchase
Power Supply(AC) 100 V to 240 V, 50 Hz/60 Hz
Maximum power
22.2 W 22.5W 34.1W
consumption of the machine
Power Supplies Single power supply
Operating Environment Temperature: 0°C to 45°C
(Temperature/Humidity) Humidity: 5% to 95%, non-condensing
Temperature: –40°C to +70°C
Non-operating Environment
Humidity: 5% to 95%, non-condensing

Model USG6510F-DPL USG6530F-DL USG6530F-DPL USG6560F-D

Chassis Height Desktop

Dimensions (W x D x H) mm 320 x 220 x 43.6
4*GE SFP + 8*GE
RJ45 + LTE 2*10GE SFP+ + 2*GE
2*10GE SFP+ + 2*10GE SFP+ +
SFP + 8*GE RJ45 + LTE
Fixed Interface （Support 2*GE SFP + 8*GE 2*GE
RJ45 + LTE （Support 4*PoE） SFP+8*GE RJ45
4*PoE）

USB Port 1 x USB 2.0

Weight 2.6 kg 2.34 kg 2.6 kg 2.29 kg
Hardware Optional, 64 GB microSD card available for purchase
Power Supply(AC) 100 V to 240 V, 50 Hz/60 Hz
Maximum power
35.7W 34.1W 35.7W 29.4W
consumption of the machine
Power Supplies Single power supply
Operating Environment Temperature: 0°C to 45°C
(Temperature/Humidity) Humidity: 5% to 95%, non-condensing

2025-05-25 Page 15 of 19
 HUAWEI HiSecEngine USG6500F Series AI Firewalls

Temperature: –40°C to +70°C

Non-operating Environment
Humidity: 5% to 95%, non-condensing

Model USG6525F USG6555F USG6565F USG6585F USG6585F-B

Chassis Height 1U
Dimensions (W x D x H) mm 442 × 420 × 43.6
16*GE RJ45 +
Fixed Interface 2*GE RJ45 + 8*GE COMBO + 2*10GE SFP+ 8*GE COMBO +
2*10GE SFP+
USB Port 2 x USB 2.0 1 × USB 2.0
Weight 5.46 kg 5.816kg
Hardware Optional, M.2 SSD (64 GB/240 GB/960GB), hot-swappable
Power Supply 100 V to 240 V, 50 Hz/60 Hz
Maximum power
consumption of the 36.8W 53.2W
machine
Power Supplies Optional dual power modules for 1+1 redundancy
Temperature: 0°C to 45°C
Operating Environment
Humidity: 5% to 95%, non-condensing
Temperature: –40°C to +70°C
Storage environment
Humidity: 5% to 95%, non-condensing

7 Ordering Information
Note：

1、 The ordering information of USG6510F-DL/USG6530F-D/USG6530F-DL/ USG6560F-D is the same as USG6510F-D

2、 The ordering information of USG6530F-DPL is the same as USG6530F-DPL

3、 The license information of USG6555F/USG6565F/USG6585F/USG6585F-B is the same as USG6525F

4、 The four models USG6510F-D/USG6530F-D/USG6555F/USG6585F support Qiankun Security Cloud Service

Product Model Description

USG6510F-D AC host (10*GE RJ45+2*GE

USG6510F-D USG6510F-D-AC
SFP,1*Adapter)

USG6510F-DPL USG6510F-DPL-AC USG6510F-DPL AC Host(4*GE SFP+8*GE RJ45+ LTE,

2025-05-25 Page 16 of 19
 HUAWEI HiSecEngine USG6500F Series AI Firewalls

Product Model Description

1*Adapter, include SSL VPN 100 users);
Supports PoE/PoE+/PoE++, Maximum power supply
capability:150W.

USG6525F AC host (2*GE RJ45 + 8*GE COMBO +

USG6525F-AC
2*10GE SFP+, 1 AC power)
USG6525F
USG6525F DC host (2*GE RJ45 + 8*GE COMBO +
USG6525F-DC
2*10GE SFP+)

Function License

LIC-USG6KF-SSLVPN-100 Quantity of SSL VPN Concurrent Users (100 Users)

LIC-USG6KF-SSLVPN-200 Quantity of SSL VPN Concurrent Users (200 Users)

LIC-USG6KF-SSLVPN-500 Quantity of SSL VPN Concurrent Users (500 Users)

LIC-USG6KF-SSLVPN-
SSL VPN Quantity of SSL VPN Concurrent Users (1000 Users)
1000

LIC-USG6KF-SSLVPN-
Quantity of SSL VPN Concurrent Users (2000 Users)
2000

LIC-USG6KF-SSLVPN-
Quantity of SSL VPN Concurrent Users (5000 Users)
5000

NGFW License

IPS Update Service Subscribe Per Year (Applies to

IPS Update Service LIC-USG6525F-IPS-1Y
USG6525F)

URL Update Service Subscribe Per Year (Applies to

URL Filtering Update Service LIC-USG6525F-URL-1Y
USG6525F)

AV Update Service Subscribe Per Year (Applies to

Antivirus Update Service LIC-USG6525F-AV-1Y
USG6525F)

Threat Protection Subscription Per Year (Applies to

LIC- USG6510F-D -TP-1Y
USG6510F-D Overseas)

Threat Protection Bundle LIC-USG6510F-DPL-TPU- Threat Protection Database Upgrade Service (Applies
(IPS, AV, URL) 1Y to USG6510F-D), Per Device, Per Year

Threat Protection Subscription Per Year (Applies to

LIC-USG6525F-TP-1Y
USG6525F Overseas)

IPv6+ Feature (includes SRv6, channel subinterface,

IPv6+ LIC-6500F-IPv6+-LIC
iFit) (Applies to USG6500F)

Industrial Control Security Service Subscribe Per Year

Industrial Protocol LIC-USG6525F-ICS-1Y
(Applies to USG6525F)

2025-05-25 Page 17 of 19
 HUAWEI HiSecEngine USG6500F Series AI Firewalls

Product Model Description

Enhanced DDoS defense LIC-USG6000F-AntiDDoS Enhanced anti-DDoS function (applies to USG6000F)

N1 License

N1- USG6510F-D -F-Lic N1-USG6510F-D Foundation, Per Device

USG6510F-D N1- USG6510F-D -F-
N1-USG6510F-D Foundation, SnS, Per Device, Per Year
SnS1Y

N1-USG6510F-DPL-F-Lic N1-USG6510F-DPL Foundation, Per Device

N1-USG6510F-DPL-A-Lic N1-USG6510F-DPL Advanced, Per Device

USG6510F-DPL N1-USG6510F-DPL-F- N1-USG6510F-DPL Foundation, SnS, Per Device, Per

SnS1AY Year

N1-USG6510F-DPL-A- N1-USG6510F-DPL Advanced, SnS, Per Device, Per

SnS1AY Year

N1-USG6525F-F-Lic N1-USG6525F Foundation, Per Device

N1-USG6525F-F-SnS1Y N1-USG6525F Foundation, SnS, Per Device, Per Year

USG6525F
N1-USG6525F-A-Lic N1-USG6525F Advanced, Per Device

N1-USG6525F-A-SnS1Y N1-USG6525F Advanced, SnS, Per Device, Per Year

QianKun Cloud Deployment License

Cloud Deployment Model Foundation, Per Device,1

N1-C-USG6510F-D-F-Lic
Year

Border Protection and Response - Threat automatic

USG6510F-D LIC-USG6510F-D-BA-1Y
blocking (Applies to USG6510F-D), Per Device, 1 Year

Threat Protection Database Upgrade Service (Applies

LIC-USG6510F-D-TPU-1Y
to USG6510F-D), Per Device, 1 Year

N1-C-USG6510F-DPL-F- Cloud Deployment Model Foundation, Per Device,1

Lic Year

LIC-USG6510F-DPL-BA- Border Protection and Response - Threat automatic

USG6510F-DPL
1Y blocking (Applies to USG6525F), Per Device, 1 Year

LIC-USG6510F-DPL-TPU- Threat Protection Database Upgrade Service (Applies

1Y to USG6525F), Per Device, 1 Year

Cloud Deployment Model Foundation, Per Device,1

N1-C-USG6525F-F-Lic
Year

USG6525F Border Protection and Response - Threat automatic

LIC-USG6525F-BA-1Y
blocking (Applies to USG6525F), Per Device, 1 Year

LIC-USG6525F-TPU-1Y Threat Protection Database Upgrade Service (Applies

2025-05-25 Page 18 of 19
 HUAWEI HiSecEngine USG6500F Series AI Firewalls

Product Model Description

to USG6525F), Per Device, 1 Year

Qiankun OP mode

Border Protection and Response - Threat automatic

USG6510F-D LIC-USG6510F-D-TPU-1Y
blocking (Applies to USG6510F-D), Per Device, 1 Year

LIC-USG6510F-DPL-TPU- Threat Protection Database Upgrade Service (Applies

USG6510F-DPL
1Y to USG6510F-DPL), Per Device, 1 Year

Threat Protection Database Upgrade Service (Applies

USG6525F LIC-USG6525F-TPU-1Y
to USG6525F), Per Device, 1 Year

N1 SASE Branch Interconnection license

N1 SASE Branch Interconnection Standard Package

N1-USG6510F-D-S-S-Lic
(Package for USG6510F-D)
USG6510F-D
N1 SASE Branch Interconnection Standard Package
N1-USG6510F-D-S-S-S1Y
(Package for USG6510F-D),Per Device,1 Year

N1-USG6510F-DPL-S-S- N1 SASE Branch Interconnection Standard

Lic Package(Package for USG6510F-DPL)
USG6510F-DPL
N1-USG6510F-DPL-S-S- N1 SASE Branch Interconnection Standard
S1Y Package(Package for USG6510F-DPL),Per Device,1 Year

N1 SASE Branch Interconnection Standard

N1-USG6525F-S-S-Lic
Package(Package for USG6525F)
USG6525F
N1 SASE Branch Interconnection Standard
N1-USG6525F-S-S-S1Y
Package(Package for USG6525F),Per Device,1 Year

Some parts of this table list the sales strategies in different regions. For more information, please contact your Huawei
representative.

2025-05-25 Page 19 of 19