ZyWALL USG2200-VPN
VPN Firewall
Zyxel’s USG2200-VPN has been built on a powerful multi-core platform
to deliver high performance that helps growing businesses to overcome
challenges during expansion. In order to satisfy the needs for always-online
communications, USG2200-VPN features multi-WAN load balancing/failover
and a comprehensive mobile broadband USB modem support list for WAN
backup operations. In addition, USG2200-VPN supports IPSec load balancing
and failover to provide additional resiliency for the most mission-critical VPN
deployments.
Up to 25.0 Gbps Firewall
Throughput
Benefits
More secure VPN
connections with SHA-2
cryptographic
Safer, more reliable VPN connections
Over 3,000 VPN tunnels
capability
Robust hybrid VPN (IPSec/
SSL/L2TP over IPSec)
Faster processors today have vastly boosted the capabilities of attackers
to decrypt VPN tunnels. Legacy VPN cryptographic algorithms like Message
Digest 5 (MD5) and Secure Hash Algorithm 1 (SHA-1) are no longer sufficient
to guarantee secure outbound communications. With supports to the more
advanced Secure Hash Algorithm 2 (SHA-2), the VPN Firewall provides the
safest VPN connections in its class to ensure maximum security for business
communications.
Auto-provisioned client-tosite IPSec setup with Easy
VPN
The complete range of Zyxel VPN Firewall delivers reliable, non-stop VPN
services with dual-WAN failover and fallback support. With two WAN
connections—one primary and one for redundancy—the Zyxel VPN Firewall
Hotspot management
supported
Device HA Pro ensures
smart handover
Facebook WiFi, Intelligence
social media authentication
Datasheet ZyWALL USG2200-VPN
COMMUNITY
BIZ FORUM
Swift and secure firmware upgrades
automatically switches to the backup connection should
the primary link fail, and automatically switches back to
the primary connection once it is back online.
To support dynamic, mobile business operations in today’s
BYOD (bring your own device) business environments,
the VPN Firewall offers unlimited business mobility with
Layer-2 Tunneling Protocol (L2TP) VPN for mobile devices.
The VPN Firewall supports L2TP/IPSec VPN on a wide
variety of mobile Internet devices running the iOS, Android
and Windows mobile platforms.
Locating firmware updates — not to mention identifying
correct versions for your device and managing their
installation — can be a complex and confusing ordeal.
The ZyWALL VPN Firewall Series solves this with its new
Cloud Helper service. Cloud Helper provides a simple
step to look for up-to-date firmware information. New
firmware is immediately made available upon release
from our official database to ensure its authenticity and
reliability.
Best TCO for access expansion
Stay secure and Up-to-Date with OneSecurity
People expect network access regardless of time or
location. As a result, hotspots are in demand in an everexpanding assortment of locations. The USG2200-VPN
integrated with Zyxel AP Controller technology enables
users to manage APs from a centralized user interface.
In addition, Zyxel Hotspot Management delivers a unified
solution for business networks with user-friendly tools like
Billing System, Walled Garden, Multiple Authentication,
3rd Party Social Login and User Agreement. With ZyWALL
USG2200-VPN, businesses can now deploy or expand a
managed WiFi network with minimal effort.
Zyxel provides frequent and timely updates in response
to the latest security threats and advisories through
OneSecurity — our free online service portal. OneSecurity
offers informative network security resources and the
know-how to assist businesses and IT administrators
in keeping their network operations safe in the digital
age. Information and resources can be found with one
click via the GUI of ZyWALL USG Series and VPN Series
products. IT staff can quickly and easily catch up on the
latest threats, and then proceed to walkthroughs and
troubleshooting protocols with the help of easy-to-follow
FAQs — all provided to help users secure their networks
and simplify management of our UTM products.
ZyWALL VPN Series Quick Finder
Model
USG20(W)-VPN
ZyWALL 110
ZyWALL 310
ZyWA LL 1100
USG2200-VPN
Description
SB
Firewall throughput
(Mbps)
350
1,600
5,000
6,000
25,000
Max. concurrent
sessions
20,000
150,000
500,000
1,000,000
1,500,000
VPN throughput (Mbps) 90
400
650
800
2,500
Max. concurrent IPSec
VPN tunnels
10
100
300
1,000
3,000
Content filtering
(CF 2.0)*1
Yes
Yes
Yes
Yes
Yes
Amazon VPC*2
Yes
Yes
Yes
Yes
Yes
Device HA Pro
-
Yes
Yes
Activate once
registered
Activate once
registered
Hotspot Management*1
-
Yes
Yes
Yes
Yes
Facebook WiFi
Yes
Yes
Yes
Yes
Yes
SecuDeployer*3
(Client/Server*1 )
Client / -
Client / Server
- / Server
- / Server
- / Server
SMB
*1
*1
*1: With Zyxel service license to enable or extend the feature capacity
*2: ZyWALL/USG still be able to support by CLIs
*3: SecuDeployer support in firmware ZLD4.31
Datasheet ZyWALL USG2200-VPN
2
MB
Subscription Services
The ZyWALL VPN Series provides a complete feature set to perfectly fit different business requirements as well as to
enable the maximum performance and security with an all-in-one appliance. Comprehensive network modularity also
empowers IT professionals to customize the system to meet their individual needs.
Anti-Spam
Hotspot
Management
Content Filtering 2.0
Device HA Pro
Key Applications
VPN application
Hotspot Management
• Branch offices, partners and home users can deploy Zyxel
USGs/ZyWALLs for site-to-site IPSec VPN connections
• Branch offices/In-house staff can additionally deploy
IPSec VPN HA (load balancing and failover) for always
online VPN connectivity
• Remote users can securely access company resources
with their computers or smartphones via SSL, IPSec and
L2TP over IPSec VPN
• The headquarter USG/ZyWALL can also establish an
IPSec VPN connection with Amazon VPC for secured
access to a variety of cloud-based applications
• High speed internet access
• Tier of service
• Log record for regulatory compliance
• Premium security control
• Various Network access control ( free or paid access,
social login)
Amazon VPC
Branch
Office
Remote
Desktop
Network
Extend
Inventory
Server
File
Sharing
BI
System
Web
Apps
OA, ERP,
CRM System
Email
Server
Headquarters
IPSec VPN
ZyWALL 110
VPN Firewall
DMZ Resources
IPSec VPN HA
Partner Office
IPSec VPN Client
for Windows OS
USG2200-VPN
VPN Firewall
IPSec VPN
IPSec VPN
ZyWALL 310
VPN Firewall
Travelling
Employee
SSL VPN
SSL VPN Client for
Windows/Mac OS
L2TP over
IPSec VPN
IPSec VPN
In-House
Staff
Travelling
Employee
Travelling
Employee
USG20W-VPN
VPN Firewall
SP350E
Service
Gateway
Printer
Switch
Access
Point
Login
Login
Guest Network
Staff Network
Hotspot Management
Datasheet ZyWALL USG2200-VPN
3
Specifications
Model
USG2200-VPN
Product photo
VPN Firewall
Hardware Specifications
Interfaces
12x GbE (configurable), 4x SFP (configurable), 2x 10G Combo
USB ports
2
Console port
Yes (DB9)
Rack-mountable
Yes
Fanless
-
System Capacity & Performance*1
SPI firewall throughput (Mbps)*2
25,000
VPN throughput (Mbps)*3
2,500
Max. TCP concurrent sessions
1,500,000
*4
Max. concurrent IPSec VPN tunnels*5
3000
Concurrent SSL VPN users (default/max.)
250 / 1,000
VLAN interface
128
*6
Concurrent devices logins (default/max.)
*6*7
2,000 / 5,000
WLAN Management
Managed AP number (default/max.)*6
2 / 1026
Security Service
Anti-Spam*6
Yes
Content Filtering (CF 2.0)
Yes
*6*8
Key Software Features
VPN
IKEv2, IPSec, SSL, L2TP/IPSec
SSL (HTTPS) inspection
Yes
EZ Mode
-
Hotspot Management*6
Yes
Ticket printer support / Support Q'ty (max.)
*9
Yes (SP350E) / 10
SecuDeployer (Client/Server*6)
- / Server
Amazon VPC
Yes
Facebook WiFi
Yes
Device HA Pro
Yes (Activate once registered)
Link Aggregation (LAG)
-
Power Requirements
Power input
2 x AC-DC redundant power supply
110-240V AC, 50/60 Hz, 2.5 A max.
Max. power consumption (watt)
119
Heat dissipation (BTU/hr)
406.045
Physical Specifications
Item
Packing
Included accessories
Datasheet ZyWALL USG2200-VPN
Dimensions
(WxDxH)(mm/in.)
438.5 x 500 x 89/
17.26 x 19.69 x 3.50
Weight (kg/lb.)
3.3/7.28
Dimensions
(WxDxH)(mm/in.)
795 x 600 x 215/
31.3 x 2362 x 8.46
Weight (kg/lb.)
18.12 (with DUT)/39.95
• Power cord x 2
• Rack mounting (slide) kit
4
Model
USG2200-VPN
Environmental Specifications
Operating
Temperature
0°C to 40°C/32°F to 104°F
Humidify
10% to 90% (non-condensing)
Storage
Temperature
-30°C to 70°C/-22°F to 158°F
Humidify
10% to 90% (non-condensing)
MTBF(hr)
280,490
Certifications
EMC
FCC Part 15 (Class A), IC, CE EMC(Class A), RCM, BSMI
Safety
LVD (EN60950-1), BSMI
Note:
*: This matrix with firmware ZLD4.31 or later.
*1: Actual performance may vary depending on network conditions and activated applications
*2: Maximum throughput based on RFC 2544 (1,518-byte UDP packets).
*3: VPN throughput measured based on RFC 2544 (1,424-byte UDP packets).
*4: Maximum sessions measured using the industry standard IXIA IxLoad testing tool.
*5: Including Gateway-to-Gateway and Client-to-Gateway.
*6: With Zyxel service license to enable or extend the feature capacity.
*7: This is the recommend maximum number of concurrent logged-in devices.
*8: SafeSearch function in CF2.0 need to enable SSL inspection firstly and not for small business models.
*9: With Hotspot Management license support.
Features Set
Software Features
Firewall
• ICSA-certified corporate firewall
• Routing and transparent (bridge)
modes
• Stateful packet inspection
• User-aware policy enforcement
• SIP/H.323 NAT traversal
• ALG support for customized ports
• Protocol anomaly detection and
protection
• Traffic anomaly detection and
protection
• Flooding detection and protection
• DoS/DDoS protection
• RPS-enabled for desirable
performance in chaotic
environments
IPv6 Support
• Dual stack
• IPv4 tunneling (6rd and 6to4
transition tunnel)
• IPv6 addressing
• DNS
• DHCPv6
• Bridge
• VLAN
• PPPoE
• Static routing
• Policy routing
Datasheet ZyWALL USG2200-VPN
• Session control
• Firewall and ADP
• IPSec VPN
• Content Filtering 2.0
• Anti-Spam
IPSec VPN
• Authentication: SHA-2 (512-bit), SHA-1
and MD5
• Encryption: AES (256-bit), 3DES and
DES
• Supports generating SHA2
Certificate
• Support route-based VPN Tunnel
Interface (VTI)
• Key management: manual key, IKEv1
and IKEv2 with EAP
• Perfect forward secrecy (DH groups)
support 1, 2, 5, 14
• IPSec NAT traversal
• Dead peer detection and relay
detection
• PKI (X.509) certificate
• VPN concentrator
• Simple wizard support
• VPN auto-reconnection
• VPN High Availability (HA): loadbalancing and failover
• L2TP over IPSec
• GRE and GRE over IPSec
5
• NAT over IPSec
• Zyxel VPN client provisioning
• Support iOS L2TP/IKE/IKEv2 VPN
Client provision
SSL VPN
• HTTP, FTP, SMTP, POP3 and IMAP4
protocol support
• Automatic signature updates
• No file size limitation
• Supports Windows and Mac OS X
• Supports full tunnel mode
• Supports 2-step authentication
• Customizable user portal
SSL Inspection
• Certificate Trust Chain validation
• Support both inbound and outbound
inspection
• Support Content Filtering 2.0
• Support TLS 1.0/1.1/1.2
• Visible bypass list
Unified Security Policy
• Unified policy management interface
• Supported UTM features: Anti-Spam,
Content Filtering 2.0, firewall (ACL)
• 3-tier configuration: object-based,
profile-based, policy-based
• Policy criteria: zone, source and
destination IP address, user, time
WLAN Management
• Support AP controller version 3.0
• Supports auto AP FW update
• Wireless L2 isolation
• Scheduled WiFi service
• Dynamic Channel Selection (DCS)
• Client steering for 5GHz priority and
sticky client prevention
• Auto healing provides a stable and
reliable coverage
• IEEE 802.1x authentication
• Captive portal Web authentication
• Customizable captive
• Multiple SSID with VLAN
• Supports ZyMesh
• Support AP Forward Compatibility
• Dynamic routing (RIPv1/v2 and OSPF)
• DHCP client/server/relay
• Dynamic DNS support
• WAN trunk for more than 2 ports
• Per host session limit
• Guaranteed bandwidth
• Maximum bandwidth
• Priority-bandwidth utilization
• Bandwidth limit per user
• Bandwidth limit per IP
• GRE
• BGP
Zyxel One Network
• ZON Utility
IP configuration
Web GUI access
Firmware upgrade
Password configuration
Location and System support
• Smart Connect
Discover neighboring devices
One-click remote management
access to the neighboring Zyxel
devices
■
■
Hotspot Management
• Integrated account generator, Webbased authentication portal and
billing system
• Supports external RADIUS servers
• Per account bandwidth
management
• User agreement login
• SP350E Service Gateway Printer
enables oneclick account and billing
generation
• Built-in billing system
Time-to-finish accounting mode
Accumulation accounting mode
• Supports PayPal online payment
• Marketing tool
Advertisement link
Walled garden
Portal page
• Billing Replenish
■
■
■
■
■
Networking
• Routing mode, bridge mode and
hybrid mode
• Ethernet and PPPoE
• NAT and PAT
• VLAN tagging (802.1Q)
• Virtual interface (alias interface)
• Policy-based routing (user-aware)
• Policy-based NAT (SNAT)
Datasheet ZyWALL USG2200-VPN
■
■
■
■
■
Authentication
• Local user database
• Microsoft Windows Active Directory
integration
• External LDAP/RADIUS user
database
• XAUTH, IKEv2 with EAP VPN
authentication
• Web-based authentication
• Forced user authentication
(transparent authentication)
• IP-MAC address binding
• SSO (Single Sign-On) support
System Management
• Supports generating SHA2
Certificate
• Role-based administration
• Multiple administrator logins
• Multi-lingual Web GUI (HTTPS and
HTTP)
6
• Command line interface (console,
Web console, SSH and telnet)
• Cloud CNM SecuManager*
* Cloud CNM SecuManager management service
requires license purchase. For more details
please refer to web site
• SNMP v1, v2c, v3
• System configuration rollback
• Firmware upgrade via FTP, FTP-TLS
and Web GUI
• Dual firmware images
• Supports Cloud Helper portal page
• RADIUS authentication
• WiFi Multimedia (WMM) wireless QoS
• CAPWAP discovery protocol
Mobile Broadband
• WAN connection failover via 3G and
4G* USB modems
• Auto fallback when primary WAN
recovers
* For specific models supporting the 3G and 4G
dongles on the list, please refer to the Zyxel
product page at 3G dongle document.
Device High Availability Pro (HA Pro)
• Device failure detection and
notification
• Supports ICMP and TCP ping check
• Link monitoring
• Configuration auto-sync
• Dedicated Heartbeat Link
• Instant handover
• NAT/Firewall/VPN Sessions
synchronization
Subscriptional Services
• Content Filtering 2.0
• Anti-Spam
Logging/Monitoring
• Comprehensive local logging
• Syslog (to up to 4 servers)
• Email alerts (to up to 2 servers)
• Real-time traffic monitoring
• Built-in daily report
• Advanced reporting with Vantage
Report
Service
VPN Service
Product
SSL VPN Tunnels
SSL VPN Client*1
IPSec VPN Client
USG2200-VPN
Add 5/10/50 tunnels
For 1/5/10 client(s)
For 1/5/10/50 client(s)
*1: Support OS: MAC OS 10.7 or later
Security
Product
Content Filtering 2.0
Anti-Spam
USG2200-VPN
1 year/ 2year
1 year/ 2year
1. Licenses can be easily activated, renewed and managed at myZyxel
2. License bundles may vary according to region. Please contact your local sales
representative for more information.
3. USG2200-VPN provides Content Filtering 2.0 and Anti-Spam services with 30-day trial.
Connectivity & Vertical Solution
Product
Concurrent Device
Upgrade
Hotspot Management
Managed APs
SecuDeployer
USG2200-VPN
100/300/1000 nodes
1 year/One-Time
Add 2/4/8/64 APs
1 year 50 nodes /
2 years 50 nodes
Access Point Compatibility List
Product
Unified AP
Models
• NWA5121-NI
• NWA5121-N
• NWA5123-NI
• NWA5301-NJ
Unified Pro AP
• NWA5123-AC
• WAC5302D-S
• Forward Compatible
APs*
• WAC6502D-E
• WAC6502D-S
• WAC6503D-S
• WAC6553D-E
• WAC6103D-I
• Forward Compatible
APs*
Functions
Central
management
Yes
Yes
Auto provisioning
Yes
Yes
Data forwarding
Local bridge
Local bridge/Data tunnel
ZyMesh
Yes
Yes
*: From APC3.0, commercial gateways supporting APC technology are able to recognize APs with FW release higher than APC3.0 as Forward Compatible
APs. Resellers can introduce newly-available Zyxel APs with basic features supported without upgrading any new controller firmware.
Datasheet ZyWALL USG2200-VPN
7
Accessories
SecuExtender Software
Item
Description
Supported OS
IPSec VPN Client*
IPSec VPN client software for the
ZyWALL and USG Series with Easy
VPN for zero-configuration remote
access
SSL VPN Client*
Secured VPN connection between
PC/MAC and ZyWALL Firewall
• Windows XP (32-bit)
• Windows Server 2003 (32-bit)
• Windows Server 2008 (32/64-bit)
• Windows Vista (32/64-bit)
• Windows 7 (32/64-bit)
• Windows 8 (32/64-bit)
• Windows 10 (32/64-bit)
• Windows XP
• Windows 7 (32/64-bit)
• Windows 8/8.1 (32/64-bit)
• Windows 10 (32/64-bit)
• MAC OS 10.7 or later
Notes:
*: A 30-day trial version of IPSec VPN client and SSL VPN client for MAC OS can be downloaded from official Zyxel website. To continue using the application,
please contact your regional sales representatives and purchase a commercial license for the application.
Service Gateway Printer
Model
Feature
Supported Model
SP350E
• VPN100
• Buttons: 3
• VPN300
• Paper roll width: 58 (+0/-1) mm
• Interface: 10/100 Mbps RJ-45 port
• Power input: 12V DC, 5A max.
• Item dimensions (WxDxH):
176 x 111 x 114 mm
(6.93" x 4.37" x 4.49")
• Item weight: 0.8 kg (1.76 lb.)
• USG110
• USG210
• USG310
• USG1100
• USG1900
• USG2200-VPN
• ZyWALL 110
• ZyWALL 310
• ZyWALL 1100
• UAG2100
• UAG4100
Note: Hotspot management licenses required
Transceivers (Optional)
Model
Speed
Connector
Wavelength
Max. Distance
DDMI
SFP10G-SR*
10-Gigabit SFP+
Duplex LC
850 nm
300m (328 yd)
Yes
SFP10G-LR*
10-Gigabit SFP+
Duplex LC
1310 nm
10 km (10936 yd)
Yes
SFP-1000T
Gigabit
RJ-45
-
100m (109 yd)
-
SFP-LX-10-D
Gigabit
LC
1310 nm
10 km (10936 yd)
Yes
SFP-SX-D
Gigabit
LC
850nm
550m (601 yd)
Yes
*only USG2200-VPN supports 10-Gigabit SFP+
Direct Attach Cables (Optional)*
Model
Connector
Cable Length
DAC10G-1M
SFP+ to SFP+
1m (39.37 inch)
DAC10G-3M
SFP+ to SFP+
3m (118.11 inch)
*only USG2200-VPN supports SFP+ interface
For more product information, visit us on the web at www.zyxel.com
Copyright © 2018 Zyxel Communications Corp. All rights reserved. Zyxel, Zyxel logo are registered
trademarks of Zyxel Communications Corp. All other brands, product names, or trademarks mentioned
are the property of their respective owners. All specifications are subject to change without notice.
Datasheet ZyWALL USG2200-VPN
5-100-00818005
02/18
Download PDF
Similar pages