Key Features

Key Features
Enterprise Security
ZyWALL Unified Security
Gateway Series
(20/50/100/200/300/1000/2000 Series)
Security Licenses
Product
Duration
ZyXEL
Anti-Virus
Kaspersky
Anti-Virus
IDP
Content
Filter
USG 1000
USG 300
USG 200
USG 100
USG 50
USG 20
USG 20W
Vantage CNM
Vantage Report
1 year
Yes
Yes
Yes
Yes
2 years
Yes
Yes
Yes
Yes
1 year
Yes
Yes
Yes
Yes
2 years
Yes
Yes
Yes
Yes
1 year
Yes
Yes
Yes
Yes
All ZyWALL Models support,
All ZyWALL Models support,
2 years
Yes
Yes
Yes
Yes
10 nodes
1 device
1 year
Yes
Yes
Yes
Yes
25 nodes
5 devices
2 years
Yes
Yes
Yes
Yes
50 nodes
25 devices
1 year
Yes
Yes
Yes
Yes
100 nodes
100 devices
2 years
Yes
Yes
Yes
Yes
300 nodes
1 year
Yes*
Yes
Yes
Yes
1000 nodes
2 years
Yes*
Yes
Yes
Yes
1 year
-
-
-
Yes
2 years
-
-
-
Yes
1 year
-
-
-
Yes
2 years
-
-
-
Yes
Key Features
an all-new platform. It provides greater performance protection, as well as a deep packet
ŁAll-new
platform: “3rd”
generation ZyWALL
ŁUSG
clean-traffic architecture
ŁNew
generation UTM solution
(except USG 20/20W)
*: Available in Q1 2011
Product
ŁRobust
hybrid VPN
(IPSec and SSL)
SSL VPN
IPSec VPN Client
ŁApplication
5 to 50 SSL Tunnels
firewall (except USG
20/20W)
5 to 250 SSL Tunnels
USG 2000
ŁGranular
control over social
networking applications
5 to 750 SSL Tunnels
50 to 250 SSL Tunnels
ŁNon-stop
Internet access with
multiple WAN and 3G backups
50 to 750 SSL Tunnels
250 to 750 SSL Tunnels
5 to 25 SSL Tunnels
USG 1000
ŁICSA
5 to 50 SSL Tunnels
For Client PC’s
’
5 to 250 SSL Tunnels
Software client 1 license
25 to 50 SSL Tunnels
Software client 5 licenses
25 to 250 SSL Tunnels
Software client 10 licenses
50 to 250 SSL Tunnels
Software client 50 licenses
The ZyWALL USG (Unified Security Gateway) Series is the “third generation” ZyWALL featuring
firewall, IPSec certification
ŁComprehensive
ŁAnti-Spam
report system
service
ŁZyXEL
Security Distribution
Network (ZSDN)
inspection security solution for small businesses to enterprises alike. It embodies a Stateful
Packet Inspection (SPI) firewall, Anti-Virus, Intrusion Detection and Prevention (IDP), Content
Filtering, Anti-Spam, and VPN (IPSec/SSL/L2TP) in one box. This multilayered security
safeguards your organization’s customer and company records, intellectual property, and
critical resources from external and internal threats.
Key Benefits
Secure connectivity
Given the prevalence and importance of information technology (IT) systems today and the nature and
scale of both the opportunities and risks associated with significant deployments of new networking
technologies, organizations are forced to evaluate solutions to build up a safer infrastructure to secure
online transactions, in which involve exchange of valuable information. The infrastructure should be
tailored to meet operation requirements for expanding remote sites as well as mobile teleworkers.
Proactive protection
Malicious virus, worm, exploits could cripple corporate networks and halt business transactions. In addition
to severe financial loss, you also risk leakage of confidential information.
As mass-mailing software companies mushroom on the Internet, your network is bombarded with massive
amounts of junk mails (spam). Without intelligent detection and proactive blocking, users have to go
through the tedious and time-consuming task of sieving through the overflowing mailbox, and such
scenario leads to serious productivity loss.
2 to 10 SSL Tunnels
USG 300
2 to 25 SSL Tunnels
Policy compliance
10 to 25 SSL Tunnels
With numerous file-sharing (P2P) and Instant Messaging (IM) applications, it is easier for company
employees to share files and chat online during work hours. Rapid file sharing not only compromises
network safety with the sharing of questionable files containing malicious viruses, but may also violate
copyright issues and create legal hassles.
USG 200
2 to 10 SSL Tunnels
USG 100
2 to 5 SSL Tunnels
USG 50
2 to 5 SSL Tunnels
USG 20
-
USG 20W
-
Network resilience
ISP links broken, hardware and software failure on the gateway, dead VPN tunnels — these are severe
challenges IT staff face when designing the network infrastructure. In short, we need to take fault tolerance
on the network path into consideration when build up a highly available network infrastructure for nonstop operations.
3G Card Support
Manageability
With Vantage CNM (Centralized Network Management), users can achieve the follow objects:
3G cards are not included. Please visit http://www.zyxel.com/web/ and find the following path:
Internet Security Appliance
Unified
U
Security Gateway
• Easy VPN management and diagnostic capability
• Complete security policies and UTM management
tthe individual USG product pages to
see the 3G Card Compatibility List for supported USB devices.
• Low TCO of massive deployment and device maintenance
• Active monitoring, alerting and comprehensive graphic reports
The solution provides an efficient centralized management system for enterprises of any size to reduce
operational costs regardless of the number of branch offices or remote locations.
For more produc t information, visit us on the web at www.ZyXEL.com
Copyright © 2010 ZyXEL Communications Corp. All rights reserved. ZyXEL, ZyXEL logo are registered trademarks of
ZyXEL Communications Corp. All other brands, product names, or trademarks mentioned are the property of their
respective owners. All specifications are subject to change without notice.
65-100-002007B
09/10
Enterprise
Security
Cost-effectiveness
ZyWALL Unified Security
Gateway Series
• Device hardware maintenance fee: ZyXEL provides a one more year hardware warranty out of factory.
• Free software upgrade: now ZyXEL provides free software upgrade for you to enjoy complete protection
(20/50/100/200/300/1000/2000 Series)
With the adoption of ZyXEL’s USG device, the follow costs can be saved:
without additional expanse.
Enterprise Security
ZyWALL Unified Security
Gateway Series
(20/50/100/200/300/1000/2000 Series)
Key Applications
ZyWALL USG clean-traffic architecture
Endpoint security
The ZyWALL USG’s clean-traffic architecture
Traffic In
protects against network risks such as viruses,
worms, Trojan Horses, spyware, phishing attacks
Network
Defragment
Network
I/O Engine
Forwarding Engine
DNAT
Routing
SNAT
BWM
Fragment
With the new Endpoint Security feature (EPS),
enforcing installation of the Anti-Virus software,
clean-traffic architecture, enterprises users are
the ZyWALL mitigates the threat of virus
Traffic Out
Stateful Firewall
environments.
Checking
1. Anti-Virus
2. Personal Firewall
3. OS patch level
Checking
1. Anti-Virus
2. Personal Firewall
3. OS patch level
The result is NO Access
The result is Access
DMZ (Server Farm)
LAN
outbreaks and thus the loss of money and
employee productivity. The EPS supports
Email
Server
TM
TM
Application Classifier
LAN
SSL-VPN User
Security 2009/2010, Windows Firewall and
Clean
Traffic
TrendMicro PC-Cillin/Internet Security 2010 are
also supported with the new EPS feature.
Application Server OA, ERP System
(Inventory, Store...)
CRM System
Application Patrol
Internet
Checking
1. Anti-Virus
2. Personal Firewall
3. OS patch level
The result is Access
Anti-Virus
SSL-VPN-Tunnel
The USG’s new «End Point Security» (EPS) feature helps to
ensure that all clients meet the corporate security policies, i.e.
It checks if AV software is installed.
Content Filter
Anti-Spam
New generation UTM solution
High performance
The ZyWALL USG Series deploys hardware-
ZyXEL USG Series is built with a powerful
acceleration technology in one box. Powered
Integrated High Performance Security
by high-performance SecuASIC technology
architecture, a performance proven
Network
and a hardware-based encryption
architecture for gigabit fiber. It provides
accelerator, the ZyWALL USG Series delivers
real-time inspection to prevent network
industry-leading performance and multi-
Inbound Threats
layer threat protection for small businesses
and enterprises. The ZyWALL USG Series
provides integrated Unified Threat
Management security features such as Anti-
Content Filter
10000
75
7500
50
5000
25
2500
0
0
from threats without sacrificing
only flawlessly secured but also greatly
operational productivity and efficiency
when applications such as file-loading,
Anti-Virus
and Firewall, VPN. All ZyWALL USG Series
products support the Gigabit Ethernet.
Competitive Comparison: Sessions
100
enhanced on performance to improve
Virus (include Kaspersky Anti-Virus & ZyXEL
Anti-Virus), IDP, Anti-Spam, Content Filtering
Outbound Threats
Competitive Comparison:
Firewall Throughput in Mbps
performance. Company network is not
Intrusion Detection
and Prevention
emailing, and information searches are
processed at higher speed. Take USG 50 as
Anti-Spam
an example, USG 50 delivers excellent
performance to meet small business.
Firewall
VPN
Web-based
Application
TM
software, among others. Additionally, personal
firewall software such as Kaspersky Internet
Intrusion Detection and Prevention
BI
System
Norton Kaspersky and TrendMicro AV client
Anomaly Detection and Prevention
(PA/TA)
Threat
Database Update
LAN User 2
where no AV software has been installed. By
and other emerging Internet threats. With the
assured to have clean and secure network
LAN User 1
administrators can easily identify “bad” users, i.e.
Source : Performance numbers are from ZyXEL, SonicWALL, Fortinet website
Remote
Desktop
Enterprise Security
ZyWALL Unified Security
Gateway Series
(20/50/100/200/300/1000/2000 Series)
Granular control over social
networking applications
Robust hybrid VPN (IPSec and SSL)
The ZyWALL USG Series can provide secure
Server Farm
With social network control
Facebook, Twitter, and Youtube have become an
corporate resources through the Internet for
Internet phenomenon to connect people
organizations of any size. Using IPSec VPN,
Client
Email
Server
companies can secure connections to branch
offices, partners and headquarters. Road
Without social network control
Social networking applications such as
access between remote locations and
BI
System
File
Share
OA, ERP System
CRM System
quickly and to share information. Without
flexible management, social networking
Mobile User
applications will eat up business productivity.
SSL VPN
warriors and telecommuters can use SSL or
ZyWALL USG ensures that the Internet is not
Web-based Application Server
Application (Inventory, Store...)
L2TP VPN to safely access the company
network without having to install VPN
Remote
Desktop
Network
Extend
abused to prevent bandwidth to be wasted or
human resource policy violations.
Internet
ZyWALL
PWR
USG 300
AUX
SYS CARD1
CARD2
1
RESET
2
3
10/100/1000
4
5
6
7
USB
1
2
software. The Series provides a flexible and
IPSec VPN
easy way to enable mobile employees,
vendors and partners to confidently access
AUX
CONSOLE
ZyWALL USG provides granular control over
social networking applications.
Branch
Headquarters
your network resource for better efficiency.
Branch
Low Productivity
Application firewall
More and more network applications bring
Non-Business Related
Business Related
Non-stop Internet access with
multiple WAN and 3G backups
malicious software into your office. This kind
The ZyWALL USG not only supports
of unwanted software, especially IM/P2P
multiple WAN ports but also 3G through
applications, may cause bandwidth waste or
USB or PCMCIA cards. This feature enables
even system damage. Using the application
“active-active” load sharing or “active-
patrol and bandwidth management features,
passive” failover configuration to deliver
you can have full control over traffic blocking
highly reliable network connectivity.
or rate limit settings.
Corporate
Network
Internet
WAN2 (3G)
3G
Network
LAN
ZyWALL
PWR
USG 300
Bandwidth Limit IM
P2P Block
CARD2
1
RESET
2
3
10/100/1000
4
6
7
USB
1
AUX
2
CONSOLE
ZyWALL USG 300
Unified Security
Gateway
Remote Office
Backup
Allow Business Related
AUX
SYS CARD1
5
Primary
Non-Business Related Applications
IPSec or GRE Tunnel for
Secure Connection
Operating in
Active/Passive Mode
Application Control Policy
Business Related Applications
High Productivity
WAN1
ZyWALL USG fail
over and fail back
between WAN1
(ADSL/Fiber) &
WAN2 (3G WAN)
ADSL Fiber
Last-Mile
Network
Provider
(IP VPN)
Vantage CNM
Centralized Network
Management
Host by SI or Customer
BRAS
Corporate
Headquarters
Enterprise Security
ZyWALL Unified Security
Gateway Series
(20/50/100/200/300/1000/2000 Series)
High availability
Anti-Spam service
Device HA: Master Fails and Backup Takes Over
High availability is essential in enterprise
ZyXEL’s Anti-Spam service eliminates spam,
networks. It ensures a system or component
phishing, virus and malware threats through a
can be continuously operational for a desirably
unified security architecture without dropping
LAN
long length of time.
legitimate messages. With ZyXEL’s Anti-Spam
A
The ZyWALL USG Series provide high
service, enterprises can save time and resources
1.1.1.1
192.168.1.1
availability feature as:
ZyWALL
PWR
USG 300
Master
AUX
SYS CARD1
1
2
RESET
3
CARD2
10/100/1000
4
6
7
USB
1
AUX
CONSOLE
2
balancing between these ports.
B
ZyWALL
PWR
USG 300
Backup
AUX
SYS CARD1
CARD2
Spam
1
RESET
2
3
10/100/1000
4
5
6
7
USB
1
2
192.168.1.1
• A backup ZyWALL in the event the master
Anti-Spam Service
Internet
• An auxiliary (backup) Internet connection as
known as out of band Management .
Good
operational costs.
5
• Multiple WAN ports and configure load
Mail
dealing with unwanted email to reduce
AUX
CONSOLE
1.1.1.1
ZyWALL fails (device HA).
To minimize the impact of single-point failures,
the ZyWALL USG Series supports device HA
(High Availability) to assure network availability.
Comprehensive reporting system
The ZyWALL USG Series has a built-in reporting
USG Built-in Reporting System
system that offers a comprehensive set of real-
ZyWALL USG Series provides built-in reporting system to collect data and view various statistics
ZyXEL Security Distribution Network
(ZSDN) ensures rapid response to
new threats
time and historical reports including firewall, virus
about traffic passing through your ZyWALL.
ZSDN Provides Up-to-Date Protection
and intrusion attacks, bandwidth usage, Web site
ZyXEL Security
Response Team
Security Information Center
(Email Bulletins)
• The myZyXEL.com Web site delivers a
usage and user activities. Furthermore, with
convenient, centralized way to register all
Vantage Report (VRPT), a Web-based reporting
ZyWALL units and Security Services.
system, administrators can easily collect traffic
mySecurity
zone
mySecurityZone
• The ZyXEL Security Update Servers operates
data and analyze a distributed network for their
24x7 to automatically deliver updated signature
organizations to become more aware of
databases to ZyWALL units around the world.
suspicious activities and to ensure better
• The mySecurityZone portal provides
business productivity.
3
World Update Server
comprehensive, searchable information
regarding viruses and system vulnerabilities,
and it provides a wealth of information
resources that keep customers up-to-date on
Vantage Report Centralize Reporting System
Vantage Report is a cost-effective solution that allows administrators to easily monitor and
1
4
(HTTPS or HTTP)
the latest vulnerabilities and countermeasures.
5
2
my
.com
myZyXEL.com
analyze report of ZyWALL Internet Security Appliances from any location. It delivers rich formats
of statistical report for IT staff with thorough understanding about bandwidth usage, security
event and web traffic analysis.
Monitor
Statistical Report
1 Registration & Activation
1. Login
2. MAC
3. RegType (Trial)
4. License Key
SKU
2 1.2. Expiration
Date
3
Check Policy
and Advisory
4
Request
Download
5
Download
Signature
Registration Center
Enterprise Security
ZyWALL Unified Security
Gateway Series
(20/50/100/200/300/1000/2000 Series)
Specifications
Model
SB
SMB
ZyWALL USG 50
ZyWALL USG 100
ZyWALL USG 20W
ZyWALL USG 20
• Unified Security Gateway for SB
(1~5 PC Users)
• All Gigabit Ethernet interface
hardware design
• High-performance multi-layer
threat protection
• Hybrid VPN (IPSec, SSL) secures
connection
• 3G USB dongle as the backup WAN
• 802.11b/g/n wireless AP
• Unified Security Gateway for SB
(1~5 PC Users)
• All Gigabit Ethernet interface
hardware design
• High-performance multi-layer
threat protection
• Hybrid VPN (IPSec, SSL) secures
connection
• 3G USB dongle as the backup WAN
10/100/1000 Interfaces (Copper)
4 x LAN/DMZ, 1 x WAN
4 x LAN/DMZ, 1 x WAN
4 x LAN/DMZ, 2 x WAN
5 x LAN/DMZ, 2 x WAN
Dual Personality GbE (SFP/RJ45)
-
-
-
-
USB Ports
1
1
2
SEM Slot (Security Extension Module)
-
-
Card Slot
-
802.11b/g/n
2x2 Antenna
ZyWALL USG 200
ZyWALL USG 300
ZyWALL USG 1000
ZyWALL USG 2000
Product Photo
• Unified Security Gateway for
SMB (50~75 PC Users)
• Providing Hybrid VPN (IPSec/SSL
VPN) and robust UTM security
services
• High-performance multi-layer
threat protection
• User-aware policy engine
enables access granularity
• Excellent manageability with
object, text-based and
centralized
• Unified Security Gateway for
SMB (75~200 PC Users)
• Providing Hybrid VPN
(IPSec/SSL VPN) and robust
UTM security services
• High-performance multilayer threat protection
• Non-stop operations of
mission-critical applications
• Excellent manageability
with object, text-based and
centralized
5 x LAN/DMZ, 2 x WAN, 1 x OPT
7
5
6
-
-
-
2
2
2
2
2
2
-
-
-
-
-
1
-
-
1
1
2
1
1
Yes
-
-
-
-
-
-
-
Yes
-
-
-
-
-
-
-
SPI Firewall Throughput*1, Mbps
100
100
100
150
200
300
400
2,000
VPN Throughput (3DES)*2, Mbps
30
30
50
60
75
100
150
400*4
-
-
15
30
40
60
80
400*5
WiFi Throughput, Mbps
60
-
-
-
-
-
-
-
Unlimited User Licenses
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
6,000
6,000
10,000
20,000
40,000
60,000
500,000
1,000,000
900
900
1,000
1,000
1,000
1,500
12,000
20,000
Max. Concurrent IPSec VPN Tunnels
2
2
5
50
100
200
1,000
2,000
Max. Concurrent SSL VPN Users
1
1
5
5
10
25
250
750*1*2
Features
• Unified Security Gateway for SB
(1~10 PC Users)
• All Gigabit Ethernet interface
hardware design
• High-performance multi-layer
threat protection
• Hybrid VPN (IPSec, SSL) secures
connection
• Multi WAN ports for multiple ISP
links and load balancing
• Unified Security Gateway
for SMB (10~25 PC Users)
• High-performance multilayer threat protection
• Hybrid VPN (IPSec, SSL and
L2TP) secures connection
to headquarters
• Support Kaspersky and
ZyXEL anti-virus
• Unified Security Gateway
for SMB (25~50 PC Users)
• High-performance multilayer threat protection
• Hybrid VPN (IPSec, SSL and
L2TP) secures connection
to headquarters
• Support Kaspersky and
ZyXEL anti-virus
• Flexible OPT (option) port
• Unified Security Gateway
for SMB (200~500 PC Users)
• Gigabit Firewall with Fiber
interface (SFP)
• Scalable VPN/UTM
performance
• Support Kaspersky and
ZyXEL anti-virus
• Redundant power module
Hardware Specifications
System Capacity & Performance
UTM Throughput (AV+IDP)*3, Mbps
Max. Sessions*6
New Session Rate
Included SSL VPN Users
1
1
2
2
2
2
5
5
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Input Voltage
100 - 240 V AC, 50 - 60 Hz, 1.2 A
100 - 240 V AC, 50 - 60 Hz, 1.2 A
100 - 240 V AC, 50 - 60 Hz, 1.2 A
100 - 240 V AC, 50 - 60 Hz, 1.2 A
100 - 240 V AC, 50 - 60 Hz, 1.2 A
100 - 240 V AC, 50/60 Hz, 0.55 - 0.3 A
100 - 240 V AC, 50/60 Hz, 1 A Max
100 - 240 V AC, 50 - 60 Hz, 3 - 6 A
Power Rating
16 W Max
15 W Max
17 W Max
20 W Max
20 W Max
35 W Max
80 W Max
200 W Max
Operating Temperature
0°C to 40°C
0°C to 40°C
0°C to 40°C
0°C to 40°C
0°C to 40°C
0°C to 40°C
0°C to 40°C
0°C to 40°C
Storage Temperature
0°C to 40°C
0°C to 40°C
0°C to 40°C
-30°C to 60°C
-30°C to 60°C
-30°C to 60°C
-30°C to 60°C
-30°C to 60°C
Operating Humidity
20% to 95% (non-condensing)
20% to 95% (non-condensing)
20% to 95% (non-condensing)
5% to 90% (non-condensing)
5% to 90% (non-condensing)
20% to 90% (non-condensing)
5% to 90% (non-condensing)
5% to 90% (non-condensing)
216 x 140 x 33
216 x 140 x 33
242 x 167 x 35.5
242 x 175 x 35.5
242 x 175 x 35.5
430 x 201 x 42
431 x 292 x 43.5
430 x 487 x 89
0.42
0.38
1.2
1.2
1.2
2.8
4.7
10.5
Customizable Zone
Power Requirement
Environmental Specifications
Physical Specifications
Dimensions, (W) x (D) x (H) mm
Weight, kg
Note:
*1: Testing Methodologies: Maximum performance based on RFC 2544 (UDP packets, 1,518 bytes). Actual performance may vary depending on network conditions and activated services.
*2: VPN (AES) throughput measured using UDP traffic with 1,424 bytes packet size, based on RFC 2544.
*3: UTM (AV+IDP) throughput measured using industry standard Ixia IxLoad test tool against HTTP protocol with 1,460 bytes packet size. Testing done with multiple flows.
*4: With SEM-DUAL/SEM-VPN module
*5: With SEM-DUAL module
*6: Max sessions measured using industry standard Ixia IxLoad test tool.
Enterprise Security
ZyWALL Unified Security
Gateway Series
(20/50/100/200/300/1000/2000 Series)
Features
Accessories
Firewall
Anti-Virus (except USG 20/20W)
Networking
• ICSA-certified firewall
• Support Kaspersky and ZyXEL Anti-Virus
• Routing mode/bridge mode/mixed mode
• Routing and transparent (bridge) mode
• Stream-based Anti-Virus engine
• Layer 2 port grouping
• Zone-based access control list
• Zone base AV protection
• Ethernet/PPPoE
• Stateful packet inspection
• HTTP/FTP/SMTP/POP3/IMAP4 protocol support
• Tagged VLAN (802.1Q)
• NAT, PAT
• Automatic signature updates
• Virtual interface (alias interface)
• Policy base NAT
• No file size limitation
• Policy-based routing (user-aware)
• VLAN tagging
• Blacklist/whitelist support
• Policy-based NAT (SNAT)
• User-aware policy enforcement
Application Patrol
• DHCP client/server/relay
• ALG supports custom ports
• Application, IM/P2P, stream base media, VoIP
• Dynamic DNS support
granular access control
• ICSA-certified IPSec VPN
• Detail access control of IM (chat, file transfer,
video)
• Algorithm: AES/3DES/DES
• User authentication support
• Priority-bandwidth utilization
• Authentication: SHA-1/MD5
• IM/P2P signature auto update
• Perfect forward secrecy (DH groups) support
1, 2, 5
• Real-Time statistical reports
• Maximum/guaranteed bandwidth
Authentication
• Local user database
• Microsoft Windows active directory integrate
• Xauth over RADIUS for IPSec VPN
• PKI (X.509) certificate support
• Zone to zone protection
• Forced user authentication (transparent
• Centralize VPN support
• Transparently intercept mail via SMTP/POP3
• Simple wizard support
protocols
authentication)
• IP/MAC address binding
• Blacklist/whitelist support
• VPN HA (redundant remote VPN gateways)
• Support DNSBL checking
System Management
• Spam tag support
• Role-Based administration
• Statistics report
• Multiple administrator login
• Clientless secure remote access
• Multi-Lingual web GUI (HTTPS/HTTP)
High Availability
(except USG 50/20/20W)
• Out-of-band management (AUX)
• Unified policy enforcement
• Active-Passive mode
• Command line interface (console/web
• Supports two-factor authentication
• Device failure detection and notification
• Customizable user portal
• Support ICMP and TCP ping check
• SNMP v2c (MIB-II)
• Link monitoring
• System configuration rollback
Intrusion Detection and Prevention
(IDP)(except USG 20/20W)
• Auto-Sync configurations
• Firmware upgrade via FTP/FTP-TLS/web GUI
• Routing and transparent (bridge) mode
Content Filtering
• Support reverse proxy mode and full tunnel
mode
requires highest level of redundancy. Specialized in VPN
mighty VPN and UTM performance.
applications, the SEM-VPN accelerates VPN performance.
• SecuASIC CIP-3001 for UTM Acceleration (Anti- Virus
• Advanced VPN Crypto to Boost up VPN Performance
• Advanced VPN Crypto to Boost up VPN Performance
System Performance
*7
UTM Throughput (AV+IDP)
Max. IPSec VPN Tunnels
Max SSL VPN Users
400 Mbps
400 Mbps
400 Mbps
100 Mbps
2,000
2,000
750
750
Environmental Specifications
Operating Temperature
0°C to 40°C
0°C to 40°C
Storage Temperature
-30°C to 60°C
-30°C to 60°C
Operating Humidity
5% to 90% (non-condensing)
5% to 90% (non-condensing)
199.2 x 212 x 36.3
199.2 x 212 x 36.3
410
410
Physical Specifications
Dimensions,
(W) x (D) x (H) mm
• Auto reconnect VPN
SSL VPN
build up mighty VPN concentrator in central site while
full horse power of the ZyWALL USG 2000 platform with
*8
Anti-Spam
• Dead peer detection/relay detection
For customers in need of intensive VPN applications to
and UTM threat protections. The SEM-DUAL unleashes
VPN Throughput (AES)
• External LDAP/RADIUS user database
• IPSec NAT traversal
For customers require full security features both VPN
and IDP)
• Guaranteed bandwidth
• Maximum bandwidth
• Support more than 15 catalogs IM and P2P
Features
• Per host session limit
• Application and IM/P2P bandwidth control
SEM-VPN
Product Photo
• WAN Trunk more than 2 port
• PPTP, L2TP, IPSec
• Key management: Manual key/IKE
SEM-DUAL
Model
• Dynamic routing (RIP v1/v2, OSPF)
• SIP/H.323 NAT traversal
Virtual Private Network (VPN)
Security Extension Module (USG 2000 only)
Weight, g
Note:
*7: VPN (AES) HTTP protocol with 1,460 bytes packet size. Testing done with multiple flows.
*8: UTM (AV+IDP) throughput measured using industry standard Ixia IxLoad test tool against.
• Object-based configuration
Transceiver
console/SSH/TELNET)
Model Name
Max
Optical
Connector Wavelength Transmission
Budget
Distance
Laser Transmitter Characteristics
Receiver Characteristics
Maximum
Launch Power
Minimum
Launch Power
Optical Receiver
Sensibility
Maximum
Input Power
SFP-SX-D
LC
850 nm
550 m
7.5 dB
-4 dBm
-9.5 dBm
-17 dBm
-3 dBm
SFP-LX-10-D
LC
1310 nm
10 km
10.5 dB
-3 dBm
-9.5 dBm
-20 dBm
-3 dBm
Logging/Monitoring
SFP-LHX1310-40-D
LC
1310 nm
40 km
21 dB
+3 dBm
-2 dBm
-23 dBm
-3 dBm
• Zone-based IDP inspection
• Social networking control
• Comprehensive local logging
SFP-ZX-80-D
LC
1550 nm
80 km
24 dB
+5 dBm
0 dBm
-24 dBm
-3 dBm
• Customizable protection profile
• Web security—ZyXEL safe browsing
• Syslog (send to up to 4 servers)
• Protect over 2000 attack
• URL blocking, keyword blocking
• E-mail alert (send to up to 2 servers)
• Automatic signature updates
• Profile base setting
• Real-Time traffic monitoring
• Custom signatures
• Exempt list (blacklist and whitelist)
• Built-in daily report
• Protocol anomaly detection and protection
• Blocks java applet, cookies and active X
• Advanced reporting (Vantage Report)
• Traffic anomaly detection and protection
• Dynamic URL filtering database (powered by
• Centralized Network Management Vantage
• Flooding detection and protection
• DoS/DDoS protection
BlueCoat)
• Unlimited user licenses support
• Customize warning messages and redirect URL
(CNM) manageable
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertisement