■

Ultra-high performance and protection

■

Comprehensive support to IPv6

■

Supported various VPN solutions (IPSec/SSL/2TP)

- Zero-configuration remote access with EASY VPN

- Support L2TP VPN on mobile device (iPhone and Android phone)

■

ICSA Firewall, IPSec certification

■

Real-time, dynamic malware protection

■

High Availability (HA)

ZyWALL USG

300/1000/2000

Security on a New Level

-The Future Is Ahead. Stay Ahead with ZyXEL USGs.

Utilizing networks to access internal and external mission-critical applications are common, and important as well, for small and medium-sized businesses. As faster networks bring more convenience and efficiency, businesses are facing challenges from sophisticated attacks and even cybercrime that would cause interrupted communications, degraded performance and loss of valuable information; however traditional firewalls are not capable of protecting business from such network attacks.

The ZyWALL USG 300/1000/2000 Series are security platforms that offers ultra-high performance, deep packet inspection and all-in-one multi-threat protection not only to block the latest attack combinations including intrusion attempts, viruses, worms, phishing, spyware, spam and many other malware types effectively, but also to secure remote access among branch offices, partners and customers. The ZyWALL USG’s real-time threat detection and continuous update services provide the fastest response speed in the networking industry to deter the evolving security threats before the business is affected. The ZyWALL

USG 300/1000/2000 Series is ideal for small- and medium-size businesses to safeguard their network environments.

Benefits

Ultra-high performance and protection to secure business networks

The ZyWALL USG 300/1000/2000 Series delivers wire-speed performance and integrated threat management for wired networks. The USG Series provides firewall throughputs of from 350 Mbps to

2 Gbps that enables businesses to protect critical applications and networks without affecting availability or performance. In addition, the USG’s unique built-in clean-traffic architecture can prevent risks such as viruses, worms, Trojan Horses, spyware, phishing attacks and other emerging

Internet threats. In short, the architecture can assure clean and secure network environments for business users.

Comprehensive IPv6 support to ensure investment protection

The ZyWALL USG Series is IPv6-ready today and is certified with “IPv6 Ready” gold logo. With IPv6 feature enabled, the USG Series ensures businesses with a smooth migration path from the IPv4-based networks to the full IPv6 infrastructure. It assigns

IPv6 addresses to clients and passes the IPv6 traffics through the IPv4 environment.

The USG Series supports dual-stack and IPv4 tunneling (6rd and 6to4 transition tunnel) implementations for Internet connectivity to access IPv6 applications. The comprehensive IPv6 features built into the USG Series ensure not only future-ready connectivity but also investment protection for businesses.

ZyWALL USG

300/1000/2000

Various VPN solutions to simplify secure access

Establishing VPN tunnels is a good solution to provide a safe way to access necessary network resources remotely with any device anytime, anywhere.

However due to the complicated configuration, it could be quite difficult for non-technical employees such as sales people to use. The ZyWALL USG Series is equipped with the “EASY VPN” solution to push configuration files to the VPN clients automatically; this eliminates the configuration efforts while securing the access at the same time. In addition, the USG Series supports L2TP VPN technology on iPhones, Android phones and many other mobile devices as L2TP VPN enables employees in remote places to connect to the headquarters with easy and free access.

Real-time, dynamic malware protection to safeguard business networks

Web security powered by BlueCoat and Commtouch

With more valuable information being placed on the data cloud, impacts from the ever-growing cybercrime should be treated seriously. As modern malware become very sophisticated and difficult to repel, the ZyWALL USG’s content filter from Blue Coat and Commtouch, the leading solution provider, reduces costs and extends protection by integrating a comprehensive, continuously updated database featuring millions of URLs, IP addresses and domains. With the content filter, the USG Series not only enables real-time protection to deter emerging Web threats including malware, phishing and Zombies/bots, but also monitors or blocks certain sites to maintain employee productivity.

Email security powered by Commtouch

The ZyWALL USG Series delivers industry-leading protection, powered by Commtouch, against spam, phishing and virus-laden emails. The extremely high performance of Commtouch technology comes from the unique recurrent pattern detection (RPD) mechanism that possesses its superior capability through analyzing millions of new patterns each day (24x7x365) to block all the associated messages real-time. In addition, the ZyWALL USG applies sender-based IP reputation to remove over 80% of unwanted mails and to take advantage of the zero-hour virus outbreak protection feature, which is capable of blocking or delaying suspicious messages hours before commercial anti-virus signatures are available.

High Availability (HA) ensures non-stop business operations

Loss of mission-critical connection can cause serious, and sometimes disastrous, consequences to businesses. The ZyWALL USG 300/1000/2000 Series provides

HA features to guarantee a secure, reliable connection between the protected network and the Internet.

• Multiple WAN ports and configurable load balancing between ports.

• An auxiliary (backup) Internet connection known as out-of-band management.

• A backup ZyWALL in case the master ZyWALL fails (Device HA).

Key Applications

Unique clean-traffic architecture

The ZyWALL USG’s clean-traffic architecture protects against network risks like viruses, worms, Trojan Horses, spyware, phishing attacks and other emerging Internet threats. With the clean-traffic architecture, enterprises users are assured to have clean and secure network environments.

Traffic In

Network g

Defragment

Forwarding Engine

DNAT Routing SNAT BWM

Network

I/O Engine

Fragment

Threat

Database

Update

Traffic Out

Stateful Firewall

Anomaly Detection and Prevention

(PA/TA)

Application Classifier

Intrusion Detection and Prevention

Anti-Virus

Application Patrol

Content Filter

Anti-Spam

Clean

Traffic

2

EASY VPN — zero configuration remote access

When establishing VPN tunnels, it could be quite difficult for non-technical employees to use due to the complicated configuration.

The ZyWALL USG Series is equipped with the

“EASY VPN” solution to push configuration files to the VPN clients automatically; this eliminates the configuration efforts while securing the access at the same time.

Easy provisioning for ZyWALL IPSec VPN client

- USG automatically provides configuration file to the client.

Mobile User

IPSec

VPN Client

User

Client to Site

IPSec VPN

Internet

Configuration File

ZyWALL USG 30

CARD1 RESET CARD2 10/100/1000

USB AUX

CONSOLE

Branch

Site to Site

IPSec VPN

ZyWALL USG

Unified Security

Gateway

ZyWALL USG 3 00 CARD1 RESET CARD2 10/100/1000

USB AUX

CONSOLE

Branch

Email

Server

Server Farm

BI

System

File

Share

OA, ERP System

CRM System

Web-based

Application

Application Server

(Inventory, Store...)

Remote

Desktop

Network

Extend

Headquarters

P2P

IM

Virus

Content Filter stops malware and

Web threats

The ZyWALL USG Content Filter enables businesses to protect their users and networks from malware and abuse such as spyware, phishing attacks and inappropriate P2P or IM usage. It keeps office computers from getting infected by dangerous malware and comprehensively protects business network environments.

Phishing

Spyware

Granular control over social networking applications

Social networking applications such as Facebook,

Twitter and YouTube have become an Internet phenomenon allowing people to quickly connect and share information with each other.

However, social networking applications could eclipse business productivity considerably without flexible management. The ZyWALL USG

Series prevents the Internet connection from being abused to minimize bandwidth waste or human resource policy violations. The ZyWALL

USG Series provides granular control over the usage of social networking applications.

Without social network control

Low Productivity

3

With social network control

ZyWALL USG 30 PWR AUX

RESET CARD1 SYS CARD2 10/100 /1000

USB

AUX

CONSOLE

High Productivity

Specifications

Model

Product Photo

ZyWALL USG 300 ZyWALL USG 1000 ZyWALL USG 2000

Hardware Specifications

10/100/1000 Interfaces (Copper) 7 5 6

Dual Personality GbE (SFP/RJ45) - - 2

USB Ports 2 2

SEM Slot (Security Extension Module) - - 1

Card Slot 2 1

System Capacity & Performance

SPI Firewall Throughput

*1

(Mbps) 350 400 2,000

VPN Throughput (3DES) *2 (Mbps) 130 180 600 *5

UTM Throughput (AV+IDP)

*3

(Mbps) 80 100 400 *6

Unlimited User Licenses Yes Yes

Max. Sessions

*4

New Session Rate 1,500 12,000 20,000

Max. Concurrent IPSec VPN Tunnels 200 1,000 2,000

Max. Concurrent SSL VPN Users 25 250 *6

Included SSL VPN Users 2 5 5

Customizable Zone

IPv6 Support

Power Requirement

Input Voltage

Yes Yes Yes

Yes Yes Yes

100 - 240 V AC, 50/60 Hz, 0.55 - 0.3 A

35 W Max

100 - 240 V AC, 50/60 Hz, 1 A Max

80 W Max

100 - 240 V AC, 50 - 60 Hz, 3 - 6 A

200 W Max Power Rating

Physical Specifications

Item dimensions (WxDxH)(mm/in.)

430 x 201 x 42/

16.93 x 7.91 x 1.65

431 x 292 x 43.5/

16.97 x 11.50 x 1.71

430 x 487 x 89/

16.93 x 19.17 x 3.50

Item weight (kg/lb.) 2.8/6.17 10.5/23.15

Packing dimensions (WxDxH)(mm/in.)

539 x 184 x 321/

21.22 x 7.24 x 12.64

529 x 411 x 194/

20.83 x 16.18 x 7.64

607 x 551 x 295/

23.90 x 21.70 x 11.6

Packing weight (kg/lb.)

Environmental Specifications

Operating temperature

Storage temperature

Operating humidity

0°C to 40°C/32°F to 104°F

-30°C to 60°C/-22°F to 140°F

5% to 90% (Non-condensing)

0°C to 40°C/32°F to 104°F

-30°C to 60°C/-22°F to 140°F

5% to 90% (Non-condensing)

0°C to 40°C/32°F to 104°F

-30°C to 60°C/-22°F to 140°F

5% to 90% (Non-condensing)

Note:

*1: Testing Methodologies: Maximum performance based on RFC 2544 (UDP packets, 1,518 bytes).

*2: VPN (AES) throughput measured using UDP traffic with 1,424 bytes packet size, based on RFC 2544.

*3: UTM (AV+IDP) throughput measured using industry standard IXIA IxLoad test tool against HTTP protocol with 1,460 bytes packet size. Testing done with multiple flows.

*4: Max sessions measured using industry standard IXIA IxLoad test tool.

*5: With SEM-DUAL or SEM-VPN module

*6: With SEM-DUAL module

Features

Firewall

• ICSA-certified firewall

• Routing and transparent (bridge) mode

• Zone-based access control list

• Stateful packet inspection

• User-aware policy enforcement

• SIP/H.323 NAT traversal

• ALG supports custom ports

IPv6 Support

• IPv6 Ready gold logo certified

• Dual stack

• IPv4 tunneling (6rd and 6to4 transition tunnel)

• Host/Router/Firewall

Virtual Private Network (VPN)

• ICSA-certified IPSec VPN

• Algorithm: AES/3DES/DES

• Authentication: SHA-1/MD5

4

• Key management: Manual key/IKE

• Perfect forward secrecy (DH groups)

support 1, 2, 5

• IPSec NAT traversal

• Dead peer detection/relay detection

• PKI (X.509) certificate support

• Centralize VPN support

• Simple wizard support

• Auto reconnect VPN

• VPN HA (redundant remote VPN gateways)

ZyWALL USG

300/1000/2000

SSL VPN

• Clientless secure remote access

• Support reverse proxy mode and full tunnel

mode

• Unified policy enforcement

• Supports two-factor authentication

• Customizable user portal

Intrusion Detection and Prevention

(IDP)

*1

• Routing and transparent (bridge) mode

• Zone-based IDP inspection

• Customizable protection profile

• Protect over 2000 attack

• Automatic signature updates

• Custom signatures

• Protocol anomaly detection and protection

• Traffic anomaly detection and protection

• Flooding detection and protection

• DoS/DDoS protection

Anti-Virus

*2

• Support Kaspersky and ZyXEL Anti-Virus

• Stream-based Anti-Virus engine

• Zone base AV protection

• HTTP/FTP/SMTP/POP3/IMAP4 protocol support

• Automatic signature updates

• No file size limitation

• Blacklist/whitelist support

Application Patrol

*1

• Application, IM/P2P, stream base media, VoIP

granular access control

• Detail access control of IM (chat, file transfer,

video)

• Application and IM/P2P bandwidth control

• User authentication support

• IM/P2P signature auto update

• Support more than 15 catalogs IM and P2P

• Real-Time statistical reports

• Maximum/guaranteed bandwidth

Anti-Spam

• Zone to zone protection

• Transparently intercept mail via SMTP/POP3

protocols

• POP3/SMTP port configurable

• Sender-based IP Reputation Filter

• Commtouch RPD Query

• Zero-hour Virus Outbreak Protection

• X-Header Support

• Blacklist/whitelist support

• Support DNSBL checking

• Spam tag support

• Statistics report

High Availability

• Active-Passive mode

• Device failure detection and notification

• Support ICMP and TCP ping check

• Link monitoring

• Auto-Sync configurations

Content Filtering

*3

• Support BlueCoat and Commtouch

• Social networking control

• Web security—Security threat category

(powered by BlueCoat)

• URL blocking, keyword blocking

• Profile base setting

• Exempt list (blacklist and whitelist)

• Blocks java applet, cookies and active X

• Dynamic URL filtering database (powered by

BlueCoat and Commtouch)

• Unlimited user licenses support

• Customize warning messages and redirect URL

Networking

• Routing mode/bridge mode/mixed mode

• Layer 2 port grouping

• Ethernet/PPPoE

• NAT/PAT

• Tagged VLAN (802.1Q)

• Virtual interface (alias interface)

• Policy-based routing (user-aware)

• Policy-based NAT (SNAT)

• Dynamic routing (RIP v1/v2, OSPF)

• DHCP client/server/relay

• Dynamic DNS support

• WAN Trunk more than 2 port

• Per host session limit

• Guaranteed bandwidth

• Maximum bandwidth

• Priority-bandwidth utilization

Authentication

• Local user database

• Microsoft Windows active directory integrate

• External LDAP/RADIUS user database

• Xauth over RADIUS for IPSec VPN

• Forced user authentication (transparent

authentication)

• IP/MAC address binding

System Management

• Role-Based administration

• Multiple administrator login

• Multi-Lingual web GUI (HTTPS/HTTP)

• Object-based configuration

• Command line interface (console/web

console/SSH/TELNET)

• SNMP v2c (MIB-II)

• System configuration rollback

• Firmware upgrade via FTP/FTP-TLS/web GUI

Logging/Monitoring

• Comprehensive local logging

• Syslog (send to up to 4 servers)

• E-mail alert (send to up to 2 servers)

• Real-Time traffic monitoring

• Built-in daily report

• Advanced reporting (Vantage Report)

• Centralized Network Management (Vantage

CNM) manageable

Certification

• Safety

■ CSA International

• Emission (EMC)

■ FCC Part15 (Class A)

■ CE EMC (Class A)

Note:

*1: Available for USG 50/100/200 models with a ZyWALL Intrusion

Detection/Prevention(IDP) subscription.

*2: Available for USG 50/100/200 models with a ZyWALL Anti-Virus subscription.

*3: Available for all USG models with a ZyWALL Content Filtering subscription.

5

ZyWALL USG

300/1000/2000

Accessories

Security Extension Module (USG 2000)

Product Photo

Features

For customers requiring full security features of both

VPN and UTM threat protections, the SEM-DUAL unleashes the full VPN and UTM performance of the

ZyWALL USG 2000 platform.

• SecuASIC CIP-3001 for UTM acceleration (Anti-Virus and IDP)

• Advanced VPN Crypto to boost VPN performance

For customers requiring intensive VPN applications to build a mighty VPN concentrator in the central site and the highest level of redundancy, the specialized

SEM-VPN application greatly accelerates VPN performance.

• Advanced VPN Crypto to boost VPN performance

System Performance

VPN Throughput (AES)

*1

(Mbps)

UTM Throughput (AV+IDP)

*2

(Mbps)

Max. IPSec VPN Tunnels

Max SSL VPN Users

Physical Specifications

Dimensions (WxDxH)(mm/in.)

Weight (g/lb.)

Environmental Specifications

Operating temperature

Storage temperature

Operating humidity

600 600

400 100

2,000 2,000

750 750

199.2 x 212 x 36.3/7.84 x 8.35 x 1.43

0°C to 40°C/32°F to 104°F

-30°C to 60°C/-22°F to 140°F

5% to 90% (Non-condensing)

Note:

*1: VPN (AES) HTTP protocol with 1,460 bytes packet size. Testing done with multiple flows.

*2: UTM (AV+IDP) throughput measured using industry standard IXIA IxLoad test tool against.

199.2 x 212 x 36.3/7.84 x 8.35 x 1.43

410/0.91 410/0.91

0°C to 40°C/32°F to 104°F

-30°C to 60°C/-22°F to 140°F

5% to 90% (Non-condensing)

Transceiver

Model Name

SFP-SX-D

SFP-LX-10-D

SFP-LHX1310-40-D

SFP-ZX-80-D

Connector Wavelength

LC

LC

LC

LC

850 nm

1310 nm

1310 nm

1550 nm

Max

Transmission

Distance

550 m

10 km

40 km

80 km

Optical

Budget

7.5 dB

10.5 dB

21 dB

24 dB

Laser Transmitter Characteristics

Maximum

Launch Power

Minimum

Launch Power

-4 dBm

-3 dBm

+3 dBm

+5 dBm

-9.5 dBm

-9.5 dBm

-2 dBm

0 dBm

Receiver Characteristics

Optical Receiver

Sensibility

Maximum

Input Power

-17 dBm

-20 dBm

-23 dBm

-24 dBm

-3 dBm

-3 dBm

-3 dBm

-3 dBm

3G Card Support

Please visit http://www.zyxel.com/products_services/smb_security_appliances_and_services.shtml

and find the following path:

ZyWALL Unified Security Gateways USG product pages to see the 3G Card Compatibility List for supported USB devices.

F o r m o r e p r o d u c t i n f o r m a t i o n , v i s i t u s o n t h e w e b a t w w w . Z y X E L . c o m

Copyright © 2012 ZyXEL Communications Corp. All rights reserved. ZyXEL, ZyXEL logo are registered trademarks of

ZyXEL Communications Corp. All other brands, product names, or trademarks mentioned are the property of their respective owners. All specifications are subject to change without notice.

5-100-00811008 01/12