Transcription
Secure and Always Online Networking forSmall- to Medium-sized Businesses High-performance, high-valueNext Generation Firewall (NGFW)for small and medium-sizedbusinessesMore and more people are relying on smart devices and cloud-based applications for business Anti-malware protectionwith firewall, anti-virus, antispam, content filtering, IDP,next-generation applicationintelligence and SSL inspectionother Web applications, SMBs risk losing work productivity and exposing company networks to Robust SSL, IPSec and L2TP overIPSec VPN connectivity and VPNhigh availability (HA) Built-in WLAN controller forcentralized AP management andeffortless WLAN scalability of upto 18 APs Comprehensive mobilebroadband USB modemcompatibility and multi-WANload-balancing, failover and fallback supportcommunications. This means that high network availability is critical for business continuity, moreWi-Fi is demanded in the workplace, and traditional regulatory measures for application usageare obsolete. Without an effective solution to control, optimize and block social, productivity andnew Web threats.The new ZyXEL USG Advanced Series are Next Generation Firewalls(NGFW) designed to meet the mobility, anti-malware and policyenforcement challenges in SMBs. The integrated WLAN controlleroffers easy WLAN scalability for the growing demand for Wi-Fi;while WAN and VPN load balancing and failover ensures nonstop business communications. ZyXEL USGs offer industryleading anti-virus, anti-spam, content filtering and applicationintelligence technology for effective application optimization andcomprehensive network protection.BenefitsAlways onlineThe ZyXEL USG Advanced Series offers SMBs high network availability for always online communications.It features multi-WAN load balancing and failover, and a comprehensive mobile broadband USB modemsupport list for WAN backup. On top of that, the Series supports IPSec load balancing and failover toprovide added resiliency for the most mission-critical VPN deployments.Protection and optimizationThe ZyXEL USG Advanced Series provides extensive anti-malware protection and effective control ofWeb applications—like Facebook, Google Apps and Netflix—with industry-leading firewall, anti-virus,anti-spam, content filtering, IDP and application intelligence. These security measures are enhanced withSSL inspection, which helps block threats that are hidden in SSL encrypted connections and facilitatesdeeper policy enforcement.USG310/210/110Unified Security Gateway—Advanced Series
USG310/210/110Unified Security Gateway—Advanced SeriesStreamlined managementUnified security policy streamlines the configuration of firewall and every security feature to offer faster, easier and more consistent policy management.From a single interface, users can apply all policy criteria to every UTM feature with reduced complexity. The integrated WLAN controller also enablesusers to management up to 18 APs from a centralized user interface.More Wi-FiAddressing the trend of BYOD, the ZyXEL USG Advanced Series helps SMBs satisfy the Wi-Fi demand for an exploding amount of smart devices. The Seriesis integrated with a WLAN controller that enables businesses to easily scale up the WLAN and provide Wi-Fi in multiple areas like meeting rooms and guestreception areas.Model ListUSG310Unified Security GatewayUSG210Unified Security Gateway 8 x GbE RJ-45, 2 x USB (multi-WAN & mobile broadband) 5,000 Mbps firewall throughput 650 Mbps VPN throughput 450 Mbps IDP throughput 400 Mbps AV throughput 400 Mbps AV and IDP throughput 7 x GbE RJ-45, 2 x USB (multi-WAN & mobile broadband) 1,900 Mbps firewall throughput 500 Mbps VPN throughput 350 Mbps IDP throughput 300 Mbps AV throughput 300 Mbps AV and IDP throughputUSG110Unified Security Gateway 7 x GbE RJ-45, 2 x USB (multi-WAN & mobile broadband) 1,600 Mbps firewall throughput 400 Mbps VPN throughput 300 Mbps IDP throughput 250 Mbps AV throughput 250 Mbps AV and IDP throughput2
USG310/210/110Unified Security Gateway—Advanced SeriesFeature IntroductionMulti-WAN & Mobile BroadbandRobust VPNThe ZyXEL USG Advanced Series provides non-stopZyXEL USGs support high-throughput IPSec, L2TP overInternet uptime with multi-WAN and mobile broadbandIPSec and SSL VPN for a wide range of site-to-clientsupport. Multi-WAN works with two or more Ethernetand site-to-site VPN deployments. Reinforced with theWAN connections for active-active WAN load balancingadvanced SHA-2 encryption, the ZyXEL USGs provide theor active-passive failover. Comprehensive mobilemost secure VPN for business communications.broadband USB modems are also supported for WANbackup.VPN High Availability (HA)Integrated WLAN ControllerZyXEL USGs feature VPN HA to satisfy the demands ofThe integrated WLAN controller supports CAPWAP,the most mission-critical VPN deployments. Supportingand enables centralized authentication and accessadvanced GRE over IPSec technology, users can deploymanagement of multiple APs in the network. The ZyXELtwo IPSec VPN tunnels for active-active VPN loadUSG Advanced Series can manage 2 APs by default, andbalancing or active-passive failover.up to 18 APs with license upgrade.Unified Security PolicyApplication IntelligenceUnified security policy offers object-based managementZyXEL’s USG Advanced Series can identify, categorizeand a unified configuration interface for firewall and alland control over 3,000 social, gaming, productivity, andsecurity-related policies. Users can easily apply all policyother Web applications and behaviors. Users can prioritizecriteria to every UTM feature, reduce configuration time,productive applications, throttle acceptable ones, andand get more streamlined policy management.block unproductive applications to boost productivityand prevent bandwidth abuse.Anti-VirusSSL InspectionPowered by Kaspersky SafeStream II gateway anti-virus,SSL inspection enables the ZyXEL Advanced Series toZyXEL USGs provide comprehensive and real-timeprovide not only comprehensive security, but also deeperprotection against malware threats before they enter thepolicy enforcement. It enables the USG’s applicationnetwork. ZyXEL USGs can identify and block over 650,000intelligence, IDP, content filtering and anti-virus to inspectviruses right at the gate and provide high-speed scanningtraffic in SSL encrypted connections and block threatswith stream-based virus scanning technology.that usually go unseen.Anti-SpamContent FilteringWith a cloud-based IP reputation system, ZyXEL anti-ZyXEL content filtering helps screen access to websitesspam can deliver accurate, zero-hour spam outbreakthat are not business related or malicious. With a massive,protection by analyzing up-to-the-minute sendercloud-based database of over 140 billion URLs that arereputation data from highly diverse traffic sources. Itcontinuously analyzed and tracked, ZyXEL provides highlycan detect spam outbreaks in the first few minutes ofaccurate, broad and instant protection against maliciousemergence regardless of spam language or format.Web content.3
USG310/210/110Unified Security Gateway—Advanced SeriesApplication DiagramAnti-malware protection andapplication optimization Enabling anti-virus, anti-spam andNon-productiveWeb verFileSharingRemoteDesktopBISystemNetwork s CRM System Serverintrusion prevention, businessnetworks gain deep, extensiveprotection against all types ofNon-productiveWeb applicationsmalware threats Content filtering enables businessesmalicious or not business-relatednot only enable businesses to MZ ResourcesBISystemIntrusionAnti-VirusApplication IntelligencePrevention& OptimizationContentAnti-SpamFilteringto deny access to Websites that are Application intelligence technologyAnti-VirusOA, ERP,CRM SystemEmailServerDMZ ResourcesApplication Intelligence& OptimizationInternetWebAppsProductive Web applicationsProductive Web applicationsor throttle non-productive Webapplications, but also optimizeUnified Security GatewayInternetSPAMWeb applications that increaseproductivityUnified Security GatewaySPAMViruses, intrusions,malicious Websites,email spamWorkgroupViruses, intrusions,malicious Websites,email spamWorkgroupVPN application Branch offices, partners and homeusers can deploy ZyXEL USGs forMicrosoftAzuresite-to-site IPSec VPN connections Branch offices can additionallyBranchMicrosoftOffice Azuredeploy IPSec VPN HA (loadbalancing and failover) for alwaysonline VPN connectivity Remote users can securely accesscompany resources with theircomputers or smartphones via SSL,IPSec and L2TP over IPSec VPNUSG110Unified SecurityGatewayIPSec VPNBranchOfficeIPSec VPNUSG110Unified SecurityIPSec VPN HAGatewayUSG1900Unified ktopBISystemNetwork s CRM System ServerUSG1900Unified SecurityGatewayaccess to a variety of cloud-basedapplicationsWebOA, ERP,CRM SystemIPSec VPNTravelingEmployeeIPSec VPNPartnerOfficeIPSec VPNPartnerOfficeIPSec VPNUSG1100Unified SecurityGatewayIPSec VPNUSG1100HomeUnified SecurityUserGatewaySSL VPNIPSec VPNL2TP overIPSec VPNTravelingEmployeeSSL oyeeTravelingEmployee4EmailServerDMZ ResourcesHeadquartersIPSec VPN HAwith Microsoft Azure for securedFileSharingDMZ ResourcesBISystemAppsHeadquarters The headquarter USG can alsoestablish an IPSec VPN connectionInventoryServerL2TP over USG40WIPSec VPN Unified SecurityGatewayUSG40WUnified SecurityGatewayHomeUser
USG310/210/110Unified Security Gateway—Advanced SeriesSpecificationsModelUSG310USG210USG1108 (configurable)4 x LAN/DMZ, 2 x WAN, 1 x OPT4 x LAN/DMZ, 2 x WAN, 1 x OPT222Yes (DB9)Yes (DB9)Yes (DB9)YesYesYesHardware Specifications10/100/1000 Mbps RJ-45 portsUSB portsConsole portRack-mountableSystem Capacity & Performance*1SPI firewall throughput (Mbps)*25,0001,9001,600VPN throughput (Mbps)*3650500400IDP throughput (Mbps)*4450350300AV throughput (Mbps)*4400300250UTM throughput (AV and IDP)*4400300250Unlimited user licensesYesYesYes100,00080,00060,000Max. TCP concurrent sessions*5New TCP session rate12,0003,5003,500Max. UTM (AV & IDP) concurrent sessions*5100,00080,00060,000Max. concurrent IPsec VPN tunnels300200100Max. concurrent SSL VPN users1055025Included SSL VPN user no.25105Customizable zonesYesYesYesIPv6 supportYesYesYesVLAN interface643216WLAN ManagementAP Controller (APC) ver.Managed AP number (default/max.)1.01.01.02/182/182/18Key Software FeaturesVirtual Private Network (VPN)Yes (IPSec, SSL, L2TP over IPSec)Yes (IPSec, SSL, L2TP over IPSec)Yes (IPSec, SSL, L2TP over IPSec)FirewallYesYesYesAnti-Virus (AV)YesYesYesAnti-spamYesYesYesContent Filtering (CF)YesYesYesApplication intelligence and optimizationYesYesYesIntrusion Detection and Prevention (IDP)YesYesYesSSL inspectionYesYesYesSingle Sign-On (SSO)YesYesYes100 - 240 V AC, 50/60 Hz, 1.3 A max.12 V DC, 3.33 A max.12 V DC, 3.33 A max.58.537.037.0560,811.5787,109.3787,109.3430 x 250 x 44/16.93 x 9.84 x 1.73300 x 178 x 44/11.81 x 7 x 1.73300 x 178 x 44/11.81 x 7 x 1.733.3/7.282/4.42/4.4Power RequirementsPower inputMax. power consumption (watt)OthersMTBF (hr)Physical SpecificationsItem dimensions (WxDxH)(mm/in.)Item weight (kg/lb.)*1: Actual performance may vary depending on network conditions and activated applications.*2: Maximum throughput based on RFC 2544 (1,518-byte UDP packets).*3: VPN throughput measured based on RFC 2544 (1,424-byte UDP packets).*4: AV and IDP throughput measured using the industry standard HTTP performance test (1,460-byte HTTP packets). Testing done with multiple flows.*5: Maximum sessions measured using the industry standard IXIA IxLoad testing tool.5
USG310/210/110Unified Security Gateway—Advanced SeriesFeatures SetSoftware Features L2TP over IPSec Blacklist and whitelist supportFirewall GRE and GRE over IPSec Blocks java applets, cookies and ActiveX ICSA-certified firewall (certification in NAT over IPSec Dynamic, cloud-based URL filtering database ZyXEL VPN client provisioning Unlimited user license support Routing and transparent (bridge) modesSSL VPN Customizable warning messages and Stateful packet inspection Supports Windows and Mac OS Xprogress)redirection URL User-aware policy enforcement Supports full tunnel mode SSL (HTTPS) inspection support SIP/H.323 NAT traversal Supports 2-step authenticationUnified Security Policy ALG support for customized ports Customizable user portal Unified policy management interfaceIntrusion Detection and Prevention (IDP) Supported UTM features: anti-virus, anti- Protocol anomaly detection and protection Traffic anomaly detection and protection Flooding detection and protection DoS/DDoS protection Routing and transparent (bridge) mode Signature-based and behavior-basedscanningIPv6 Support Automatic signature updates IPv6 Ready gold logo (certification in Customizable protection profileprogress) Dual stack IPv4 tunneling (6rd and 6to4 transitiontunnel) IPv6 addressing DNS DHCPv6 Bridge VLAN PPPoE Static routing Policy routing Session control Firewall and ADP IPSec VPN Intrusion Detection and Prevention (IDP) Application intelligence and optimization Content filtering Anti-virus, anti-malware Anti-spamIPSec VPN ICSA-certified IPSec VPN (certification inprogress) Encryption: AES (256-bit), 3DES and DES Authentication: SHA-2 (512-bit), SHA-1 andMD5 Key management: manual key, IKEv1 andIKEv2 with EAP Perfect forward secrecy (DH groups) support1, 2, 5 IPSec NAT traversal Dead peer detection and relay detection PKI (X.509) certificate support VPN concentrator Simple wizard support VPN auto-reconnection VPN High Availability (HA): load-balancingand failover Customized signatures supportedspam, IDP, content filtering, applicationintelligence, firewall (ACL) 3-tier configuration: object-based, profilebased, policy-based Policy criteria: zone, source and destination IPaddress, user, time SSL (HTTPS) inspection supportWLAN ManagementApplication Intelligence and Optimization ZyXEL AP Controller (APC) 1.0 compliant Granular control over the most importantapplications Identifies and controls over 3,000 applicationsand behaviors Supports over 15 application categories Application bandwidth management Supports user authentication Real-time statistics and reports SSL (HTTPS) inspection support Client RSSI threshold to prevent sticky clients IEEE 802.1x authentication Wireless Layer 2 isolation Captive portal Web authentication Customizable captive portal page Dynamic guest accounts RADIUS authentication Wi-Fi Multimedia (WMM) wireless QoS CAPWAP discovery protocolAnti-Virus ZyXEL Wireless Optimizer (ZWO) AP planning Supports Kaspersky anti-virus signaturesMobile Broadband Identifies and blocks over 650,000 viruses WAN connection failover via 3G and 4G* USB Stream-based anti-virus engine HTTP, FTP, SMTP, POP3 and IMAP4 protocolsupportmodems Auto fallback when primary WAN recovers* 4G USB modem support available in future firmware upgrades Automatic signature updates No file size limitation SSL (HTTPS) inspection supportNetworking Routing mode, bridge mode and hybridmodeAnti-Spam Ethernet and PPPoE Transparent mail interception via SMTP and NAT and PATPOP3 protocols VLAN tagging (802.1Q) Configurable POP3 and SMTP ports Virtual interface (alias interface) Sender-based IP reputation filter Policy-based routing (user-aware) Recurrent Pattern Detection (RPD) technology Policy-based NAT (SNAT) Zero-hour virus outbreak protection Dynamic routing (RIPv1/v2 and OSPF) X-Header support DHCP client/server/relay Blacklist and whitelist support Dynamic DNS support Supports DNSBL checking WAN trunk for more than 2 ports Spam tag support Per host session limit Statistics report Guaranteed bandwidthContent Filtering Maximum bandwidth Priority-bandwidth utilization Social media filtering Malicious Website filtering URL blocking and keyword blocking6
USG310/210/110Unified Security Gateway—Advanced SeriesAuthenticationDevice High Availability (HA) System configuration rollback Local user database Active-passive failover mode Firmware upgrade via FTP, FTP-TLS and Web Microsoft Windows Active Directory Device failure detection and notificationintegrationGUI Supports ICMP and TCP ping check Dual firmware images External LDAP/RADIUS user database Link monitoring XAUTH, IKEv2 with EAP VPN authentication Configuration auto-syncLogging and Monitoring Web-based authenticationSystem Management Syslog (to up to 4 servers) Role-based administration Email alerts (to up to 2 servers) Multiple administrator logins Real-time traffic monitoring Multi-lingual Web GUI (HTTPS and HTTP) Built-in daily report Command line interface (console, Web Advanced reporting with Vantage Report Forced user authentication (transparentauthentication) IP-MAC address binding SSO (Single Sign-On) support Comprehensive local loggingconsole, SSH and TELNET) SNMP v2c (MIB-II)LicensesSecurityKaspersky Anti-VirusApplication Intelligence& IDPContent FilteringAnti-SpamUSG3101 year2 years1 year2 years1 year2 years1 year2 yearsUSG2101 year2 years1 year2 years1 year2 years1 year2 yearsUSG1101 year2 years1 year2 years1 year2 years1 year2 yearsModelNotes:1. ZyXEL USGs can be purchased with 13-month bundled licenses (anti-virus, anti-spam and content filtering), which include a 1-month trial.2. Licenses can be easily activated, renewed and managed at myZyXEL.com (www.myzyxel.com)3. License bundles may vary according to region. Please contact your local sales representative for more information.VPN, Management and ReportingModelSSL VPNManaged APsIPSec VPN ClientVantage ReportUSG310Add 10 tunnelsAdd 8 APsUSG210Add 10 tunnelsAdd 8 APsUSG110Add 10 tunnelsAdd 8 APsFor 1 clientFor 5 clientsFor 10 clientsFor 50 clientsFor 1 deviceFor 5 devicesFor 25 devicesFor 100 devicesAccess Point Compatibility ListNWA3000-N SeriesNWA5000 SeriesNWA5120 SeriesUnified Pro Access PointManaged Access PointUnified Access WA5550-NNWA5121-NINWA5121-NNWA5123-NICentral managementYesYesYesAuto provisioningYesYesYesLocal bridgeLocal bridgeLocal bridgeSeriesModelFunctionsData forwarding7
Fo r m o re p ro d u c t i n fo r m at i o n , v i s i t u s o n t h e we b at w w w. Zy X E L . co mCopyright 2014 ZyXEL Communications Corp. All rights reserved. ZyXEL, ZyXEL logo are registered trademarksof ZyXEL Communications Corp. All other brands, product names, or trademarks mentioned are the property oftheir respective owners. All specifications are subject to change without notice.5-100-0081400105/14
The integrated WLAN controller offers easy WLAN scalability for the growing demand for Wi-Fi; while WAN and VPN load balancing and failover ensures non-stop business communications. ZyXEL USGs offer industry-leading anti-virus, anti-spam, content filtering and application intelligence technology for effective application optimization and
