ZyWALL USG 300 - Unified Security Gateway for Small and Medium-Sized Businesses - ZyXEL Product & Solution
SEARCH
CONTACT US
WHERE TO BUY
SITE MAP
HOME
Your Location» GLOBAL
 

ZyWALL USG 300

Unified Security Gateway

Unified Security Gateway for Small and Medium-Sized Businesses

- All-new platform: "3rd" generation ZyWALL
- 22x faster than previous-generation ZyWALL firewalls
- New generation UTM solution
- Robust hybrid VPN (IPSec and SSL)
- Application firewall
- Web security (Security Web access): ZyXEL safe browsing
- Non-stop Internet access with multiple WAN and 3G backups
- ICSA firewall, IPSec certification
- Comprehensive report system
- Best-of-breed security solution
                                                                                          - Free Anti-spam service
                                                                                          - ZyXEL Security Distribution Network (ZSDN)
 
The ZyWALL USG (Unified Security Gateway) 300 is the "third generation" ZyWALL featuring an all-new platform. It provides the performance 22 times faster than the previous-generation ZyWALL firewalls, as well as a deep packet inspection security solution for small businesses to enterprises alike. It embodies a Stateful Packet Inspection (SPI) firewall, Anti-Virus, Intrusion Detection and Prevention (IDP), Content Filtering, Anti-Spam, and VPN (IPSec/SSL/L2TP) in one box. This multilayered security safeguards your organization's customer and company records, intellectual property, and critical resources from external and internal threats.
Product Finder
 
Secure connectivity
Given the prevalence and importance of information technology (IT) systems today and the nature and scale of both the opportunities and risks associated with significant deployments of new networking technologies, organizations are forced to evaluate solutions to build up a safer infrastructure to secure online transactions, in which involve exchange of valuable information. The infrastructure should be tailored to meet operation requirements for expanding remote sites as well as mobile teleworkers.

Proactive protection
Malicious virus, worm, exploits could cripple corporate networks and halt business transactions. In addition to severe financial loss, you also risk leakage of confidential information.
As mass-mailing software companies mushroom on the Internet, your network is bombarded with massive amounts of junk mails (spam). Without intelligent detection and proactive blocking, users have to go through the tedious and time-consuming task of sieving through the overflowing mailbox, and such scenario leads to serious productivity loss.
 
Policy compliance
With numerous file-sharing (P2P) and Instant Messaging (IM) applications, it is easier for company employees to share files and chat online during work hours. Rapid file sharing not only compromises network safety with the sharing of questionable files containing malicious viruses, but may also violate copyright issues and create legal hassles.

Network resilience
ISP links broken, hardware and software failure on the gateway, dead VPN tunnels—these are severe challenges IT staff face when designing the network infrastructure. In short, we need to take fault tolerance on the network path into consideration when build up a highly available network infrastructure for non-stop operations.
 
Manageability
With Vantage CNM (Centralized Network Management), users can achieve the follow objects:
  • Easy VPN management and diagnostic capability
  • Complete security policies and UTM management
  • Low TCO of massive deployment and device maintenance
  • Active monitoring, alerting and comprehensive graphic reports
The solution provides an efficient centralized management system for enterprises of any size to reduce operational costs regardless of the number of branch offices or remote locations.

Cost-effectiveness
With the adoption of ZyXEL's USG 300, the follow costs can be saved:
  • Device hardware maintenance fee: ZyXEL provides a one more year hardware warranty out of factory.
  • FreeSoftware upgrade: now ZyXEL provides free software upgrade for you to enjoy complete protection without additional expanse.
  
 

Firewall

  • ICSA-certified firewall
  • Routing and transparent (bridge) mode
  • Zone-based access control list
  • Stateful packet inspection
  • NAT, PAT
  • Policy base NAT
  • VLAN tagging
  • User-aware policy enforcement
  • SIP/H.323 NAT traversal
  • ALG supports custom ports

Virtual Private Network (VPN)

  • ICSA-certified IPSec VPN
  • PPTP, L2TP, IPSec
  • Algorithm: AES/3DES/DES
  • Authentication: SHA-1/MD5
  • Key management: Manual key/IKE
  • Perfect forward secrecy: (DH group) supprt 1, 2, 5
  • IPSec NAT traversal
  • Dead peer detection/relay detection
  • PKI (X.509) certificate support
  • Centralize VPN Support
  • Simple wizard support 
  • Auto reconnect VPN        

SSL VPN

  • Clientless secure remote access
  • Support reverse proxy mode and full tunnel mode 
  • Unified policy enforcement
  • Supports two-factor authentication
  • Customizable user portal

Intrusion Detection and Prevention(IDP)

  • Routing and transparent (bridge) mode
  • Zone-based IDP inspection
  • Customizable protection profile
  • Protect over 2000 attack
  • Automatic signature updates
  • Custom signatures
  • Protocol anomaly detection and protection
  • Traffic anomaly detection and protection
  • Flooding detection and protection
  • DoS/DDoS protection

Anti-Virus

  • Support Kaspersky and ZyXEL Anti-Virus
  • Stream-based Anti-Virus engine
  • Zone base AV protection
  • HTTP/FTP/SMTP/POP3/IMAP4 protocal support
  • Automatic signature updates
  • No file size limitation
  • Blacklist/whitelist support

Application Patrol

  • Application, IM/P2P, stream base media, VoIP granular access control
  • Detail access control of IM (Chat, file transfer, video)
  • Application and IP/P2P bandwidth control
  • User authentication support 
  • IM/P2P signature auto update
  • Support more than 15 catalogs IM and P2P 
  • Real-Time statistical reports
  • Maximum/guaranteed bandwidth

Anti-Spam

  • Zone to zone protection
  • Transparently intercept mail via SMTP/POP3 protocols
  • Blacklist/whitelist support
  • Support DNSBL checking
  • Spam tag support
  • Statistics report

High Availability

  • Active-Passive mode
  • Device failure detection and notification
  • Support ICMP and TCP ping check
  • Link monitoring
  • Auto-Sync configurations  
  • VPN HA (redundant remote VPN gateways)

Content Filtering

  • Web security: ZyXEL safe browsering
  • URL blocking, keyword blocking
  • Profile base setting
  • Exempt list (blacklist and whitelist)
  • Blocks java applet, cookies and active X
  • Dynamic URL filtering database (powered by BlueCoat)
  • Unlimited user licenses support
  • Customize warning messages and redirect URL

Networking

  • Routing mode/bridge mode/mixed mode
  • Layer 2 port grouping
  • Ethernet/PPPoE
  • Tagged VLAN (802.1Q)
  • Virtual interface (alias interface)
  • Policy-based routing (user-aware)
  • Policy-based NAT (SNAT) 
  • Dynamic routing(RIP v1/v2, OSPF) 
  • DHCP client/server/relay
  • Dynamic DNS support
  • WAN Trunk more than 2 port
  • Per host session limit
  • Guaranteed bandwidth
  • Maximum bandwidth 
  • Priority-bandwidth utilization

Authentication

  • Local user database
  • Microsoft Windows active directory integrate 
  • External LDAP/RADIUS user database
  • Xauth over RADIUS for IPSec IPV
  • Forced user authentication (transparent authentication)
  • IP/MAC address binding

System Management

  • Role-based administration
  • Multiple administrator login
  • Multi-Lingual Web GUI (HTTPS/HTTP)
  • Out-of-band management (AUX)
  • Object-based configuration
  • Command line interface (console/web console/SSH/TELNET)
  • SNMP v2c (MIB-II)
  • System configuration rollback
  • Firmware upgrade via FTP/FTP-TLS/Web GUI

Logging/Monitoring

  • Comprehensive local logging
  • Syslog (send to up to 4 servers)
  • E-mail alert (send to up to 2 servers)
  • Real-Time traffic monitoring
  • Built-in daily report
  • Advanced reporting (Vantage Report)
  • Centralized Network Management (Vantage CNM) manageable

System Performance

  • Firewall Throughput*1: 200 Mbps
  • VPN Throughput (AES)*2: 100 Mbps
  • UTM Throughput (AV+IDP)*3: 70 Mbps
  • Unlimited User Licenses
  • Max. Sessions*4: 60,000
  • Max. Concurrent IPSec VPN Tunnels: 200
  • Max. Concurrent SSL VPN Users: 25
  • Customizable Zone

Hardware Specifications

  • 10/100/1000 Interfaces (Copper): 7
  • USB ports: 2
  • Card Slot: 1 

Power Requirements

  • Input Voltage: 100 - 240 V AC, 50/60 Hz, 0.55 - 0.3 A Max
  • Power Rating: 35 W Max

Physical Specifications

  • Dimensions: 430 (W) x 201 (D) x 42 (H) mm
  • Weight: 2.8 kg

Environmental Specifications

  • Operating temperature: 0ºC to 50ºC
  • Storage temperature: -30ºC to 60ºC
  • Operating humidity: 20% to 90% (non-condensing)

 

Note:
*1: Testing Methodologies: Maximum performance based on RFC 2544 (UDP packets, 1,518 bytes). Actual performance may vary depending on network conditions and activated services.
*2: VPN (AES) throughput measured using UDP traffic with 1,424 bytes packet size, based on RFC 2544.
*3: UTM (AV+IDP) throughput measured using industry standard Ixia IxLoad test tool against HTTP protocol with 1,460 bytes packet size. Testing done with multiple flows.
*4: Max sessions measured using industry standard Ixia IxLoad test tool.
 
 

(For Open Source Announcements, please refer to the ZyWALL USG 300 User's
Guide. And to obtain the GPL open source code, please contact ZyXEL tech
support  support@zyxel.com.tw )

  
 








 
 

3G Card Compatibility List for ZyWALL USG Series:

 
Applied Firmware: 2.20
Final Update: 2010.03.25
 

By Card Vendor:

ZyXEL Model Vendor Model Version Form Factor Technology

USG 100

Huawei

E220

11.116.04.01.00

USB

HSDPA

E270

11.306.04.00.00

USB

HSUPA

E800

11.310.13.00.00

USB

HSDPA

E180

 

USB

HSPA

E169

 

USB

HSDPA

Sierra Wireless:

AC850

U1_2_40ACAP

PCMCIA

HSDPA

AC880

F1_0_0_2AP

PCMCIA

HSDPA

AC881

F1_0_0_2AP

PCMCIA

HSDPA

USG 200

Huawei

E220

11.116.04.01.00

USB

HSDPA

E270

11.306.04.00.00

USB

HSUPA

E800

11.310.13.00.00

USB

HSDPA

E180

 

USB

HSPA

E169

 

USB

HSDPA

Sierra Wireless:

AC850

U1_2_40ACAP

PCMCIA

HSDPA

AC880

F1_0_0_2AP

PCMCIA

HSDPA

AC881

F1_0_0_2AP

PCMCIA

HSDPA

USG 300

Huawei

E220

11.116.04.01.00

USB

HSDPA

E270

11.306.04.00.00

USB

HSUPA

E800

11.310.13.00.00

USB

HSDPA

E180

 

USB

HSPA

E169

 

USB

HSDPA

Sierra Wireless:

AC850

U1_2_40ACAP

PCMCIA

HSDPA

AC880

F1_0_0_2AP

PCMCIA

HSDPA

AC881

F1_0_0_2AP

PCMCIA

HSDPA

USG 1000

Huawei

E220

11.116.04.01.00

USB

HSDPA

E270

11.306.04.00.00

USB

HSUPA

E800

11.310.13.00.00

USB

HSDPA

E180

 

USB

HSPA

E169

 

USB

HSDPA

Sierra Wireless:

AC850

U1_2_40ACAP

PCMCIA

HSDPA

AC880

F1_0_0_2AP

PCMCIA

HSDPA

AC881

F1_0_0_2AP

PCMCIA

HSDPA

USG 2000

Huawei

E220

11.116.04.01.00

USB

HSDPA

E270

11.306.04.00.00

USB

HSUPA

E800

11.310.13.00.00

USB

HSDPA

E180

 

USB

HSPA

E169

 

USB

HSDPA

Sierra Wireless:

AC850

U1_2_40ACAP

PCMCIA

HSDPA

AC880

F1_0_0_2AP

PCMCIA

HSDPA

AC881

F1_0_0_2AP

PCMCIA

HSDPA

  
GO TOP