SecuExtender
Zero Trust VPN Client
Benefits
Never Trust and Always Verify
Businesses from small to large all need to get ready for the growing demands
of an increasingly mobile workforce and distributed work site expansions. As to
protect your businesses from inside out, you need the right VPN service to apply
proper access control.
Four Perimeter Security Challenges, SecuExtender Can Help
• BYOD Security Risks
SecuExtender adapts Zero-Trust principle to help IT verify user’s identity,
enforcing admission control to increase security level.
• Administrative Overhead
Centralized provisioning from the cloud to reduce administrative overhead
when managing tens or hundreds of SecuExtender endpoints.
• Network Congestion
Mitigate the bottleneck, increase productivity by throttling the traffic bounded
for the office network.
• VPN Client Flexibility
Flexible VPN options, one license for multi-platforms and subscription-based
for easier access to new features.
Same Security Across Networks
VPN management consolidates and ensures the same network control and
security across multiple sites. We extend the working experience easily
and securely, as if you were in the office with the safety of both two-factor
authentication and tunnel protection. As to reinforce security for hybrid network,
we elevate SecuExtender as the Zero-Trust agent, integrated always-on IPSec
VPN, traffic shaping, IKEv2/EAP, supporting devices insight and more granular
control over remote workplaces.
Easy-to-use configuration
wizard and connection panel
Supports both Windows and
macOS operating systems
Supports all connection
types: dial-up, Ethernet, WFi
and 4G
Compatible with all ZyWALL
series firewalls
Simple to deploy with remote
VPN wizard
Datasheet SecuExtender
IPSec VPN Client
The new IPSec VPN Client subscription
The new time-based subscription*1 and perpetual licenses are available for IPSec VPN Client, enabling you to customize
for your business needs. The IPSec VPN Client supports your remote workforce, gives you peace of mind from access
anywhere outside the office. Whether you’re in office or home office, it is a security-conscious VPN service, providing one of
the best way to protect your privacy as you communicate over the Internet.
Ultra-secure Access to the Office Network Anywhere
The IPSec VPN Client is designed with an easy 3-step configuration wizard to help employees create remove VPN
connections quicker than ever. It also provides an easy scalability by storing a unique duplicable file of configuration and
parameters. The VPN configurations and security elements including pre-shared key, certificates, IKEv2 can be saved
on a USB disk in order to remove authentication information from the computer. Users can easily monitor their remote
applications and data as if they were in the office.
Secure remote access
• Ensure secure and reliable data transmission
• Support Two-factor Authentication (2FA) for strengthen protection*
• Added stronger key exchange (DH) group and algorithms
Enhanced usability
• Windows and macOS operating system supported
• Flexible subscription plan and easy to renew/purchase online
• Immediate access to all latest updates and future releases
Simple deployment
• Effective provisioning via VPN wizard with IKEv2 initiated
• Intuitive panel with 25 multilingual support
• Easy VPN configuration can be saved as a portable file
*1: The Windows version software must be activated with a license key from SecuExtender IPSec VPN Client
Subscription Service for Windows/macOS (1YR/3YR license). The software is not compatible with the license key
from legacy SecuExtender IPSec VPN Windows Client.
*2: Two-factor authentication works with ATP/USG FLEX/USG/VPN series
2
2Datasheet SecuExtender
SSL VPN Client
Access your company network remotely
Remote work is becoming the new normal, secured verification of devices and data is imperative. The SSL VPN Client is a
lite VPN software which is provided to set up secured connection without the common difficulties. The SSL VPN allows not
only you but also your employees to expand network access wherever you are travelling, mobile, or in homes. We keep your
data safeguarded at all times.
SSL VPN—Business internet access on the go
The SSL VPN keeps you connected securely and productive on the go. Their set of features fulfill the need to securely
access corporate resources over the internet regardless of the location.
Easy to use
• Deployment the SSL VPN is a simple and stress-free process, just download it, install it and you are good to connect
High compatibility
• Support for strong encryption options and secured authentication methods
• Super easy for mobile users to build connections from all kinds of environments
High scale flexibility
• For both small businesses and large corporations equipping their remote workforce, the SSL VPN Client represents an
efficient and affordable secured solution for projects of all sizes
3Datasheet SecuExtender
Remote Access Security Solutions
Operating with Zero Trust best practices across wired or wireless network infrastructures – wherever your employees:
headquater branch offices, on-the-go, or even working from home. Together we can help your business maintain
continuity and safety.
Secure Workplace Remote Access Solution Benefits
Working on the go
for teleworkers
SecuExtender Zero Trust VPN
Client
• Two-factor Authentication (2FA)
• Secure access with reliable IPSec/SSL VPN connectivity
• Easy installation and simple user experience
• Cost-effective, trusted service
Home offices Remote Access Point (RAP) • Two-factor Authentication (2FA)
• Layer 2 extension with synchronized security
• Simple provisioning
Remote location between
HQ & branch offices
ZyWALL ATP/USG FLEX Series
Firewalls
• Two-factor Authentication (2FA)
• Advanced protection with central management
• Secure encrypted tunnel
Application Diagram
Branch
Office
ZyWALL USG FLEX 200
USG FLEX Firewall
Gateway-to-gateway
IPsec VPN Tunnels
SecuExtender
IPSec VPN Client
Travelling
Employee
SecuExtender
SSL VPN Client
Travelling
Employee
IPSec VPN
SSL VPN
Headquarters
ZyWALL ATP800
ATP Firewall
L2TP over
IPSec VPN
Travelling
Employee
Remote
Desktop
BI
System
Secure Tunnel
WAX650S
WiFi 6 Access Point
Network
Extend
Web
Apps
DMZ Resources
Gateway-to-gateway
IPsec VPN Tunnels
In-house
Staff
Inventory
Server
OA, ERP,
CRM System
ZyWALL ATP500
ATP Firewall
File
Sharing
Email
Server
Partner
Office
4Datasheet SecuExtender
Specifications
IPSec VPN Client Subscription
Service (Time-based)*
System Specifications
• Windows 10 64-bit
• macOS 10.15 or above
Hardware Specifications
• 5M Bytes free disk space
Product Specifications
• Hash Algorithms
■
SHA2-HMAC 256-bit authenticationn
■
SHA2-HMAC 384-bit authentication
■
SHA2-HMAC 512-bit authentication
• Encryption
■
AES 128, 192, 256-bit encryption
■
AES GCM 128,192, 256-bit encryption
■
AES CTR 128, 192, 256-bit encryption
• Diffie Hellman Group Support
■
Group 14: MODP 2048
■
Group 15: MODP 3072
■
Group 16: MODP 4096
■
Group 17: MODP 6144
■
Group 18: MODP 8192
■
Group 19: ECP 256 (IKEv2 only)
■
Group 20: ECP 384 (IKEv2 only)
■
Group 21: ECP 512 (IKEv2 only)
• Authentication Mechanism
■
PSK (Pre-shared Key)
■
EAP (Login/Password)
■
PKI (X.509) Certificate
■
Certificate authentication methods:
- RSA Digital Signature [RFC 7296]
- ECDSA avec SHA-256 [RFC 4754]
- Digital Signature Authentication
RSA [RFC 7427]
■
X-Auth (IKEv1)
■
Hybrid: X-Auth + Certificate (IKEv1)
• Certificate Formats
■
PEM
■
PFX
■
PKC #12
• Key Management
■
ISAKMP (RFC2408)
■
IKE (RFC2409) & IPSec mode
■
IKEv2 (RFC7383)
■
ESP
• IKEv1 support
■
Mode Config
■
IP fragmentation
■
NAT-Traversal
■
Check gateway’s remote ID
■
Tunnel and transport modes
■
Auto mode (negotiation of
algorithms with gateway)
• IKEv2 support
■
Mode CP
■
IP fragmentation
■
NAT-Traversal
■
Childless IKE (RFC 6023)
■
IP fragmentation
■
Extended Sequence Number (ESC)
(RFC 4304)
• Endpoint Visibility
■
Collecting endpoint information
for admission control
- MAC address
- Inner IPv4 address
- Hostname
- Unique ID
- Zyxel client version
- OS type
- OS version
- System manufacturer
- System model
• Networking
■
NAT traversal (Draft 1, 2 & 3)
■
Dead Peer Detection (DPD)
■
Redundant gateway
• Connection Technologies
■
Dial-up modem
■
GPRS
■
Ethernet
■
WiFi
IPSec VPN Windows Client
(Perpetual)
System Specifications
• Windows 7 32/64-bit
• Windows 8 32/64-bit
• Windows 10 32/64-bit
Hardware Specifications
• 5M Bytes free disk space
Product Specifications
• Hash Algorithms
■
MD5-HMAC 128-bit authentication
■
SHA1-HMAC 160-bit authentication
■
SHA2-HMAC 256-bit authentication
■
SHA2-HMAC 512-bit authentication
• Encryption
■
DES CBC 56-bit encryption
■
3DES-CBC 168-bit encryption
■
AES 128, 192, 256-bit encryption
• Diffie Hellman Group Support
■
DES CBC 56-bit encryption
■
Group 1: MODP 768
■
Group 2: MODP 768
■
Group 5: MODP 1536
■
Group 14: MODP 2048
■
Group 15: MODP 3072
■
Group 16: MODP 4096
■
Group 17: MODP 6144
■
Group 18: MODP 8192
• Authentication Mechanism
■
PSK (Pre-shared Key)
■
EAP (Login/Password)
■
PKI (X.509) Certificate
■
X-Auth
• Key Management
■
ISAKMP (RFC2408)
■
IKE (RFC2409) & IPSec mode
■
IKEv2 (RFC7383)
■
ESP, tunnel, transport
■
Main mode, aggressive mode
■
Hybrid authentication method
• Certificate
■
PEM
■
PKCS #12
• Endpoint Visibility
■
Collecting endpoint information
for admission control
- MAC address
- Inner IPv4 address
- Hostname
- Unique ID
- Zyxel client version
- OS type
- OS version
- System manufacturer
- System model
• Networking
■
NAT traversal (Draft 1, 2 & 3)
■
Dead Peer Detection (DPD)
■
Redundant gateway
• Peer to Peer
■
Peer to peer connections
■
Accepts incoming IPSec tunnels
• Connection Technologies
■
Dial-up modem
■
GPRS
■
Ethernet
■
WiFi
SSL VPN Client
System Specifications
• Windows 7 32/64-bit
• Windows 8 32/64-bit
• Windows 10 32/64-bit
• MacOS 10.14 or above
Hardware Specifications
• 5M Bytes free disk space
*: The Windows version software must be
activated with a license key from SecuExtender
IPSec VPN Client Subscription Service for
Windows/macOS (1YR/3YR license). The software
is not compatible with the license key from
legacy SecuExtender IPSec VPN Windows Client.
Datasheet SecuExtender 5
For more product information, visit us on the web at www.zyxel.com
Copyright © 2021 Zyxel and/or its affiliates. All rights reserved.
All specifications are subject to change without notice.
Datasheet SecuExtender
17/09/21
Loading...