Zyxel USG1100 User Manual

ZyWALL USG1100/1900/2200

Unified Security Gateway

As a business grows, so does the scope of its network. New users and devices
connect at an ever-increasing rate. Add to this an array of applications, like
cloud-based services, and one begins to understand the challenge facing
today’s enterprises. It’s a continuous cycle — demand for high network
availability increases alongside the need for more Internet access, not to
mention additional user controls and improved security measures.

The ZyWALL USG Series is a line of UTM firewalls designed to meet this
challenge head-on with high availability, anti-malware protection, access
management, and consolidated policy enforcement for medium- to large­sized businesses and campuses. The Zyxel USG Series provides WAN and
VPN load balancing, failover to ensure nonstop business communications,
and our Hotspot Management solution for secure network connectivity with
easy access.

UTM Firewall for medium- and
large-sized businesses and
campuses

Anti-malware protection with
Anti-Virus, Anti-Spam, Content
Filtering 2.0, IDP, Application
Patrol and SSL inspection

Robust SSL, IPSec and L2TP
over IPSec VPN connectivity
and VPN High Availability (HA)

Express Mode with advanced
Cloud Query technology

Hotspot management is
supported

SecuReporter, cloud-based
intelligent analytics and
report service

Datasheet ZyWALL USG1100/1900/2200

COMMUNITY

BIZ FORUM

Benefits

Powerful, robust and always-online

ZyWALL USG Series delivers high-access quality to
help businesses satisfy the demand for always-online
communications. For internal deployments, the USG Series
provides active-passive High-Availability (HA) service
to support device or connection failover. With Device HA
Pro service, the ZyWALL USG Series also supports instant
failover, so connections are always maintained when a
failover event occurs.

For external deployments, the ZyWALL USG Series features
multi-WAN load balancing/failover and a comprehensive
mobile broadband USB modem support list for WAN
backup operations. The ZyWALL USG Series also supports
IPSec load balancing and failover, providing additional
resilience for mission-critical VPN failover with VTI Interface
deployments.

Engineered Express Mode. Uncompromising
performance.

ZyWALL USG series supports Express Mode with advanced
Cloud Query technology which has 30 billion of file ID in
Zyxel security cloud's database and constantly adapts new
malware data every minute via Threat Intelligence Machine
Learning. This innovative design improves the anti­malware detection efficiency, enables it to verify the file ID
within seconds to get the most optimal threat detection, so
that the ZyWALL USG series can gain higher throughput
performance.

Impregnable protection and optimization

ZyWALL USG Series thoroughly protects networks with
industry-leading firewall, Anti-Malware/Virus, Anti-Spam,
Content Filtering, IDP, and Application Patrol functionality.
Regulate unauthorized use of Web applications over your
network, such as Facebook, Google apps, and Netflix,
among others. Zyxel security measures are enhanced with
SSL Inspection, blocking threats hidden in SSL-encrypted
connections while facilitating deeper policy enforcement.
Furthermore, newly improved Content Filtering 2.0
enhances HTTPS Domain Filter, Browser SafeSearch, and
Geo IP Blocking for an array of security enhancements to
ensure clean Web connections.

Best TCO for access expansion

People expect network access regardless of time or
location. As a result, hotspots are in demand in an
ever-expanding assortment of locations. The ZyWALL
USG1100/1900/2200 integrated with Zyxel AP Controller
technology enables users to manage APs from a
centralized user interface. In addition, Zyxel Hotspot
Management delivers a unified solution for business
networks with user-friendly tools like Billing System, Walled
Garden, Multiple Authentication, 3rd Party Social Login
and User Agreement. With ZyWALL USG Series, businesses
can now deploy or expand a managed WiFi network with
minimal effort.

Enhanced visibility

SecuReporter is a cloud-based intelligent analytics and
report service with threat data collection and correlation
capabilities. USG is bundled with 1-year SecuReporter
service, giving 7 days of log retention and visual analytics.
SecuReporter provides multiple analytical perspectives
on overall Threat Trend, Spam Mail, Unsafe Website
Categories, Most Frequent Security Threat (Malware, IDP,
Spam) and user behaviors, delivering holistic visibility for

security professionals.

Swift and secure firmware upgrades

Locating firmware updates — not to mention identifying
correct versions for your device and managing their
installation — can be a complex and confusing ordeal. The
ZyWALL USG Series solves this with its new Cloud Helper
service. Cloud Helper provides a simple step to look for up­to-date firmware information. New firmware is immediately
made available upon release from our official database to
ensure its authenticity and reliability.

Zyxel One Network experience

Aiming for relieving our customers from repetitive
operations of deploying and managing a network, Zyxel
One Network is designed to simplify the configuration,
management, and troubleshooting, allowing our customers
to focus on the business priorities. Zyxel One Network
presents an easy-to-use tool, Zyxel One Network Utility
(ZON Utility), to realize speed network setup. Zyxel Smart
Connect allows Zyxel networking equipment to be aware
and recognize each other and further facilitating the
network maintenance via one-click remote functions
such as factory reset or power cycling. Zyxel One Network
redefines the network integration across multiple
networking products from switch to WiFi AP and to
Gateway.

Datasheet ZyWALL USG1100/1900/2200

2

ZyWALL USG Series Quick Finder

Model USG40

/40W

USG60
/60W

USG110 USG210 USG310 USG1100 USG1900 USG2200

Description SB SMB MB

Firewall

400 1,000 1,600 1,900 5,000 6,000 7,000 25,000

throughput
(Mbps)

Max.

50,000 100,000 150,000 200,000 500,000 1,000,000 1,000,000 1,500,000

concurrent
sessions

UTM

60 110 450 500 550 650 710 1,100

throughput
(AV and IDP,

*1

Mbps)

IDP throughput

95 150 590 660 900 1,000 1,200 2,000

(Mbps)

AV throughput
(Mbps)

*1

80 150 450 500 890 990 1,100 2,000

Amazon VPC*2Ye s Ye s Ye s Ye s Ye s Yes Ye s Ye s

Microsoft

Ye s Ye s Ye s Ye s Ye s Yes Ye s Ye s

Azure

Cloud CNM
SecuReporter

Hotspot
Management

Ye s Ye s Ye s Ye s Ye s Yes Ye s Ye s

*3

- Ye s Ye s Ye s Ye s Yes Ye s Ye s

*3

Device HA Pro - - Ye s Ye s Ye s Ye s Yes Ye s

*1: AV (with Express Mode) and IDP throughput measured using the industry standard HTTP performance test (1,460-byte HTTP packets). Testing done with

multiple flows.
*2: ZyWALL/USG still be able to support by CLIs
*3: With Zyxel service license to enable or extend the feature capacity

Services and Licenses

The ZyWALL USG1100/1900/2200 provides a complete feature set to perfectly fit different business requirements as well as
to enable the maximum performance and security with an all-in-one appliance. Comprehensive network modularity also
empowers IT professionals to customize the system to meet their individual needs.

Anti-Virus Anti-Spam Intrusion Detection

& Prevention

Application

Patrol

3Datasheet ZyWALL USG1100/1900/2200

SecuReporter AP Controller Hotspot

Management

Feature Highlights

Multi-WAN & Mobile broadband

The ZyWALL USG Series provides non-stop Internet uptime
with multi-WAN and mobile broadband support. Multi­WAN works with two or more Ethernet WAN connections
for active-active WAN load balancing or active-passive
failover. Comprehensive mobile broadband USB modems
are also supported for WAN backup.

Unified security policy

Unified security policy offers object-based management
and a unified configuration interface for firewall and all
security-related policies. Users can easily apply all policy
criteria to every UTM feature, reduce configuration time,
and get more streamlined policy management.

Cloud Helper

The Cloud Helper provides friendly firmware upgrades so
users don’t need to worry about how and where to receive
the latest firmware information and files. With just a few
steps to download and update the firmware directly, it’s
very convenient and time-efficient.

Zyxel One Network utility

The ZON utility features smart functions to assist network
management for administrators to perform batch
firmware upgrade for devices, remote reboot of devices
such as ceiling APs or redirect to device GUI for further
configuration with just a click. These troublesome but
necessary management tasks can now be easily done
through just one platform for WiFi APs, switches and
gateways.

SSL inspection

SSL inspection enables the ZyWALL USG Series to provide
not only comprehensive security, but also deeper policy
enforcement. It enables the USG’s Application Patrol , IDP,
Content Filtering 2.0 and Anti-Virus to inspect traffic in SSL
encrypted connections and block threats that usually go
unseen.

Robust VPN

Zyxel USGs support high-throughput IPSec, L2TP over IPSec
and SSL VPN for a wide range of site-to-client and site­to-site VPN deployments. Reinforced with the advanced
SHA-2 cryptographic , the Zyxel USGs provide the most
secure Policy-based and route-based VPN for business
communications.

Integrated WLAN controller

The integrated WLAN controller supports CAPWAP,
and enables centralized authentication and access
management of multiple APs in the network. The ZyWALL
USG1100/1900/2200 can manage 2 APs by default, and up
to 1,026 APs with license upgrade.

PCI-DSS compliance

The ZyWALL USG Series conforms to the Payment Card
Industry Data Security Standard (PCI DSS), which is a
global cardholder data security standard influential to a
very broad group of businesses. The PCI DSS Compliance
applies to all entities such as merchants, card issuers,
processors, and service providers involve in payment card
processing tasks like validation, transmission and storage
of cardholder data.

Security analytics and report

SecuReporter features a suite of analysis and reporting
tools, including network security threats identification
and visual analysis on security services statistics, security
events, application usage, website usage, and traffic
usage, and device health status. Users can also generate
customized reports on-demand and setup a daily, weekly,
or monthly schedule.

4Datasheet ZyWALL USG1100/1900/2200