Zyxel ZyWALL USG 2, ZyWALL USG 20W, ZyWALL USG50, ZyWALL USG 300, ZyWALL USG1000 user manual

Security Licenses

ZyWALL USG 20/

ZyWALL USG 20/
20W/50/100/200/

20W/50/100/200/
300/1000/2000

300/1000/2000

Unified Security Gateway

Unified Security Gateway

Product Duration
Anti-Virus Anti-Virus Filter

USG 2000

2 years Yes Yes Yes Yes

USG 1000

2 years Yes Yes Yes Yes

USG 300

2 years Yes Yes Yes Yes

USG 200

2 years Yes Yes Yes Yes

USG 100

2 years Yes Yes Yes Yes

USG 50

2 years Yes Yes Yes Yes

USG 20

2 years - - - Yes

USG 20W

2 years - - - Yes

Product SSL VPN IPSec VPN Client

5 to 50 SSL Tunnels

5 to 250 SSL Tunnels

USG 2000

50 to 250 SSL Tunnels

50 to 750 SSL Tunnels

250 to 750 SSL Tunnels

5 to 25 SSL Tunnels

5 to 50 SSL Tunnels

USG 1000

25 to 50 SSL Tunnels

25 to 250 SSL Tunnels

50 to 250 SSL Tunnels

2 to 10 SSL Tunnels

USG 300 2 to 25 SSL Tunnels

10 to 25 SSL Tunnels

USG 200 2 to 10 SSL Tunnels

USG 100 2 to 5 SSL Tunnels

USG 50 2 to 5 SSL Tunnels

USG 20 -

USG 20W -

1 year Yes Yes Yes Yes

1 year Yes Yes Yes Yes

1 year Yes Yes Yes Yes

1 year Yes Yes Yes Yes

1 year Yes Yes Yes Yes

1 year Yes Yes Yes Yes

1 year - - - Yes

1 year - - - Yes

5 to 750 SSL Tunnels

5 to 250 SSL Tunnels

ZyXEL Kaspersky

For Client PC’s

Software client 1 license

Software client 5 licenses

Software client 10 licenses

Software client 50 licenses

Content

IDP

3G Card Support

Vantage CNM Vantage Report

All ZyWALL models support:

10 nodes

25 nodes

50 nodes

100 nodes

300 nodes

1000 nodes

All ZyWALL models support:

1 device

5 devices

25 devices

100 devices

■

All-new platform: “3rd”

generation ZyWALL

■

USG clean-traffic architecture

■

New generation UTM solution

(except USG 20/20W)

■

Robust hybrid VPN (IPSec and

SSL)

■

Content filter stops malware

and Web threats

■

Application Firewall (except

USG 20/20W)

■

Granular control over social

networking applications

■

Non-stop Internet access with

multiple WAN and 3G backups

■

ICSA Firewall, IPSec

certification

■

Comprehensive report system

■

ZyXEL Security Distribution

Network (ZSDN)

Unified Security Gateway for Small
and Medium-sized Companies

The ZyWALL USG (Unified Security Gateway) Series is the “third generation” ZyWALL featuring

an all-new platform. It provides greater performance protection, as well as a deep packet

inspection security solution for small businesses to enterprises alike. It embodies a Stateful

Packet Inspection (SPI) Firewall, Anti-Virus (AV), Intrusion Detection and Prevention (IDP),

Content Filtering, Anti-Spam, and VPN (IPSec/SSL/L2TP) in one box. This multilayered security

safeguards your organization’s customer and company records, intellectual property, and

critical resources from external and internal threats.

Benefits

Secure connectivity

Given the prevalence and importance of information technology (IT) systems today and the nature
and scale of both the opportunities and risks associated with significant deployments of new
networking technologies, organizations are forced to evaluate solutions to build up a safer
infrastructure to secure online transactions, in which involve exchange of valuable information. The
infrastructure should be tailored to meet operation requirements for expanding remote sites as well
as mobile teleworkers.

Proactive protection

The evolving Web environment not only makes managing appropriate surfing and bandwidth use
more difficult, but also introduces new security threats for the filtering functionality to pinpoint on.
The ZyWALL USG Content Filter leverages the next-generation Web filtering technology by
combining URL filtering and anti-malware technologies into a collaborative cloud defense
architecture powered by BlueCoat, which is capable of protecting user productivity while blocking
malware downloads and Web threats.

Policy compliance

With numerous file-sharing (P2P) and Instant Messaging (IM) applications, it is easier for company
employees to share files and chat online during work hours. Rapid file sharing not only compromises
network safety with the sharing of questionable files containing malicious viruses, but may also
violate copyright issues and create legal hassles.

Please visit http://www.zyxel.com/products_services/smb_security.shtml and find the following path:

ZyWALL Unified Security Gateways USG product pages to see the 3G Card Compatibility List for supported USB devices.

For more product information, visit us on the web at www.ZyXEL.com

Copyright © 2011 ZyXEL Communications Corp. All rights reserved. ZyXEL, ZyXEL logo are registered trademarks of
ZyXEL Communications Corp. All other brands, product names, or trademarks mentioned are the property of their
respective owners. All specifications are subject to change without notice.

5-100-00811002 06/11

ZyWALL USG 20/

ZyWALL USG 20/
20W/50/100/200/

20W/50/100/200/
300/1000/2000

300/1000/2000

Unified Security Gateway

Unified Security Gateway

Network resilience

ISP links broken, hardware and software failure on the gateway, dead VPN tunnels — these are
severe challenges IT staff face when designing the network infrastructure. In short, we need to take
fault tolerance on the network path into consideration when build up a highly available network
infrastructure for non-stop operations.

Manageability

With ZyWALL USG and Vantage CNM (Centralized Network Management), users can achieve the
following objects to reduce operational costs:

• Easy VPN management and diagnostic capability

• Complete security policies and UTM management

• Active monitoring, alerting and comprehensive graphic reports

Key Applications

g

ZyWALL USG 20/

ZyWALL USG 20/
20W/50/100/200/

20W/50/100/200/
300/1000/2000

300/1000/2000

Unified Security Gateway

Unified Security Gateway

ZyWALL USG clean-traffic architecture

The ZyWALL USG’s clean-traffic architecture

protects against network risks such as viruses,

worms, Trojan Horses, spyware, phishing attacks

and other emerging Internet threats. With the

clean-traffic architecture, enterprises users are

assured to have clean and secure network

environments.

Traffic In

Network

I/O Engine

Defragment BWMSNAT

Threat
Database

Update

Forwarding Engine

DNAT Routing

Stateful Firewall

Anomaly Detection and Prevention

Intrusion Detection and Prevention

(PA/TA)

Application Classifier

Anti-Virus

Application Patrol

Content Filter

Anti-Spam

I/O Engine

Traffic Out

Clean
Traffic

Network

Fragment

Endpoint security

With the new Endpoint Security (EPS) feature,

administrators can easily identify

policy-violating users such as those who don’t

have AV software installed. With additional AV

software installed, the ZyWALL can help mitigate

virus threats and therefore prevent the loss of

money and employee productivity. The EPS

supports Norton™, Kaspersky™, TrendMicro™

AV client software and many others. Moreover,

the new EPS feature also supports personal

firewall software such as Kaspersky Internet

Security 2009/2010, Windows Firewall and

TrendMicro PC-Cillin/Internet Security 2010.

LAN User 1

Checking

1. Anti-Virus

2. Personal Firewall

3. OS patch level

The result is NO Access

SSL-VPN User

* The USG’s new EPS feature helps to ensure that all clients
meet the corporate security policies; e.g. it checks if AV
software is installed.

LAN User 2

Checking

1. Anti-Virus

2. Personal Firewall

3. OS patch level

The result is Access

LAN

Checking

1. Anti-Virus

2. Personal Firewall

3. OS patch level

The result is Access

LAN

Internet

SSL-VPN-Tunnel

DMZ (Server Farm)

Email

Server

Application Server
(Inventory, Store...)

System

OA, ERP System

CRM System

Web-based

BI

Application

Remote
Desktop

New generation UTM solution

The ZyWALL USG Series deploys

hardware-acceleration technology in one box.

Powered by high-performance SecuASIC

technology and a hardware-based encryption

accelerator, the ZyWALL USG Series delivers

industry-leading performance and multi-layer

threat protection for small businesses and

enterprises. The ZyWALL USG Series provides

integrated Unified Threat Management security

features such as Anti-Virus (include Kaspersky

Anti-Virus & ZyXEL Anti-Virus), IDP, Anti-Spam,

Content Filtering and Firewall, VPN. All ZyWALL

USG Series products support the Gigabit

Ethernet.

Intrusion Detection
and Prevention

Content Filter

Anti-Virus

Anti-Spam

Firewall

VPN

Network

Inbound Threats Outbound Threats

ZyXEL IDP detects/stops Worms,
Trojans, DoS (L4 & L7), Recon, Scans

Kaspersky Anti-Virus & ZyXEL Anti-Virus
stops Viruses, file-based Trojans,
Spyware, Adware, Keyloggers

Stops Spam Mail

ZyXEL Firewall ZyXEL Firewall

ZyXEL SSL/IPSec VPN ZyXEL SSL/IPSec VPN

ZyXEL IDP detects/stops Worms, Trojans

Bluecoat to block to Spyware/Phishing/
Unapproved Site Access

Kaspersky Anti-Virus & ZyXEL Anti-Virus
stops Viruses, file-based Trojans,
Spyware, Adware, Keyloggers

Content Filter stops malware and

Web threats

The ZyWALL USG Content Filter enables

businesses to protect their users and networks

from malware and abuse such as spyware,

phishing attacks and inappropriate P2P or IM

usage. It keeps office computers from getting

infected by dangerous malware and

comprehensively protects business network

environments.

P2P

Virus

IM

Phishing

Spyware

2 3