USG 40/ 60/ 110/ 210/ 310/ 1100/ 1900 Next Generation Unified Security Gateway Overview ZyXEL Next-Gen USG 시리즈는올인원차세대통합보안장비 (NGFW) 로써바이러스, 악성코드, 웹피싱, 스파이웨어, 스팸등외부의불법침입시도를차단합니다. 이전 USG 시리즈와비교하여 Ultra-High Performance로높은시스템처리량과 Multi-Core하드웨어플랫폼을바탕으로 Kaspersky, Trend Micro, Cyren과같은세계최고의보안회사의엔진을탑재하여주기적인업데이트를통해최신보안위협으로부터빠르고정확한실시간보호기능을제공합니다. 또한 SSL, IPSec, L2TP 와같이다양한 VPN알고리즘및호환성을지원하여본사 / 지사또는다른장소에서보안이강화된원격접속을지원합니다. 무중단시스템운영을위한회선이중화, 장비이중화, VPN 이중화구성이가능하며, 무선AP 컨트롤러를내장하여최대 130 개의 AP를중앙집중관리할수있는 AP Controller technology(apc) 를적용하였습니다. ZyXEL Next-Gen USG 시리즈는통합보안네트워크를구축하고자하는중 / 소규모사무실, 학교, 호텔이나병원과같이개인정보보호법규정에의해물리적보안네트워크환경을구축해야하는고객을위한최적의통합보안솔루션입니다. GbE 인터페이스및 USB 포트지원 Next-Gen USG의인터페이스는각포트당 10/100/1000Mbps 속도를지원하며, 각각의인터페이스에 Routing, NAT, VLAN, Bridge 구성이가능합니다. DHCP Server 및 Relay 기능을활용할수있으며, 사용자환경에대해 Zone 영역구성을통해 WAN, LAN 혹은 VLAN 인터페이스영역으로구성할수있습니다. 또한로그를별도로저장할수있도록 USB 포트가장착되어있습니다. 중소규모비즈니스를위한올인원차세대방화벽기능 (Next Gen Firewall) 라이선스기반의통합보안장비 - Anti Virus - Anti Spam - Content filtering - IDP UTM 라이선스 1 년간 Bundle 제공 - 대상 : USG 110 이상 - 전모델 30 일 Trial 기간제공 - 총 13 개월사용무상지원 Hybrid VPN 지원 - SSL - IPSec - L2TP AWS 공식인증 무선 AP 컨트롤러기능탑재 - 기본 2 대, 라이선스추가시최대 34 대 - 최대 130 대 (USG 1100 이상 ) 3 단계 High Availability 무중단구성 - WAN HA - VPN HA - Device HA (USG 110 이상지원 ) 타벤더장비호환성 - ICSA LAB 국제평가기관인증획득 NAT 및 DHCP 기능지원 Fanless (USG 40 / USG 60) ZyXEL One Network - ZON Utility - Smart Connect IPv6 지원 1 Datasheet USG 40/ 60/ 110/ 210/ 310/ 1100/ 1900
고성능방화벽및 VPN 처리성능 Next-Gen USG는다양한 site-to-client and site-to-site VPN 구축을위한높은처리량의 IPSec, L2TP, SSL VPN 방식을지원하여원격의 ZyXEL 장비들과사용자보안통신을위한안정적인인프라를구성할수있습니다. 특히, SSL VPN 설정이쉽고간단하며라이선스적용으로원격의사용자들이내부시스템의접근공유가편리하고사용자 OS 환경에따른세션분류및연결제어가가능하여사용자기반의보안터널통신이가능하도록설계되었습니다. VPN 이중화 ZyXEL USG는시스템이다운되서는안되는환경에서 mission-critical VPN 구성을위해 VPN 이중화를지원합니다. GRE over IPSec 기술을통해 active-active VPN 로드밸런싱또는 active-passive failover 모드를구성하기위한두개의 IPSec VPN 터널을쉽게구성할수있습니다. VPN application Branch offices, partners and home users can deploy Zyxel USGs/ZyWALLs for site-to-site IPSec VPN connections Branch offices can additional deploy IPSec VPN HA (load balancing and failover) for always online VPN connectivity Remote users can securely access company resources with their computers or smart phones via SSL, IPSec and L2TP over IPSec VPN The headquarter USG/ZyWALL can also establish an IPSec VPN connection with Microsoft Azure for secured access to a variety of cloud-based applications Branch Office Microsoft Azure IPSec VPN USG110 Unified Security Gateway IPSec VPN HA IPSec VPN Client for Windows OS Travelling Employee SSL VPN Client for Windows/Mac OS Travelling Employee IPSec VPN SSL VPN Travelling Employee L2TP over IPSec VPN Headquarters USG1900 Unified Security Gateway IPSec VPN USG40W Unified Security Gateway In-House Staff Remote Desktop BI System IPSec VPN Network Extend Web Apps Inventory Server OA, ERP, CRM System DMZ Resources SP350E Service Gateway Printer Login Guest Network Access Point File Sharing Email Server Partner Office USG1100 Unified Security Gateway Switch Hotspot Management Login Staff Network Multi-WAN & 장비이중화 단일 WAN 인터페이스환경에서는내부의트래픽을전부단일인터페이스에서처리하게될경우과다한트래픽으로인해장애가발생하여결국운영중인서비스가중단되는결과를초래할수있습니다. ZyXEL USG에서는단일 WAN 구성의네트워크부하를줄이기위해각각다른통신사회선을이중화하여 active-active 로드밸런싱 (Load-Balancing) 설정및 active-passive failover 구성이가능하며, 회선이중화및정책라우터방식을통해서다양한서비스경로를제어할수있습니다. 또한단일장비운영으로인해불안한네트워크의장애를사전에방지하고자두대의장비를동일구성으로하드웨어이중화를구성할수있습니다. active-passive failover 구성뿐만아니라마스터장비에장애가발생하게되면백업장비쪽에서마스터의가상라우터 (VRRP) 를모두종료하고백업장비로연결되는 active-active 방식으로무중단시스템운영이필요한네트워크구조에적합한이중화구성이가능합니다. ( USG 110 이상지원 ) Customer SPAM Cloud Database Engine Internet USG Series Next-Gen Unified Security Gateway GS2210-48 48-ort GbE L2 Switch Customer Internet USG Series Next-Gen Unified Security Gateway Email Server WAN Load Balance Inbound Load Balance 2 Datasheet USG 40/ 60/ 110/ 210/ 310/ 1100/ 1900
무선 AP 컨트롤러기능 APC(AP Controller) 탑재 ZyXEL USG는무선네트워크의관리, 인증, 게스트접속뿐만아니라 AP 구축설계, 배치, 모니터링, 유지보수기능을하나로담은지능형무선AP 컨트롤러기능이탑재된된통합유무선보안장비입니다. 기본적으로 2개의 AP를관리할수있으며, 라이선스를추가하여최대 130대 AP까지연결할수있는확장성을갖추어소규모사무실, 병원, 학교등각지사의보안및무선네트워크관리가필요한장소에방화벽과함께최적화된무선보안솔루션을제공합니다. ISP1 GS1900-24 24-port GbE Smart Managed Switch Workgroup Internet ISP2 VPN Serise ZyWALL VPN Gateway Wi-Fi Management WAC6502D-S GS1920-24HP WAC6103D-I Tablet PC WAC6502D-S Laptop Ethernet Managed AP Wi-Fi Management WAC6103D-I Anti-Viurs(powered by Kaspersky) Anti-Virus는 Zero-Day Attack1) 이나 wild list2) 에등록된가장활성화된바이러스로부터내부내트워크를보호하기위한보안의시작이라고할수있습니다. USG 제품은고객의네트워크를보호하기위해업계선두주자인카스퍼스키의세계최고의 Anti-Virus 엔진을탑재하여외부인터페이스를통해전송되는파일들을실시간으로검사하여약 650,000개이상의악성파일및바이러스를확인하고차단합니다. 참고 : 1) 보안취약점이발견되었을때대응책이발표되기전에빠르게공격이이루어지는것을의미 2) 전세계적으로 2 개지역이상에서실제로감염활동이나발견등의보고가있었던바이러스를목록으로하며, 국제공인테스트의공인샘플로활용 Anti-Spam ZyXEL Anti-Spam은스팸, 피싱, 바이러스가포함된이메일을감지하고차단할수있습니다. 클라우드기반의 IP 평가시스템을통해전세계의매우다양한트래픽소스로부터가장최근보낸사람의신뢰도평가를분석하여스팸언어나형식에상관없이패턴을모니터링하여발견몇분안에스팸발생을정확히감지하고차단할수있습니다. Cyren의 GlobalView Cloud는글로벌거점에배치된데이터센터와다중트래픽수집노드를포함하여매일 10 억건이상의인터넷메일을수집하며, RPD(Recurrent Pattern Detection) 기술은이렇게수집된메일트래픽을자동으로분석하여전세계적으로유포되는스팸메일을탐지합니다. 또한원하지않는메일의 80% 이상을차단할수있으며, 의심스러운메세지를차단하거나지연시키는바이러스발생방지기능을적용할수있습니다. Customer SPAM Cloud Database Engine Internet Email Server Customer 3 Datasheet USG 40/ 60/ 110/ 210/ 310/ 1100/ 1900
실시간침입탐지방어 (IDP) Intrusion Detection and Prevention(IDP) 는내부네트워크에침투할수있는트로이목마나백도어같이악의적인응용프로그램을실시간감지하고차단할수있는침입탐지방어기능입니다. 간단한포트나프로토콜기반의방화벽으로확인되지않는취약점을점검하기위해다양한계층과프로토콜을모니터링하는 Deep Packet Inspection(DPI) 기술을사용하고, 트로이목마나백도어같이잘알려진응용프로그램에대한 8,000개이상의시그니처를지원하여네트워크를보호합니다. 또한, 계속진화하는 IM/P2P 응용프로그램에대응하기위해 App Patrol을활용하여 3,000 개이상의소셜, 게임및기타응용프로그램을식별, 분류및제어하며사용자의생산성을향상시키고대역폭남용을방지하기위해응용프로그램들의우선순위를지정할수있습니다 Identify Categorize Control Prioritize Zyxel Unified Security Gateway (USG) Throttle Block Content Filtering Content Filtering은관리자가직접각각의 URL을개별적으로차단하지않고도부적절한사이트와소셜네트워킹사이트등특정유형의웹콘텐츠를쉽게차단할수있습니다. 지속적으로분석하고추척한 1,400억개이상의대규모클라우드기반 URL 데이터베이스를바탕으로악성웹콘텐츠에대해높은정확도와광범위하고즉각적인보호를제공합니다. Search Internet Shopping USG Series Next-Gen Unified Security Gateway Gambling Attempt to access illegal Web site Phishing 4 Datasheet USG 40/ 60/ 110/ 210/ 310/ 1100/ 1900
SSL inspection Next-Gen USG는다양한 site-to-client and site-to-site VPN 구축을위한높은처리량의 IPSec, L2TP, SSL VPN 방식을지원하여원격의 ZyXEL 장비들과사용자보안통신을위한안정적인인프라를구성할수있습니다. 특히, SSL VPN 설정이쉽고간단하며라이선스적용으로원격의사용자들이내부시스템의접근공유가편리하고사용자 OS 환경에따른세션분류및연결제어가가능하여사용자기반의보안터널통신이가능하도록설계되었습니다. Scan - Content filtering - IDP - Anti-virus - Application intelligence SSL connerction SSL connerction Client USG Series Next-Gen Unified Sevurity Gateway Server Decrypt Encrypt Single sign-on ZyXEL Next-Gen USG 시리즈는 single sign-on 기능을지원합니다. 따라서사용자는단지한번의로그인으로인터넷과 Microsoft AD와통합된모든자원과서비스에접속이가능합니다. 사용자가개인 PC에소프트웨어를설치하지않아도사용이가능하며, 여러개의패스워드를기억해야하는불편함과다시입력해야하는시간을줄여사용자의편의성을제공합니다. Next-Gen USG Quick Finder USG1900 USG1100 USG310 USG210 USG110 USG60/60W Model USG40/40W Description Performance Series Advanced Series Extreme Series Multi-WAN Yes Yes Yes Yes Yes Yes Yes Unified security Yes Yes Yes Yes Yes Yes Yes policy SSL inspection - - Yes Yes Yes Yes Yes Link - - - - Yes Yes Yes Aggregation (LAG) Port grouping Yes Yes Yes Yes - - - Device HA - - Yes Yes Yes Yes Yes Device HA Pro - - Yes Yes Yes Yes Yes Easy Mode Yes Yes - - - - - Cloud Helper Yes Yes Yes Yes Yes Yes Yes PCI DSS Yes Yes Yes Yes Yes Yes Yes Compliance Content Yes Yes Yes Yes Yes Yes Yes Filtering 2.0 *1 Hotspot Management *2 - - Yes Yes Yes Yes Yes *1: SSL Inspection must be enabled for Content Filtering 2.0 Safe Search to function properly. *2: Hotspot Management supports for USG310/1100/1900 in firmware ZLD4.20 or later, and for USG110/210 in firmware ZLD4.25 or later. 5 Datasheet USG 40/ 60/ 110/ 210/ 310/ 1100/ 1900
ZyXEL One Network - 네트워크통합관리솔루션 ZyXEL One Network(ZON) 솔루션은비전문가도쉽고간단하게사용할수있도록웹브라우저를통해스위치설정및관리가가능한 GUI 환경을제공합니다. 자이젤스위치와무선AP 장비들을하나의네트워크로효율적으로관리할수있는 ZON Utility 및 ZyXEL Smart Connect와 ZyXEL istacking 같은네트워크통합관리솔루션을통해네트워크구축시초기투자비용을줄이고반복적이고비효율적인작업을최소화할수있습니다. ZyXEL One Network Utility ZyXEL One Network(ZON) Utility는윈도우기반의소프트웨어로써비전문가도쉽게사용할수있는인터페이스를제공합니다. 기본 IP 설정, 장비재부팅, 펌웨어업그레이드, 암호재설정, ZyXEL AP Configurator 연동등동일도메인내의자이젤스위치, AP, UTM 장비를최대 250개까지검색및설정이가능합니다. NWA5123-AC Zon Utility GS1900-8HP NWA5123-AC GS1920-24 Workgroup Gigabit Gigabit PoE Zon Utility Discoverable Zyxel network devices GS1920-48HP WAC6502D-S NWA1123-AC NWA5301-NJ WAC6103D-I Smart Connect Smart Connect 기능이탑재된스위치나 AP를통해 1) 근접된자이젤네트워크장비 ( 스위치, AP, UTM) 를검색하고 2) 원격에서네트워크장비설정이가능하도록다른자이젤네트워크장비의 Web GUI 화면을연동하거나 3) 장비의재부팅및 4) 설정초기화가가능하여네트워크장애가발생할경우빠른원인파악이가능할뿐만아니라장애복구시간을단축할수있습니다. Smart Connect Features NWA5121-N 802.11 b/g/n ccess Point NWA5121-NI 802.11 b/g/n ccess Point Servers XGS3700-24 24-port GbE L2+ Switch with 10GbE Uplink GS1920-48HP 48-port GbE Smart Managed PoE Switch NWA5123-NI 802.11 a/b/g/n Dual-R Access Point NWA5121-N Access Point 6 Datasheet USG 40/ 60/ 110/ 210/ 310/ 1100/ 1900
ZyXEL One Network 3 Solution ZON U lity ZyXEL 스위치, AP, USG 에대한통합검색및설정유틸리티 Neighboring Device Discovery&Mgnt 자이젤네트워크장비 ( 스위치, AP, UTM) 에직접연결된또다른자이젤네트워크장비를검색하고원격에서네트워크장비설정 ZyXEL Smart Connect ZyXEL One Network ZyXEL USG 에서 ZyXEL 무선AP 관리할수있는 AP Controller 기능탑재 AP Controller Technology ZyXEL One Network 3 Solution Internet NWA1100-NH 802.11 b/g/n Long Range PoE Access Point ZON Utility GS1900-8HP 8-port Smart Managed PoE Switch Workgroup USG1100 XGS3700-24 24-port GbE L2+ Switch GS1920-24 24-port Smart Managed Switch NWA5121-N Access Point NWA5121-NI Access Point Fiber Gigabit Gigabit PoE ZON Utility Discoverable ZyXEL network devices Servers GS2210-48HP 48-port GbE L2 PoE Switch NWA5123-NI 802.11 a/b/g/n Access Point NWA5301-NJ 802.11 b/g/n Wall-Plate 7 Datasheet USG 40/ 60/ 110/ 210/ 310/ 1100/ 1900
Application Diagram Anti-malware protection and application optimization Non-productive Web applications Remote Desktop Network Extend Inventory Server File Sharing Enabling anti-virus, anti-spam and intrusion prevention, business networks gain deep, extensive protection against all types of malware threats Anti-Virus Anti-Spam Intrusion Prevention Content Filtering 2.0 Application Patrol BI System Web Apps OA, ERP, CRM System DMZ Resources Email Server Productive Web applications Content Filtering 2.0 enables to deny access to Websites that are malicious or not business-related Internet Unified Security Gateway Application intelligence technology not only enable businesses to block or throttle non-productive Web applications, but also optimize Web applications that increase productivity SPAM Viruses, intrusions, malicious Websites, email spam Workgroup Performance Features Utilizes GRE over IPSec and GRE trunk technology Support up to four (4) IPSec VPN tunnels for active-active VPN load balancing or active-passive failover VPN connections in multiple WANs HQ Network Active-Passive Failover Mobile WAN USG Series Security Gateway USG Series Security Gateway WAN1 WAN1 Internet WAN2 WAN1 Active-Active Load Balancing WAN2 USG Series Security Gateway Normal WAN Back up WAN Back up 3G/4G Wi-Fi 8 Datasheet USG 40/ 60/ 110/ 210/ 310/ 1100/ 1900
Specifications - USG 60/ 40 Model USG60 USG60W USG40 USG40W Product photo Hardware Specifications 10/100/1000 Mbps RJ-45 ports 4 x LAN/DMZ, 2 x WAN 4 x LAN/DMZ, 2 x WAN 3 x LAN/DMZ, 1 x WAN, 1 x OPT USB ports 2 2 1 1 3 x LAN/DMZ, 1 x WAN, 1 x OPT Console port Yes (DB9) Yes (DB9) Yes (RJ-45) Yes (RJ-45) Rack-mountable Yes Yes - - Fanless Yes Yes Yes Yes System Capacity & Performance *1 SPI firewall throughput 1,000 1,000 400 400 (Mbps) *2 VPN throughput (Mbps) *3 180 180 100 100 IDP throughput (Mbps) *4 150 150 95 95 AV throughput (Mbps) *4 90 90 50 50 UTM throughput 90 90 50 50 (AV and IDP) *4 Concurrent devices 128 128 64 64 (default/max.) *5 Max. TCP concurrent 100,000 100,000 50,000 50,000 sessions *6 Max. concurrent IPsec VPN 40 40 20 20 tunnels *7 Concurrent SSL VPN user 5/20 5/20 5/15 5/15 no. (default/max.) *8 Customizable zones Yes Yes Yes Yes IPv6 support Yes Yes Yes Yes VLAN interface 16 16 8 8 WLAN Management AP Controller (APC) Yes Yes Yes Yes support Managed AP number 2/18 2/18 2/18 2/18 (default/max.) *9 Key Software Features Firewall Yes Yes Yes Yes Virtual private network (VPN) Yes (IPSec, SSL, L2TP over IPSec) Yes (IPSec, SSL, L2TP over IPSec) Yes (IPSec, SSL, L2TP over IPSec) Bandwidth Management Yes Yes Yes Yes Logging and Monitoring Yes Yes Yes Yes Unified Security Policy Yes Yes Yes Yes Easy Mode Yes Yes Yes Yes Cloud Helper Yes Yes Yes Yes Yes (IPSec, SSL, L2TP over IPSec) 9 Datasheet USG 40/ 60/ 110/ 210/ 310/ 1100/ 1900
Model USG60 USG60W USG40 USG40W License Service Anti-Virus (AV) Yes Yes Yes Yes Intrusion detection and Yes Yes Yes Yes prevention (IDP) & Application Patrol Anti-Spam Yes Yes Yes Yes Content filtering Yes Yes Yes Yes (CF2.0) *10 Power Requirements Power input 12 V DC, 3.0 A max. 12 V DC, 3.0 A max. 12 V DC, 2.0 A max. 12 V DC, 2.0 A max. Max. power 19.0 28.0 14.0 17.0 consumption (watt) Heat dissipation (BTU/ 64.83 95.54 47.77 58.01 hr) Physical Specifications Item Dimensions (WxDxH) 242 x 175 x 36/ 9.53 x 6.89 x 1.42 272 x 171 x 36/ 10.71 x 6.73 x 1.42 216 x 143 x 33/ 8.50 x 5.63 x 1.30 216 x 143 x 33/ 8.50 x 5.63 x 1.30 (mm/in.) Weight (kg/lb.) 1.25/2.76 1.46/3.23 0.89/1.96 0.91/2 Packing Dimensions (WxDxH) (mm/in.) Weight (kg/lb.) Included accessories Environmental Specifications Operating 394 x 240 x 101/ 15.51 x 9.45 x 3.98 427 x 247 x 73/ 16.81 x 9.72 x 2.87 2.25/4.96 2.23/4.92 (without bracket) 2.42/5.34 (with bracket) Power adapter Rack mounting kit Temperature 0 C to 40 C (32 F to 104 F) Humidity Storage Temperature -30 C to 70 C (-22 F to 158 F) Humidity Power adapter Rack mounting kit (optional, by regions) Antenna 0 C to 40 C (32 F to 104 F) -30 C to 70 C (-22 F to 158 F) 381 x 216 x 79/ 15.00 x 8.50 x 3.11 381 x 216 x 79/ 15.00 x 8.50 x 3.11 1.57/3.46 1.63/3.59 Power adapter DB9 - RJ-45 cable for console connection 0 C to 40 C (32 F to 104 F) -30 C to 70 C (-22 F to 158 F) Power adapter DB9 - RJ-45 cable for console connection Antenna 0 C to 40 C (32 F to 104 F) -30 C to 70 C (-22 F to 158 F) MTBF (hr) 815,463.9 497,644 414,329.4 386,931.7 Certifications EMC FCC Part 15 (Class B), CE EMC (Class B), C-Tick (Class B), BSMI FCC Part 15 (Class B), CE EMC (Class B), C-Tick (Class B), BSMI FCC Part 15 (Class B), CE EMC (Class B), C-Tick (Class B), BSMI FCC Part 15 (Class B), CE EMC (Class B), C-Tick (Class B), BSMI Safety LVD (EN60950-1), BSMI LVD (EN60950-1), BSMI LVD (EN60950-1), BSMI LVD (EN60950-1), BSMI Note: * This matrix with firmware ZLD 4.20 or later. *1: Actual performance may vary depending on network conditions and activated applications. *2: Maximum throughput based on RFC 2544 (1,518-byte UDP packets). *3: VPN throughput measured based on RFC 2544 (1,424-byte UDP packets). *4: AV and IDP throughput measured using the industry standard HTTP performance test (1,460-byte HTTP packets). Testing done with multiple flows. *5: With Zyxel Device Upgrade License, this is the recommend maximum number of concurrent logged-in devices. *6: Maximum sessions measured while UTM disabled using the industry standard IXIA 1xLoad testing tool. *7: Including Gateway-to-Gateway and Client-to-Gateway *8: With Zyxel SSL VPN License, this is the recommend maximum number of concurrent VPN users. *9: With Zyxel AP Controller License, this is the recommend maximum AP capacity of concurrent users. *10: SafeSearch function in CF2.0 need to enable SSL Inspection firstly and not for small business models. 10 Datasheet USG 40/ 60/ 110/ 210/ 310/ 1100/ 1900
Specifications - USG 310/ 210/ 110 Model USG310 USG210 USG110 Product photo Hardware Specifications 10/100/1000 Mbps RJ-45 ports 8 (configurable) 4 x LAN/DMZ, 2 x WAN, 1 x OPT 4 x LAN/DMZ, 2 x WAN, 1 x OPT USB ports 2 2 2 Console port Yes (DB9) Yes (DB9) Yes (DB9) Rack-mountable Yes Yes Yes System Capacity & Performance *1 SPI firewall throughput (Mbps) *2 5,000 1,900 1,600 VPN throughput (Mbps) *3 650 500 400 IDP throughput (Mbps) *4 900 660 590 AV throughput (Mbps) *4 550 500 450 UTM throughput (AV and IDP) *4 550 500 450 Concurrent devices (default/max.) 500/800 200/300 200/300 Max. TCP concurrent sessions *5 500,000 200,000 150,000 Max. concurrent IPsec VPN 300 200 100 tunnels *6 Concurrent SSL VPN user no. 50/150 35/150 25/150 (default/max.) Customizable zones Yes Yes Yes IPv6 support Yes Yes Yes VLAN interface 64 32 16 WLAN Management AP Controller (APC) support Yes Yes Yes Managed AP number 2/34 2/34 2/34 (default/max.) Key Software Features Firewall Yes Yes Yes Virtual private network (VPN) Yes (IPSec, SSL, L2TP over IPSec) Yes (IPSec, SSL, L2TP over IPSec) Yes (IPSec, SSL, L2TP over IPSec) Bandwidth Management Yes Yes Yes Logging and Monitoring Yes Yes Yes SSL (HTTPS) inspection Yes Yes Yes Unified Security Policy Yes Yes Yes Cloud Helper Yes Yes Yes Device HA Yes Yes Yes License Service Anti-Virus (AV) Yes Yes Yes Intrusion detection and prevention Yes Yes Yes (IDP)& Application Patrol Anti-Spam Yes Yes Yes Content Filtering 2.0 (CF2.0) *7 Yes Yes Yes Device HA Pro Yes Yes Yes Hostpot Management *8 Yes Yes Yes 11 Datasheet USG 40/ 60/ 110/ 210/ 310/ 1100/ 1900
Model USG310 USG210 USG110 Power Requirements Power input 100-240 V AC, 50/ 60 Hz, 1.3 A max. 12 V DC, 3.33 A max. 12 V DC, 3.33 A max. Max. power consumption (watt) 58.5 37.0 37.0 Heat dissipation (BTU/hr) 199.61 199.61 199.61 Physical Specifications Item Packing Dimensions (WxDxH) (mm/in.) 430 x 250 x 44/ 16.93 x 9.84 x 1.73 300 x 178 x 44/ 11.81 x 7 x 1.73 Weight (Kg/lb.) 3.3/7.28 2/4.4 2/4.4 Dimensions (WxDxH) (mm/in.) 519 x 392 x 163/ 20.43 x 15.43 x 6.42 351 x 149 x 243/ 13.82 x 5.87 x 9.57 300 x 178 x 44/ 11.81 x 7 x 1.73 351 x 149 x 243/ 13.82 x 5.87 x 9.57 Weight (kg/lb.) 4.8/10.58 3.264/7.20 3.264/7.20 Included accessories Power cord Rack mounting kit Power adapter Power cord Rack mounting kit Power adapter Power cord Rack mounting kit Environmental Specifications Operating Temperature 0 C to 40 C (32 F to 104 F) 0 C to 40 C (32 F to 104 F) 0 C to 40 C (32 F to 104 F) Humidity Storage Temperature -30 C to 70 C (-22 F to 158 F) Humidity -30 C to 70 C (-22 F to 158 F) -30 C to 70 C (-22 F to 158 F) MTBF (hr) 560,811.5 787,109.3 787,109.3 Certifications EMC FCC Part 15 (Class A), CE EMC (Class A), C-Tick (Class A), BSMI FCC Part 15 (Class A), CE EMC (Class A), C-Tick (Class A), BSMI FCC Part 15 (Class A), CE EMC (Class A), C-Tick (Class A), BSMI Safety LVD (EN60950-1), BSMI LVD (EN60950-1), BSMI LVD (EN60950-1), BSMI Note: * This matrix with firmware ZLD 4.20 or later. *1: Actual performance may vary depending on network conditions and activated applications. *2: Maximum throughput based on RFC 2544 (1,518-byte UDP packets). *3: VPN throughput measured based on RFC 2544 (1,424-byte UDP packets). *4: AV and IDP throughput measured using the industry standard HTTP performance test (1,460-byte HTTP packets). Testing done with multiple flows. *5: Maximum sessions measured using the industry standard IXIA IxLoad testing tool. *6: Including Gateway-to-Gateway and Client-to-Gateway. *7: SafeSearch function in CF2.0 need to enable SSL Inspection firstly. *8: Hotspot Management supports for USG310 in firmware ZLD4.20 or later, and for USG110/210 in firmware ZLD4.25 or later. 12 Datasheet USG 40/ 60/ 110/ 210/ 310/ 1100/ 1900
Specifications - USG 1900/ 1100 Model USG1900 USG1100 Product photo Hardware Specifications 10/100/1000 Mbps RJ-45 ports 8 (configurable) 8 (configurable) USB ports 2 2 Console port Yes (DB9) Yes (DB9) Rack-mountable Yes Yes System Capacity & Performance *1 SPI firewall throughput (Mbps) *2 7,000 6,000 VPN throughput (Mbps) *3 900 800 IDP throughput (Mbps) *4 1,200 1,000 AV throughput (Mbps) *4 710 650 UTM throughput (AV and IDP) *4 710 650 Concurrent devices (default/max.) *5 1500/2000 800/1500 Max. TCP concurrent sessions *6 1,000,000 1,000,000 Max. concurrent IPsec VPN tunnels *7 2,000 1,000 Concurrent SSL VPN user no. (default/ 250/750 250/500 max.) *8 Customizable zones Yes Yes IPv6 support Yes Yes VLAN interface 128 128 WLAN Management AP Controller (APC) support Yes Yes Managed AP number (default/max.) *9 2/130 2/130 Key Software Features Firewall Yes Yes Virtual private network (VPN) Yes (IPSec, SSL, L2TP over IPSec) Yes (IPSec, SSL, L2TP over IPSec) Bandwidth Management Yes Yes Logging and Monitoring Yes Yes SSL (HTTPS) inspection Yes Yes Unified Security Policy Yes Yes Cloud Helper Yes Yes Device HA Yes Yes License Service Anti-Virus (AV) Yes Yes Intrusion detection and prevention (IDP) Yes Yes & Application Patrol Anti-Spam Yes Yes Content filtering (CF2.0) *10 Yes Yes Device HA Pro Yes Yes Hostpot Management Yes Yes 13 Datasheet USG 40/ 60/ 110/ 210/ 310/ 1100/ 1900
Model USG1900 USG1100 Power Requirements Power input 100-240 V AC, 50/60 Hz, 1.3 A max. 100-240 V AC, 50/60 Hz, 1.3 A max. Max. power consumption (watt) 58.5 58.5 Heat dissipation (BTU/hr) 199.61 199.61 Physical Specifications Item Packing Included accessories Dimensions 430 x 250 x 44/16.93 x 9.84 x 1.73 430 x 250 x 44/16.93 x 9.84 x 1.73 (WxDxH)(mm/in.) Weight (kg/lb.) 3.3/7.28 3.3/7.28 Dimensions 519 x 392 x 163/20.43 x 15.43 x 6.42 519 x 392 x 163/20.43 x 15.43 x 6.42 (WxDxH)(mm/in.) Weight (kg/lb.) 4.8/10.58 4.8/10.58 Power cord Rack mounting kit Power cord Rack mounting kit Environmental Specifications Operating Temperature 0 C to 40 C (32 F to 104 F) 0 C to 40 C (32 F to 104 F) Humidify Storage Temperature -30 C to 70 C (-22 F to 158 F) -30 C to 70 C (-22 F to 158 F) Humidify MTBF (hr) 560,811.5 560,811.5 Certifications EMC FCC Part 15 (Class A), CE EMC (Class A), C-Tick (Class A), BSMI FCC Part 15 (Class A), CE EMC (Class A), C-Tick (Class A), BSMI Safety LVD (EN60950-1), BSMI LVD (EN60950-1), BSMI Note: * This matrix with firmware ZLD 4.20 or later. *1: Actual performance may vary depending on network conditions and activated applications. *2: Maximum throughput based on RFC 2544 (1,518-byte UDP packets). *3: VPN throughput measured based on RFC 2544 (1,424-byte UDP packets). *4: AV and IDP throughput measured using the industry standard HTTP performance test (1,460-byte HTTP packets). Testing done with multiple flows. *5: With Zyxel Device Upgrade License, this is the recommend maximum number of concurrent logged-in devices. *6: Maximum sessions measured while UTM disabled using the industry standard IXIA 1xLoad testing tool. *7: Including Gateway-to-Gateway and Client-to-Gateway *8: With Zyxel SSL VPN License, this is the recommend maximum number of concurrent VPN users. *9: With Zyxel AP Controller License, this is the recommend maximum AP capacity of concurrent users. *10: SafeSearch function in CF2.0 need to enable SSL Inspection firstly and not for small business models. 14 Datasheet USG 40/ 60/ 110/ 210/ 310/ 1100/ 1900
Features Set Software Features Firewall ICSA-certified firewall Routing and transparent (bridge) modes Stateful packet inspection User-aware policy enforcement SIP/H.323 NAT traversal ALG support for customized ports Protocol anomaly detection and protection Traffic anomaly detection and protection Flooding detection and protection DoS/DDoS protection RPS-enabled for desirable performance in chaotic environments IPv6 Support Dual stack IPv4 tunneling (6rd and 6to4 transition tunnel) IPv6 addressing DNS DHCPv6 Bridge VLAN PPPoE Static routing Policy routing Session control Firewall and ADP IPSec VPN Intrusion Detection and Prevention (IDP) Application Patrol Content Filtering 2.0 Anti-Virus, Anti-Malware Anti-Spam IPSec VPN Authentication: SHA-2 (512-bit), SHA-1 and MD5 ICSA-certified IPSec VPN Encryption: AES (256-bit), 3DES and DES Support Route-based VPN Tunnel Interface (VTI) Key management: manual key, IKEv1 and IKEv2 with EAP Perfect forward secrecy (DH groups) support 1, 2, 5, 14 IPSec NAT traversal Dead peer detection and relay detection PKI (X.509) certificate support VPN concentrator Simple wizard support VPN auto-reconnection VPN High Availability (HA): loadbalancing and failover L2TP over IPSec GRE and GRE over IPSec NAT over IPSec Zyxel VPN client provisioning SSL VPN Supports Windows and Mac OS X Supports full tunnel mode HTTP, FTP, SMTP, POP3 and IMAP4 protocol support Automatic signature updates No file size limitation Supports 2-step authentication Customizable user portal Intrusion Detection and Prevention (IDP) Routing and transparent (bridge) mode Signature-based and behaviorbased scanning Automatic signature updates Customizable protection profile Customized signatures supported Application Patrol Granular control over the most important applications Identifies and controls application behavior Supports over 15 application categories Application bandwidth management Supports user authentication Real-time statistics and reports SSL (HTTPS) inspection support IDP/ADP support on social networks such as likes and posts on Facebook Anti-Virus Supports Kaspersky Anti-Virus signatures Identifies and blocks over 650,000 viruses Stream-based Anti-Virus engine HTTP, FTP, SMTP, POP3 and IMAP4 protocol support Automatic signature updates No file size limitation Anti-Spam Transparent mail interception via SMTP and POP3 protocols Configurable POP3 and SMTP ports Sender-based IP reputation filter Recurrent Pattern Detection (RPD) technology Zero-hour virus outbreak protection X-Header support Blacklist and whitelist support Supports DNSBL checking Spam tag support Statistics report Content Filtering 2.0 Social media filtering Malicious Website filtering URL blocking and keyword blocking Blacklist and whitelist support Blocks java applets, cookies and ActiveX Dynamic, cloud-based URL filtering database Unlimited user license support Customizable warning messages and redirection URL HTTPs Domain filtering GeoIP Blocking Monitors traffics based on country policy URL blocking and keyword blocking Supports to SafeSearch (SSL inspection mustbe enabled for this function) SSL Inspection Certificate Trust Chain validation Support both inbound and outbound inspection Support Anti-virus / Content Filtering 2.0 / Application Patrol / IDP inspection Support TLS 1.0/1.1/1.2 Visible bypass list Unified Security Policy Unified policy management interface Supported UTM features: Anti-Virus, Anti-Spam, IDP, Content Filtering 2.0, Application Patrol, firewall (ACL) 3-tier configuration: object-based, profile-based, policy-based Policy criteria: zone, source and destination IP address, user, time Pre-defined UTM profiles for different user groups 15 Datasheet USG 40/ 60/ 110/ 210/ 310/ 1100/ 1900
WLAN Management Support AP Controller version 1.97 Supports auto AP FW update Wireless L2 isolation Scheduled Wi-Fi service Dynamic Channel Selection (DCS) Client steering for 5GHz priority and sticky client prevention Auto healing provides a stable and reliable coverage IEEE 802.1x authentication Captive portal Web authentication Customizable captive portal page RADIUS authentication Wi-Fi Multimedia (WMM) wireless QoS CAPWAP discovery protocol Hotspot Management Integrated account generator, Webbased authentication portal and billing system Supports external RADIUS servers Per account bandwidth management User agreement login SP350E Service Gateway Printer enables one-click account and billing generation Built-in billing system Time-to-finish accounting mode Accumulation accounting mode Supports PayPal online payment Marketing tool Advertisement link Walled garden Portal page Mobile Broadband WAN connection failover via 3G and 4G* USB modems Auto fallback when primary WAN recover * For specific models supporting the 3G and 4G dongles on the list, please refer to the Zyxel product page at 3G dongle document. Networking Routing mode, bridge mode and hybrid mode Ethernet and PPPoE NAT and PAT VLAN tagging (802.1Q) Virtual interface (alias interface) Policy-based routing (user-aware) Policy-based NAT (SNAT) Dynamic routing (RIPv1/v2 and OSPF) DHCP client/server/relay Dynamic DNS support WAN trunk for more than 2 ports Per host session limit Guaranteed bandwidth Maximum bandwidth Priority-bandwidth utilization Bandwidth limit per user Bandwidth limit per IP GRE Zyxel One Network ZON Utility IP configuration Web GUI access Firmware upgrade Password configuration Smart Connect Location and system name update Discover neighboring devices One-click remote management access to the neighboring Zyxel devices Authentication Local user database Microsoft Windows Active Directory integration External LDAP/RADIUS user database XAUTH, IKEv2 with EAP VPN authentication Web-based authentication Forced user authentication (transparent authentication) IP-MAC address binding SSO (Single Sign-On) support Device High Availability Pro (HA Pro) Devi ure detection and notification Supports ICMP and TCP ping check Link monitoring Configuration auto-sync Dedicated Heartbeat Link Smart handover NAT/Firewall/VPN Sessions synchronization System Management Authentication: SHA-2 (512-bit), SHA-1 and MD5 Role-based administration Multiple administrator logins Supports Cloud Helper Multi-lingual Web GUI (HTTPS and HTTP) Command line interface (console, Web console, SSH and telnet) Cloud CNM SecuManager SNMP v1, v2c, v3 System configuration rollback Firmware upgrade via FTP, FTP-TLS and Web GUI Dual firmware images Logging and Monitoring Comprehensive local logging Syslog (to up to 4 servers) Email alerts (to up to 2 servers) Real-time traffic monitoring Built-in daily report Advanced reporting with Vantage Report 16 Datasheet USG 40/ 60/ 110/ 210/ 310/ 1100/ 1900