ZyXEL ZyWALL USG300 Unified Security Gateway and Firewall w/200 VPN Tunnels, SSL VPN, 7 Gigabit Ports, and High Availability

COMPUTERS

NETWORKING

SECURITY HARDWARE

FIREWALL/VPN APPLIANCES

Untitled Document

Unified Security Gateway for Small and Medium-Sized Businesses -ZyWALL USG300

The Internet can be a dangerous place. It seems new threats to network security and employee efficiency emerge with each passing day. Malware can incapacitate workstations, and DoS attacks can bring your entire network screeching to a halt. Even applications such as P2P, IM, and Social networks can eat bandwidth and cripple employee productivity.

The ZyWALL USG300 is here to solve those problems.

With the USG300's Multi-layer threat protection, you can rest assured that your network is secure. ZyWALL's Application Patrol gives you detailed control over the applications allowed to run on your network, while the built-in 300Mbps throughput firewall and Kaspersky anti-virus protect your network from malware, DoS attacks, phishing, Trojan horses, and other threats.

Built with powerful Integrated High Performance Security architecture designed for Gigabit connections, a VPN Throughput of 130Mbps, a UTM throughput of 80Mbps, up to 60,000 max sessions and 200 concurrent IPSec VPN tunnels, the USG300 has the power to monitor and protect your network without sacrificing network performance. And with a 5 year, industry-leading hardware warranty, you'll be able to count on your USG300 to watch over your network's safety well into the future.

With 7 flexible Gigabit ports, you'll be able to decide how many LAN, DMZ, or WANs are best for your personal configuration. You can load balance and failover multiple ISP links or simply keep malware from being introduced to your intranet. The USG300 puts the choice in your hands.

With the ZyWALL USG300, you can rest easy knowing that your network is safe, secure, and wholly under your control.

Comprehensive threat protection with firewall, VPN, anti-virus, content filtering, anti-spam, Intrusion detection and prevention to secure front line threats.
User-aware policy engine can set bandwidth or network access based on user login.
Network resilience with multiple WANs, 3G cellular support, and device high availability
5-Year industry leading hardware warranty to support ZyXEL's commitment to quality and customer satisfaction

User-Aware Policy Engine Enables Access Granularity

In addition to basic access control capabilities, the intelligent user-aware policy engine on the ZyWALL USG 300 is designed to make packet-forwarding decisions based on multiple criteria (such as user ID, user group, time of access and network quota, etc.). Furthermore, security staff can apply access policies against a variety of security features such as VPN, Content Filter and Application Patrol. In conjunction with VLAN and custom security zones, corporate security policies can be effectively enforced to prevent unauthorized access to the network resources.

Bandwidth Management Ensures Quality of Service

The ZyWALL USG 300 provides bandwidth management features for traffic prioritization to guarantee or restrict bandwidth usage per interface/protocol. Security staff can allocate bandwidth for a variety of applications or computer hosts on the corporate network, regardless of the direction of the connection. For example, it's possible to assign higher priority and larger bandwidth to time-critical applications such as VoIP and video conferencing for quality transmission services. In addition, ZyWALL USG 300 allows you to keep track of bandwidth usage with comprehensive statistical reports.

VoIP Security: Protecting the Converged Networks

Attracted by the benefits, more and more businesses are deploying VoIP applications on their networks. With the transition to VoIP also come security risks and voice quality issues. As a VoIP-friendly firewall, the ZyWALL USG 300 reduces the security risks associated with the adoption of VoIP by offering the SIP/H.323 ALG feature to dynamically open only the required ports during VoIP calls; once the call is complete, the opened ports are automatically closed to prevent port sniffing. The IDP feature can detect and prevent attacks usually associated with VoIP deployments. Ultimately, by establishing VoIP traffics over VPNs with traffic prioritization, security staff can minimize security breaches while optimizing call quality over the existing ISP links.

High Availability Features Guarantee Non-Stop Operations for Mission-Critical Applications

With the High Availability features, the ZyWALL USG 300 helps the security staff to easily set up a highly reliable and secure network infrastructure for your business. To minimize the impact of single-point failures, the ZyWALL USG 300 supports device HA (High Availability) to assure network availability should any device failure happen.

On the WAN side, the ZyWALL USG 300 can connect multiple ISP links to ensure Internet availability in case a single ISP link becomes unreliable. The multiple-WAN load-balancing feature can also optimize the bandwidth usage over each ISP link.

Tech Specs

	Performance and Capacity:
	SPI Firewall Throughput: 200Mbps
	IPSec VPN (AES) Throughput: 100Mbps
	Maximum SSL VPN Tunnels: 10
	New Session Rate: 2,000 (sessions/sec)
	Gateway Anti-Virus:
	Stream-Based Gateway Anti-Virus Powered by Kaspersky Labs
	Covers Top Active Viruses in the Wild List
	Scans HTTP / FTP / SMTP / POP3 / IMAP4
	Automatic Signature Update
	No File Size Limitation
	Blacklist / Whitelist
	Application Patrol:
	IM / P2P Granular Access Control
	Integrated with Scheduling / Rate-Limit / User-Aware
	IM / P2P Up-To-Date Support*
	Real-Time Statistical Reports
	*: Requiring valid IDP subscription
	Intrusion Detection and Prevention:
	In-line Mode (Routing / Bridge)
	Zone-Based IDP Inspection
	Customizable Protection Profile
	Signature-Based Deep Packet Inspection
	Automatic Signature Update
	Custom Signatures
	Traffic Anomaly: Scanning Detection and Flood Protection
	Protocol Anomaly: HTTP / ICMP / TCP / UDP
	Content Filter:
	URL Blocking, Keyword Blocking
	Â Exempt List (Blacklist and Whitelist)
	Blocks Java Applet, Cookies and Active X
	Dynamic URL Filtering Database (BlueCoat)
	VPN:
	IPSec VPN:
	Â Encryptions (AES / 3DES / DES)
	Authentication (SHA-1 / MD5)
	Key Management (Manual Key / IKE)
	Perfect Forward Secrecy (DH Group 1 / 2 / 5)
	NAT over IPSec
	Dead Peer Detection / Replay Detection
	PKI (X.509)
	Certificate Enrollment (CMP / SCEP)
	Xauth Authentication
	L2TP Over IPSec Support
	SSL VPN:
	Clientless Secure Remote Access (Reverse Proxy Mode)
	SecuExtender (Full Tunnel Mode)
	Unified Policy Enforcement
	Supports Two Factor Authentication
	Customizable User Portal
	Networking:
	Routing Mode / Bridge Mode / Mixed Mode
	Layer 2 Port Grouping
	Ethernet / PPPoE / PPTP
	Tagged VLAN (802.1Q)
	Virtual Interface (Alias Interface)
	Policy-Based Routing (User-Aware)
	Policy-Based NAT (SNAT / DNAT)
	RIP v1 / v2
	OSPF
	IP Multicasting (IGMP v1 / v2)
	DHCP Client / Server / Relay
	Built-in DNS Server
	Dynamic DNS
	Bandwidth Management:
	Bandwidth Priority
	Policy-Based Traffic Shaping
	Maximum / Guaranteed Bandwidth
	Bandwidth Borrowing
	SPI Firewall:
	Zone-Based Access Control List
	Customizable Security Zone
	Stateful Packet Inspection
	DoS/DDoS Protection
	User-Aware Policy Enforcement
	ALG Supports Custom Ports
	Authentication:
	Internal User Database
	Microsoft Windows Active Directory
	External LDAP / RADIUS User Database
	ZyWALL OTP (One Time Password)
	Force User Authentication (Transparent Authentication)
	High Availability:
	Device HA (Active-Passive Mode)
	Device Failure Detection
	Link Monitoring
	Auto-Sync Configurations
	Multiple WAN Load Balancing
	VPN HA (Redundant Remote VPN Gateways)
	System Management:
	Role-Based Administration
	Simultaneous Administrative Logins
	Multi-Lingual Web GUI (HTTPS / HTTP)
	Object-Based Configuration
	Command Line Interface (Console / WebConsole / SSH / TELNET)
	Comprehensive Local Logging
	Syslog (4 Servers)
	E-mail Alert (2 Servers)
	SNMP v2c (MIB-II)
	Real-Time Traffic Monitoring
	System Configuration Rollback
	Text-Based Configuration File
	Firmware upgrade via FTP / FTP-TLS / Web GUI
	Advanced Reporting (Vantage Report 3.1*)
	Centralized Network Management (Vantage CNM 3.0*)
	*: Future release
	Certifications:
	ICSA Firewall Certified*
	ICSA IPSec VPN Certified*
	*: Certificate pending
	Hardware Specifications:
	Memory: 256MB RAM / 256MB Flash
	Interface: GbE x 7 (RJ-45, with LED)
	Auto-Negotiation and Auto MDI/MDI-X
	Â Console: RS-232 (DB9F)
	AUX: RS-232 (DB9M)
	LED Indicator: PWR, SYS, AUX, CARD1, CARD2
	Power Switch: Yes
	Reset Pinhole: Yes
	Extension Card Slot: Yes* (2)
	USB: Yes* (2)
	*: These hardware accessories will be supported in future firmware release
	Physical Specifications:
	Rack Mountable: Yes (19-inch, rack-mount kit included)
	Dimension: 17"(W) x 8.3"(D) x 1.7"(H) / 430.0(W) x 201.2(D) x 42.0(H) mm
	Weight: 6.2lbs / 2,800g
	Power Requirements:
	Input Voltage: 100-240VAC, 50/60Hz, 0.55-0.3A
	Power Rating: 35W Max
	Environmental Specifications:
	Operating Temperature: 32°F - 122°F / 0°C ~ 50°C
	Storage Temperature: -22°F - 140°F / -30°C ~ 60°C
	Humidity: 20% to 95% (non-condensing)
	Standard Compliance:
	HSF (Hazardous Substance Free): RoHS and WEEE
	EMC: FCC Part 15 Class A, CE-EMC Class A, C-Tick Class A, VCCI Class A
	Safety: CSA International (ANS/UL60950-1, CSA60950-1, EN60950-1, IEC60950-1)