Product name:
Unified Security Gateway
Target audience:
(1) Target User: The end customer portfolio listed as follow: a. Need to have affordable, high-performance and all-in-one firewall (Firewall, Anti-Spam, and Content Filtering) to protest internal network. b. Don't have the necessary IT resources to manage and maintain security. c. Need to establish IPSec VPN /SSL VPN connections with business partners, remote and branch offices, to have secure communications to access data between two or more sites without the expense of leased site-to-site lines. d. Dream to have a high-end VPN/Firewall such as Cisco, but actually with limited budget. Need enterprise-quality IT device at the best pricing possible. (2) Target Buyer (Payer): Small Businesses (SBs) and enterprise branch offices (up to 5 computer users) (3) Target Channel: System Integrators, Service Providers.
Product Positioning:
Unified Security Gateway for Small Businesses (SBs) or Enterprise Branch Offices (Up to 5 Computer Users)
Product introduction:
ZyWALL USG 20 is a Unified Security Gateway, integrated with complete, enterprise-level and advanced security solutions designed for Small Businesses (SBs) with up to 5 PCs. Its flexible configuration helps network administrators set up the network and enforce security policies more efficiently. With certified by ICSA SPI Firewall and IPSec VPN, the ZyWALL USG 20's security features also include IPSec VPN, SSL VPN, Firewall, Content Filtering, and Anti-Spam. It also provides Bandwidth Management, Multiple-WAN Failover and Load Balancing, and many other powerful features. In addition, the USB interface allows you to upgrade future technology and feature.
Moreover, IPSec VPN and SSL VPN design for telecommuters and home workers can access data more easily and safely at home. ZyWALL USG 20's excellent throughput is the key to implement features of enterprise's level in a compact box to provide a full-time, non-stop and secure service.
Intuitive Web User Interface makes it easy for operation and configuration. The ZyWALL USG 20 provides wide-ranging sophisticated management with HTTP/SSL, CLI/SSH, Centralized Logs, SNMP, Attack Alert, Statistics Reports, and centralized network management solution with Vantage CNM.
ZLD 3.0 FW Release Introduction Video https://youtu.be/5CzIwWS6cFc
Key features:
- Unified Security Gateway for SB (15 PC Users)
- All Gigabit Ethernet interface hardware design
- High-performance multi-layer threat protection
- Hybrid VPN (IPSec, SSL and L2TP) secures connection
- 3G USB dongle as the backup WAN
Key benefit:
l High performance security gateway with all Gigabit Ethernet interface.
l The ICSA-certified, stateful inspection firewall protects the network and vital Internet services like e-mail, Web browsing, servers, and file transfers.
l Use IPSec VPN to secure connections to branch offices, partners, and headquarters. Road warriors and telecommuters can use SSL VPN to securely access the company network without having to install VPN software.
l Bandwidth Management lets you prioritize time-sensitive applications like VoIP and video conferencing.
l Content Filtering could prevent user to visit malicious web site and also could avoid viruses/spyware from forcing computer to connect with unwanted websites.
l The Anti-Spam feature can tag or discard unsolicited commercial or junk e-mail.
l User-aware configuration lets you control access to applications or resources and apply security scans by user or user group.
l Multiple WAN ports let you use multiple ISP links and load balancing to enhance traffic throughput, optimize bandwidth usage, and help ensure continuous uptime if a link goes down.
l Use the USB ports for multiple 3G WAN connections.
System Specification :
Performance and Capacity
- SPI firewall throughput: 100Mbps
- VPN AES/3DES throughput: 30Mbps
- Concurrent sessions: 6,000
- New session rate: 900 (sessions/sec)
- Simultaneous IPSec VPN tunnels: up to 5
- Simultaneous SSL VPN tunnels: 1/1 (included/max)
Firewall
- ICSA-certified firewall
- Routing and transparent (bridge) mode
- Zone-based access control list
- Stateful packet inspection
- NAT, PAT
- Policy base NAT
- VLAN tagging
- User-aware policy enforcement
- SIP/H.323 NAT traversal
- ALG supports custom ports
Virtual Private Network (VPN)
- ICSA-certified IPSec VPN
- PPTP, L2TP, IPSec
- Algorithm: AES/3DES/DES
- Authentication: SHA-1/MD5
- Key management: Manual key/IKE
- Perfect forward secrecy (DH groups) support
1, 2, 5
- IPSec NAT traversal
- Dead peer detection/relay detection
- PKI (X.509) certificate support
- Centralize VPN support
- Simple wizard support
- Auto reconnect VPN
SSL VPN
- Clientless secure remote access
- Support reverse proxy mode and full tunnel
mode
- Unified policy enforcement
- Supports two-factor authentication
- Customizable user portal
Anti-Spam
- Zone to zone protection
- Transparently intercept mail via SMTP/POP3
protocols
- Blacklist/whitelist support
- Support DNSBL checking
- Spam tag support
- Statistics report
Content Filtering
- Social networking control
- Web security-ZyXEL safe browsing
- URL blocking, keyword blocking
- Profile base setting
- Exempt list (blacklist and whitelist)
- Blocks java applet, cookies and active X
- Dynamic URL filtering database (powered by
BlueCoat)
- Unlimited user licenses support
- Customize warning messages and redirect URL
Networking
- Routing mode/bridge mode/mixed mode
- Layer 2 port grouping
- Ethernet/PPPoE
- Tagged VLAN (802.1Q)
- Virtual interface (alias interface)
- Policy-based routing (user-aware)
- Policy-based NAT (SNAT)
- Dynamic routing (RIP v1/v2, OSPF)
- DHCP client/server/relay
- Dynamic DNS support
- WAN Trunk (WAN+3G)
- Per host session limit
- Guaranteed bandwidth
- Maximum bandwidth
- Priority-bandwidth utilization
Authentication
- Local user database
- Microsoft Windows active directory integrate
- External LDAP/RADIUS user database
- Xauth over RADIUS for IPSec VPN
- Forced user authentication (transparent
authentication)
- IP/MAC address binding
System Management
- Role-Based administration
- Multiple administrator login
- Multi-Lingual web GUI (HTTPS/HTTP)
- Out-of-band management (AUX)
- Object-based configuration
- Command line interface (console/web
console/SSH/TELNET)
- SNMP v2c (MIB-II)
- System configuration rollback
- Firmware upgrade via FTP/FTP-TLS/web GUI
Logging/Monitoring
- Comprehensive local logging
- Syslog (send to up to 4 servers)
- E-mail alert (send to up to 2 servers)
- Real-Time traffic monitoring
- Built-in daily report
- Advanced reporting (Vantage Report)
- Centralized Network Management Vantage
(CNM) manageable
Hardware Specification:
Processor: Cavium 5010-400MHz
Memory (Flash/DRAM): 128MB/256MB
Status LES Indicator: PWR, SYS, USB, WAN, LAN/DMZ
Reset Button: Yes
WAN: 1 x 10/100/100 Auto MDI/MDIX
LAN: 4 x 10/100/100 Auto MDI/MDIX
Console: RS232 (RJ45) Connector
USB: USB2.0 x 1
Power: 12VDC, 1.5A
Max Power Assumption: 15W
Warranty: two years
Physical Specification:
Item Dimension: 215.75mm(W) x 140mm(D) x 33mm(H)
Item Weight: 380g
Environmental Specification:
Operation Environment: Temperature: 040'C
Humidity: 20%95%
Certification:
FCC, CE, C-tick, Class B,