ZyWALL USG 300

Leading High-Performance UTM solution
The ZyWALL USG 300 employs hardware-acceleration technologies in one box. Powered by high-performance SecuASIC technology and a hardware-based encryption accelerator, the ZyWALL USG 300 delivers leading high-performance, multi-layer threat protections for small business and enterprises alike. Better yet, all ZyWALL USG Series products supports Gigabit Ethernet interfaces.

Robust Hybrid VPN (IPSec and SSL)
The ZyWALL USG 300 provides secure access from remote locations to corporate resources through the Internet for organizations of any size. Through IPSec VPN, companies can secure connections among branch offices, partner sites and headquarters. Road warriors and telecommuters can also use SSL or L2TP VPN to securely access the company network without having to install VPN software.
With flexible and easy connections, mobile employees, vendors and partners are enabled to securely access network resources for improved working efficiency.

Application Firewall
More and more network applications could slip malicious software into your office. The potentially malicious software, such as IM and P2P tools, could cause bandwidth waste or even system damage. With application patrol and bandwidth management features, you can control traffic block or rate limit for online chat or file transfer activities to avoid malicious software from finding its way into your organization.

Web Security (Secure Web Access): ZyXEL Web Bowering
Today, most network threats are likely from within the office, since employees would visit any insecure Web when they're surfing the net. Some Web sites may contain malicious software like Trojan, spyware or warm, and the software would take their tolls; therefore avoiding internal users to surf dangerous Web sites becomes an important task. ZyXEL's Web Bowering feature can quickly search the sites containing malicious software and notify users to keep away from them.

Non-Stop Internet Access with Multiple WAN and 3G as backup
The ZyWALL USG Series not only supports multiple WAN ports but also supports USB 3G or PCMCIA 3G cards. This enables it to provide "active-active" load sharing or "active-passive" failover configuration to deliver highly reliable network connectivity. To minimize the impact of single-point failures, the ZyWALL USG 300 supports device HA (High Availability) to assure network availability.

ICSA Firewall, IPSec Certification
With ICSA-certified SPI Firewall and IPSec VPN, the ZyWALL USG 300 enables organizations to take complete control over their network infrastructure and to provide the most up-to-date protection against network threats.

Comprehensive Report System
The built-in report system of ZyWALL USG 300 offers a comprehensive set of real-time and historical reports including firewall, virus and intrusion attacks, bandwidth usage, Web site usage and user activities. With Vantage Report (VRPT), a Web-based reporting system, administrators can easily collect traffic data and analyze a distributed network for organizations to be aware of suspicious activities and to ensure better business productivity.

Performance and Capacity

• SPI Firewall Throughput: 200Mbps
• IPSec VPN (AES) Throughput: 100Mbps
• Maximum Concurrent NAT Sessions: 60,000
• Maximum IPSec VPN Tunnels: 200
• Maximum SSL VPN Tunnels: 10
• New Session Rate: 2,000 (sessions/sec)

Gateway Anti-Virus

• Stream-Based Gateway Anti-Virus Powered by Kaspersky Labs
• Covers Top Active Viruses in the Wild List
• Scans HTTP / FTP / SMTP / POP3 / IMAP4
• Automatic Signature Update
• No File Size Limitation
• Blacklist / Whitelist

Application Patrol

• IM / P2P Granular Access Control
• Integrated with Scheduling / Rate-Limit / User-Aware
• IM / P2P Up-To-Date Support*
• Real-Time Statistical Reports

Intrusion Detection and Prevention

• In-line Mode (Routing / Bridge)
• Zone-Based IDP Inspection
• Customizable Protection Profile
• Signature-Based Deep Packet Inspection
• Automatic Signature Update
• Custom Signatures
• Traffic Anomaly: Scanning Detection and Flood Protection
• Protocol Anomaly: HTTP / ICMP / TCP / UDP

Content Filter

• URL Blocking, Keyword Blocking
• Exempt List (Blacklist and Whitelist)
• Blocks Java Applet, Cookies and Active X
• Dynamic URL Filtering Database (BlueCoat)

VPN

• IPSec VPN
  • Encryptions (AES / 3DES / DES)
  • Authentication (SHA-1 / MD5)
  • Key Management (Manual Key / IKE)
  • Perfect Forward Secrecy (DH Group 1 / 2 / 5)
  • NAT over IPSec
  • Dead Peer Detection / Replay Detection
  • PKI (X.509)
  • Certificate Enrollment (CMP / SCEP)
  • Xauth Authentication
  • L2TP Over IPSec Support
• SSL VPN
  • Clientless Secure Remote Access (Reverse Proxy Mode)
  • SecuExtender (Full Tunnel Mode)
  • Unified Policy Enforcement
  • Supports Two Factor Authentication
  • Customizable User Portal

Networking

• Routing Mode / Bridge Mode / Mixed Mode
• Layer 2 Port Grouping
• Ethernet / PPPoE / PPTP
• Tagged VLAN (802.1Q)
• Virtual Interface (Alias Interface)
• Policy-Based Routing (User-Aware)
• Policy-Based NAT (SNAT / DNAT)
• RIP v1 / v2
• OSPF
• DHCP Client / Server / Relay
• Built-in DNS Server
• Dynamic DNS

Bandwidth Management

• Bandwidth Priority
• Policy-Based Traffic Shaping
• Maximum / Guaranteed Bandwidth
• Bandwidth Borrowing

SPI Firewall

• Zone-Based Access Control List
• Customizable Security Zone
• Stateful Packet Inspection
• DoS/DDoS Protection
• User-Aware Policy Enforcement
• ALG Supports Custom Ports

Authentication

• Internal User Database
• Microsoft Windows Active Directory
• External LDAP / RADIUS User Database
• ZyWALL OTP (One Time Password)
• Force User Authentication (Transparent Authentication)

High Availability

• Device HA (Active-Passive Mode)
• Device Failure Detection
• Link Monitoring
• Auto-Sync Configurations
• Multiple WAN Load Balancing
• VPN HA (Redundant Remote VPN Gateways)

System Management

• Role-Based Administration
• Simultaneous Administrative Logins
• Multi-Lingual Web GUI (HTTPS / HTTP)
• Object-Based Configuration
• Command Line Interface (Console / WebConsole / SSH / TELNET)
• Comprehensive Local Logging
• Syslog (4 Servers)
• E-mail Alert (2 Servers)
• SNMP v2c (MIB-II)
• Real-Time Traffic Monitoring
• System Configuration Rollback
• Text-Based Configuration File
• Firmware upgrade via FTP / FTP-TLS / WebGUI
• Advanced Reporting (Vantage Report 3.1*)
• Centralized Network Management (Vantage CNM 3.0*)

Certifications

• ICSA Firewall Certified*
• ICSA IPSec VPN Certified*

Hardware Specifications

• Memory: 256MB RAM / 256MB Flash
• Interface: GbE x 7 (RJ-45, with LED)
• Auto-Negotiation and Auto MDI/MDI-X
• Console: RS-232 (DB9F)
• AUX: RS-232 (DB9M)
• LED Indicator: PWR, SYS, AUX, CARD1, CARD2
• Power Switch: Yes
• Reset Pinhole: Yes
• Extension Card Slot: Yes* (2)
• USB: Yes* (2)

Physical Specifications

• Rack Mountable: Yes (19-inch, rack-mount kit included)
• Dimension: 430.0(W) x 201.2(D) x 42.0(H) mm
• Weight: 2,800g

Power Requirements

• Input Voltage: 100-240VAC, 50/60Hz, 0.55-0.3A
• Power Rating: 35W Max

Environmental Specifications

• Operating Temperature: 0 °C ~ 50 °C
• Storage Temperature: -30 °C ~ 60 °C
• Humidity: 20% to 95% (non-condensing)

Standard Compliance

• HSF (Hazardous Substance Free): RoHS and WEEE
• EMC: FCC Part 15 Class A, CE-EMC Class A, C-Tick Class A, VCCI Class A
• Safety: CSA International (ANS/UL60950-1, CSA60950-1, EN60950-1, IEC60950-1)

(For Open Source Announcements, please refer to the ZyWALL USG 300 User's
Guide. And to obtain the GPL open source code, please contact ZyXEL tech
support  support@zyxel.com.tw )