Description

ZyXEL ZWUSG50 Overview The USG50 Internet Security Firewall with Dual-WAN, 4 Gigabit LAN/DMZ Ports from ZyXEL is designed for small businesses and provides real-time inspection and multi-layer network protection to prevent their networks from threats. It embodies Stateful Packet Inspection (SPI) Firewall, Anti-Virus (AV), Intrusion Detection and Prevention (IDP), Content Filtering, Anti-Spam, and VPN (IPSec/SSL/L2TP) features. Additionally, the gateway offers complete security license and guarantees continuous firmware upgrades to save costs. Incorporating comprehensive security features in the connected devices, the USG 50 gateway safeguards your organization's customer and company records, intellectual properties, as well as critical resources from both external and internal threats. Robust Security The USG 50 gateway is built with a security architecture that provides real-time inspection to prevent networks from threats without sacrificing performance. Corporate networks are not only flawlessly secured but also benefit from significant performance enhancements on productivity and efficiency, since file loading, emailing, and information searching applications are processed at higher speeds. Comprehensive IPv6 Support The USG 50 gateway is IPv6-ready and is certified with "IPv6 Ready" Gold Logo. With IPv6 feature enabled, the USG 50 gateway ensures businesses with a smooth migration path from the IPv4-based networks to the full IPv6 infrastructure. It assigns IPv6 addresses to clients and passes the IPv6 traffics through the IPv4 environment. The USG 50 gateway supports dual-stack and IPv4 tunneling (6th and 6 to 4 transition tunnel) implementations for Internet connectivity to access IPv6 applications. Easy VPN Reduces Operation Cost and Time The USG 50 gateway is equipped with the "Easy VPN" solution to push configuration files to the VPN clients automatically. This eliminates the configuration efforts while securing the access at the same time. Additionally, the gateway supports L2TP VPN technology on iPhones, Android phones, and other mobile devices. This technology enables employees in remote places to connect to the headquarters with easy and free access. Content Filter for Safer Web Surfing The World Wide Web has become the primary target for network threats, since the Internet itself is a very effective malware delivery mechanism. With threats hidden directly in contents such as cookies, add-ons, and root-kits, it makes malware exceptionally difficult to detect. The USG 50 gateway content filter solution provided by Blue Coat and Commtouch, reduces costs and extends protection by combining a comprehensive, integrated database featuring millions of URLs, IP addresses, and domains. With the solution, the USG 50 gateway enables real-time protection that deters emerging web threats, including malware and phishing, and blocks or monitors certain sites to maintain employee productivity. Email Security The USG 50 gateway delivers industry-leading protection powered by Commtouch, against spam, phishing, and virus-laden emails. The extremely high performance of Commtouch technology comes from the unique recurrent pattern detection (RPD) mechanism that possesses superior capability through analyzing millions of patterns each day (24 x 7 x 365) to block all the associated messages in real-time. In addition, the USG 50 gateway applies sender-based IP reputation to remove over 80% of unwanted mails and to take advantage of the zero-hour virus outbreak protection feature, which is capable of blocking or delaying suspicious messages hours before commercial anti-virus signatures are available. Multiple 3G Card Support The USG 50 gateway supports multiple WAN ports and 3G networks through USB or PC cards. With 3G connections, the USG 50 gateway enables load sharing or failover to deliver reliable network connectivity. It also supports more 3G cards with generic driver to ensure interoperability. Firewall ICSA-certified firewall Routing and transparent (bridge) mode Zone-based access control list Stateful packet inspection User-aware policy enforcement SIP/H.323 NAT traversal ALG supports custom ports IPv6 Support IPv6 Ready Gold Logo certified Dual stack IPv4 tunneling (6th and 6 to 4 transition tunnel) Host/Router/Firewall Virtual Private Network (VPN) ICSA-certified IPSec VPN Algorithm: AES/3DES/DES Authentication: SHA-1, SHA-2/MD5 Key Management: Manual key/IKE Perfect forward secrecy (DH groups) support 1, 2, 5 IPSec NAT traversal Dead peer detection/relay detection PKI (X.509) certificate support Centralized VPN support Simple wizard support Auto reconnect VPN VPN HA (redundant remote VPN gateways) SSL VPN Clientless secure remote access Supports reverse proxy mode and full tunnel mode Unified policy enforcement Supports two-factor authentication Customizable user portal Intrusion Detection and Prevention (IDP) Routing and transparent (bridge) mode Zone-based IDP inspection Customizable protection profile Protects from over 2000 attacks Automatic signature updates Custom signatures Protocol anomaly detection and protection Traffic anomaly detection and protection Flooding detection and protection DoS/DDoS protection Note: Available with Intrusion Detection/Prevention (IDP) subscription. Application Intelligence (Application Patrol) Identify more than 600 applications, including IM, P2P, social network, stream media, VoIP, and others Supports application granularity control Manage use of Skype/MSN, GoogleTalk, Facebook at business hours, or never Block all use of P2P and games applications permanently (or during business hours) Bandwidth management for P2P, Stream Media, File Transfer, or particular applications Daily check and auto update application signatures Real-time statistical reports Note: Available with Intrusion Detection/Prevention (IDP) subscription. Anti-Virus Supports Kaspersky and ZyXEL Anti-Virus Stream-based Anti-Virus engine Zone-based AV protection HTTP/FTP/SMTP/POP3/IMAP4 protocol support Automatic signature updates No file size limitation Blacklist/Whitelist support Note: Available with Anti-Virus subscription. Anti-Spam Zone to zone protection Transparently intercept mail via SMTP/POP3 protocols POP3/SMTP port configurable Sender-based IP Reputation Filter Commtouch RPD Query Zero-hour Virus Outbreak Protection X-Header support Supports DNSBL checking Statistics report Content Filtering (BlueCoat and Commtouch) Social networking control Web Security: Security threat category (powered by BlueCoat) URL blocking, keyword blocking Profile-based setting Exempt list (blacklist and whitelist) Blocks Java Applet, Cookies, and Active X Dynamic URL filtering database (powered by BlueCoat and Commtouch) Unlimited user licenses support Customize warning messages and redirect URL Note: Available for all USG models with a ZyWALL Content Filtering subscription. Networking Routing mode/bridge mode/mixed mode Layer 2 port grouping Ethernet/PPPoE NAT/PAT Tagged VLAN (802.1Q) Virtual interface (alias interface) Policy-based routing (user-aware) Policy-based NAT (SNAT) Dynamic routing (RIP v1/v2, OSPF) DHCP client/server/relay Dynamic DNS support WAN Trunk more than 2 port Per host session limit Guaranteed bandwidth Maximum bandwidth Priority-bandwidth utilization Authentication Local user database Microsoft Windows active directory integrate External LDAP/RADIUS user database Xauth over RADIUS for IPSec VPN Forced user authentication (transparent authentication) IP/MAC address binding System Management Role-based administration Multiple administrator login Multi-lingual web GUI (HTTPS/HTTP) Object-based configuration Command line interface (console/web console/SSH/TELNET) SNMP v2c (MIB-II) System configuration rollback Firmware upgrade via FTP/FTP-TLS/web GUI Logging/Monitoring Comprehensive local logging Syslog (send to up to 4 servers) E-mail alert (send to up to 2 servers) Real-time traffic monitoring Built-in daily report Advanced reporting (Vantage Report) Centralized Network Management (vantage CNM) manageable