Zyxel NSG100
Nebula Cloud Security VPN Gateway

Overview:

Nebula Cloud Managed Security Gateway

The Zyxel Nebula Cloud Managed Security Gateway is built with remote management and ironclad security for organizations with multiple distributed sites. With an extensive suite of security features including ICSAcertified firewall, IPsec VPN connectivity, Intrusion Detection Prevention (IDP) and Application Patrol, Content Filtering as well as Anti-virus the NSG provides deep, extensive protection to meet everything that small- to midsized businesses need.

As the Zyxel Nebula Security Gateway has been designed from the ground up to be cloud managed, installation and management is as simple as 1-2- 3. Through Nebula’s cloud interface, administrators can create site-wide policies and monitor all branch sites effortlessly, even without training.

• Complete network, security, and application control from anywhere via the cloud
• Zero-touch site-to-site VPN
• Secure networks with IDP and Application Patrol, Content Filtering and Anti-Virus
• Built-in DHCP, NAT, QoS, and VLAN management
• Static route and dynamic DNS support
• Identity-based security policies and application management
• Cloud management and cloud statistics

Benefits:

Out-of-the-box cloud-managed gateway

Every Zyxel Nebula Security Gateway can be quickly and easily deployed at a remote location through nearly zero-touch cloud provisioning. It automatically pulls policies and configuration settings, receives seamless firmware upgrades and security signature updates from the cloud without the need for on-site networking expertise.

Easy setup, simple management

Traditional gateways require administrators to manage configurations and security policies separately for every device, eating up considerable time and effort. Nebula provides a single point of management for all Nebula gateways, allowing administrators to synchronize security settings across thousands of sites to every device all at once. The cloud interface provides site-wide visibility and control that enable administrators to monitor and manage event logs, traffic statistics, bandwidth consumption, networked clients, and application usage without access to the individual devices.

Zero-touch VPN connections

Establishing a virtual private network to keep branch locations securely connected is easier than ever. With the Zyxel Nebula Security Gateway, either site-to-site or hub-and-spoke VPN connections can be configured with just a few clicks in the Nebula Control Center and no complex VPN configuration steps. The intuitive cloud management interface lets administrators monitor VPN connectivity between multiple locations in real time.

Streamlined policy management

The Zyxel Nebula Security Gateway streamlines the configuration of firewalls and every security feature for faster, easier, and more consistent policy settings. It does so by supporting objectbased management and a unified configuration approach for all security related policies, with which users can easily apply all policy criteria to every security feature. Moreover, any configuration made in the Nebula Control Center can be automatically propagated to all connected Nebula gateways.

Effective network protection

Nebula’s IDP system scans multiple layers and protocols to inspect vulnerabilities invisible to simple port and protocol-based firewalls by utilizing deep packet inspection (DPI) technology that eliminates false positives with a database of malware signatures and provides effective protection against intrusions from unknown backdoors.

Powerful application security

Every Nebula Security Gateway comes bundled with a one-year subscription to the Nebula Security Pack, which better protects your networks through IDP, Application Patrol, Content Filtering, and Anti-Virus security services. IDP guards your business from a wide range of attacks and suspicious activities such as SQL injection and DoS; Application Patrol helps boost productivity and prevent bandwidth abuse by prioritizing, throttling, and blocking unnecessary applications; and Content Filtering uses categorization and URL filtering to stop users from accessing malicious and inappropriate sites. Finally, the Anti-Virus acts as a bulwark against malware including viruses, Trojans, worms, spyware, and rogue ware, being the first line of defense for your networks.

Applications Diagram:

Nebula Cloud Management Architecture

VPN Application

Specifications:

Model	NSG50	NSG100	NSG200
Product Name	Nebula Cloud Managed Security Gateway	Nebula Cloud Managed Security Gateway	Nebula Cloud Managed Security Gateway
Hardware Specifications
10/100/1000 Mbps RJ-45 ports	4 x LAN (GbE) 2 x WAN (1x SFP, 1x GbE)	4 x LAN (GbE) 2 x WAN (GbE)	5 x LAN (GbE) 2 x WAN (GbE)
USB ports	1	2	2
Console port	Yes (RJ-45)	Yes (DB9)	Yes (DB9)
Rack-mountable	-	Yes	Yes
Wall-mountable	Yes	-	-
Fanless	Yes	Yes	No
System Capacity & Performance1
SPI firewall throughput (Mbps)2	300	450	1,250
VPN throughput (Mbps)3	100	150	500
IDP throughput (Mbps)4	110	160	500
AV throughput (Mbps)4	50	90	300
SP throughput (Mbps, AV and IDP)4	50	90	300
Unlimited user	Yes	Yes	Yes
Max. TCP concurrent sessions5	20,000	40,000	80,000
Max. TCP Session Rate	2,000	2,000	80,000
Max. concurrent IPsec VPN tunnels6	10	40	200
VLAN interface	8	16	16
Key Software Features
Firewall	Yes	Yes	Yes
Virtual Private Network (VPN)	Yes (IPSec, L2TP over IPSec)	Yes (IPSec, L2TP over IPSec)	Yes (IPSec, L2TP over IPSec)
Application Patrol	Yes	Yes	Yes
Intrusion Detection and Prevention (IDP)	Yes	Yes	Yes
Bandwidth management	Yes	Yes	Yes
Logging and Monitoring	Yes	Yes	Yes
Content Filtering	Yes	Yes	Yes
Anti-Virus	Yes	Yes	Yes
WAN Failover	Yes	Yes	Yes
Power Requirement
Power input	12 V DC, 2.0 A max.	12 V DC, 3.0 A max.	12 V DC, 3.33 A max.
Maximum power consumption (Watt)	12.0	19.0	37.0
Heat dissipation (BTU/hr)	40.95	64.83	199.61
Physical Specifications
Item Dimensions (WxDxH)(mm/in.)	216 x 143 x 33/ 8.50 x 5.63 x 1.30	242 x 175 x 36/ 9.53 x 6.89 x 1.42	300 x 178 x 44/ 11.81 x 7.0 x 1.73
Item Weight (kg/lb.)	1.04/2.29	1.25/2.76	2.0/4.4
Packing Dimensions (WxDxH)(mm/in.)	276 x 185 x 98/ 10.87 x 7.28 x 3.86	394 x 240 x 101/ 15.51 x 9.45 x 3.98	351 x 243 x 149/ 13.82 x 9.57 x 5.87
Packing Weight (kg/lb.)	1.41/3.11	2.25/4.96	3.264/7.20
Included accessories	• Power adapter (with plug) • RJ45-RS232 console cable	• Power adapter • Rack mounting kit	• Power cord • Power adapter • Rack mounting kit
Environmental Specifications
Operating temperature	0°C to 40°C / 32°F to 104°F
Operating humidity	10% to 90% (non-condensing)
Storage temperature	-30°C to 70°C / -22°F to 158°F
Storage humidity	10% to 90% (non-condensing)
MTBF (hr)	44,000	815,463.9	787,109.3
Certifications
EMC	FCC Part 15 (Class B), IC, CE EMC(Class B), RCM, BSMI	FCC Part 15 (Class B), CE EMC (Class B), C-Tick (Class B), BSMI	FCC Part 15 (Class A), CE EMC (Class A), C-Tick (Class A), BSMI
Safety	BSMI, UL	LVD (EN60950-1), BSMI	LVD (EN60950-1), BSMI

¹ Actual performance may vary depending on network conditions and activated applications.
² Maximum throughput based on RFC 2544 (1,518-byte UDP packets), and without enabling Intrustion Detection and Prevention.
³ VPN throughput measured based on RFC 2544 (1,424-byte UDP packets), and without enabling Intrusion Detection and Prevention.
⁴ AV and IDP throughput measured using the industry standard HTTP performance test (1,460-byte HTTP packets). Testing were done with multiple sessions.
⁵ Maximum sessions measured using the industry-standard IXIA IxLoad testing tool.
⁶ Including Gateway-to-Gateway and Client-to-Gateway

Features:

* IDP and Application Patrol, Content Filtering and Anti-Virus services need to be purchased on top of Professional Pack license, and will be co-terminated separately from with Professional Pack license.

Documentation:

Download the Zyxel NSG50/100/200 Datasheet (PDF).