Call a Specialist Today! 888-785-4412

Zyxel USG 2200-VPN
Uncompromising Security and Performance for Next Generation Business Needs

Sorry, this product is no longer available, please contact us for a replacement.

Next-Gen Unified Security GatewayOverview:

Powerful, Robust Anti-malware Protection for Medium- to Large-sized Businesses

Zyxel’s USG2200-VPN has been built on a powerful multi-core platform to deliver high performance that helps growing businesses to overcome challenges during expansion. In order to satisfy the needs for always-online communications, USG2200-VPN features multi-WAN load balancing/failover and a comprehensive mobile broadband USB modem support list for WAN backup operations. In addition, USG2200-VPN supports IPSec load balancing and failover to provide additional resiliency for the most mission-critical VPN deployments.

  • Up to 25.0 Gbps Firewall Throughput
  • Up to 3,000 VPN tunnels capability
  • Robust hybrid VPN (IPSec/ SSL/L2TP over IPSec)
  • More secure VPN connections with SHA-2 cryptographic
  • Auto-provisioned client-tosite IPSec setup with Easy VPN
  • Device HA Pro ensures smart handover
  • Hotspot management supported
  • Facebook WiFi, Intelligence social media authentication

Powerful and Robust

Zyxel’s USG Extreme Series is built on a powerful multi-core platform to deliver high performance that helps growing businesses to overcome challenges during the expansion. In order to satisfy the needs for always-online communications, the Series features multi-WAN load balancing/failover and a comprehensive mobile broadband USB modem support list for WAN backup operations. In addition, the Series supports IPSec load balancing and failover to provide additional resiliency for the most missioncritical VPN deployments.

Protection and optimization

The Zyxel USG Extreme Series provides extensive anti-malware protection and effective control of Web applications—like Facebook, Google Apps and Netflix—with industry-leading firewall, anti-virus, anti-spam, content filtering, IDP and application intelligence. These security measures are enhanced with SSL inspection, which helps block threats that are hidden in SSL encrypted connections and facilitates deeper policy enforcement.

Streamlined management

Unified security policy streamlines the configuration of firewall and every security feature to offer faster, easier and more consistent policy management. From a single interface, users can apply all policy criteria to every UTM feature with reduced complexity. The integrated WLAN controller also enables users to management up to 18 APs from a centralized user interface.

Best TCO for Wi-Fi Expansion

Addressing the connectivity needs in the BYOD trend, the Zyxel USG Extreme Series helps businesses deploying or expanding a managed Wi-Fi network with minimized efforts. Integrated with Zyxel AP Controller technology, the Series enables businesses to easily scale up the WLAN and to provide seamless Wi-Fi coverage in places like meeting rooms and guest reception areas.


Safer, more reliable VPN connections

Faster processors today have vastly boosted the capabilities of attackers to decrypt VPN tunnels. Legacy VPN cryptographic algorithms like Message Digest 5 (MD5) and Secure Hash Algorithm 1 (SHA-1) are no longer sufficient to guarantee secure outbound communications. With supports to the more advanced Secure Hash Algorithm 2 (SHA-2), the VPN Firewall provides the safest VPN connections in its class to ensure maximum security for business communications.

The complete range of Zyxel VPN Firewall delivers reliable, non-stop VPN services with dual-WAN failover and fallback support. With two WAN connections—one primary and one for redundancy—the Zyxel VPN Firewall automatically switches to the backup connection should the primary link fail, and automatically switches back to the primary connection once it is back online.

To support dynamic, mobile business operations in today’s BYOD (bring your own device) business environments, the VPN Firewall offers unlimited business mobility with Layer-2 Tunneling Protocol (L2TP) VPN for mobile devices. The VPN Firewall supports L2TP/IPSec VPN on a wide variety of mobile Internet devices running the iOS, Android and Windows mobile platforms.

Best TCO for access expansion

People expect network access regardless of time or location. As a result, hotspots are in demand in an everexpanding assortment of locations. The USG2200-VPN integrated with Zyxel AP Controller technology enables users to manage APs from a centralized user interface. In addition, Zyxel Hotspot Management delivers a unified solution for business networks with user-friendly tools like Billing System, Walled Garden, Multiple Authentication, 3rd Party Social Login and User Agreement. With ZyWALL USG2200-VPN, businesses can now deploy or expand a managed WiFi network with minimal effort.

Swift and secure firmware upgrades

Locating firmware updates — not to mention identifying correct versions for your device and managing their installation — can be a complex and confusing ordeal. The ZyWALL VPN Firewall Series solves this with its new Cloud Helper service. Cloud Helper provides a simple step to look for up-to-date firmware information. New firmware is immediately made available upon release from our official database to ensure its authenticity and reliability.

Swift and secure firmware upgrades

Stay secure and Up-to-Date with OneSecurity

Zyxel provides frequent and timely updates in response to the latest security threats and advisories through OneSecurity — our free online service portal. OneSecurity offers informative network security resources and the know-how to assist businesses and IT administrators in keeping their network operations safe in the digital age. Information and resources can be found with one click via the GUI of ZyWALL USG Series and VPN Series products. IT staff can quickly and easily catch up on the latest threats, and then proceed to walkthroughs and troubleshooting protocols with the help of easy-to-follow FAQs — all provided to help users secure their networks and simplify management of our UTM products.

Subscription Services

The ZyWALL VPN Series provides a complete feature set to perfectly fit different business requirements as well as to enable the maximum performance and security with an all-in-one appliance. Comprehensive network modularity also empowers IT professionals to customize the system to meet their individual needs.

Subscription Services



  • ICSA-certified corporate firewall
  • Routing and transparent (bridge) modes
  • Stateful packet inspection
  • User-aware policy enforcement
  • SIP/H.323 NAT traversal
  • ALG support for customized ports
  • Protocol anomaly detection and protection
  • Traffic anomaly detection and protection
  • Flooding detection and protection
  • DoS/DDoS protection
  • RPS-enabled for desirable performance in chaotic environments

IPv6 Support

  • Dual stack
  • IPv4 tunneling (6rd and 6to4 transition tunnel)
  • IPv6 addressing
  • DNS
  • DHCPv6
  • Bridge
  • VLAN
  • PPPoE
  • Static routing
  • Policy routing
  • Session control
  • Firewall and ADP
  • IPSec VPN
  • Content Filtering 2.0
  • Anti-Spam


  • Authentication: SHA-2 (512-bit), SHA-1 and MD5
  • Encryption: AES (256-bit), 3DES and DES
  • Supports generating SHA2 Certificate
  • Support route-based VPN Tunnel Interface (VTI)
  • Key management: manual key, IKEv1 and IKEv2 with EAP
  • Perfect forward secrecy (DH groups) support 1, 2, 5, 14
  • IPSec NAT traversal
  • Dead peer detection and relay detection
  • PKI (X.509) certificate
  • VPN concentrator
  • Simple wizard support
  • VPN auto-reconnection
  • VPN High Availability (HA): loadbalancing and failover
  • L2TP over IPSec
  • GRE and GRE over IPSec
  • NAT over IPSec
  • Zyxel VPN client provisioning
  • Support iOS L2TP/IKE/IKEv2 VPN Client provision


  • HTTP, FTP, SMTP, POP3 and IMAP4 protocol support
  • Automatic signature updates
  • No file size limitation
  • Supports Windows and Mac OS X
  • Supports full tunnel mode
  • Supports 2-step authentication
  • Customizable user portal

SSL Inspection

  • Certificate Trust Chain validation
  • Support both inbound and outbound inspection
  • Support Content Filtering 2.0
  • Support TLS 1.0/1.1/1.2
  • Visible bypass list

Unified Security Policy

  • Unified policy management interface
  • Supported UTM features: Anti-Spam, Content Filtering 2.0, firewall (ACL)
  • 3-tier configuration: object-based, profile-based, policy-based
  • Policy criteria: zone, source and destination IP address, user, time

WLAN Management

  • Support AP controller version 3.0
  • Supports auto AP FW update
  • Wireless L2 isolation
  • Scheduled WiFi service
  • Dynamic Channel Selection (DCS)
  • Client steering for 5GHz priority and sticky client prevention
  • Auto healing provides a stable and reliable coverage
  • IEEE 802.1x authentication
  • Captive portal Web authentication
  • Customizable captive
  • Multiple SSID with VLAN
  • Supports ZyMesh
  • Support AP Forward Compatibility

Hotspot Management

  • Integrated account generator, Webbased authentication portal and billing system
  • Supports external RADIUS servers
  • Per account bandwidth management
  • User agreement login
  • SP350E Service Gateway Printer enables oneclick account and billing generation
  • Built-in billing system
    • Time-to-finish accounting mode
    • Accumulation accounting mode
  • Supports PayPal online payment
  • Marketing tool
    • Advertisement link
    • Walled garden
    • Portal page
  • Billing Replenish


  • Routing mode, bridge mode and hybrid mode
  • Ethernet and PPPoE
  • NAT and PAT
  • VLAN tagging (802.1Q)
  • Virtual interface (alias interface)
  • Policy-based routing (user-aware)
  • Policy-based NAT (SNAT)
  • Dynamic routing (RIPv1/v2 and OSPF)
  • DHCP client/server/relay
  • Dynamic DNS support
  • WAN trunk for more than 2 ports
  • Per host session limit
  • Guaranteed bandwidth
  • Maximum bandwidth
  • Priority-bandwidth utilization
  • Bandwidth limit per user
  • Bandwidth limit per IP
  • GRE
  • BGP

Zyxel One Network

  • ZON Utility
    • IP configuration
    • Web GUI access
    • Firmware upgrade
    • Password configuration
    • Location and System support
  • Smart Connect
    • Discover neighboring devices
    • One-click remote management access to the neighboring Zyxel devices


  • Local user database
  • Microsoft Windows Active Directory integration
  • External LDAP/RADIUS user database
  • XAUTH, IKEv2 with EAP VPN authentication
  • Web-based authentication
  • Forced user authentication (transparent authentication)
  • IP-MAC address binding
  • SSO (Single Sign-On) support

System Management

  • Supports generating SHA2 Certificate
  • Role-based administration
  • Multiple administrator logins
  • Multi-lingual Web GUI (HTTPS and HTTP)
  • Command line interface (console, Web console, SSH and telnet)
  • Cloud CNM SecuManager*
  • SNMP v1, v2c, v3
  • System configuration rollback
  • Firmware upgrade via FTP, FTP-TLS and Web GUI
  • Dual firmware images
  • Supports Cloud Helper portal page
  • RADIUS authentication
  • WiFi Multimedia (WMM) wireless QoS
  • CAPWAP discovery protocol

Mobile Broadband

  • WAN connection failover via 3G and 4G** USB modems
  • Auto fallback when primary WAN recovers

Device High Availability Pro (HA Pro)

  • Device failure detection and notification
  • Supports ICMP and TCP ping check
  • Link monitoring
  • Configuration auto-sync
  • Dedicated Heartbeat Link
  • Instant handover
  • NAT/Firewall/VPN Sessions synchronization

Subscriptional Services

  • Content Filtering 2.0
  • Anti-Spam


  • Comprehensive local logging
  • Syslog (to up to 4 servers)
  • Email alerts (to up to 2 servers)
  • Real-time traffic monitoring
  • Built-in daily report
  • Advanced reporting with Vantage Report

* Cloud CNM SecuManager management service requires license purchase. For more details please refer to web site
** For specific models supporting the 3G and 4G dongles on the list, please refer to the Zyxel product page at 3G dongle document.

Application Diagram:

VPN Application

  • High-speed, high-security communications between local servers, remote devices and cloud-hosted applications with deployments of the ZyWALL VPN 50/100/300.
  • Secure, reliable VPN connectivity with IPSec VPN load balancing and failover features delivers high-availability services for exceptional uptime.
  • Easy-to-use, secure remote access via SSL, IPSec and L2TP over IPSec VPN.
  • The headquarter ZyWALL Series can also establish an IPSec VPN connection with Amazon VPC for secured access to leverage the benefits of cloud-base and to expend on premise networks that extend into the cloud center.

Hotspot Management

  • High speed internet access.
  • Tier of service
  • Log record for regulatory compliance
  • Premium security control
  • Various Network access control ( free or paid access, social login) 
    *: Hotspot Management supports for ZyWALL 110, USG110, or above in firmware ZLD4.25 or later.

Application Diagram


Front View

Rear View

USG2200-VPN Specifications
Hardware Specifications
Interfaces 12x GbE (configurable), 4x SFP (configurable), 2x 10G Combo
USB ports 2
Console port Yes (DB9)
Rack-mountable Yes
Fanless -
System Capacity & Performance*1
SPI firewall throughput (Mbps)*2 25,000
VPN throughput (Mbps)*3 2,500
Max. TCP concurrent sessions*4 1,500,000
Max. concurrent IPSec VPN tunnels*5 3000
Concurrent SSL VPN users (default/max.)*6 250 / 1,000
VLAN interface 128
Concurrent devices logins (default/max.)*6, 7 2,000 / 5,000
WLAN Management
Managed AP number (default/max.)*6 2 / 1026
Security Service
Anti-Spam*6 Yes
Content Filtering (CF 2.0)*6, 8 Yes
Key Software Features
Virtual Private Network (VPN) IKEv2, IPSec, SSL, L2TP/IPSec
SSL (HTTPS) inspection Yes
EZ Mode -
Hotspot Management*6 Yes
Ticket printer support*9 / Support Q'ty (max.) Yes (SP350E) / 10
Amazon VPC Yes
Facebook WiFi Yes
Device HA Pro Yes (Activate once registered)
Link Aggregation (LAG) -
Power Requirements
Power input 2 x AC-DC redundant power supply
110-240V AC, 50/60 Hz, 2.5 A max.
Max. power consumption (watt) 119
Heat dissipation (BTU/hr) 406.045
Physical Specifications
Item Dimensions (WxDxH)(mm/in.) 438.5 x 500 x 89 / 17.26 x 19.69 x 3.50
Weight (kg/lb.) 3.3 / 7.28
Packing Dimensions (WxDxH)(mm/in.) 795 x 600 x 215 / 31.3 x 2362 x 8.46
Weight (kg/lb.) 18.12 (with DUT) / 39.95
Included accessories
  • Power cord x 2
  • Rack mounting (slide) kit
Environmental Specifications
Operating Temperature 0°C to 40°C (32°F to 104°F)
Humidity 10% to 90% (non-condensing)
Storage Temperature -30°C to 70°C (-22°F to 158°F)
Humidity 10% to 90% (non-condensing)
MTBF (hr) 280,490
EMC FCC Part 15 (Class A), IC, CE EMC(Class A), RCM, BSMI
Safety LVD (EN60950-1), BSMI

*: This matrix with firmware ZLD4.31 or later.
*1: Actual performance may vary depending on network conditions and activated applications
*2: Maximum throughput based on RFC 2544 (1,518-byte UDP packets).
*3: VPN throughput measured based on RFC 2544 (1,424-byte UDP packets).
*4: Maximum sessions measured using the industry standard IXIA IxLoad testing tool.
*5: Including Gateway-to-Gateway and Client-to-Gateway.
*6: With Zyxel service license to enable or extend the feature capacity.
*7: This is the recommend maximum number of concurrent logged-in devices.
*8: SafeSearch function in CF2.0 need to enable SSL inspection firstly and not for small business models.
*9: With Hotspot Management license support.

Model Comparison:

Model Name USG20(W)-VPN ZyWALL 110 ZyWALL 310 ZyWA LL 1100 USG2200-VPN
Product Images USG20(W)-VPN ZyWALL 110 ZyWALL 310 ZyWA LL 1100 USG2200-VPN
Description SB SMB MB
Firewall throughput (Mbps) 350 1,600 5,000 6,000 25,000
Max. concurrent sessions 20,000 150,000 500,000 1,000,000 1,500,000
VPN throughput (Mbps) 90 400 650 800 2,500
Max. concurrent IPSec VPN tunnels 10 100 300 1,000 3,000
Content filtering (CF 2.0)*1 Yes Yes Yes Yes Yes
Amazon VPC*2 Yes Yes Yes Yes Yes
Device HA Pro - Yes*1 Yes*1 Activate once registered Activate once registered
Hotspot Management*1 - Yes Yes Yes Yes
Facebook WiFi Yes Yes Yes Yes Yes

*1: With Zyxel service license to enable or extend the feature capacity
*2: ZyWALL/USG still be able to support by CLIs


Download the Zyxel ZyWALL USG 2200-VPN Datasheet (PDF).

Pricing Notes:

Zyxel Products
iCard Subscriptions
USG2200 iCard Content Filtering 1 Year for USG2200
List Price: $1,400.00
Our Price: $1,000.00
Upgrade AP Controller
USG / ZyWALL / UAG iCard AP Controller Upgrade Add 4 APs for USG / ZyWALL / UAG Series
List Price: $227.99
Our Price: $160.00