Overview:
Powerful, Robust Anti-malware Protection for Medium- to Large-sized Businesses
Zyxel’s USG2200-VPN has been built on a powerful multi-core platform to deliver high performance that helps growing businesses to overcome challenges during expansion. In order to satisfy the needs for always-online communications, USG2200-VPN features multi-WAN load balancing/failover and a comprehensive mobile broadband USB modem support list for WAN backup operations. In addition, USG2200-VPN supports IPSec load balancing and failover to provide additional resiliency for the most mission-critical VPN deployments.
- Up to 25.0 Gbps Firewall Throughput
- Up to 3,000 VPN tunnels capability
- Robust hybrid VPN (IPSec/ SSL/L2TP over IPSec)
- More secure VPN connections with SHA-2 cryptographic
- Auto-provisioned client-tosite IPSec setup with Easy VPN
- Device HA Pro ensures smart handover
- Hotspot management supported
- Facebook WiFi, Intelligence social media authentication
Powerful and Robust
Zyxel’s USG Extreme Series is built on a powerful multi-core platform to deliver high performance that helps growing businesses to overcome challenges during the expansion. In order to satisfy the needs for always-online communications, the Series features multi-WAN load balancing/failover and a comprehensive mobile broadband USB modem support list for WAN backup operations. In addition, the Series supports IPSec load balancing and failover to provide additional resiliency for the most missioncritical VPN deployments.
Protection and optimization
The Zyxel USG Extreme Series provides extensive anti-malware protection and effective control of Web applications—like Facebook, Google Apps and Netflix—with industry-leading firewall, anti-virus, anti-spam, content filtering, IDP and application intelligence. These security measures are enhanced with SSL inspection, which helps block threats that are hidden in SSL encrypted connections and facilitates deeper policy enforcement.
Streamlined management
Unified security policy streamlines the configuration of firewall and every security feature to offer faster, easier and more consistent policy management. From a single interface, users can apply all policy criteria to every UTM feature with reduced complexity. The integrated WLAN controller also enables users to management up to 18 APs from a centralized user interface.
Best TCO for Wi-Fi Expansion
Addressing the connectivity needs in the BYOD trend, the Zyxel USG Extreme Series helps businesses deploying or expanding a managed Wi-Fi network with minimized efforts. Integrated with Zyxel AP Controller technology, the Series enables businesses to easily scale up the WLAN and to provide seamless Wi-Fi coverage in places like meeting rooms and guest reception areas.
Benefits:
Safer, more reliable VPN connections
Faster processors today have vastly boosted the capabilities of attackers to decrypt VPN tunnels. Legacy VPN cryptographic algorithms like Message Digest 5 (MD5) and Secure Hash Algorithm 1 (SHA-1) are no longer sufficient to guarantee secure outbound communications. With supports to the more advanced Secure Hash Algorithm 2 (SHA-2), the VPN Firewall provides the safest VPN connections in its class to ensure maximum security for business communications.
The complete range of Zyxel VPN Firewall delivers reliable, non-stop VPN services with dual-WAN failover and fallback support. With two WAN connections—one primary and one for redundancy—the Zyxel VPN Firewall automatically switches to the backup connection should the primary link fail, and automatically switches back to the primary connection once it is back online.
To support dynamic, mobile business operations in today’s BYOD (bring your own device) business environments, the VPN Firewall offers unlimited business mobility with Layer-2 Tunneling Protocol (L2TP) VPN for mobile devices. The VPN Firewall supports L2TP/IPSec VPN on a wide variety of mobile Internet devices running the iOS, Android and Windows mobile platforms.
Best TCO for access expansion
People expect network access regardless of time or location. As a result, hotspots are in demand in an everexpanding assortment of locations. The USG2200-VPN integrated with Zyxel AP Controller technology enables users to manage APs from a centralized user interface. In addition, Zyxel Hotspot Management delivers a unified solution for business networks with user-friendly tools like Billing System, Walled Garden, Multiple Authentication, 3rd Party Social Login and User Agreement. With ZyWALL USG2200-VPN, businesses can now deploy or expand a managed WiFi network with minimal effort.
Swift and secure firmware upgrades
Locating firmware updates — not to mention identifying correct versions for your device and managing their installation — can be a complex and confusing ordeal. The ZyWALL VPN Firewall Series solves this with its new Cloud Helper service. Cloud Helper provides a simple step to look for up-to-date firmware information. New firmware is immediately made available upon release from our official database to ensure its authenticity and reliability.
Stay secure and Up-to-Date with OneSecurity
Zyxel provides frequent and timely updates in response to the latest security threats and advisories through OneSecurity — our free online service portal. OneSecurity offers informative network security resources and the know-how to assist businesses and IT administrators in keeping their network operations safe in the digital age. Information and resources can be found with one click via the GUI of ZyWALL USG Series and VPN Series products. IT staff can quickly and easily catch up on the latest threats, and then proceed to walkthroughs and troubleshooting protocols with the help of easy-to-follow FAQs — all provided to help users secure their networks and simplify management of our UTM products.
Subscription Services
The ZyWALL VPN Series provides a complete feature set to perfectly fit different business requirements as well as to enable the maximum performance and security with an all-in-one appliance. Comprehensive network modularity also empowers IT professionals to customize the system to meet their individual needs.
Features:
Firewall
- ICSA-certified corporate firewall
- Routing and transparent (bridge) modes
- Stateful packet inspection
- User-aware policy enforcement
- SIP/H.323 NAT traversal
- ALG support for customized ports
- Protocol anomaly detection and protection
- Traffic anomaly detection and protection
- Flooding detection and protection
- DoS/DDoS protection
- RPS-enabled for desirable performance in chaotic environments
IPv6 Support
- Dual stack
- IPv4 tunneling (6rd and 6to4 transition tunnel)
- IPv6 addressing
- DNS
- DHCPv6
- Bridge
- VLAN
- PPPoE
- Static routing
- Policy routing
- Session control
- Firewall and ADP
- IPSec VPN
- Content Filtering 2.0
- Anti-Spam
IPSec VPN
- Authentication: SHA-2 (512-bit), SHA-1 and MD5
- Encryption: AES (256-bit), 3DES and DES
- Supports generating SHA2 Certificate
- Support route-based VPN Tunnel Interface (VTI)
- Key management: manual key, IKEv1 and IKEv2 with EAP
- Perfect forward secrecy (DH groups) support 1, 2, 5, 14
- IPSec NAT traversal
- Dead peer detection and relay detection
- PKI (X.509) certificate
- VPN concentrator
- Simple wizard support
- VPN auto-reconnection
- VPN High Availability (HA): loadbalancing and failover
- L2TP over IPSec
- GRE and GRE over IPSec
- NAT over IPSec
- Zyxel VPN client provisioning
- Support iOS L2TP/IKE/IKEv2 VPN Client provision
SSL VPN
- HTTP, FTP, SMTP, POP3 and IMAP4 protocol support
- Automatic signature updates
- No file size limitation
- Supports Windows and Mac OS X
- Supports full tunnel mode
- Supports 2-step authentication
- Customizable user portal
SSL Inspection
- Certificate Trust Chain validation
- Support both inbound and outbound inspection
- Support Content Filtering 2.0
- Support TLS 1.0/1.1/1.2
- Visible bypass list
Unified Security Policy
- Unified policy management interface
- Supported UTM features: Anti-Spam, Content Filtering 2.0, firewall (ACL)
- 3-tier configuration: object-based, profile-based, policy-based
- Policy criteria: zone, source and destination IP address, user, time
WLAN Management
- Support AP controller version 3.0
- Supports auto AP FW update
- Wireless L2 isolation
- Scheduled WiFi service
- Dynamic Channel Selection (DCS)
- Client steering for 5GHz priority and sticky client prevention
- Auto healing provides a stable and reliable coverage
- IEEE 802.1x authentication
- Captive portal Web authentication
- Customizable captive
- Multiple SSID with VLAN
- Supports ZyMesh
- Support AP Forward Compatibility
Hotspot Management
- Integrated account generator, Webbased authentication portal and billing system
- Supports external RADIUS servers
- Per account bandwidth management
- User agreement login
- SP350E Service Gateway Printer enables oneclick account and billing generation
- Built-in billing system
- Time-to-finish accounting mode
- Accumulation accounting mode
- Supports PayPal online payment
- Marketing tool
- Advertisement link
- Walled garden
- Portal page
- Billing Replenish
Networking
- Routing mode, bridge mode and hybrid mode
- Ethernet and PPPoE
- NAT and PAT
- VLAN tagging (802.1Q)
- Virtual interface (alias interface)
- Policy-based routing (user-aware)
- Policy-based NAT (SNAT)
- Dynamic routing (RIPv1/v2 and OSPF)
- DHCP client/server/relay
- Dynamic DNS support
- WAN trunk for more than 2 ports
- Per host session limit
- Guaranteed bandwidth
- Maximum bandwidth
- Priority-bandwidth utilization
- Bandwidth limit per user
- Bandwidth limit per IP
- GRE
- BGP
Zyxel One Network
- ZON Utility
- IP configuration
- Web GUI access
- Firmware upgrade
- Password configuration
- Location and System support
- Smart Connect
- Discover neighboring devices
- One-click remote management access to the neighboring Zyxel devices
Authentication
- Local user database
- Microsoft Windows Active Directory integration
- External LDAP/RADIUS user database
- XAUTH, IKEv2 with EAP VPN authentication
- Web-based authentication
- Forced user authentication (transparent authentication)
- IP-MAC address binding
- SSO (Single Sign-On) support
System Management
- Supports generating SHA2 Certificate
- Role-based administration
- Multiple administrator logins
- Multi-lingual Web GUI (HTTPS and HTTP)
- Command line interface (console, Web console, SSH and telnet)
- Cloud CNM SecuManager*
- SNMP v1, v2c, v3
- System configuration rollback
- Firmware upgrade via FTP, FTP-TLS and Web GUI
- Dual firmware images
- Supports Cloud Helper portal page
- RADIUS authentication
- WiFi Multimedia (WMM) wireless QoS
- CAPWAP discovery protocol
Mobile Broadband
- WAN connection failover via 3G and 4G** USB modems
- Auto fallback when primary WAN recovers
Device High Availability Pro (HA Pro)
- Device failure detection and notification
- Supports ICMP and TCP ping check
- Link monitoring
- Configuration auto-sync
- Dedicated Heartbeat Link
- Instant handover
- NAT/Firewall/VPN Sessions synchronization
Subscriptional Services
- Content Filtering 2.0
- Anti-Spam
Logging/Monitoring
- Comprehensive local logging
- Syslog (to up to 4 servers)
- Email alerts (to up to 2 servers)
- Real-time traffic monitoring
- Built-in daily report
- Advanced reporting with Vantage Report
* Cloud CNM SecuManager management service requires license purchase. For more details please refer to web site
** For specific models supporting the 3G and 4G dongles on the list, please refer to the Zyxel product page at 3G dongle document.
Application Diagram:
VPN Application
- High-speed, high-security communications between local servers, remote devices and cloud-hosted applications with deployments of the ZyWALL VPN 50/100/300.
- Secure, reliable VPN connectivity with IPSec VPN load balancing and failover features delivers high-availability services for exceptional uptime.
- Easy-to-use, secure remote access via SSL, IPSec and L2TP over IPSec VPN.
- The headquarter ZyWALL Series can also establish an IPSec VPN connection with Amazon VPC for secured access to leverage the benefits of cloud-base and to expend on premise networks that extend into the cloud center.
Hotspot Management
- High speed internet access.
- Tier of service
- Log record for regulatory compliance
- Premium security control
- Various Network access control ( free or paid access, social login)
*: Hotspot Management supports for ZyWALL 110, USG110, or above in firmware ZLD4.25 or later.
Specifications:
| USG2200-VPN Specifications |
| Interfaces |
12x GbE (configurable), 4x SFP (configurable), 2x 10G Combo |
| USB ports |
2 |
| Console port |
Yes (DB9) |
| Rack-mountable |
Yes |
| Fanless |
- |
| SPI firewall throughput (Mbps)*2 |
25,000 |
| VPN throughput (Mbps)*3 |
2,500 |
| Max. TCP concurrent sessions*4 |
1,500,000 |
| Max. concurrent IPSec VPN tunnels*5 |
3000 |
| Concurrent SSL VPN users (default/max.)*6 |
250 / 1,000 |
| VLAN interface |
128 |
| Concurrent devices logins (default/max.)*6, 7 |
2,000 / 5,000 |
| Managed AP number (default/max.)*6 |
2 / 1026 |
| Anti-Spam*6 |
Yes |
| Content Filtering (CF 2.0)*6, 8 |
Yes |
| Virtual Private Network (VPN) |
IKEv2, IPSec, SSL, L2TP/IPSec |
| SSL (HTTPS) inspection |
Yes |
| EZ Mode |
- |
| Hotspot Management*6 |
Yes |
| Ticket printer support*9 / Support Q'ty (max.) |
Yes (SP350E) / 10 |
| Amazon VPC |
Yes |
| Facebook WiFi |
Yes |
| Device HA Pro |
Yes (Activate once registered) |
| Link Aggregation (LAG) |
- |
| Power input |
2 x AC-DC redundant power supply
110-240V AC, 50/60 Hz, 2.5 A max. |
| Max. power consumption (watt) |
119 |
| Heat dissipation (BTU/hr) |
406.045 |
| Item |
Dimensions (WxDxH)(mm/in.) |
438.5 x 500 x 89 / 17.26 x 19.69 x 3.50 |
| Weight (kg/lb.) |
3.3 / 7.28 |
| Packing |
Dimensions (WxDxH)(mm/in.) |
795 x 600 x 215 / 31.3 x 2362 x 8.46 |
| Weight (kg/lb.) |
18.12 (with DUT) / 39.95 |
| Included accessories |
- Power cord x 2
- Rack mounting (slide) kit
|
| Operating |
Temperature |
0°C to 40°C (32°F to 104°F) |
| Humidity |
10% to 90% (non-condensing) |
| Storage |
Temperature |
-30°C to 70°C (-22°F to 158°F) |
| Humidity |
10% to 90% (non-condensing) |
| MTBF (hr) |
280,490 |
| EMC |
FCC Part 15 (Class A), IC, CE EMC(Class A), RCM, BSMI |
| Safety |
LVD (EN60950-1), BSMI |
Note:
*: This matrix with firmware ZLD4.31 or later.
*1: Actual performance may vary depending on network conditions and activated applications
*2: Maximum throughput based on RFC 2544 (1,518-byte UDP packets).
*3: VPN throughput measured based on RFC 2544 (1,424-byte UDP packets).
*4: Maximum sessions measured using the industry standard IXIA IxLoad testing tool.
*5: Including Gateway-to-Gateway and Client-to-Gateway.
*6: With Zyxel service license to enable or extend the feature capacity.
*7: This is the recommend maximum number of concurrent logged-in devices.
*8: SafeSearch function in CF2.0 need to enable SSL inspection firstly and not for small business models.
*9: With Hotspot Management license support.
Model Comparison:
| Product Images |
 |
 |
 |
 |
 |
| Firewall throughput (Mbps) |
350 |
1,600 |
5,000 |
6,000 |
25,000 |
| Max. concurrent sessions |
20,000 |
150,000 |
500,000 |
1,000,000 |
1,500,000 |
| VPN throughput (Mbps) |
90 |
400 |
650 |
800 |
2,500 |
| Max. concurrent IPSec VPN tunnels |
10 |
100 |
300 |
1,000 |
3,000 |
| Content filtering (CF 2.0)*1 |
Yes |
Yes |
Yes |
Yes |
Yes |
| Amazon VPC*2 |
Yes |
Yes |
Yes |
Yes |
Yes |
| Device HA Pro |
- |
Yes*1 |
Yes*1 |
Activate once registered |
Activate once registered |
| Hotspot Management*1 |
- |
Yes |
Yes |
Yes |
Yes |
| Facebook WiFi |
Yes |
Yes |
Yes |
Yes |
Yes |
*1: With Zyxel service license to enable or extend the feature capacity
*2: ZyWALL/USG still be able to support by CLIs
Documentation:
Download the Zyxel ZyWALL USG 2200-VPN Datasheet (PDF).
