Zyxel ZyWALL VPN1000
ZyWALL VPN Firewall
Sorry, this product is no longer available
Please contact us to explore replacement options or consider visiting our Legacy Products Licensing page, where you can purchase licenses for our discontinued products.
Overview:
In order to meet strategic needs, enterprises or their affiliates need complete yet cost-effective VPN solutions to span across two or more remote sites or connect multiple VPNs while protecting data security network from threats. Specially designed for various VPN applications, Zyxel’s ZyWALL VPN50/100/ 300 comply with GDPR regulations and features a robust VPN gateway with the ability to access enterprise information across the corporate sites and connect business partners, cloud providers as well as telecommuters.
- Easy setup tunnel to Amazon Virtual Private Cloud, Amazon VPC
- Facebook WiFi, Intelligence social media authentication
- Robust hybrid VPN (IPSec/ SSL/L2TP over IPSec)
- One-year free Content Filtering and Geo Enforcer services
- Device HA Pro dedicated heartbeat port ensures smart handover
- Hotspot management for authentication, access control and billing
Benefits:
High secure VPN applications
The Zyxel ZyWALL VPN50/100/300/1000 provides comprehensive types of VPN connection for your business and supports Amazon Virtual Private Cloud (AWS VPC) for nowadays VPN environment. Moreover, the business grade ZyWALL VPN family equipped with IPSec VPN Hardware engine for high efficiency VPN tunnel and VPN load balance/failover with stronger VPN algorithm (IKEv2 & SHA-2) that ensure the VPN reliability and security for business communications.
Non-stop service
The ZyWALL VPN50/100/300/1000 delivers high-performance network security to help businesses satisfy the demand for always-on communications. For mission critical deployments, the ZyWALL VPN series provides activepassive device High-Availability (HA) service to support device or connection failover.
- Multi-WAN load balancing/failover
The ZyWALL VPN series features multi-WAN load balancing/failover and a comprehensive mobile broadband USB modem support list for WAN backup operations. The ZyWALL VPN series also supports IPSec load balancing and failover, providing additional resilience for mission-critical VPN failover with VTI Interface deployments.
One-year free security services
The ZyWALL VPN series with Content Filtering prevents users from accessing malicious or malware sites or inappropriate content such as violent or porn related. With the Geo Enforcer, IP addresses can be mapped to geographical locations to block hacker probing from specific countries or to prevent users from visiting certain data sources. These could help small and medium business to stay away from web threats or social networking sites that could potentially decrease productivity.
Comprehensive connectivity
Today’s business requires a solution that provides secure connectivity and easy access management, and it also requires uninterrupted connection to the business needs of the device.
- AP controller
The ZyWALL VPN series combining AP Controller technology enables users to manage APs from a centralized user interface. Businesses can deploy or expand a managed WiFi network with minimal effort. - Hotspot management
Zyxel’s hotspot management services include billing systems, walled gardens, multiple authentication options, third-party community logins and user agreements, providing site owners with all the functional solutions for managing all network hotspots from one place. - Facebook WiFi
The ZyWALL VPN series integrates with Facebook WiFi to help small shops, stores and restaurants not only provide customers with easy Internet connectivity, but also increase the popularity of your business on Facebook.
Subscription Services
The Zyxel VPN50/100/300/1000 provides a complete feature set to perfectly fit different business requirements as well as to enable the maximum performance for security, hotspot, and connectivity. Comprehensive network modularity also empowers IT professionals to customize the system to meet their individual needs. Notes: Hotspot Management supports for VPN1000 and VPN300
Features:
Firewall
- ICSA-certified corporate firewall
- Routing and transparent (bridge) modes
- Stateful packet inspection
- User-aware policy enforcement
- SIP/H.323 NAT traversal
- ALG support for customized ports
- Protocol anomaly detection and protection
- Traffic anomaly detection and protection
- Flooding detection and protection
- DoS/DDoS protection
IPv6 Support
- Dual stack
- IPv4 tunneling (6rd and 6to4 transition tunnel)
- IPv6 addressing
- DNS
- DHCPv6
- Bridge
- VLAN
- PPPoE
- Static routing
- Policy routing
- Session control
- Firewall and ADP
- IPSec VPN
- Content Filtering
IPSec VPN
- Authentication: SHA-2 (512-bit), SHA-1 and MD5
- Encryption: AES (256-bit), 3DES and DES
- Supports generating SHA2 Certificate
- Support route-based VPN Tunnel Interface (VTI)
- Key management: manual key, IKEv1 and IKEv2 with EAP
- Perfect forward secrecy (DH groups) support 1, 2, 5, 14
- IPSec NAT traversal
- Dead peer detection and relay detection
- PKI (X.509) certificate
- VPN concentrator
- Simple wizard support
- VPN auto-reconnection
- VPN High Availability (HA): loadbalancing and failover
- L2TP over IPSec
- GRE and GRE over IPSec
- NAT over IPSec
- Support iOS L2TP/IKE/IKEv2 VPN Client provision
SSL VPN
- HTTP, FTP, SMTP, POP3 and IMAP4 protocol support
- Automatic signature updates
- No file size limitation
- Supports Windows and Mac OS X
- Supports full tunnel mode
- Supports 2-step authentication
- Customizable user portal
Device High Availability Pro (HA Pro)
- Device failure detection and notification
- Supports ICMP and TCP ping check
- Link monitoring
- Configuration auto-sync
- Dedicated Heartbeat Link
- Smart handover
- NAT/Firewall/VPN Sessions synchronization
Networking
- Routing mode, bridge mode and hybrid mode
- Ethernet and PPPoE
- NAT and PAT
- VLAN tagging (802.1Q)
- Virtual interface (alias interface)
- Policy-based routing (user-aware)
- Policy-based NAT (SNAT)
- Dynamic routing (RIPv1/v2 and OSPF)
- DHCP client/server/relay
- Dynamic DNS support
- WAN trunk for more than 2 ports
- Per host session limit
- Guaranteed bandwidth
- Maximum bandwidth
- Priority-bandwidth utilization
- Bandwidth limit per user
- Bandwidth limit per IP
- GRE
- BGP
WLAN Management
- Support AP controller version 3.0
- Supports auto AP FW update
- Wireless L2 isolation
- Scheduled WiFi service
- Dynamic Channel Selection (DCS)
- Client steering for 5GHz priority and sticky client prevention
- Auto healing provides a stable and reliable coverage
- IEEE 802.1x authentication
- Captive portal Web authentication
- Customizable captive portal page
- RADIUS authentication
- WiFi Multimedia (WMM) wireless QoS
- CAPWAP discovery protocol
- Multiple SSID with VLAN
- Supports ZyMesh
- Support AP forward compatibility
Authentication
- Local user database
- Built-in user database
- Microsoft Windows Active Directory integration
- External LDAP/RADIUS user database
- XAUTH, IKEv2 with EAP VPN authentication
- Web-based authentication
- Forced user authentication (transparent authentication)
- IP-MAC address binding
- SSO (Single Sign-On) support
Logging/Monitoring
- Comprehensive local logging
- Syslog (to up to 4 servers)
- Email alerts (to up to 2 servers)
- Real-time traffic monitoring
- System status monitoring
- Built-in daily report
- Advanced reporting with Vantage Report
System Management
- Role-based administration
- Multiple administrator logins
- Supports Cloud Helper
- Multi-lingual Web GUI (HTTPS and HTTP)
- Command line interface (console, Web console, SSH and telnet)
- SNMP v1, v2c, v3
- System configuration rollback
- Firmware upgrade via FTP, FTP-TLS and Web GUI
- Dual firmware images
- Cloud CNM SecuManager
Zyxel One Network
- ZON Utility
- IP configuration
- Web GUI access
- Firmware upgrade
- Password configuration
- Smart Connect
- Location and System Name update
- Discover neighboring devices
- One-click remote management access to the neighboring Zyxel devices
Hotspot Management
- Integrated account generator, Webbased authentication portal and billing system
- Supports external RADIUS servers
- Per account bandwidth management
- User agreement login
- SP350E Service Gateway Printer enables oneclick account and billing generation
- Built-in billing system
- Time-to-finish accounting mode
- Accumulation accounting mode
- Supports PayPal online payment
- Marketing tool
- Advertisement link
- Walled garden
- Portal page
- Billing Replenish
Subscriptional Services
- Content Filtering
- Geo Enforcer
- HotSpot Management
- Managed APs
- Device HA Pro
USB
- Firmware upgrade
- Log for data retention
- Support 3G/LTE
Application Diagram:
VPN Application
- High-speed, high-security communications between local servers, remote devices and cloud-hosted applications with deployments of the ZyWALL VPN50/100/300/1000.
- Secure, reliable VPN connectivity with IPSec VPN load balancing and failover features delivers high-availability services for exceptional uptime.
- Easy-to-use, secure remote access via SSL, IPSec and L2TP over IPSec VPN.
- The headquarter ZyWALL Series can also establish an IPSec VPN connection with Amazon VPC for secured access to leverage the benefits of cloud-base and to expend on premise networks that extend into the cloud center.
Managed Application Services
- Branch offices, small and medium business as well as IT administrators can deploy Zyxel VPN firewalls to establish VPN connections among managed services providers (MSPs) that improve services levels, minimize end-user service downtime and relieve network maintenance efforts.
- Retailers and chain stores such as healthcare, banking and branch offices can deploy ZyWALL VPN Firewalls over secure connections (IPSec VPN) for business transactions.
Connectivity for Hospitality Services
- The ZyWALL VPN Firewall with managed AP provides Hospitality businesses and SMB with a range of network access privileges such as free, paid access or social login.
- Hospitality businesses can deploy ZyWALL VPN with Hotspot Management features that provide secure network services such as advanced billing for flexible free and tiered WiFi services while retaining the Internet usage record to comply with local regulations.
Business Scenario 1: 3-4 start Hotels with Hotspot & managed APs
Business Scenario 2: hotspot management for shops and hostels
Specifications:
Models |
VPN50 SBs |
VPN100 SMBs |
VPN300 SMBs |
VPN1000 MBs |
---|---|---|---|---|
Hardware Specifications | ||||
Interfaces | 4 x LAN/DMZ, 1 x WAN, 1 x SFP | 4 x LAN/DMZ, 2 x WAN, 1 x SFP | 7 x GbE (Configurable) 1 x SFP |
12 x GbE (Configurable) 2 x SFP |
USB3.0 ports | 1 | 2 | 2 | 2 |
Console port | Yes (RJ-45) | Yes (DB9) | Yes (DB9) | Yes (DB9) |
Rack-mountable | - | Yes | Yes | Yes |
System Capacity & Performance*1 | ||||
SPI firewall throughput (Mbps)*2 | 800 | 2,000 | 2,600 | 8,000 |
VPN throughput (Mbps)*3 | 150 | 500 | 1,000 | 1,500 |
Max. TCP concurrent sessions*4 | 400,000 | 800,000 | 2,000,000 | 3,000,000 |
Max. concurrent IPSec VPN tunnels*5 | 50 | 100 | 300 | 1,000 |
Concurrent SSL VPN users (default/max.)*6 | 10/50 | 30/200 | 50/300 | 250/500 |
VLAN interface | 8 | 16 | 64 | 128 |
Concurrent device logins (default/max.)*6 | 64 | 200/300 | 500/800 | 800/4000 |
WLAN Management | ||||
Managed AP number (default/max.)*6 | 4/36 | 4/68 | 4/132 | 8/1032 |
Key Features | ||||
VPN | IKEv2, IPSec, SSL, L2TP/IPSec | IKEv2, IPSec, SSL, L2TP/IPSec | IKEv2, IPSec, SSL, L2TP/IPSec | IKEv2, IPSec, SSL, L2TP/IPSec |
SSL (HTTPS) inspection | - | Yes | Yes | Yes |
Content filtering*6 | 1 year free | 1 year free | 1 year free | 1 year free |
Geo Enforcer*6 | 1 year free | 1 year free | 1 year free | 1 year free |
EZ Mode | Yes | - | - | - |
Hotspot Management*6*7 | Yes | Yes | Yes | Yes |
Ticket printer support*7 / Support Q'ty (max.) | Yes (SP350E) / 10 | Yes (SP350E) / 10 | Yes (SP350E) / 10 | Yes (SP350E) / 10 |
Amazon / Azure VPC | Yes | Yes | Yes | Yes |
Facebook WiFi | Yes | Yes | Yes | Yes |
Device HA Pro*8 | - | Yes | Yes | Yes |
Power Requirements | ||||
Power input | 12V DC, 2.0 A max. | 12V DC, 2.5A max. | 12V DC, 4.17A max. | 100-240 V AC, 50/60 Hz,2.5 A max. |
Max. power consumption (watt) | 12 | 13.3 | 24.1 | 46.0 |
Heat dissipation (BTU/hr) | 40.92 | 45.38 | 82.23 | 120.10 |
Physical Specifications | ||||
Item | Dimensions (WxDxH)(mm/in.) 216 x 143 x 33/8.50 x 5.63 x 1.30 Weight (kg/lb.) 0.88/1.94 |
Dimensions (WxDxH)(mm/in.) 272 x 187 x 36/10.7 x 7.36 x 1.42 Weight (kg/lb.) 1.4/3.09 |
Dimensions (WxDxH)(mm/in.) 300 x188 x 44/16.93 x 7.4 x 1.73 Weight (kg/lb.) 1.65 / 3.64 |
Dimensions (WxDxH)(mm/in.) 400 x 250 x 44/16.93 x 9.84 x 1.73 Weight (kg/lb.) 3.3/7.28 |
Packing | Dimensions (WxDxH)(mm/in.) 276 x 185 x 98/10.87 x 7.28 x 3.86 Weight (kg/lb.) 1.41/3.11 |
Dimensions (WxDxH)(mm/in.) 427 x 247x 73/16.81 x9.72 x 2.87 Weight (kg/lb.) 2.23 (W/O bracket) 2.42 (W/ bracket) |
Dimensions (WxDxH)(mm/in.) 351 x 152 x 245/13.82 x 5.98 x 9.65 Weight (kg/lb.) 2.83/6.24 |
Dimensions (WxDxH)(mm/in.) 519 x 392 x 163/20.43 x 15.43 x 6.42 Weight (kg/lb.) 4.8/10.58 |
Included accessories |
|
|
|
|
Environmental Specifications | ||||
Operating | Temperature 0°C to 40°C /32°F to 104°F Humidity 10% to 90%(non-condensing) |
Temperature 0°C to 40°C /32°F to 104°F Humidity 10% to 90%(non-condensing) |
Temperature 0°C to 40°C /32°F to 104°F Humidity 10% to 90%(non-condensing) |
Temperature 0°C to 40°C /32°F to 104°F Humidity 10% to 90%(non-condensing) |
Storage | Temperature -30°C to 70°C (-22°F to 158°F) Humidity 10% to 90%(non-condensing) |
Temperature -30°C to 70°C (-22°F to 158°F) Humidity 10% to 90%(non-condensing) |
Temperature -30°C to 70°C (-22°F to 158°F) Humidity 10% to 90%(non-condensing) |
Temperature -30°C to 70°C (-22°F to 158°F) Humidity 10% to 90%(non-condensing) |
MTBF (hr) | 655,130 | 529,688 | 529,688 | 444,930 |
Note:
*: This matrix with firmware ZLD4.30 or later.
*1: Actual performance may vary depending on network conditions and activated applications
*2: Maximum throughput based on RFC 2544 (1,518-byte UDP packets).
*3: VPN throughput measured based on RFC 2544 (1,424-byte UDP packets).
*4: Maximum sessions measured using the industry standard IXIA IxLoad testing tool.
*5: Including Gateway-to-Gateway and Client-to-Gateway.
*6: With Zyxel service license to enable or extend the feature capacity.
*7: This is the recommend maximum number of concurrent logged-in devices.
*8: SafeSearch function in Content Filtering need to enable SSL inspection firstly and not for small business models.
*9: With Hotspot Management license support.
Documentation:
Download the Zyxel ZyWALL VPN1000 Firewall Datasheet (PDF).
Sorry, this product is no longer available
Please contact us to explore replacement options or consider visiting our Legacy Products Licensing page, where you can purchase licenses for our discontinued products.