Browse Catalog
Product Description
With a firewall throughput of up to 400 Mbps and a comprehensive suite of security features, the USG40 Performance Series Unified Security Gateway from ZyXel is an all encompassing small office networking solution. In addition to enhanced firewall throughput, this security gateway is capable of handling up to up to 20,000 concurrent TCP sessions while supporting between 1 and 10 users. Users can connect to the network via this gateway wirelessly as the USG40 supports 802.11b/g/n Wi-Fi as well as wired connectivity through any one of the five Gigabit Ethernet ports. Alongside the Ethernet ports lies a single USB port designed for dual-WAN and mobile broadband connectivity.
| Hardware | |
| Ports | 3 x LAN/DMZ (RJ-45) 1 x WAN (RJ-45) 1 x OPT (RJ-45) 1 x USB 1 x Console |
| AP Controller Version | 1.0 |
| Managed AP Number | Default: 2 Maximum: 10 |
| Power Input | 12 VDC, 2.0 A maximum |
| Power Consumption | 14.0 W maximum |
| Certifications | EMC: FCC Part 15 (Class B), CE EMC (Class B), C-Tick (Class B), and BSMI Safety: LVD (EN60950-1), BSMI |
| MTBF | 414,329.4 hours |
| System Capacity and Performance | |
| SPI Firewall Throughput | 400 Mb/s |
| VPN Throughput | 100 Mb/s |
| IDP Throughput | 55 Mb/s |
| AV Throughput | 50 Mb/s |
| UTM Throughput (AV and IDP) | 50 Mb/s |
| Unlimited User Licenses | Yes |
| TCP Concurrent Sessions | 20,000 maximum |
| Concurrent IPsec VPN Tunnels | 10 |
| New TCP Session Rate | 3,000 |
| Concurrent SSL VPN Users | 7 |
| SSL VPN User Number | 2 |
| Customizable Zones | Yes |
| IPv6 Support | Yes |
| VLAN Interface | 8 |
| Software | |
| Firewall | ICSA-certified firewall (certification in progress) Routing and transparent (bridge) modes Stateful packet inspection User-aware policy enforcement SIP/H.323 NAT traversal ALG support for customized ports Protocol anomaly detection and protection Traffic anomaly detection and protection Flooding detection and protection DoS/DDoS protection |
| IPv6 Support | IPv6 Ready gold logo (certification in progress) Dual stack IPv4 tunneling (6rd and 6 to 4 transition tunnel) IPv6 addressing DNS DHCPv6 Bridge VLAN PPPoE Static routing Policy routing Session control Firewall and ADP IPSec VPN Intrusion Detection and Prevention (IDP) Application intelligence and optimization Content filtering Anti-virus, anti-malware Anti-spam |
| IPsec VPN | ICSA-certified IPSec VPN (certification in progress) Encryption: AES (256-bit), 3DES and DES Authentication: SHA-2 (512-bit), SHA-1 and MD5 Key management: manual key, IKEv1 and IKEv2 with EAP Perfect forward secrecy (DH groups) support 1, 2, 5 IPSec NAT traversal Dead peer detection and relay detection PKI (X.509) certificate support VPN concentrator Simple wizard support VPN auto-reconnection VPN High Availability (HA): Load-balancing and failover L2TP over IPSec GRE and GRE over IPSec NAT over IPSec ZyXEL VPN client provisioning |
| SSL VPN Throughput | Supports Windows and Mac OS X Supports full tunnel mode Supports 2-step authentication Customizable user portal |
| Intrusion Detection and Prevention | Routing and transparent (bridge) mode Signature-based and behavior-based scanning Automatic signature updates Customizable protection profile Customized signatures supported |
| Application Intelligence and Optimization | Granular control over the most important applications Identifies and controls over 3,000 applications and behaviors Supports over 15 application categories Application bandwidth management Supports user authentication Real-time statistics and reports |
| Antivirus | Supports Kaspersky anti-virus signatures Identifies and blocks over 650,000 viruses Stream-based anti-virus engine HTTP, FTP, SMTP, POP3, and IMAP4 protocol support Automatic signature updates No file size limitation |
| Anti-Spam | Transparent mail interception via SMTP and POP3 protocols Configurable POP3 and SMTP ports Sender-based IP reputation filter Recurrent Pattern Detection (RPD) technology Zero-hour virus outbreak protection X-Header support Blacklist and whitelist support Supports DNSBL checking Spam tag support Statistics report |
| Content Filtering | Social media filtering Malicious Website filtering URL blocking and keyword blocking Blacklist and whitelist support Blocks java applets, cookies and ActiveX Dynamic, cloud-based URL filtering database Unlimited user license support Customizable warning messages and redirection URL |
| Unified Security Policy | Unified policy management interface Supported UTM features: anti-virus, antispam, IDP, content filtering, application intelligence, firewall (ACL) 3-Tier Configuration: Object-based, profile based, policy-based Policy Criteria: Zone, source, and destination IP address, user, time |
| WLAN Management | ZyXEL AP Controller (APC) 1.0 compliant Client RSSI threshold to prevent sticky clients IEEE 802.1x authentication Captive portal Web authentication Customizable captive portal page RADIUS authentication Wi-Fi Multimedia (WMM) wireless QoS CAPWAP discovery protocol |
| Mobile Broadband | WAN connection failover via 3G and 4G* USB modems Auto fallback when primary WAN recovers |
| Networking | Routing mode, bridge mode, and hybrid mode Ethernet and PPPoE NAT and PAT VLAN tagging (802.1Q) Virtual interface (alias interface) Policy-based routing (user-aware) Policy-based NAT (SNAT) Dynamic routing (RIPv1/v2 and OSPF) DHCP client/server/relay Dynamic DNS support WLAN trunk for more than 2 ports Per host session limit Guaranteed bandwidth Maximum bandwidth Priority-bandwidth utilization Bandwidth limit per user Bandwidth limit per IP |
| Authentication | Local user database Microsoft Windows Active Directory integration External LDAP/RADIUS user database XAUTH, IKEv2 with EAP VPN authentication Web-based authentication Forced user authentication (transparent authentication) IP-MAC address binding SSO (Single Sign-On) support |
| System Management | Role-based administration Multiple administrator logins Multi-lingual Web GUI (HTTPS and HTTP) Command line interface (console, Web console, SSH, and TELNET) SNMP v2c (MIB-II) System configuration rollback Firmware upgrade via FTP, FTP-TLS, and Web GUI Dual firmware images |
| Logging and Monitoring | Comprehensive local logging Syslog (to up to 4 servers) Email alerts (to up to 2 servers) Real-time traffic monitoring Built-in daily report Advanced reporting with Vantage Report |
| VPN, Management and Reporting | Managed APs: Add 8 APs SecuExtender SSL VPN Client: Add 5 clients IPSec VPN Client: For 1/5/10/50 clients Vantage Report: For 1/5/25/100 devices |
| License Information | |
| Antivirus | Kaspersky: 1-year |
| Application Intelligence and IDP | 1-year |
| Content Filtering | 1-year |
| Anti-Spam | 1-year |
| General | |
| Compatibility | Access Point NWA5120 Series (Unified Access Point) NWA5121-NI NWA5121-N NWA5123-NI NWA5000 Series (Managed Access Point) NWA5160N NWA5560-N NWA5550-N NWA3000-N Series (Unified Pro Access Point) NWA3160-N NWA3560-N NWA3550-N Functions central management, auto provisioning, and local bridge data forwarding |
| Temperature | Operating: 32 to 104°F (0 to 40°C) Storage: -22 to 158°F (-30 to 70°C) |
| Humidity | Operating: 10 to 90% (non-condensing) Storage: 10 to 90% (non-condensing) |
| Dimensions (W x H x D) | 8.50 x 1.30 x 5.63" (216.00 x 33.00 x 143.00 mm) |
| Weight | 1.96 lb (0.89 kg) |
Other items you might enjoy
