Call a Specialist Today! 888-785-4412

ZyXEL USG 40 Unified Security Gateway
Truly Integrated Security for Remote Offices, Retail Locations and Small Businesses

ZyXEL USG 40 Unified Security Gateway

ZyXEL Products
ZyXEL USG40 Next-Generation USG Firewall, Hardware Only
- 5 x GbE RJ-45, 1 x USB (Dual-WAN & Mobile Broadband)
List Price: $290.00
Our Price: $240.00
ZyXEL USG40 Next-Generation USG Firewall with 1 Year UTM Servies
- 5 x GbE RJ-45, 1 x USB (Dual-WAN & Mobile Broadband)
List Price: $470.00
Our Price: $382.00

Click here to jump to more pricing!


Next-Gen Unified Security Gateway

Truly Integrated Security for Remote Offices, Retail Locations and Small Businesses

The advancements in how people work and collaborate have brought three major challenges to small businesses. With the BYOD trend, small businesses today need to provide more Wi-Fi for an exploding amount of smart devices. The use of cloud-based social and productivity applications not only requires small businesses to be able to control, prioritize and block different applications to stay productive, but also opens doors to new Web attacks. As threats evolve and these business challenges diversify, IT costs will only continue to grow, which is a real problem for small businesses with limited IT resources.

The new ZyXEL USG Performance Series are all-in-one Next Generation Firewalls (NGFW) specifically designed to fulfill the demands BYOD, malware protection, application regulation, and budget control in small business environments. The built-in wireless AP (USG40W and USG60W) and WLAN controller offer instant wireless hotspot capability and future WLAN scalability. Comprehensive UTM features and application intelligence technology provides deep, extensive protection, while keeping businesses in control of how Web applications are used. The all-in-one design integrates everything small businesses need, delivering easier, more centralized management and lower total cost of ownership (TCO).

  • All-in-one Next Generation Firewall (NGFW) for small businesses
  • Anti-malware protection with firewall, anti-virus, anti-spam, content filtering, IDP, and next-generation application intelligence
  • Robust SSL, IPSec and L2TP over IPSec VPN connectivity
  • Integrated single-radio (USG40W) or dual-radio (USG60W) wireless access point
  • Built-in WLAN controller for centralized management of up to 10 APs

Spend less, get more

The ZyXEL USG Performance Series offers small businesses the lowest total cost of ownership. The all-in-one design provides everything small businesses need: anti-malware protection, VPN connectivity, integrated WLAN controller, and built-in wireless access point. This truly integrated security solution eliminates the need to purchase multiple appliances for different functions, and allows small businesses to connect, protect and manage with just one device.

Peace of mind security

The ZyXEL USG Performance Series delivers enterprise-grade Next Generation Firewall security without the hefty price tag. It provides deep, extensive protection and effective control of Web applications—like Facebook, Google Apps and Netflix—with such anti-malware protection mechanisms as firewall, ant-virus, anti-spam, content filtering, IDP and application intelligence. No longer do small businesses need to worry about threats, spam or social networking sites decreasing productivity.

Wi-Fi where you need it

Addressing the trend of BYOD, the ZyXEL USG Performance Series helps small businesses provide Wi-Fi wherever there is demand. The USG40W and USG60W feature built-in single-radio and dual-radio wireless access points that can provide Wi-Fi for small offices straight out of the box. With an integrated WLAN controller, the USG Performance Series enables businesses to easily provide Wi-Fi in multiple other areas like reception areas and meeting rooms when Wi-Fi demand grows.

Single point of management

Designed specifically for businesses with limited IT resources, the ZyXEL USG Performance Series helps users connect, protect and manage with reduced complexity. The unified security policy design offers easier, more unified and streamlined management of all the security features; while the integrated WLAN controller provides centralized management of up to 10 APs. All this is integrated into a single solution, making it easy for users to manage VPN, wireless and security all from one device.


Built-in Wireless AP

Built-in Wireless AP

Built with single-radio and dual-radio wireless access points, the ZyXEL USG40W and USG60W are ideal for retail and office environments. The USG60W integrates 802.11 a/b/g/n technology that delivers Wi-Fi over both the 2.4 GHz and the 5 GHz spectrums.

Unified Security Policy

Unified Security Policy

Unified security policy offers object-based management and a unified configuration interface for firewall and all security-related policies. Users can easily apply all policy criteria to every UTM feature, reduce configuration time, and get more streamlined policy management.



Powered by Kaspersky SafeStream II gateway anti-virus, ZyXEL USGs provide comprehensive and real-time protection against malware threats before they enter the network. ZyXEL USGs can identify and block over 650,000 viruses right at the gate and provide high-speed scanning with stream-based virus scanning technology.



With a cloud-based IP reputation system, ZyXEL anti-spam can deliver accurate, zero-hour spam outbreak protection by analyzing up-to-the-minute sender reputation data from highly diverse traffic sources. It can detect spam outbreaks in the first few minutes of emergence regardless of spam language or format.

Robust VPN

Robust VPN

ZyXEL USGs support high-throughput IPSec, L2TP over IPSec and SSL VPN for a wide range of site-to-client and site-to-site VPN deployments. Reinforced with the advanced SHA-2 encryption, the ZyXEL USGs provide the most secure VPN for business communications.

Integrated WLAN Controller

Integrated WLAN Controller

The integrated WLAN controller supports CAPWAP, and enables centralized authentication and access management of multiple APs in the network. The ZyXEL USG Performance Series can manage 2 APs by default, and up to 10 APs with license upgrade.

Application Intelligence

Application Intelligence

ZyXEL’s USG Performance Series can identify, categorize and control over 3,000 social, gaming, productivity, and other Web applications and behaviors. Users can prioritize productive applications, throttle acceptable ones, and block unproductive applications to boost productivity and prevent bandwidth abuse.

Intrusion Detection & Prevention (IDP)

Intrusion Detection & Prevention (IDP)

ZyXEL’s IDP system uses deep packet inspection (DPI) technology that can scan multiple layers and protocols to inspect vulnerabilities invisible to simple port- and protocol-based firewalls. ZyXEL’s IDP eliminates false positives with a database of malware signatures and provides effective protection against intrusions from unknown back doors.

Content Filtering

Content Filtering

ZyXEL content filtering helps screen access to websites that are not business related or malicious. With a massive, cloud-based database of over 140 billion URLs that are continuously analyzed and tracked, ZyXEL provides highly accurate, broad and instant protection against malicious Web content.

Dual-WAN & Mobile Broadband

Dual-WAN & Mobile Broadband

The ZyXEL USG Performance Series provides high Internet uptime with dual-WAN and mobile broadband support. Dual-WAN works with two Ethernet WAN connections for active-active load balancing or active-passive failover. Comprehensive mobile broadband USB modems are also supported for WAN backup.



The ZyXEL USG Performance Series features a robust fanless design to prevent dirt and dust from entering operating environments to cause potentially catastrophic failures. The fanless design of USGs offers zero-noise cooling and non-overheating features to ensure silent operation in small or quiet office environments.


  • ICSA-certified firewall (certification in progress)
  • Routing and transparent (bridge) modes
  • Stateful packet inspection
  • User-aware policy enforcement
  • SIP/H.323 NAT traversal
  • ALG support for customized ports
  • Protocol anomaly detection and protection
  • Traffic anomaly detection and protection
  • Flooding detection and protection
  • DoS/DDoS protection
IPv6 Support
  • IPv6 Ready gold logo (certification in progress)
  • Dual stack
  • IPv4 tunneling (6rd and 6to4 transition tunnel)
  • IPv6 addressing
  • DNS
  • DHCPv6
  • Bridge
  • VLAN
  • PPPoE
  • Static routing
  • Policy routing
  • Session control
  • Firewall and ADP
  • IPSec VPN
  • Intrusion Detection and Prevention (IDP)
  • Application intelligence and optimization
  • Content filtering
  • Anti-virus, anti-malware
  • Anti-spam
  • ICSA-certified IPSec VPN (certification in progress)
  • Encryption: AES (256-bit), 3DES and DES
  • Authentication: SHA-2 (512-bit), SHA-1 and MD5
  • Key management: manual key, IKEv1 and IKEv2 with EAP
  • Perfect forward secrecy (DH groups) support 1, 2, 5
  • IPSec NAT traversal
  • Dead peer detection and relay detection
  • PKI (X.509) certificate support
  • VPN concentrator
  • Simple wizard support
  • VPN auto-reconnection
  • VPN High Availability (HA): load-balancing and failover
  • L2TP over IPSec
  • GRE and GRE over IPSec
  • NAT over IPSec
  • ZyXEL VPN client provisioning
  • Supports Windows and Mac OS X
  • Supports full tunnel mode
  • Supports 2-step authentication
  • Customizable user portal

Intrusion Detection and Prevention (IDP)

  • Routing and transparent (bridge) mode
  • Signature-based and behavior-based scanning
  • Automatic signature updates
  • Customizable protection profile
  • Customized signatures supported
Application Intelligence and Optimization
  • Granular control over the most important applications
  • Identifies and controls over 3,000 applications and behaviors
  • Supports over 15 application categories
  • Application bandwidth management
  • Supports user authentication
  • Real-time statistics and reports
  • Supports Kaspersky anti-virus signatures
  • Identifies and blocks over 650,000 viruses
  • Stream-based anti-virus engine
  • HTTP, FTP, SMTP, POP3 and IMAP4 protocol support
  • Automatic signature updates
  • No file size limitation
  • Transparent mail interception via SMTP and POP3 protocols
  • Configurable POP3 and SMTP ports
  • Sender-based IP reputation filter
  • Recurrent Pattern Detection (RPD) technology
  • Zero-hour virus outbreak protection
  • X-Header support
  • Blacklist and whitelist support
  • Supports DNSBL checking
  • Spam tag support
  • Statistics report
Content Filtering
  • Social media filtering
  • Malicious Website filtering
  • URL blocking and keyword blocking
  • Blacklist and whitelist support
  • Blocks java applets, cookies and ActiveX
  • Dynamic, cloud-based URL filtering database
  • Unlimited user license support
  • Customizable warning messages and redirection URL

Unified Security Policy

  • Unified policy management interface
  • Supported UTM features: anti-virus, antispam, IDP, content filtering, application intelligence, firewall (ACL)
  • 3-tier configuration: object-based, profilebased, policy-based
  • Policy criteria: zone, source and destination IP address, user, time

WLAN Management

  • ZyXEL AP Controller (APC) 1.0 compliant
  • Client RSSI threshold to prevent sticky clients
  • IEEE 802.1x authentication
  • Captive portal Web authentication
  • Customizable captive portal page
  • RADIUS authentication
  • Wi-Fi Multimedia (WMM) wireless QoS
  • CAPWAP discovery protocol

Mobile Broadband

  • WAN connection failover via 3G and 4G* USB modems
  • Auto fallback when primary WAN recovers* 4G USB modem support available in future firmware upgrades
  • Routing mode, bridge mode and hybrid mode
  • Ethernet and PPPoE
  • NAT and PAT
  • VLAN tagging (802.1Q)
  • Virtual interface (alias interface)
  • Policy-based routing (user-aware)
  • Policy-based NAT (SNAT)
  • Dynamic routing (RIPv1/v2 and OSPF)
  • DHCP client/server/relay
  • Dynamic DNS support
  • WAN trunk for more than 2 ports
  • Per host session limit
  • Guaranteed bandwidth
  • Maximum bandwidth
  • Priority-bandwidth utilization
  • Bandwidth limit per user
  • Bandwidth limit per IP
  • Local user database
  • Microsoft Windows Active Directory integration
  • External LDAP/RADIUS user database
  • XAUTH, IKEv2 with EAP VPN authentication
  • Web-based authentication
  • Forced user authentication (transparent authentication)
  • IP-MAC address binding
  • SSO (Single Sign-On) support (Download SSO Agent)
System Management
  • Role-based administration
  • Multiple administrator logins
  • Multi-lingual Web GUI (HTTPS and HTTP)
  • Command line interface (console, Web console, SSH and TELNET)
  • SNMP v2c (MIB-II)
  • System configuration rollback
  • Firmware upgrade via FTP, FTP-TLS and Web GUI
  • Dual firmware images
  • Comprehensive local logging
  • Syslog (to up to 4 servers)
  • Email alerts (to up to 2 servers)
  • Real-time traffic monitoring
  • Built-in daily report
  • Advanced reporting with Vantage Report

Application Diagram:

Anti-Malware Protection and Application Optimization

  • Enabling anti-virus, anti-spam and intrusion prevention, business networks gain deep, extensive protection against all types of malware threats
  • Content filtering enables businesses to deny access to Websites that are malicious or not business-related
  • Application intelligence technology not only enable businesses to block or throttle non-productive Web applications, but also optimize Web applications that increase productivity
Anti-malware protection and application optimization

VPN Application

  • Branch offices, partners and home users can deploy ZyXEL USGs/ ZyWALLs for site-to-site IPSec VPN connections
  • Branch offices can additionally deploy IPSec VPN HA (load balancing and failover) for always online VPN connectivity
  • Remote users can securely access company resources with their computers or smartphones via SSL, IPSec and L2TP over IPSec VPN
  • The headquarter USG/ZyWALL can also establish an IPSec VPN connection with Microsoft Azure for secured access to a variety of cloud-based applications

VPN application


USG40 Front USG40 Rear
USG40 Specifications
Hardware Specifications
10/100/1000 Mbps RJ-45 ports 3 x LAN/DMZ,
1 x WAN, 1 x OPT
USB ports 1
Console port Yes (RJ-45)
Rack-mountable -
Fanless Yes
System Capacity & Performance*1
SPI firewall throughput (Mbps)*2 400
VPN throughput (Mbps)*3 100
IDP throughput (Mbps)*4 55
AV throughput (Mbps)*4 50
UTM throughput (AV and IDP)*4 50
Unlimited user licenses Yes
Max. TCP concurrent sessions*5 20,000
New TCP session rate 3,000
Max. concurrent IPsec VPN tunnels 10
Max. concurrent SSL VPN users 7
Included SSL VPN user no. 2
Customizable zones Yes
IPv6 support Yes
VLAN interface 8
WLAN Management
AP Controller (APC) ver. 1.0
Managed AP number (default/max.) 2/10
Built-in Wireless LAN
Standard compliance -
Wireless frequency -
Radio -
SSID number -
Maximum transmit power (Max. total channel) -
No. of antenna -
Antenna gain -
Data rate -
Receive sensitivity -
Key Software Features
Virtual Private Network (VPN) Yes (IPSec, SSL, L2TP over IPSec)
Firewall Yes
Anti-Virus (AV) Yes
Anti-spam Yes
Content Filtering (CF) Yes
Application intelligence and optimization Yes
Intrusion Detection and Prevention (IDP) Yes
Single Sign-On (SSO) Yes
WLAN controller Yes
Power Requirements
Power input 12 V DC, 2.0 A max.
Max. power consumption (watt) 14.0
Physical Specifications
Item Dimensions (WxDxH)(mm/in.) 216 x 143 x 33 / 8.50 x 5.63 x 1.30
Weight (kg/lb.) 0.89 / 1.96
Packing Dimensions (WxDxH)(mm/in.) 381 x 216 x 79 / 15.00 x 8.50 x 3.11
Weight (kg/lb.) 1.57 / 3.46
Included accessories
  • Power adapter
  • DB9 - RJ45 cable for console connection
Environmental Specifications
Operating temperature 0°C to 40°C (32°F to 104°F)
Storage temperature -30°C to 70°C (-22°F to 158°F)
Operating humidity 10% to 90%(non-condensing)
Storage humidity 10% to 90%(non-condensing)
MTBF (hr) 414,329.4
EMC FCC Part 15 (Class B), CE EMC(Class B), C-Tick (Class B), BSMI
Safety LVD (EN60950-1), BSMI
*1: Actual performance may vary depending on network conditions and activated applications.
*2: Maximum throughput based on RFC 2544 (1,518-byte UDP packets).
*3: VPN throughput measured based on RFC 2544 (1,424-byte UDP packets).
*4: AV and IDP throughput measured using the industry standard HTTP performance test (1,460-byte HTTP packets). Testing done with multiple flows.
*5: Maximum sessions measured using the industry standard IXIA IxLoad testing tool.
6: Product availability varies by country and region. Please contact local sales team regarding availability in your region.

Model Comparison:

Model Name USG40/40W USG60/60W USG110 USG210 USG310 USG1100 USG1900
Product Images USG40/40W USG60/60W USG110 USG210 USG310 USG1100 USG1900
Description Performance Series Advanced Series Extreme Series
Firewall throughput 400 Mbps 1.0 Gbps 1.6 Gbps 1.9 Gbps 5.0 Gbps 6.0 Gbps 7.0 Gbps
VPN throughput 100 Mbps 180 Mbps 400 Mbps 500 Mbps 650 Mbps 800 Mbps 900 Mbps
UTM throughput
(AV and IDP)
50 Mbps 90 Mbps 250 Mbps 300 Mbps 400 Mbps 500 Mbps 600 Mbps
Max. TCP concurrent sessions 20,000 40,000 60,000 80,000 100,000 300,000 500,000
Wi-Fi 802.11 b/g/n
2.4 GHz
802.11 a/b/g/n Concurrent
2.4 & 5 GHz
- - - - -
Managed AP number (default/max.) 2/10 2/10 2/18 2/18 2/18 2/18 2/18
Multi-WAN Yes Yes Yes Yes Yes Yes Yes
Unified security policy Yes Yes Yes Yes Yes Yes Yes
SSL inspection - - Yes Yes Yes Yes Yes
Device HA - - Yes Yes Yes Yes Yes
Port grouping Yes Yes Yes Yes - - -


Download the ZyXEL Next Generation USG Series Datasheet (PDF).

Pricing Notes:

ZyXEL USG40 Next-Generation USG Firewall, Hardware Only
- 5 x GbE RJ-45, 1 x USB (Dual-WAN & Mobile Broadband)
List Price: $290.00
Our Price: $240.00
ZyXEL USG40 Next-Generation USG Firewall with 1 Year UTM Servies
- 5 x GbE RJ-45, 1 x USB (Dual-WAN & Mobile Broadband)
List Price: $470.00
Our Price: $382.00
ZyXEL iCard IDP and P2P Blocking 1 Year for USG40/USG40-NB
List Price: $75.00
Our Price: $61.00
ZyXEL iCard Kaspersky Anti-Virus 1 Year for USG40/USG40-NB
List Price: $75.00
Our Price: $61.00
ZyXEL iCard Content Filtering 1 Year for USG40/USG40-NB
List Price: $110.00
Our Price: $94.00
ZyXEL iCard Antispam 1 Year for USG40/USG40-NB
List Price: $135.00
Our Price: $110.00
ZyXEL iCard UTM Bundle 1YR for USG40/USG40-NB
(Content Filtering, Anti-Spam, Kaspersky Anti-Virus, IDP)
List Price: $230.00
Our Price: $183.00
ZyXEL iCard AP Controller Upgrade Add 8 APs for USG40/USG40-NB
List Price: $100.00
Our Price: $84.00
- Windows XP 32-bit, Server 2003 32-bit, Server 2008 32/64-bit, Vista 32/64-bit, 7 32/64-bit, 8 32/64-bit Supported VPN Client - 1 Client
List Price: $64.99
Our Price: $55.00
- Windows XP 32-bit, Server 2003 32-bit, Server 2008 32/64-bit, Vista 32/64-bit, 7 32/64-bit, 8 32/64-bit Supported VPN Client - 5 Clients
List Price: $249.99
Our Price: $200.00
- Windows XP 32-bit, Server 2003 32-bit, Server 2008 32/64-bit, Vista 32/64-bit, 7 32/64-bit, 8 32/64-bit Supported VPN Client - 10 Clients
List Price: $399.99
Our Price: $330.00