ZyXEL
ZyWALL USG 1000
Unified Security Gateway for SMB/Mid-Large Organizations

| ZyXEL Products | ||
|---|---|---|
| ZyXEL ZyWALL USG 1000 | ||
| ZyXEL ZyWALL USG 1000 - Unified Security Gateway w/1000 VPN Tunnels, SSL VPN, 5 Gigabit Ports, High Availability |
#ZWUSG1000 Our Price: $2,070.00 |
|
More pricing below, click here
ZyXEL ZyWALL USG 1000 Overview:
Threat Protection for SMB/Mid-Large Organizations
- All-new platform: "3rd" generation ZyWALL
- 22x faster than previous-generation ZyWALL firewalls
- New generation UTM solution
- Robust hybrid VPN (IPSec and SSL)
- Application firewall
- Web security (Security Web access): ZyXEL safe browsing
- Non-stop Internet access with multiple WAN and 3G backups
- ICSA firewall, IPSec certification
- Comprehensive report system
- Best-of-breed security solution
- Free Anti-spam service
- ZyXEL Security Distribution Network (ZSDN)
The ZyWALL USG (Unified Security Gateway) 1000 is the "third generation" ZyWALL featuring an all-new platform. It provides the performance 22 times faster than the previous-generation ZyWALL firewalls, as well as a deep packet inspection security solution for small businesses to enterprises alike. It embodies a Stateful Packet Inspection (SPI) firewall, Anti-Virus, Intrusion Detection and Prevention (IDP), Content Filtering, Anti-Spam, and VPN (IPSec/SSL/L2TP) in one box. This multilayered security safeguards your organization's customer and company records, intellectual property, and critical resources from external and internal threats.
High-Performance VPN Concentrator Integrating
Both IPSec VPN and SSL VPN
ZyWALL USG 1000 is a Unified Security Gateway engineered
to provide a variety of security services on top of
a robust, hardware-accelerated platform. By integrating
both IPSec VPN and SSL VPN technologies, the ZyWALL
USG 1000 allows organizations to establish Virtual Private
Network (VPN) connections amongst multiple locations
such as remote branch offices, business partner sites
and even a remote teleworker getting connected in a
potentially unsafe hotel hotspot. Communication channels
are securely encrypted so that information leakage /
data theft can be mitigated when transmitting confidential
information over insecure networks, such as the Internet.
The Hub and Spoke VPN feature is capable of reducing
policy management overhead dramatically in a complex,
multi-site corporate network infrastructure.
Proactive Network Protection against Blended Threats
By integrating cutting-edge technologies on a robust
platform, the ZyWALL USG 1000 is competent to provide
multi-layered protection for security-aware businesses.
The gateway anti-virus security service of the ZyWALL
USG 1000 is powered by Kaspersky Labs, whose technology
boasts the world's shortest response time against emerging
viruses and spyware. As a result, it helps stopping
blended threats at the network edge while keeping viruses/spyware
out of corporate networks. With a SecuASIC co-processor
built-in, the ZyWALL USG 1000 can deliver robust and
reliable performance under real-world networking loads.
With the embedded signature-based IDP (Intrusion Detection
and Prevention) engine, the ZyWALL USG 1000 performs
L7 packet inspection for protocol / traffic anomaly
or matched patterns. Thus, the ZyWALL USG 1000 provides
comprehensive Intrusion Detection and Prevention capability
to proactively detect and block potential worms, viruses,
Trojans and VoIP threats, etc. In response to the ever-evolving
threats, up-to-date signatures / patterns are automatically
downloaded from rock-solid ZSDN infrastructure and installed
on your ZyWALL USG 1000.
Application Patrol to Manage the Use of IM/P2P
Applications
The ZyWALL USG 1000 is specially crafted to manage the
use of IM/P2P applications in modern networking environment
without hassles. Armed with AppPatrol, a central dashboard
for managing various types of IM/P2P applications, security
staff can easily create fine-grained access policy based
on ever-changing security needs: identifying and restricting
different access levels of prevailing IM/P2P protocols,
restricting time of access for different groups of users,
enforcing bandwidth quota against certain types of P2P
application and prioritizing VoIP traffics to ensure
best call quality over slow WAN ISP links. Altogether,
the ZyWALL USG 1000 is an ideal solution to solve the
dilemma in terms of productivity and security.
User-Aware Policy Engine Enables Access Granularity
In addition to basic access control capabilities, the
intelligent user-aware policy engine on the ZyWALL USG
1000 is designed to make packet-forwarding decisions
based on multiple criteria (such as user ID, user group,
time of access and network quota, etc.). Furthermore,
security staff can apply access policies against a variety
of security features such as VPN, Content Filter and
Application Patrol. In conjunction with VLAN and custom
security zones, corporate security policies can be effectively
enforced to prevent unauthorized access to network resources.
Bandwidth Management Ensures Quality of Service
The ZyWALL USG 1000 provides bandwidth management features
for traffic prioritization to guarantee or restrict
the bandwidth usage per interface / protocol. Security
staff can allocate bandwidth for a variety of applications
or computer hosts on the corporate network, regardless
of the direction of the connection. For example, it's
possible to assign higher priority and larger bandwidth
to time-critical applications such as VoIP and video
conferencing for quality transmission services. In addition,
ZyWALL USG 1000 allows you to keep track of bandwidth
usage with comprehensive statistical reports.
VoIP Security: Protecting the Converged Networks
Attracted the benefits, more and more businesses are
deploying VoIP applications on their networks. Along
with the transition to VoIP also comes with security
risks and voice quality issues. As a VoIP-friendly firewall,
the ZyWALL USG 1000 reduces the security risks associated
with the adoption of VoIP by offering the SIP/H.323
ALG feature to dynamically open only the required ports
during the VoIP calls; once the call is complete, the
opened ports are automatically closed to prevent port
sniffing. The IDP feature can detect and prevent attacks
usually associated VoIP deployment. Ultimately, by constructing
VoIP traffic over VPNs with traffic prioritization,
security staff could mitigate security breaches while
optimizing call quality over existing ISP links.
High Availability Features Guarantee Non-Stop
Operations for Mission-Critical Applications
With high availability features, the ZyWALL USG 1000
helps the security staff to easily set up a highly reliable
and secure network infrastructure for your business.
To minimize the impact of single-point of failures,
the ZyWALL USG 1000 supports device HA (High Availability)
to assure network availability should any device failure
happen. On the WAN side, the ZyWALL USG 1000 can connect
multiple ISP links to ensure Internet availability while
a single ISP link may be unreliable. The multiple WAN
load balancing features optimizes bandwidth usage over
each ISP link.
Benefits:
Secure connectivity
Given the prevalence and importance of information technology (IT) systems today and the nature and scale of both the opportunities and risks associated with significant deployments of new networking technologies, organizations are forced to evaluate solutions to build up a safer infrastructure to secure online transactions, in which involve exchange of valuable information. The infrastructure should be tailored to meet operation requirements for expanding remote sites as well as mobile teleworkers.
Proactive protection
As mass-mailing software companies mushroom on the Internet, your network is bombarded with massive amounts of junk mails (spam). Without intelligent detection and proactive blocking, users have to go through the tedious and time-consuming task of sieving through the overflowing mailbox, and such scenario leads to serious productivity loss.
Policy compliance
With numerous file-sharing (P2P) and Instant Messaging (IM) applications, it is easier for company employees to share files and chat online during work hours. Rapid file sharing not only compromises network safety with the sharing of questionable files containing malicious viruses, but may also violate copyright issues and create legal hassles.
Network resilience
ISP links broken, hardware and software failure on the gateway, dead VPN tunnels—these are severe challenges IT staff face when designing the network infrastructure. In short, we need to take fault tolerance on the network path into consideration when build up a highly available network infrastructure for non-stop operations.
Manageability
With Vantage CNM (Centralized Network Management), users can achieve the follow objects:
- Easy VPN management and diagnostic capability
- Complete security policies management
- Low TCO of massive deployment and device maintenance
- Active monitoring, alerting and comprehensive graphic reports
The solution provides an efficient centralized management system for enterprises of any size to reduce operational costs regardless of the number of branch offices or remote locations.
Cost-effectiveness
With the adoption of ZyXEL's USG 20, the follow costs can be saved:
- Device hardware maintenance fee: ZyXEL provides a one more year hardware warranty out of factory.
- Free Software upgrade: now ZyXEL provides free software upgrade for you to enjoy complete protection without additional expanse.
Application Diagram:
ZyWALL USG clean-traffic architecture
The ZyWALL USG’s clean-traffic architecture
protects against network risks such as viruses,
worms, Trojan Horses, spyware, phishing attacks
and other emerging Internet threats. With the
clean-traffic architecture, enterprises users are
assured to have clean and secure network
environments.

Endpoint security
With the new Endpoint Security feature (EPS),
administrators can easily identify “bad” users, i.e.
where no AV software has been installed. By
enforcing installation of the Anti-Virus software,
the ZyWALL mitigates the threat of virus
outbreaks and thus the loss of money and
employee productivity. The EPS supports
NortonTM KasperskyTM and TrendMicroTM AV client
software, among others. Additionally, personal
firewall software such as Kaspersky Internet
Security 2009/2010, Windows Firewall and
TrendMicro PC-Cillin/Internet Security 2010 are
also supported with the new EPS feature.

New generation UTM solution
The ZyWALL USG Series deploys hardwareacceleration
technology in one box. Powered
by high-performance SecuASIC technology
and a hardware-based encryption
accelerator, the ZyWALL USG Series delivers
industry-leading performance and multilayer
threat protection for small businesses
and enterprises. The ZyWALL USG Series
provides integrated Unified Threat
Management security features such as Anti-
Virus (include Kaspersky Anti-Virus & ZyXEL
Anti-Virus), IDP, Anti-Spam, Content Filtering
and Firewall, VPN. All ZyWALL USG Series
products support the Gigabit Ethernet.

High performance
ZyXEL USG Series is built with a powerful
Integrated High Performance Security
architecture, a performance proven
architecture for gigabit fiber. It provides
real-time inspection to prevent network
from threats without sacrificing
performance. Company network is not
only flawlessly secured but also greatly
enhanced on performance to improve
operational productivity and efficiency
when applications such as file-loading,
emailing, and information searches are
processed at higher speed. Take USG 50 as
an example, USG 50 delivers excellent
performance to meet small business.

Robust hybrid VPN (IPSec and SSL)
The ZyWALL USG Series can provide secure
access between remote locations and
corporate resources through the Internet for
organizations of any size. Using IPSec VPN,
companies can secure connections to branch
offices, partners and headquarters. Road
warriors and telecommuters can use SSL or
L2TP VPN to safely access the company
network without having to install VPN
software. The Series provides a flexible and
easy way to enable mobile employees,
vendors and partners to confidently access
your network resource for better efficiency.

Granular control over social
networking applications
Social networking applications such as
Facebook, Twitter, and Youtube have become an
Internet phenomenon to connect people
quickly and to share information. Without
flexible management, social networking
applications will eat up business productivity.
ZyWALL USG ensures that the Internet is not
abused to prevent bandwidth to be wasted or
human resource policy violations.
ZyWALL USG provides granular control over
social networking applications.

Application firewall
More and more network applications bring
malicious software into your office. This kind
of unwanted software, especially IM/P2P
applications, may cause bandwidth waste or
even system damage. Using the application
patrol and bandwidth management features,
you can have full control over traffic blocking
or rate limit settings.

Non-stop Internet access with
multiple WAN and 3G backups
The ZyWALL USG not only supports
multiple WAN ports but also 3G through
USB or PCMCIA cards. This feature enables
“active-active” load sharing or “activepassive”
failover configuration to deliver
highly reliable network connectivity.

High availability
High availability is essential in enterprise
networks. It ensures a system or component
can be continuously operational for a desirably
long length of time.
The ZyWALL USG Series provide high
availability feature as:
- Multiple WAN ports and configure load balancing between these ports.
- An auxiliary (backup) Internet connection as known as out of band Management.
- A backup ZyWALL in the event the master ZyWALL fails (device HA).
To minimize the impact of single-point failures, the ZyWALL USG Series supports device HA (High Availability) to assure network availability.

Anti-Spam service
ZyXEL’s Anti-Spam service eliminates spam,
phishing, virus and malware threats through a
unified security architecture without dropping
legitimate messages. With ZyXEL’s Anti-Spam
service, enterprises can save time and resources
dealing with unwanted email to reduce
operational costs.

Comprehensive reporting system
The ZyWALL USG Series has a built-in reporting
system that offers a comprehensive set of realtime
and historical reports including firewall, virus
and intrusion attacks, bandwidth usage, Web site
usage and user activities. Furthermore, with
Vantage Report (VRPT), a Web-based reporting
system, administrators can easily collect traffic
data and analyze a distributed network for their
organizations to become more aware of
suspicious activities and to ensure better
business productivity.

ZyXEL Security Distribution Network
(ZSDN) ensures rapid response to
new threats
ZSDN Provides Up-to-Date Protection
- The myZyXEL.com Web site delivers a convenient, centralized way to register all ZyWALL units and Security Services.
- The ZyXEL Security Update Servers operates 24x7 to automatically deliver updated signature databases to ZyWALL units around the world.
- The mySecurityZone portal provides comprehensive, searchable information regarding viruses and system vulnerabilities, and it provides a wealth of information resources that keep customers up-to-date on the latest vulnerabilities and countermeasures.

Specifications:


Firewall:
SSL VPN:
Anti-Spam:
Anti-Virus:
Application Patrol:
High Availability:
|
Intrusion Detection and Prevention (IDP):
System Management:
|
Logging/Monitoring:
System Performance:
Hardware Specifications:
|
Note:
*1: Testing Methodologies: Maximum performance based on RFC 2544 (UDP packets, 1,518 bytes). Actual performance may vary depending on network conditions and activated services.
*2: VPN (AES) throughput measured using UDP traffic with 1,424 bytes packet size, based on RFC 2544.
*3: UTM (AV+IDP) throughput measured using industry standard Ixia IxLoad test tool against HTTP protocol with 1,460 bytes packet size. Testing done with multiple flows.
*4: Max sessions measured using industry standard Ixia IxLoad test tool.
Model Comparison:
| Model Name | ZyWALL USG 100 | ZyWALL USG 200 | ZyWALL USG 300 | ZyWALL USG 1000 | ZyWALL USG 2000 |
![]() |
![]() |
![]() |
![]() |
![]() |
|
| Features | • Unified Security Gateway
for SMB (10~25 PC Users) • High-performance multilayer threat protection • Hybrid VPN (IPSec, SSL and L2TP) secures connection to headquarters • Support Kaspersky and ZyXEL anti-virus |
• Unified Security Gateway
for SMB (25~50 PC Users) • High-performance multilayer threat protection • Hybrid VPN (IPSec, SSL and L2TP) secures connection to headquarters • Support Kaspersky and ZyXEL anti-virus • Flexible OPT (option) port |
• Unified Security Gateway for
SMB (50~75 PC Users) • Providing Hybrid VPN (IPSec/SSL VPN) and robust UTM security services • High-performance multi-layer threat protection • User-aware policy engine enables access granularity • Excellent manageability with object, text-based and centralized |
• Unified Security Gateway for
SMB (75~200 PC Users) • Providing Hybrid VPN (IPSec/SSL VPN) and robust UTM security services • High-performance multilayer threat protection • Non-stop operations of mission-critical applications • Excellent manageability with object, text-based and centralized |
• Unified Security Gateway
for SMB (200~500 PC Users) • Gigabit Firewall with Fiber interface (SFP) • Scalable VPN/UTM performance • Support Kaspersky and ZyXEL anti-virus • Redundant power module |
| Hardware Specifications | |||||
| 10/100/1000 Interfaces (Copper) | 5 x LAN/DMZ, 2 x WAN | 5 x LAN/DMZ, 2 x WAN | 7 | 5 | 6 |
| Dual Personality GbE (SFP/RJ45) | - | - | - | - | 2 |
| USB Ports | 2 | 2 | 2 | 2 | 2 |
| SEM Slot (Security Extension Module) | - | - | - | - | 1 |
| Card Slot | 1 | 1 | 2 | 1 | 1 |
| 802.11b/g/n | - | - | - | - | - |
| 2x2 Antenna | - | - | - | - | - |
| System Capacity & Performance | |||||
| SPI Firewall Throughput*1, Mbps | 150 | 200 | 300 | 400 | 2,000 |
| VPN Throughput (3DES)*2, Mbps | 60 | 75 | 100 | 150 | 400*4 |
| UTM Throughput (AV+IDP)*3, Mbps | 30 | 40 | 60 | 80 | 400*5 |
| WiFi Throughput, Mbps | - | - | - | - | - |
| Unlimited User Licenses | Yes | Yes | Yes | Yes | Yes |
| Max. Sessions*6 | 20,000 | 40,000 | 60,000 | 500,000 | 1,000,000 |
| New Session Rate | 1,000 | 1,000 | 1,500 | 12,000 | 20,000 |
| Max. Concurrent IPSec VPN Tunnels | 50 | 100 | 200 | 1,000 | 2,000 |
| Max. Concurrent SSL VPN Users | 5 | 10 | 25 | 250 | 750*1*2 |
| Included SSL VPN Users | 2 | 2 | 2 | 5 | 5 |
| Customizable Zone | Yes | Yes | Yes | Yes | Yes |
| Power Requirement | |||||
| Input Voltage | 100 - 240 V AC, 50 - 60 Hz, 1.2 A | 100 - 240 V AC, 50 - 60 Hz, 1.2 A | 100 - 240 V AC, 50/60 Hz, 0.55 - 0.3 A | 100 - 240 V AC, 50/60 Hz, 1 A Max | 100 - 240 V AC, 50 - 60 Hz, 3 - 6 A |
| Power Rating | 20 W Max | 20 W Max | 35 W Max | 80 W Max | 200 W Max |
| Environmental Specifications | |||||
| Operating Temperature | 0°C to 40°C | ||||
| Storage Temperature | -30°C to 60°C | ||||
| Operating Humidity | 5% to 95% (non-condensing) | 20% to 95% (non-condensing) | 5% to 95% (non-condensing) | ||
| Physical Specifications | |||||
| Dimensions, (W) x (D) x (H) mm | 242 x 175 x 35.5 | 242 x 175 x 35.5 | 430 x 201 x 42 | 431 x 292 x 43.5 | 430 x 487 x 89 |
| Weight, kg | 1.2 | 1.2 | 2.8 | 4.7 | 10.5 |
Note:
*1: Testing Methodologies: Maximum performance based on RFC 2544 (UDP packets, 1,518 bytes). Actual performance may vary depending on network conditions and activated services.
*2: VPN (AES) throughput measured using UDP traffic with 1,424 bytes packet size, based on RFC 2544.
*3: UTM (AV+IDP) throughput measured using industry standard Ixia IxLoad test tool against HTTP protocol with 1,460 bytes packet size. Testing done with multiple flows.
*4: With SEM-DUAL/SEM-VPN module
*5: With SEM-DUAL module
*6: Max sessions measured using industry standard Ixia IxLoad test tool.
Documentation:
![]()
Download the ZyXEL ZyWALL USG 1000 Datasheet (PDF).
| ZyXEL Products | ||
|---|---|---|
| ZyXEL ZyWALL USG 1000 | ||
| ZyXEL ZyWALL USG 1000 - Unified Security Gateway w/1000 VPN Tunnels, SSL VPN, 5 Gigabit Ports, High Availability |
#ZWUSG1000 List Price: $309.99 Our Price: $2,070.00 |
|
| ZyXEL ZyWALL iCard Subscriptions | ||
ZyWALL USG1000 iCard Total Security Service, 1 Year |
#ICTS1YUSG1000 List Price: $1,629.99 Our Price: $1,242.00 |
|
| ZyWALL USG1000 iCard Content Filtering, 1 Year | #ICCF1YUSG1000 |
|
| ZyWALL USG1000 iCard Anti-Virus, 1 Year | #ICAV1YUSG1000 List Price: $549.99 Our Price: $414.00 |
|
| ZyWALL USG1000 iCard IDP, 1 Year | #ICID1YUSG1000 List Price: $399.99 Our Price: $310.00 |
|
| ZyWALL iCard SSL Upgrade 5 to 25 - SSL License Upgrade from 5 Tunnels to 25 Tunnels |
#SSL5TO25USG1000 List Price: $399.99 Our Price: $310.00 |
|
| ZyWALL iCard SSL Upgrade 25 to 50 - SSL License Upgrade from 25 Tunnels to 50 Tunnels |
#SSL25TO50USG1000 List Price: $509.99 Our Price: $388.00 |
|
| ZyWALL iCard SSL Upgrade 5 to 50 - SSL License Upgrade from 5 Tunnels to 50 Tunnels |
#SSL5TO50USG1000 List Price: $812.99 Our Price: $620.00 |
|
| ZyWALL iCard SSL Upgrade 5 to 250 - SSL License Upgrade from 5 Tunnels to 250 Tunnels |
#SSL5TO250USG1000 List Price: $3,299.99 Our Price: $2,535.00 |
|
| ZyWALL iCard SSL Upgrade 25 to 250 - SSL License Upgrade from 25 Tunnels to 250 Tunnels |
#SSL25TO250USG1000 List Price: $2.999.99 Our Price: $2,328.00 |
|
| ZyWALL iCard SSL Upgrade 50 to 250 - SSL License Upgrade from 50 Tunnels to 250 Tunnels |
#SSL50TO250USG1000 List Price: $2,699.99 Our Price: $2,069.00 |
|
| ZyWALL OTPv2 - Learn More | ||
| ZyWALL OTPv2 Token Starter Kit - One Time Password 5x Tokens and Software Pack |
#ZWOTPV2-ST List Price: $309.99 Our Price: $235.00 |
|
| ZyWALL OTPv2 Token 5 User - One Time Password Token 5x Tokens Addon Pack |
#ZWOTPV2-5U List Price: $309.99 Our Price: $235.00 |
|
| VPN IPSec VPN Client | ||
| ZyWALL IPSec VPN Client - Vista Supported VPN Client - 1 Client |
#ZYWALLVPN List Price: $64.99 Our Price: $47.00 |
|
| ZyWALL IPSec VPN Client - Vista Supported VPN Client - 5 Clients |
#ZYWALLVPN5 List Price: $249.99 Our Price: $188.00 |
|
| ZyWALL IPSec VPN Client - Vista Supported VPN Client - 10 Clients |
#ZYWALLVPN10 List Price: $399.99 Our Price: $311.00 |
|
| ZyWALL IPSec VPN Client - Vista Supported VPN Client - 50 Clients |
#ZYWALLVPN50 List Price: $1,629.99 Our Price: $1,246.00 |
|





