Call a Specialist Today! 888-785-4412

Zyxel USG2200
Uncompromising Security and Performance for Next Generation Business Needs

Zyxel Products
Zyxel Products
USG2200-NB - Next Generation Unified Security Gateway w/3000 VPN Tunnels, SSL VPN, 12 GbE WAN/LAN/DMZ, 4 GbE SFP, 2 10GbE Combo (No Full UTM)
List Price: $8,399.99
Our Price: $5,999.99
USG2200 - Next Generation Unified Security Gateway w/3000 VPN Tunnels, SSL VPN, 12 GbE WAN/LAN/DMZ, 4 GbE SFP, 2 10GbE Combo (UTM BUNDLE)
List Price: $13,850.00
Our Price: $9,899.99

Click here to jump to more pricing!

Next-Gen Unified Security Gateway


Powerful, robust and always-online

ZyWALL USG Series delivers high-access quality to help businesses satisfy the demand for always-online communications. For internal deployments, the ZyWALL USG Series provides active-passive High-Availability (HA) service to support device or connection failover. With Device HA Pro service, ZyWALL USG Series also supports instant failover, so connections are always maintained when a failover event occurs.

For external deployments, the ZyWALL USG Series features multi-WAN load balancing/failover and a comprehensive mobile broadband USB modem support list for WAN backup operations. The ZyWALL USG Series also supports IPSec load balancing and failover, providing additional resilience for mission-critical VPN failover with VTI Interface deployments.

  • High-performance, high-value Next Generation Firewall (NGFW) for medium and large-sized businesses and campuses
  • Anti-malware protection with firewall, anti-virus, antispam, content filtering, IDP, next-generation application intelligence and SSL inspection
  • Robust SSL, IPSec and L2TP over IPSec VPN connectivity and VPN High Availability (HA)
  • Unified security policy streamlines the configuration and management efforts
  • Built-in WLAN controller for centralized AP management and effortless WLAN scalability of up to 18 APs

Engineered Express Mode. Uncompromising Performance.

ZyWALL USG series supports Express Mode with advanced Cloud Query technology which has 30 billion of file ID in Zyxel security cloud’s database and constantly adapts new malware data every minute via Threat Intelligence Machine Learning. This innovative design improves the anti-malware detection efficiency, enables it to verify the file ID within seconds to get the most optimal threat detection, so that the ZyWALL USG series can gain higher throughput performance.

Impregnable protection and optimization

ZyWALL USG Series thoroughly protects networks with industry-leading firewall, Anti-Malware/ Virus, Anti-Spam, Content Filtering, IDP, and Application Patrol functionality. Regulate unauthorized use of Web applications over your network, such as Facebook, Google apps, and Netflix, among others. Zyxel security measures are enhanced with SSL Inspection, blocking threats hidden in SSL-encrypted connections while facilitating deeper policy enforcement. Furthermore, newly improved Content Filtering 2.0 enhances HTTPS Domain Filter, Browser SafeSearch, and Geo IP Blocking for an array of security enhancements to ensure clean Web connections.

Best TCO for Access Expansion

People expect network access regardless of time or location. As a result, hotspots are in demand in an ever-expanding assortment of locations. The ZyWALL USG1100/1900/2200 integrated with Zyxel AP Controller technology enables users to manage APs from a centralized user interface. In addition, Zyxel Hotspot Management delivers a unified solution for business networks with user-friendly tools like Billing System, Walled Garden, Multiple Authentication, 3rd Party Social Login and User Agreement. With ZyWALL USG Series, businesses can now deploy or expand a managed WiFi network with minimal effort.

Swift and secure firmware upgrades

Locating firmware updates — not to mention identifying correct versions for your device and managing their installation — can be a complex and confusing ordeal.

The ZyWALL USG Series solves this with its new Cloud Helper service. Cloud Helper provides a simple step to look for up-to-date firmware information. New firmware is immediately made available upon release from our official database to ensure its authenticity and reliability.


Dual-WAN & Mobile Broadband

Dual-WAN & Mobile Broadband

The Zyxel USG Advanced Series provides non-stop Internet uptime with multi-WAN and mobile broadband support. Multi-WAN works with two or more Ethernet WAN connections for active-active WAN load balancing or active-passive failover. Comprehensive mobile broadband USB modems are also supported for WAN backup.

VPN High Availability (HA)

VPN High Availability (HA)

Zyxel USGs feature VPN HA to satisfy the demands of the most mission-critical VPN deployments. Supporting advanced GRE over IPSec technology, users can deploy two IPSec VPN tunnels for active-active VPN load balancing or active-passive failover.

Unified Security Policy

Unified Security Policy

Unified security policy offers object-based management and a unified configuration interface for firewall and all security-related policies. Users can easily apply all policy criteria to every UTM feature, reduce configuration time, and get more streamlined policy management.



Powered by Kaspersky SafeStream II gateway anti-virus, Zyxel USGs provide comprehensive and real-time protection against malware threats before they enter the network. Zyxel USGs can identify and block over 650,000 viruses right at the gate and provide high-speed scanning with stream-based virus scanning technology.



With a cloud-based IP reputation system, Zyxel anti-spam can deliver accurate, zero-hour spam outbreak protection by analyzing up-to-the-minute sender reputation data from highly diverse traffic sources. It can detect spam outbreaks in the first few minutes of emergence regardless of spam language or format.

Robust VPN

Robust VPN

Zyxel USGs support high-throughput IPSec, L2TP over IPSec and SSL VPN for a wide range of site-to-client and site-to-site VPN deployments. Reinforced with the advanced SHA-2 encryption, the Zyxel USGs provide the most secure VPN for business communications.

Integrated WLAN Controller

Integrated WLAN Controller

The integrated WLAN controller supports CAPWAP, and enables centralized authentication and access management of multiple APs in the network. The Zyxel USG Advanced Series can manage 2 APs by default, and up to 18 APs with license upgrade.

Application Intelligence

Application Intelligence

Zyxel’s USG Advanced Series can identify, categorize and control over 3,000 social, gaming, productivity, and other Web applications and behaviors. Users can prioritize productive applications, throttle acceptable ones, and block unproductive applications to boost productivity and prevent bandwidth abuse.

SSL Inspection

SSL Inspection

SSL inspection enables the Zyxel Advanced Series to provide not only comprehensive security, but also deeper policy enforcement. It enables the USG’s application intelligence, IDP, content filtering and anti-virus to inspect traffic in SSL encrypted connections and block threats that usually go unseen.

Content Filtering

Content Filtering

Zyxel content filtering helps screen access to websites that are not business related or malicious. With a massive, cloud-based database of over 140 billion URLs that are continuously analyzed and tracked, Zyxel provides highly accurate, broad and instant protection against malicious Web content.


  • ICSA-certified firewall (certification in progress)
  • Routing and transparent (bridge) modes
  • Stateful packet inspection
  • User-aware policy enforcement
  • SIP/H.323 NAT traversal
  • ALG support for customized ports
  • Protocol anomaly detection and protection
  • Traffic anomaly detection and protection
  • Flooding detection and protection
  • DoS/DDoS protection
IPv6 Support
  • IPv6 Ready gold logo (certification in progress)
  • Dual stack
  • IPv4 tunneling (6rd and 6to4 transition tunnel)
  • IPv6 addressing
  • DNS
  • DHCPv6
  • Bridge
  • VLAN
  • PPPoE
  • Static routing
  • Policy routing
  • Session control
  • Firewall and ADP
  • IPSec VPN
  • Intrusion Detection and Prevention (IDP)
  • Application intelligence and optimization
  • Content filtering
  • Anti-virus, anti-malware
  • Anti-spam
  • ICSA-certified IPSec VPN (certification in progress)
  • Encryption: AES (256-bit), 3DES and DES
  • Authentication: SHA-2 (512-bit), SHA-1 and MD5
  • Key management: manual key, IKEv1 and IKEv2 with EAP
  • Perfect forward secrecy (DH groups) support 1, 2, 5
  • IPSec NAT traversal
  • Dead peer detection and relay detection
  • PKI (X.509) certificate support
  • VPN concentrator
  • Simple wizard support
  • VPN auto-reconnection
  • VPN High Availability (HA): load-balancing and failover
  • L2TP over IPSec
  • GRE and GRE over IPSec
  • NAT over IPSec
  • Zyxel VPN client provisioning
  • Supports Windows and Mac OS X
  • Supports full tunnel mode
  • Supports 2-step authentication
  • Customizable user portal

Intrusion Detection and Prevention (IDP)

  • Routing and transparent (bridge) mode
  • Signature-based and behavior-based scanning
  • Automatic signature updates
  • Customizable protection profile
  • Customized signatures supported
  • SSL (HTTPS) inspection support
Application Intelligence and Optimization
  • Granular control over the most important applications
  • Identifies and controls over 3,000 applications and behaviors
  • Supports over 15 application categories
  • Application bandwidth management
  • Supports user authentication
  • Real-time statistics and reports
  • SSL (HTTPS) inspection support
  • Supports Bitdefender anti-virus signatures
  • Identifies and blocks over 650,000 viruses
  • Stream-based anti-virus engine
  • HTTP, FTP, SMTP, POP3 and IMAP4 protocol support
  • Automatic signature updates
  • No file size limitation
  • SSL (HTTPS) inspection support
  • Transparent mail interception via SMTP and POP3 protocols
  • Configurable POP3 and SMTP ports
  • Sender-based IP reputation filter
  • Recurrent Pattern Detection (RPD) technology
  • Zero-hour virus outbreak protection
  • X-Header support
  • Blacklist and whitelist support
  • Supports DNSBL checking
  • Spam tag support
  • Statistics report
Content Filtering
  • Social media filtering
  • Malicious Website filtering
  • URL blocking and keyword blocking
  • Blacklist and whitelist support
  • Blocks java applets, cookies and ActiveX
  • Dynamic, cloud-based URL filtering database
  • Unlimited user license support
  • Customizable warning messages and redirection URL
  • SSL (HTTPS) inspection support

Unified Security Policy

  • Unified policy management interface
  • Supported UTM features: anti-virus, antispam, IDP, content filtering, application intelligence, firewall (ACL)
  • 3-tier configuration: object-based, profilebased, policy-based
  • Policy criteria: zone, source and destination IP address, user, time

WLAN Management

  • Zyxel AP Controller (APC) 1.0 compliant
  • Client RSSI threshold to prevent sticky clients
  • IEEE 802.1x authentication
  • Captive portal Web authentication
  • Customizable captive portal page
  • RADIUS authentication
  • Wi-Fi Multimedia (WMM) wireless QoS
  • CAPWAP discovery protocol

Mobile Broadband

  • WAN connection failover via 3G and 4G* USB modems
  • Auto fallback when primary WAN recovers* 4G USB modem support available in future firmware upgrades
  • Routing mode, bridge mode and hybrid mode
  • Ethernet and PPPoE
  • NAT and PAT
  • VLAN tagging (802.1Q)
  • Virtual interface (alias interface)
  • Policy-based routing (user-aware)
  • Policy-based NAT (SNAT)
  • Dynamic routing (RIPv1/v2 and OSPF)
  • DHCP client/server/relay
  • Dynamic DNS support
  • WAN trunk for more than 2 ports
  • Per host session limit
  • Guaranteed bandwidth
  • Maximum bandwidth
  • Priority-bandwidth utilization
  • Bandwidth limit per user
  • Bandwidth limit per IP
  • Local user database
  • Microsoft Windows Active Directory integration
  • External LDAP/RADIUS user database
  • XAUTH, IKEv2 with EAP VPN authentication
  • Web-based authentication
  • Forced user authentication (transparent authentication)
  • IP-MAC address binding
  • SSO (Single Sign-On) support
System Management
  • Role-based administration
  • Multiple administrator logins
  • Multi-lingual Web GUI (HTTPS and HTTP)
  • Command line interface (console, Web console, SSH and TELNET)
  • SNMP v2c (MIB-II)
  • System configuration rollback
  • Firmware upgrade via FTP, FTP-TLS and Web GUI
  • Dual firmware images
  • Comprehensive local logging
  • Syslog (to up to 4 servers)
  • Email alerts (to up to 2 servers)
  • Real-time traffic monitoring
  • Built-in daily report
  • Advanced reporting with Vantage Report

Application Diagram:

Anti-Malware Protection and Application Optimization

  • Enabling anti-virus, anti-spam and intrusion prevention, business networks gain deep, extensive protection against all types of malware threats
  • Content filtering enables businesses to deny access to Websites that are malicious or not business-related
  • Application intelligence technology not only enable businesses to block or throttle non-productive Web applications, but also optimize Web applications that increase productivity
Anti-malware protection and application optimization

VPN Application

  • Branch offices, partners and home users can deploy Zyxel USGs/ ZyWALLs for site-to-site IPSec VPN connections
  • Branch offices can additionally deploy IPSec VPN HA (load balancing and failover) for always online VPN connectivity
  • Remote users can securely access company resources with their computers or smartphones via SSL, IPSec and L2TP over IPSec VPN
  • The headquarter USG/ZyWALL can also establish an IPSec VPN connection with Microsoft Azure for secured access to a variety of cloud-based applications

VPN application


USG1100 USG1900 USG2200
Hardware Specifications
Interfaces 8x GbE(configurable) 8x GbE(configurable) 12x GbE (configurable)
4x SFP (configurable)
2x 10G Combo
USB ports 2 2 2
Console port Yes (DB9) Yes (DB9) Yes (DB9)
Rack-mountable Yes Yes Yes
System Capacity & Performance
SPI firewall throughput(Mbps) 6,000 7,000 25,000
VPN throughput (Mbps) 800 900 2,500
IDP throughput (Mbps) 1,000 1,200 2,000
AV throughput (Mbps) 990 1,100 2,000
UTM throughput (AV and IDP, Mbps) 650 710 1,100
Max. TCP concurrent sessions 1,000,000 1,000,000 1,500,000
Max. concurrent IPSec VPN tunnels 1,000 2,000 3,000
Concurrent SSL VPN users (default/max.) 250 / 500 250 / 750 250 / 1,000
VLAN interface 128 128 256
Concurrent devices logins (default/max.) 800 / 1,500 1,500 / 2,000 2,000 / 5,000
WLAN Management
Managed AP number (default/max.) 2/130 2/130 2/1026
Recommend max. AP in 1 AP Group 60 60 300
Security Service
Anti-virus (AV) Yes Yes Yes
Intrusion detection and prevention (IDP) & Application Patrol Yes Yes Yes
Anti-spam Yes Yes Yes
Content filtering Yes Yes Yes
SecuReporter Premium Yes Yes Yes
Key Features
SSL (HTTPS) inspection Yes Yes Yes
2-Factor Authentication Yes Yes Yes
Hotspot Management Yes Yes Yes
Ticket printer support / Support Q'ty (max.) Yes (SP350E) / 10 Yes (SP350E) / 10 Yes (SP350E) / 10
Microsoft Azure Yes Yes Yes
Amazon VPC Yes Yes Yes
Device HA Pro Yes, Activate once registered Yes, Activate once registered Yes, Activate once registered
Power Requirements
Power input 100 - 240V AC, 50/60 Hz, 1.3 A max. 100 - 240V AC, 50/60 Hz, 1.3 A max. 2 x AC-DC redundant power supply 110-240V AC, 50/60 Hz, 2.5 A max.
Max. power consumption (watt) 58.5 58.5 119
Heat dissipation (BTU/hr) 199.61 199.61 406.045
Physical Specifications
Item Dimensions (WxDxH)(mm/in.)
430 x 250 x 44/16.93 x 9.84 x 1.73
Weight (kg/lb.)
Dimensions (WxDxH)(mm/in.)
430 x 250 x 44/16.93 x 9.84 x 1.73
Weight (kg/lb.)
Dimensions (WxDxH)(mm/in.)
438.5 x 500 x 89/17.26 x 19.69 x 3.50
Weight (kg/lb.)
Packing Dimensions (WxDxH)(mm/in.)
519 x 392 x 163/20.43 x 15.43 x 6.42
Weight (kg/lb.)
Dimensions (WxDxH)(mm/in.)
519 x 392 x 163/20.43 x 15.43 x 6.42
Weight (kg/lb.)
Dimensions (WxDxH)(mm/in.)
795 x 600 x 215/31.3 x 23.62 x 8.46
Weight (kg/lb.)
18.12 (with DUT)/39.95
Included accessories
  • Power cord
  • Rack mounting kit
  • Power cord
  • Rack mounting kit
  • Power cord x 2
  • Rack mounting (slide) kit
Environmental Specifications
Operating Temperature
0°C to 40°C (32°F to 104°F)
10% to 90%(non-condensing)
0°C to 40°C (32°F to 104°F)
10% to 90%(non-condensing)
0°C to 40°C (32°F to 104°F)
10% to 90%(non-condensing)
Storage Temperature
-30°C to 70°C (-22°F to 158°F)
10% to 90%(non-condensing)
-30°C to 70°C (-22°F to 158°F)
10% to 90%(non-condensing)
-30°C to 70°C (-22°F to 158°F)
10% to 90%(non-condensing)
MTBF (hr) 560,811.5 560,811.5 280,490
  • FCC Part 15 (Class A)
  • CE EMC (Class A)
  • C-Tick (Class A)
  • BSMI
  • FCC Part 15 (Class A)
  • CE EMC (Class A)
  • C-Tick (Class A)
  • BSMI
  • FCC Part 15 (Class A)
  • CE EMC (Class A)
  • C-Tick (Class A)
  • BSMI
Safety LVD (EN60950-1), BSMI LVD (EN60950-1), BSMI LVD (EN60950-1), BSMI


Download the Zyxel USG2200 Datasheet (PDF).

Pricing Notes:

Zyxel Products
Zyxel Products
USG2200-NB - Next Generation Unified Security Gateway w/3000 VPN Tunnels, SSL VPN, 12 GbE WAN/LAN/DMZ, 4 GbE SFP, 2 10GbE Combo (No Full UTM)
List Price: $8,399.99
Our Price: $5,999.99
USG2200 - Next Generation Unified Security Gateway w/3000 VPN Tunnels, SSL VPN, 12 GbE WAN/LAN/DMZ, 4 GbE SFP, 2 10GbE Combo (UTM BUNDLE)
List Price: $13,850.00
Our Price: $9,899.99
UTM Bundle
List Price: $2,239.99
Our Price: $1,599.99