Zyxel USG2200
Uncompromising Security and Performance for Next Generation Business Needs

Sorry, this product is no longer available

Please contact us to explore replacement options or consider visiting our Legacy Products Licensing page, where you can purchase licenses for our discontinued products.

Overview:

Powerful, robust and always-online

ZyWALL USG Series delivers high-access quality to help businesses satisfy the demand for always-online communications. For internal deployments, the ZyWALL USG Series provides active-passive High-Availability (HA) service to support device or connection failover. With Device HA Pro service, ZyWALL USG Series also supports instant failover, so connections are always maintained when a failover event occurs.

For external deployments, the ZyWALL USG Series features multi-WAN load balancing/failover and a comprehensive mobile broadband USB modem support list for WAN backup operations. The ZyWALL USG Series also supports IPSec load balancing and failover, providing additional resilience for mission-critical VPN failover with VTI Interface deployments.

High-performance, high-value Next Generation Firewall (NGFW) for medium and large-sized businesses and campuses
Anti-malware protection with firewall, anti-virus, antispam, content filtering, IDP, next-generation application intelligence and SSL inspection
Robust SSL, IPSec and L2TP over IPSec VPN connectivity and VPN High Availability (HA)
Unified security policy streamlines the configuration and management efforts
Built-in WLAN controller for centralized AP management and effortless WLAN scalability of up to 18 APs

Engineered Express Mode. Uncompromising Performance.

ZyWALL USG series supports Express Mode with advanced Cloud Query technology which has 30 billion of file ID in Zyxel security cloud’s database and constantly adapts new malware data every minute via Threat Intelligence Machine Learning. This innovative design improves the anti-malware detection efficiency, enables it to verify the file ID within seconds to get the most optimal threat detection, so that the ZyWALL USG series can gain higher throughput performance.

Impregnable protection and optimization

ZyWALL USG Series thoroughly protects networks with industry-leading firewall, Anti-Malware/ Virus, Anti-Spam, Content Filtering, IDP, and Application Patrol functionality. Regulate unauthorized use of Web applications over your network, such as Facebook, Google apps, and Netflix, among others. Zyxel security measures are enhanced with SSL Inspection, blocking threats hidden in SSL-encrypted connections while facilitating deeper policy enforcement. Furthermore, newly improved Content Filtering 2.0 enhances HTTPS Domain Filter, Browser SafeSearch, and Geo IP Blocking for an array of security enhancements to ensure clean Web connections.

Best TCO for Access Expansion

People expect network access regardless of time or location. As a result, hotspots are in demand in an ever-expanding assortment of locations. The ZyWALL USG1100/1900/2200 integrated with Zyxel AP Controller technology enables users to manage APs from a centralized user interface. In addition, Zyxel Hotspot Management delivers a unified solution for business networks with user-friendly tools like Billing System, Walled Garden, Multiple Authentication, 3rd Party Social Login and User Agreement. With ZyWALL USG Series, businesses can now deploy or expand a managed WiFi network with minimal effort.

Swift and secure firmware upgrades

Locating firmware updates — not to mention identifying correct versions for your device and managing their installation — can be a complex and confusing ordeal.

The ZyWALL USG Series solves this with its new Cloud Helper service. Cloud Helper provides a simple step to look for up-to-date firmware information. New firmware is immediately made available upon release from our official database to ensure its authenticity and reliability.

Benefits:

	Dual-WAN & Mobile Broadband The Zyxel USG Advanced Series provides non-stop Internet uptime with multi-WAN and mobile broadband support. Multi-WAN works with two or more Ethernet WAN connections for active-active WAN load balancing or active-passive failover. Comprehensive mobile broadband USB modems are also supported for WAN backup.
	VPN High Availability (HA) Zyxel USGs feature VPN HA to satisfy the demands of the most mission-critical VPN deployments. Supporting advanced GRE over IPSec technology, users can deploy two IPSec VPN tunnels for active-active VPN load balancing or active-passive failover.
	Unified Security Policy Unified security policy offers object-based management and a unified configuration interface for firewall and all security-related policies. Users can easily apply all policy criteria to every UTM feature, reduce configuration time, and get more streamlined policy management.
	Anti-Virus Powered by Kaspersky SafeStream II gateway anti-virus, Zyxel USGs provide comprehensive and real-time protection against malware threats before they enter the network. Zyxel USGs can identify and block over 650,000 viruses right at the gate and provide high-speed scanning with stream-based virus scanning technology.
	Anti-Spam With a cloud-based IP reputation system, Zyxel anti-spam can deliver accurate, zero-hour spam outbreak protection by analyzing up-to-the-minute sender reputation data from highly diverse traffic sources. It can detect spam outbreaks in the first few minutes of emergence regardless of spam language or format.
	Robust VPN Zyxel USGs support high-throughput IPSec, L2TP over IPSec and SSL VPN for a wide range of site-to-client and site-to-site VPN deployments. Reinforced with the advanced SHA-2 encryption, the Zyxel USGs provide the most secure VPN for business communications.
	Integrated WLAN Controller The integrated WLAN controller supports CAPWAP, and enables centralized authentication and access management of multiple APs in the network. The Zyxel USG Advanced Series can manage 2 APs by default, and up to 18 APs with license upgrade.
	Application Intelligence Zyxel’s USG Advanced Series can identify, categorize and control over 3,000 social, gaming, productivity, and other Web applications and behaviors. Users can prioritize productive applications, throttle acceptable ones, and block unproductive applications to boost productivity and prevent bandwidth abuse.
	SSL Inspection SSL inspection enables the Zyxel Advanced Series to provide not only comprehensive security, but also deeper policy enforcement. It enables the USG’s application intelligence, IDP, content filtering and anti-virus to inspect traffic in SSL encrypted connections and block threats that usually go unseen.
	Content Filtering Zyxel content filtering helps screen access to websites that are not business related or malicious. With a massive, cloud-based database of over 140 billion URLs that are continuously analyzed and tracked, Zyxel provides highly accurate, broad and instant protection against malicious Web content.

Features:

Firewall

ICSA-certified firewall (certification in progress)
Routing and transparent (bridge) modes
Stateful packet inspection
User-aware policy enforcement
SIP/H.323 NAT traversal
ALG support for customized ports
Protocol anomaly detection and protection
Traffic anomaly detection and protection
Flooding detection and protection
DoS/DDoS protection

IPv6 Support

IPv6 Ready gold logo (certification in progress)
Dual stack
IPv4 tunneling (6rd and 6to4 transition tunnel)
IPv6 addressing
DNS
DHCPv6
Bridge
VLAN
PPPoE
Static routing
Policy routing
Session control
Firewall and ADP
IPSec VPN
Intrusion Detection and Prevention (IDP)
Application intelligence and optimization
Content filtering
Anti-virus, anti-malware
Anti-spam

IPSec VPN

ICSA-certified IPSec VPN (certification in progress)
Encryption: AES (256-bit), 3DES and DES
Authentication: SHA-2 (512-bit), SHA-1 and MD5
Key management: manual key, IKEv1 and IKEv2 with EAP
Perfect forward secrecy (DH groups) support 1, 2, 5
IPSec NAT traversal
Dead peer detection and relay detection
PKI (X.509) certificate support
VPN concentrator
Simple wizard support
VPN auto-reconnection
VPN High Availability (HA): load-balancing and failover
L2TP over IPSec
GRE and GRE over IPSec
NAT over IPSec
Zyxel VPN client provisioning

SSL VPN

Supports Windows and Mac OS X
Supports full tunnel mode
Supports 2-step authentication
Customizable user portal

Intrusion Detection and Prevention (IDP)

Routing and transparent (bridge) mode
Signature-based and behavior-based scanning
Automatic signature updates
Customizable protection profile
Customized signatures supported
SSL (HTTPS) inspection support

Application Intelligence and Optimization

Granular control over the most important applications
Identifies and controls over 3,000 applications and behaviors
Supports over 15 application categories
Application bandwidth management
Supports user authentication
Real-time statistics and reports
SSL (HTTPS) inspection support

Anti-Virus

Supports Bitdefender anti-virus signatures
Identifies and blocks over 650,000 viruses
Stream-based anti-virus engine
HTTP, FTP, SMTP, POP3 and IMAP4 protocol support
Automatic signature updates
No file size limitation
SSL (HTTPS) inspection support

Anti-Spam

Transparent mail interception via SMTP and POP3 protocols
Configurable POP3 and SMTP ports
Sender-based IP reputation filter
Recurrent Pattern Detection (RPD) technology
Zero-hour virus outbreak protection
X-Header support
Blacklist and whitelist support
Supports DNSBL checking
Spam tag support
Statistics report

Content Filtering

Social media filtering
Malicious Website filtering
URL blocking and keyword blocking
Blacklist and whitelist support
Blocks java applets, cookies and ActiveX
Dynamic, cloud-based URL filtering database
Unlimited user license support
Customizable warning messages and redirection URL
SSL (HTTPS) inspection support

Unified Security Policy

Unified policy management interface
Supported UTM features: anti-virus, antispam, IDP, content filtering, application intelligence, firewall (ACL)
3-tier configuration: object-based, profilebased, policy-based
Policy criteria: zone, source and destination IP address, user, time

WLAN Management

Zyxel AP Controller (APC) 1.0 compliant
Client RSSI threshold to prevent sticky clients
IEEE 802.1x authentication
Captive portal Web authentication
Customizable captive portal page
RADIUS authentication
Wi-Fi Multimedia (WMM) wireless QoS
CAPWAP discovery protocol

Mobile Broadband

WAN connection failover via 3G and 4G* USB modems
Auto fallback when primary WAN recovers* 4G USB modem support available in future firmware upgrades

Networking

Routing mode, bridge mode and hybrid mode
Ethernet and PPPoE
NAT and PAT
VLAN tagging (802.1Q)
Virtual interface (alias interface)
Policy-based routing (user-aware)
Policy-based NAT (SNAT)
Dynamic routing (RIPv1/v2 and OSPF)
DHCP client/server/relay
Dynamic DNS support
WAN trunk for more than 2 ports
Per host session limit
Guaranteed bandwidth
Maximum bandwidth
Priority-bandwidth utilization
Bandwidth limit per user
Bandwidth limit per IP

Authentication

Local user database
Microsoft Windows Active Directory integration
External LDAP/RADIUS user database
XAUTH, IKEv2 with EAP VPN authentication
Web-based authentication
Forced user authentication (transparent authentication)
IP-MAC address binding
SSO (Single Sign-On) support

System Management

Role-based administration
Multiple administrator logins
Multi-lingual Web GUI (HTTPS and HTTP)
Command line interface (console, Web console, SSH and TELNET)
SNMP v2c (MIB-II)
System configuration rollback
Firmware upgrade via FTP, FTP-TLS and Web GUI
Dual firmware images

Logging/Monitoring

Comprehensive local logging
Syslog (to up to 4 servers)
Email alerts (to up to 2 servers)
Real-time traffic monitoring
Built-in daily report
Advanced reporting with Vantage Report

Application Diagram:

Anti-Malware Protection and Application Optimization

Enabling anti-virus, anti-spam and intrusion prevention, business networks gain deep, extensive protection against all types of malware threats
Content filtering enables businesses to deny access to Websites that are malicious or not business-related
Application intelligence technology not only enable businesses to block or throttle non-productive Web applications, but also optimize Web applications that increase productivity

VPN Application

Branch offices, partners and home users can deploy Zyxel USGs/ ZyWALLs for site-to-site IPSec VPN connections
Branch offices can additionally deploy IPSec VPN HA (load balancing and failover) for always online VPN connectivity
Remote users can securely access company resources with their computers or smartphones via SSL, IPSec and L2TP over IPSec VPN
The headquarter USG/ZyWALL can also establish an IPSec VPN connection with Microsoft Azure for secured access to a variety of cloud-based applications

Specifications:

Models	USG1100	USG1900	USG2200
Hardware Specifications
Interfaces	8x GbE(configurable)	8x GbE(configurable)	12x GbE (configurable) 4x SFP (configurable) 2x 10G Combo
USB ports	2	2	2
Console port	Yes (DB9)	Yes (DB9)	Yes (DB9)
Rack-mountable	Yes	Yes	Yes
System Capacity & Performance
SPI firewall throughput(Mbps)	6,000	7,000	25,000
VPN throughput (Mbps)	800	900	2,500
IDP throughput (Mbps)	1,000	1,200	2,000
AV throughput (Mbps)	990	1,100	2,000
UTM throughput (AV and IDP, Mbps)	650	710	1,100
Max. TCP concurrent sessions	1,000,000	1,000,000	1,500,000
Max. concurrent IPSec VPN tunnels	1,000	2,000	3,000
Concurrent SSL VPN users (default/max.)	250 / 500	250 / 750	250 / 1,000
VLAN interface	128	128	256
Concurrent devices logins (default/max.)	800 / 1,500	1,500 / 2,000	2,000 / 5,000
WLAN Management
Managed AP number (default/max.)	2/130	2/130	2/1026
Recommend max. AP in 1 AP Group	60	60	300
Security Service
Anti-virus (AV)	Yes	Yes	Yes
Intrusion detection and prevention (IDP) & Application Patrol	Yes	Yes	Yes
Anti-spam	Yes	Yes	Yes
Content filtering	Yes	Yes	Yes
SecuReporter Premium	Yes	Yes	Yes
Key Features
VPN	IKEv2, IPSec, SSL, L2TP/IPSec	IKEv2, IPSec, SSL, L2TP/IPSec	Yes
SSL (HTTPS) inspection	Yes	Yes	Yes
2-Factor Authentication	Yes	Yes	Yes
Hotspot Management	Yes	Yes	Yes
Ticket printer support / Support Q'ty (max.)	Yes (SP350E) / 10	Yes (SP350E) / 10	Yes (SP350E) / 10
Microsoft Azure	Yes	Yes	Yes
Amazon VPC	Yes	Yes	Yes
Device HA Pro	Yes, Activate once registered	Yes, Activate once registered	Yes, Activate once registered
Link Aggregation (LAG)	Yes	Yes	-
Power Requirements
Power input	100 - 240V AC, 50/60 Hz, 1.3 A max.	100 - 240V AC, 50/60 Hz, 1.3 A max.	2 x AC-DC redundant power supply 110-240V AC, 50/60 Hz, 2.5 A max.
Max. power consumption (watt)	58.5	58.5	119
Heat dissipation (BTU/hr)	199.61	199.61	406.045
Physical Specifications
Item	Dimensions (WxDxH)(mm/in.) 430 x 250 x 44/16.93 x 9.84 x 1.73 Weight (kg/lb.) 3.3/7.28	Dimensions (WxDxH)(mm/in.) 430 x 250 x 44/16.93 x 9.84 x 1.73 Weight (kg/lb.) 3.3/7.28	Dimensions (WxDxH)(mm/in.) 438.5 x 500 x 89/17.26 x 19.69 x 3.50 Weight (kg/lb.) 12.45/27.45
Packing	Dimensions (WxDxH)(mm/in.) 519 x 392 x 163/20.43 x 15.43 x 6.42 Weight (kg/lb.) 4.8/10.58	Dimensions (WxDxH)(mm/in.) 519 x 392 x 163/20.43 x 15.43 x 6.42 Weight (kg/lb.) 4.8/10.58	Dimensions (WxDxH)(mm/in.) 795 x 600 x 215/31.3 x 23.62 x 8.46 Weight (kg/lb.) 18.12 (with DUT)/39.95
Included accessories	Power cord Rack mounting kit	Power cord Rack mounting kit	Power cord x 2 Rack mounting (slide) kit
Environmental Specifications
Operating	Temperature 0°C to 40°C (32°F to 104°F) Humidity 10% to 90%(non-condensing)	Temperature 0°C to 40°C (32°F to 104°F) Humidity 10% to 90%(non-condensing)	Temperature 0°C to 40°C (32°F to 104°F) Humidity 10% to 90%(non-condensing)
Storage	Temperature -30°C to 70°C (-22°F to 158°F) Humidity 10% to 90%(non-condensing)	Temperature -30°C to 70°C (-22°F to 158°F) Humidity 10% to 90%(non-condensing)	Temperature -30°C to 70°C (-22°F to 158°F) Humidity 10% to 90%(non-condensing)
MTBF (hr)	560,811.5	560,811.5	280,490
Certifications
EMC	FCC Part 15 (Class A) CE EMC (Class A) C-Tick (Class A) BSMI	FCC Part 15 (Class A) CE EMC (Class A) C-Tick (Class A) BSMI	FCC Part 15 (Class A) CE EMC (Class A) C-Tick (Class A) BSMI
Safety	LVD (EN60950-1), BSMI	LVD (EN60950-1), BSMI	LVD (EN60950-1), BSMI

Documentation:

Download the Zyxel USG2200 Datasheet (PDF).

Sorry, this product is no longer available

Please contact us to explore replacement options or consider visiting our Legacy Products Licensing page, where you can purchase licenses for our discontinued products.

Zyxel USG2200 Uncompromising Security and Performance for Next Generation Business Needs

Sorry, this product is no longer available

Overview:

Powerful, robust and always-online

Engineered Express Mode. Uncompromising Performance.

Impregnable protection and optimization

Best TCO for Access Expansion

Swift and secure firmware upgrades

Benefits:

Dual-WAN & Mobile Broadband

VPN High Availability (HA)

Unified Security Policy

Anti-Virus

Anti-Spam

Robust VPN

Integrated WLAN Controller

Application Intelligence

SSL Inspection

Content Filtering

Features:

Application Diagram:

Anti-Malware Protection and Application Optimization

VPN Application

Specifications:

Documentation:

Sorry, this product is no longer available

Zyxel USG2200
Uncompromising Security and Performance for Next Generation Business Needs