Firewall
- ICSA-certified firewall
- Routing and transparent (bridge) mode
- Zone-based access control list
- Stateful packet inspection
- User-aware policy enforcement
- SIP/H.323 NAT traversal
- ALG supports custom ports
IPv6 support
- IPv6 Ready gold logo certified
- Dual stack
- IPv4 tunneling (6rd and 6to4 transition tunnel)
- Host/Router/Firewall
Virtual Private Network(VPN)
- ICSA-certified IPSec VPN
- Algorithm: AES/3DES/DES
- Authentication: SHA-1/MD5
- Key management: Manual key/IKE
- Perfect forward secrecy (DH groups) support 1, 2, 5
- IPSec NAT traversal
- Dead peer detection/relay detection
- PKI (X.509) certificate support
- Centralize VPN support
- Simple wizard support
- Auto reconnect VPN
- VPN HA (redundant remote VPN gateways)
SSL VPN
- Clientless secure remote access
- Support reverse proxy mode and full tunnel mode
- Unified policy enforcement
- Supports two-factor authentication
- Customizable user portal
Intrusion Detection and Prevention (IDP)*1 (ZyWALL 50/100/200)
- Routing and transparent (bridge) mode
- Zone-based IDP inspection
- Customizable protection profile
- Protect over 2000 attack
- Automatic signature updates
- Custom signatures
- Protocol anomaly detection and protection
- Traffic anomaly detection and protection
- Flooding detection and protection
- DoS/DDoS protection
Anti-Virus*2 (ZyWALL 50/100/200)
- Support Kaspersky and ZyXEL Anti-Virus
- Stream-based Anti-Virus engine
- Zone base AV protection
- HTTP/FTP/SMTP/POP3/IMAP4 protocol support
- Automatic signature updates
- No file size limitation
- Blacklist/whitelist support
Application Patrol*1 (ZyWALL 50/100/200)
- Application, IM/P2P, stream base media, VoIP granular access control
- Detail access control of IM (chat, file transfer, video)
- Application and IM/P2P bandwidth control
- User authentication support
- IM/P2P signature auto update
- Support more than 15 catalogs IM and P2P
- Real-Time statistical reports
- Maximum/guaranteed bandwidth
Anti-Spam
- Zone to zone protection
- Transparently intercept mail via SMTP/POP3 protocols
- POP3/SMTP port configurable
- Sender-based IP Reputation Filter
- Commtouch RPD Query
- Zero-hour Virus Outbreak Protection
- X-Header Support
- Support DNSBL checking
- Spam tag support
- Statistics report
High Availability (ZyWALL 100/200)
- Active-Passive mode
- Device failure detection and notification
- Support ICMP and TCP ping check
- Link monitoring
- Auto-Sync configurations
Content Filtering (BlueCoat and Commtouch)*3
- Social networking control
- Web security—Security threat category (powered by BlueCoat)
- URL blocking, keyword blocking
- Profile base setting
- Exempt list (blacklist and whitelist)
- Blocks java applet, cookies and active X
- Dynamic URL filtering database (powered by BlueCoat and Commtouch)
- Unlimited user licenses support
- Customize warning messages and redirect URL
Networking
- Routing mode/bridge mode/mixed mode
- Layer 2 port grouping
- Ethernet/PPPoE
- NAT/PAT
- Tagged VLAN (802.1Q)
- Virtual interface (alias interface)
- Policy-based routing (user-aware)
- Policy-based NAT (SNAT)
- Dynamic routing (RIP v1/v2, OSPF)
- DHCP client/server/relay
- Dynamic DNS support
- WAN Trunk more than 2 port (ZyWALL 50/100/200)
- Per host session limit
- Guaranteed bandwidth
- Maximum bandwidth
- Priority-bandwidth utilization
Authentication
- Local user database
- Microsoft Windows active directory integrate
- External LDAP/RADIUS user database
- Xauth over RADIUS for IPSec VPN
- Forced user authentication (transparent authentication)
- IP/MAC address binding
System Management
- Role-Based administration
- Multiple administrator login
- Multi-Lingual web GUI (HTTPS/HTTP)
- Object-based configuration
- Command line interface (console/web console/SSH/TELNET)
- SNMP v2c (MIB-II)
- System configuration rollback
- Firmware upgrade via FTP/FTP-TLS/web GUI
Logging/Monitoring
- Comprehensive local logging
- Syslog (send to up to 4 servers)
- E-mail alert (send to up to 2 servers)
- Real-Time traffic monitoring
- Built-in daily report
- Advanced reporting (Vantage Report)
- Centralized network management (Vantage CNM) manageable
Certification
- Emission (EMC)
- FCC Part15 (Class A)
- CE EMC (Class A)
*1: Available for USG 50/100/200 models with a ZyWALL Intrusion Detection/Prevention (IDP) subscription.
*2: Available for USG 50/100/200 models with a ZyWALL Anti-Virus subscription.
*3: Available for all USG models with a ZyWALL Content Filtering subscription.