Software Features
Firewall
- ICSA-certified firewall (certification in progress)
- Routing and transparent (bridge) modes
- Stateful packet inspection
- User-aware policy enforcement
- SIP/H.323 NAT traversal
- ALG support for customized ports
- Protocol anomaly detection and protection
- Traffic anomaly detection and protection
- Flooding detection and protection
- DoS/DDoS protection
IPv6 Support
- IPv6 Ready gold logo (certification in progress)
- Dual stack
- IPv4 tunneling (6rd and 6to4 transition tunnel)
- IPv6 addressing
- DNS
- DHCPv6
- Bridge
- VLAN
- PPPoE
- Static routing
- Policy routing
- Session control
- Firewall and ADP
- IPSec VPN
- Intrusion Detection and Prevention (IDP)
- Application intelligence and optimization
- Content filtering
- Anti-virus, anti-malware
- Anti-spam
IPSec VPN
- ICSA-certified IPSec VPN (certification in progress)
- Encryption: AES (256-bit), 3DES and DES
- Authentication: SHA-2 (512-bit), SHA-1 and MD5
- Key management: manual key, IKEv1 and IKEv2 with EAP
- Perfect forward secrecy (DH groups) support 1, 2, 5
- IPSec NAT traversal
- Dead peer detection and relay detection
- PKI (X.509) certificate support
- VPN concentrator
- Simple wizard support
- VPN auto-reconnection
- VPN High Availability (HA): load-balancing and failover
- L2TP over IPSec
- GRE and GRE over IPSec
- NAT over IPSec
- ZyXEL VPN client provisioning
SSL VPN
- Supports Windows and Mac OS X
- Supports full tunnel mode
- Supports 2-step authentication
- Customizable user portal
Intrusion Detection and Prevention (IDP)
- Routing and transparent (bridge) mode
- Signature-based and behavior-based scanning
- Automatic signature updates
- Customizable protection profile
- Customized signatures supported
- SSL (HTTPS) inspection support
Application Intelligence and Optimization
- Granular control over the most important applications
- Identifies and controls over 3,000 applications and behaviors
- Supports over 15 application categories
- Application bandwidth management
- Supports user authentication
- Real-time statistics and reports
- SSL (HTTPS) inspection support
Anti-Virus
- Supports Kaspersky anti-virus signatures
- Identifies and blocks over 650,000 viruses
- Stream-based anti-virus engine
- HTTP, FTP, SMTP, POP3 and IMAP4 protocol support
- Automatic signature updates
- No file size limitation
- SSL (HTTPS) inspection support
Anti-Spam
- Transparent mail interception via SMTP and POP3 protocols
- Configurable POP3 and SMTP ports
- Sender-based IP reputation filter
- Recurrent Pattern Detection (RPD) technology
- Zero-hour virus outbreak protection
- X-Header support
- Blacklist and whitelist support
- Supports DNSBL checking
- Spam tag support
- Statistics report
Content Filtering
- Social media filtering
- Malicious Website filtering
- URL blocking and keyword blocking
- Blacklist and whitelist support
- Blocks java applets, cookies and ActiveX
- Dynamic, cloud-based URL filtering database
- Unlimited user license support
- Customizable warning messages and redirection URL
- SSL (HTTPS) inspection support
Unified Security Policy
- Unified policy management interface
- Supported UTM features: anti-virus, antispam, IDP, content filtering, application intelligence, firewall (ACL)
- 3-tier configuration: object-based, profilebased, policy-based
- Policy criteria: zone, source and destination IP address, user, time
WLAN Management
- ZyXEL AP Controller (APC) 1.0 compliant
- Client RSSI threshold to prevent sticky clients
- IEEE 802.1x authentication
- Captive portal Web authentication
- Customizable captive portal page
- RADIUS authentication
- Wi-Fi Multimedia (WMM) wireless QoS
- CAPWAP discovery protocol
Mobile Broadband
- WAN connection failover via 3G and 4G* USB modems
- Auto fallback when primary WAN recovers
* 4G USB modem support available in future firmware upgrades
Networking
- Routing mode, bridge mode and hybrid mode
- Ethernet and PPPoE
- NAT and PAT
- VLAN tagging (802.1Q)
- Virtual interface (alias interface)
- Policy-based routing (user-aware)
- Policy-based NAT (SNAT)
- Dynamic routing (RIPv1/v2 and OSPF)
- DHCP client/server/relay
- Dynamic DNS support
- WAN trunk for more than 2 ports
- Per host session limit
- Guaranteed bandwidth
- Maximum bandwidth
- Priority-bandwidth utilization
- Bandwidth limit per user
- Bandwidth limit per IP
Authentication
- Local user database
- Microsoft Windows Active Directory integration
- External LDAP/RADIUS user database
- XAUTH, IKEv2 with EAP VPN authentication
- Web-based authentication
- Forced user authentication (transparent authentication)
- IP-MAC address binding
- SSO (Single Sign-On) support (Download SSO Agent)
Device High Availability (HA)
- Active-passive failover mode
- Device failure detection and notification
- Supports ICMP and TCP ping check
- Link monitoring
- Configuration auto-sync
System Management
- Role-based administration
- Multiple administrator logins
- Multi-lingual Web GUI (HTTPS and HTTP)
- Command line interface (console, Web console, SSH and TELNET)
- SNMP v2c (MIB-II)
- System configuration rollback
- Firmware upgrade via FTP, FTP-TLS and Web GUI
- Dual firmware images
Logging and Monitoring
- Comprehensive local logging
- Syslog (to up to 4 servers)
- Email alerts (to up to 2 servers)
- Real-time traffic monitoring
- Built-in daily report
- Advanced reporting with Vantage Report