info@seanetng.com +234 809246 6466

Network Security

Sea-Net in partnership with Zyxel Powerful, Robust Anti-malware Protection for Medium- to Large-sized Businesses

As business grows and network expands, more and more users and devices as well as new applications like cloud-based services would join the network. It means that high network availability for sustainable business, more workplace Wi-Fi and up-to-date regulations for application usages are eagerly needed. Without an effective solution to control, optimize or block social and some other Web applications, businesses would risk not only losing productivity but also exposing company network to new threats.

The new ZyXEL USG Extreme Series are Next Generation Firewalls (NGFW) designed to deliver high availability, anti-malware protection and consolidated policy enforcement for medium-to large-sized businesses and campuses. The ZyXEL USGs provides WAN and VPN load balancing and failover ensures nonstop business communications, while incorporating bestin-breed anti-virus, anti-spam, content filtering and application intelligence technology for effective application optimization and comprehensive network protection.

Powerful and Robust

ZyXEL’s USG Extreme Series is built on a powerful multi-core platform to deliver high performance that helps growing businesses to overcome challenges during the expansion. In order to satisfy the needs for always-online communications, the Series features multi-WAN load balancing/failover and a comprehensive mobile broadband USB modem support list for WAN backup operations. In addition, the Series supports IPSec load balancing and failover to provide additional resiliency for the most missioncritical VPN deployments.

Protection and optimization

The ZyXEL USG Extreme Series provides extensive anti-malware protection and effective control of Web applications—like Facebook, Google Apps and Netflix—with industry-leading firewall, anti-virus, anti-spam, content filtering, IDP and application intelligence. These security measures are enhanced with SSL inspection, which helps block threats that are hidden in SSL encrypted connections and facilitates deeper policy enforcement.

Streamlined management

Unified security policy streamlines the configuration of firewall and every security feature to offer faster, easier and more consistent policy management. From a single interface, users can apply all policy criteria to every UTM feature with reduced complexity. The integrated WLAN controller also enables users to management up to 18 APs from a centralized user interface.

Best TCO for Wi-Fi Expansion

Addressing the connectivity needs in the BYOD trend, the ZyXEL USG Extreme Series helps businesses deploying or expanding a managed Wi-Fi network with minimized efforts. Integrated with ZyXEL AP Controller technology, the Series enables businesses to easily scale up the WLAN and to provide seamless Wi-Fi coverage in places like meeting rooms and guest reception areas.

ZyXEL One Network experience

Aiming for relieving our customers from repetitive operations of deploying and managing a network, ZyXEL One Network is designed to simplify the configuration, management, and troubleshooting, allowing our customers to focus on the business priorities. ZyXEL One Network presents an easy-to-use tool, ZyXEL One Network Utility (ZON Utility), to realize speed network setup. ZyXEL Smart Connect allows ZyXEL networking equipment to be aware and recognize each other and further facilitating the network maintenance via one-click remote functions such as factory reset or power cycling. ZyXEL One Network redefines the network integration across multiple networking products from switch to Wi-Fi AP and to Gateway.

Software Features:
Firewall
ICSA-certified firewall (certification in progress)
Routing and transparent (bridge) modes
Stateful packet inspection
User-aware policy enforcement
SIP/H.323 NAT traversal
ALG support for customized ports
Protocol anomaly detection and protection
Traffic anomaly detection and protection
Flooding detection and protection
DoS/DDoS protection

IPv6 Support
IPv6 Ready gold logo (certification in progress)
Dual stack
IPv4 tunneling (6rd and 6to4 transition tunnel)
IPv6 addressing
DNS
DHCPv6
Bridge
VLAN
PPPoE
Static routing
Policy routing
Session control
Firewall and ADP
IPSec VPN
Intrusion Detection and Prevention (IDP)
Application intelligence and optimization
Content filtering
Anti-virus, anti-malware
Anti-spam

IPSec VPN
ICSA-certified IPSec VPN (certification in progress)
Encryption: AES (256-bit), 3DES and DES
Authentication: SHA-2 (512-bit), SHA-1 and MD5
Key management: manual key, IKEv1 and IKEv2 with EAP
Perfect forward secrecy (DH groups) support 1, 2, 5
IPSec NAT traversal
Dead peer detection and relay detection
PKI (X.509) certificate support
VPN concentrator
Simple wizard support
VPN auto-reconnection
VPN High Availability (HA): load-balancing and failover
L2TP over IPSec
GRE and GRE over IPSec
NAT over IPSec
ZyXEL VPN client provisioning

SSL VPN
Supports Windows and Mac OS X
Supports full tunnel mode
Supports 2-step authentication
Customizable user portal

Intrusion Detection and Prevention (IDP)
Routing and transparent (bridge) mode
Signature-based and behavior-based scanning
Automatic signature updates
Customizable protection profile
Customized signatures supported
SSL (HTTPS) inspection support

Application Intelligence and Optimization
Granular control over the most important applications
Identifies and controls over 3,000 applications and behaviors
Supports over 15 application categories
Application bandwidth management
Supports user authentication
Real-time statistics and reports
SSL (HTTPS) inspection support

Anti-Virus
Supports Kaspersky anti-virus signatures
Identifies and blocks over 650,000 viruses
Stream-based anti-virus engine
HTTP, FTP, SMTP, POP3 and IMAP4 protocol support
Automatic signature updates
No file size limitation
SSL (HTTPS) inspection support

Anti-Spam
Transparent mail interception via SMTP and POP3 protocols
Configurable POP3 and SMTP ports
Sender-based IP reputation filter
Recurrent Pattern Detection (RPD) technology
Zero-hour virus outbreak protection
X-Header support
Blacklist and whitelist support
Supports DNSBL checking
Spam tag support
Statistics report

Content Filtering
Social media filtering
Malicious Website filtering
URL blocking and keyword blocking
Blacklist and whitelist support
Blocks java applets, cookies and ActiveX
Dynamic, cloud-based URL filtering database
Unlimited user license support
Customizable warning messages and redirection URL
SSL (HTTPS) inspection support

Unified Security Policy
Unified policy management interface
Supported UTM features: anti-virus, antispam, IDP, content filtering, application  intelligence, firewall (ACL)
3-tier configuration: object-based, profilebased, policy-based
Policy criteria: zone, source and destination IP address, user, time

 WLAN Management
Wireless L2 isolation
Scheduled Wi-Fi service
Dynamic Channel Selection (DCS)
Client steering for 5GHz priority and sticky client prevention
Auto healing provides a stable and reliable coverage
IEEE 802.1x authentication
Captive portal Web authentication
Customizable captive portal page
RADIUS authentication
Wi-Fi Multimedia (WMM) wireless QoS
CAPWAP discovery protocol

Mobile Broadband
WAN connection failover via 3G and 4G* USB modems
Auto fallback when primary WAN recovers
* 4G USB modem support available in future firmware upgrades

 Networking
Routing mode, bridge mode and hybrid mode
Ethernet and PPPoE
NAT and PAT
VLAN tagging (802.1Q)
Virtual interface (alias interface)
Policy-based routing (user-aware)
Policy-based NAT (SNAT)
Dynamic routing (RIPv1/v2 and OSPF)
DHCP client/server/relay
Dynamic DNS support
WAN trunk for more than 2 ports
Per host session limit
Guaranteed bandwidth
Maximum bandwidth
Priority-bandwidth utilization
Bandwidth limit per user
Bandwidth limit per IP

ZyXEL One Network
ZON Utility
IP configuration
Web GUI access
Firmware upgrade
Password configuration
Smart Connect
Discover neighboring devices
One-click remote management access to the neighboring ZyXEL devices

Authentication
Local user database
Microsoft Windows Active Directory integration
External LDAP/RADIUS user database
XAUTH, IKEv2 with EAP VPN authentication
Web-based authentication
Forced user authentication (transparent authentication)
IP-MAC address binding
SSO (Single Sign-On) support (Download SSO Agent)

Device High Availability (HA)
Active-passive failover mode
Device failure detection and notification
Supports ICMP and TCP ping check
Link monitoring
Configuration auto-sync

System Management
Role-based administration
Multiple administrator logins
Multi-lingual Web GUI (HTTPS and HTTP)
Command line interface (console, Web console, SSH and telent)
SNMP v2c (MIB-II)
System configuration rollback
Firmware upgrade via FTP, FTP-TLS and Web GUI
Dual firmware images

Logging and Monitoring
Comprehensive local logging
Syslog (to up to 4 servers)
Email alerts (to up to 2 servers)
Real-time traffic monitoring
Built-in daily report
Advanced reporting with Vantage Report