Network Security

  • Fast and Easy Deployment
  • Fits into your existing network
  • Multiple enforcement options
  • Install and deploy within hours

Sea-Net in partnership with Zyxel Powerful, Robust Anti-malware Protection for Medium- to Large-sized Businesses

As business grows and network expands, more and more users and devices as well as new applications like cloud-based services would join the network. It means that high network availability for sustainable business, more workplace Wi-Fi and up-to-date regulations for application usages are eagerly needed. Without an effective solution to control, optimize or block social and some other Web applications, businesses would risk not only losing productivity but also exposing company network to new threats.

The new ZyXEL USG Extreme Series are Next Generation Firewalls (NGFW) designed to deliver high availability, anti-malware protection and consolidated policy enforcement for medium-to large-sized businesses and campuses. The ZyXEL USGs provides WAN and VPN load balancing and failover ensures nonstop business communications, while incorporating bestin-breed anti-virus, anti-spam, content filtering and application intelligence technology for effective application optimization and comprehensive network protection.

Powerful and Robust

ZyXEL’s USG Extreme Series is built on a powerful multi-core platform to deliver high performance that helps growing businesses to overcome challenges during the expansion. In order to satisfy the needs for always-online communications, the Series features multi-WAN load balancing/fail-over and a comprehensive mobile broadband USB modem support list for WAN backup operations. In addition, the Series supports IP-Sec load balancing and fail-over to provide additional resiliency for the most mission critical VPN deployments.

Protection and optimization

The ZyXEL USG Extreme Series provides extensive anti-malware protection and effective control of Web applications—like Facebook, Google Apps and Netflix—with industry-leading firewall, anti-virus, anti-spam, content filtering, IDP and application intelligence. These security measures are enhanced with SSL inspection, which helps block threats that are hidden in SSL encrypted connections and facilitates deeper policy enforcement.

Streamlined management

Unified security policy streamlines the configuration of firewall and every security feature to offer faster, easier and more consistent policy management. From a single interface, users can apply all policy criteria to every UTM feature with reduced complexity. The integrated WLAN controller also enables users to management up to 18 APs from a centralized user interface.

Best TCO for Wi-Fi Expansion

Addressing the connectivity needs in the BYOD trend, the ZyXEL USG Extreme Series helps businesses deploying or expanding a managed Wi-Fi network with minimized efforts. Integrated with ZyXEL AP Controller technology, the Series enables businesses to easily scale up the WLAN and to provide seamless Wi-Fi coverage in places like meeting rooms and guest reception areas.

ZyXEL One Network experience

Aiming for relieving our customers from repetitive operations of deploying and managing a network, ZyXEL One Network is designed to simplify the configuration, management, and troubleshooting, allowing our customers to focus on the business priorities. ZyXEL One Network presents an easy-to-use tool, ZyXEL One Network Utility (ZON Utility), to realize speed network setup. ZyXEL Smart Connect allows ZyXEL networking equipment to be aware and recognize each other and further facilitating the network maintenance via one-click remote functions such as factory reset or power cycling. ZyXEL One Network redefines the network integration across multiple networking products from switch to Wi-Fi AP and to Gateway.

Software Features:

Firewall

  • ICSA-certified firewall (certification in progress)
  • Routing and transparent (bridge) modes
  • Stateful packet inspection
  • User-aware policy enforcement
  • SIP/H.323 NAT traversal
  • ALG support for customized ports
  • Protocol anomaly detection and protection
  • Traffic anomaly detection and protection
  • Flooding detection and protection
  • DoS/DDoS protection

IPv6 Support

  • IPv6 Ready gold logo (certification in progress)
  • Dual stack
  • IPv4 tunneling (6rd and 6to4 transition tunnel)
  • IPv6 addressing
  • DNS
  • DHCPv6
  • Bridge
  • VLAN
  • PPPoE
  • Static routing
  • Policy routing
  • Session control
  • Firewall and ADP
  • IPSec VPN
  • Intrusion Detection and Prevention (IDP)
  • Application intelligence and optimization
  • Content filtering
  • Anti-virus, anti-malware
  • Anti-spam

IPSec VPN

  • ICSA-certified IPSec VPN (certification in progress)
  • Encryption: AES (256-bit), 3DES and DES
  • Authentication: SHA-2 (512-bit), SHA-1 and MD5
  • Key management: manual key, IKEv1 and IKEv2 with EAP
  • Perfect forward secrecy (DH groups) support 1, 2, 5
  • IPSec NAT traversal
  • Dead peer detection and relay detection
  • PKI (X.509) certificate support
  • VPN concentrator
  • Simple wizard support
  • VPN auto-reconnection
  • VPN High Availability (HA): load-balancing and failover
  • L2TP over IPSec
  • GRE and GRE over IPSec
  • NAT over IPSec
  • ZyXEL VPN client provisioning

SSL VPN

  • Supports Windows and Mac OS X
  • Supports full tunnel mode
  • Supports 2-step authentication
  • Customizable user portal

Intrusion Detection and Prevention (IDP)

  • Routing and transparent (bridge) mode
  • Signature-based and behavior-based scanning
  • Automatic signature updates
  • Customizable protection profile
  • Customized signatures supported
  • SSL (HTTPS) inspection support

Application Intelligence and Optimization

  • Granular control over the most important applications
  • Identifies and controls over 3,000 applications and behaviors
  • Supports over 15 application categories
  • Application bandwidth management
  • Supports user authentication
  • Real-time statistics and reports
  • SSL (HTTPS) inspection support

Anti-Virus

  • Supports Kaspersky anti-virus signatures
  • Identifies and blocks over 650,000 viruses
  • Stream-based anti-virus engine
  • HTTP, FTP, SMTP, POP3 and IMAP4 protocol support
  • Automatic signature updates
  • No file size limitation
  • SSL (HTTPS) inspection support

Anti-Spam

  • Transparent mail interception via SMTP and POP3 protocols
  • Configurable POP3 and SMTP ports
  • Sender-based IP reputation filter
  • Recurrent Pattern Detection (RPD) technology
  • Zero-hour virus outbreak protection
  • X-Header support
  • Blacklist and whitelist support
  • Supports DNSBL checking
  • Spam tag support
  • Statistics report

Content Filtering

  • Social media filtering
  • Malicious Website filtering
  • URL blocking and keyword blocking
  • Blacklist and whitelist support
  • Blocks java applets, cookies and ActiveX
  • Dynamic, cloud-based URL filtering database
  • Unlimited user license support
  • Customizable warning messages and redirection URL
  • SSL (HTTPS) inspection support

Unified Security Policy

  • Unified policy management interface
  • Supported UTM features: anti-virus, antispam, IDP, content filtering, application intelligence, firewall (ACL)
  • 3-tier configuration: object-based, profilebased, policy-based
  • Policy criteria: zone, source and destination IP address, user, time

WLAN Management

  • Wireless L2 isolation
  • Scheduled Wi-Fi service
  • Dynamic Channel Selection (DCS)
  • Client steering for 5GHz priority and sticky client prevention
  • Auto healing provides a stable and reliable coverage
  • IEEE 802.1x authentication
  • Captive portal Web authentication
  • Customizable captive portal page
  • RADIUS authentication
  • Wi-Fi Multimedia (WMM) wireless QoS
  • CAPWAP discovery protocol

Mobile Broadband

  • WAN connection failover via 3G and 4G* USB modems
  • Auto fallback when primary WAN recovers
  • 4G USB modem support available in future firmware upgrades

Networking

  • Routing mode, bridge mode and hybrid mode
  • Ethernet and PPPoE
  • NAT and PAT
  • VLAN tagging (802.1Q)
  • Virtual interface (alias interface)
  • Policy-based routing (user-aware)
  • Policy-based NAT (SNAT)
  • Dynamic routing (RIPv1/v2 and OSPF)
  • DHCP client/server/relay
  • Dynamic DNS support
  • WAN trunk for more than 2 ports
  • Per host session limit
  • Guaranteed bandwidth
  • Maximum bandwidth
  • Priority-bandwidth utilization
  • Bandwidth limit per user
  • Bandwidth limit per IP

ZyXEL One Network

  • ZON Utility
  • IP configuration
  • Web GUI access
  • Firmware upgrade
  • Password configuration
  • Smart Connect
  • Discover neighboring devices
  • One-click remote management access to the neighboring ZyXEL devices

Authentication

  • Local user database
  • Microsoft Windows Active Directory integration
  • External LDAP/RADIUS user database
  • XAUTH, IKEv2 with EAP VPN authentication
  • Web-based authentication
  • Forced user authentication (transparent authentication)
  • IP-MAC address binding
  • SSO (Single Sign-On) support (Download SSO Agent)

Device High Availability (HA)

  • Active-passive failover mode
  • Device failure detection and notification
  • Supports ICMP and TCP ping check
  • Link monitoring
  • Configuration auto-sync

System Management

  • Role-based administration
  • Multiple administrator logins
  • Multi-lingual Web GUI (HTTPS and HTTP)
  • Command line interface (console, Web console, SSH and telent)
  • SNMP v2c (MIB-II)
  • System configuration rollback
  • Firmware upgrade via FTP, FTP-TLS and Web GUI
  • Dual firmware images

Logging and Monitoring

  • Comprehensive local logging
  • Syslog (to up to 4 servers)
  • Email alerts (to up to 2 servers)
  • Real-time traffic monitoring
  • Built-in daily report
  • Advanced reporting with Vantage Report