Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Deployments
The ZyWALL USG 2000 is an ultra high performance, deep packet inspection security platform
for enterprises. It incorporates a firewall, IDP, content filtering, anti-virus, anti-spam, and VPN in
ˍġ VPN: one box. This multi-layered security safeguards your business's customer and company records,
- ICSA-certified IPSec VPN intellectual property, and critical resources from external and internal threats.
- SSL VPN
- L2TP VPN
Anti-Virus:
ˍġ
ˍġ The Intrusion Detection and Prevention (IDP) engine protects your network from intrusions such
as Trojans and worms.
ˍġ The anti-spam feature can tag or discard unsolicited commercial or junk e-mail.
ˍġ User-aware configuration lets you control access to applications or resources and apply security
scans by user or user group.
ˍġ Bandwidth management lets you prioritize and limit traffic so time-sensitive applications like VoIP
and video conferencing work properly.
Unified Security Gateway
ˍġ High availability features such as device HA, redundant power module, and multiple ISP links in a
single WAN trunk - guarantees non-stop operation for mission-critical applications.
ZyWALL
*: Sold separately.
USG 2000
Safeguards Departmental Networks
IP
Camera
NSA
L3 Switch L3 Switch
IEEE 802.3ad
Link Aggregation
L3 Switch L3 Switch
IEEE 802.3ad
Link Aggregation
NSA
L3 Switch L3 Switch
ZyWALL USG 2000
IP
Camera
Sales
NSA
HR
L3 Switch L3 Switch
L3 Switch L3 Switch
IEEE 802.3ad
Link Aggregation
NSA
Cat 5/6
L3 Switch L3 Switch
Fiber ZyWALL USG 2000 Internet
OSPF
Features
ICSA-certified Firewall Anti-Virus • PKI (X.509) Certificate Support
• Zone-Based Access Control List • ICSA-Certified ZyXEL Anti-Virus or Kaspersky • Certificate Enrollment (CMP/SCEP)
• Security Zones Anti-Virus • Xauth Authentication
• Stateful Packet Inspection • Stream-Based Anti-Virus engine • L2TP over IPSec Support
• DoS/DDoS Protection • Covers Top Active Viruses in the Wild List
SSL VPN
• User-Aware Policy Enforcement • Scans HTTP/FTP/SMTP/POP3/IMAP4
• Clientless Secure Remote Access
• ALG Supports Custom Ports • Automatic Signature Updates**
(Reverse Proxy Mode)
• No File Size Limitation
Intrusion Detection and Prevention • SecuExtender (Full Tunnel Mode)
• Blacklist/Whitelist Support
• In-line Mode (Routing/Bridge) • Unified Policy Enforcement
• Zone-Based IDP Inspection Hybrid VPN • Supports Two-factor Authentication
• Customizable Protection Profile ICSA-certified IPSec VPN • Customizable User Portal
• Signature-based Deep Packet Inspection • Encryption: AES/3DES/DES
Application Patrol
• Automatic Signature Updates** • Authentication: SHA-1/MD5
• IM/P2P Granular Access Control
• Custom Signatures • Key Management: Manual Key/IKE
• Apply Schedules, Bandwidth Management
• Traffic Anomaly Detection and Protection • Perfect Forward Secrecy: DH Group 1/2/5
• User-Aware
• Flooding Detection and Protection • NAT over IPSec VPN
• IM/P2P Up-to-Date Support (via IDP signatures
• Protocol Anomaly Detection and Protection: • Dead peer Detection/Relay Detection
update)**
HTTP/ICMP/TCP/UDP
• Real-Time Statistical Reports
Bandwidth Management User Licenses System Management
• Bandwidth Priority • Unlimited • Role-Based Administration
• Policy-Based Traffic Shaping • Multiple Administrator Login
Networking
• Maximum/Guaranteed Bandwidth • Multi-Lingual Web GUI (HTTPS/HTTP)
• Routing Mode/Bridge Mode/Mixed Mode
• Bandwidth Borrowing • Out-of-band Management (AUX)
• Layer 2 Port Grouping
• Object-Based Configuration
Anti-Spam • Ethernet/PPPoE/PPTP
• Command Line Interface (Console/Web
• Zone to Zone Protection • Tagged VLAN (802.1Q)
Console/SSH/TELNET)
• Transparently intercept mail via SMTP/POP3 • Virtual Interface (Alias Interface)
• Comprehensive Local Logging
protocols • Policy-Based Routing (User-Aware)
• Syslog (send to up to 4 servers)
• Blacklist/Whitelist support • Policy-Based NAT (SNAT/DNAT)
• E-mail Alert (send to up to 2 servers)
• Support DNSBL checking • RIP v1/v2
• SNMP v2c (MIB-II)
• Statistics report • OSPF
• Real-Time Traffic Monitoring
• IP Multicasting (IGMP v1/v2)
High Availability • System Configuration Rollback
• DHCP Client/Server/Relay
• Device HA (Active-Passive Mode) • Text-Based Configuration File
• Built-in DNS Server
• Device Failure Detection • Firmware upgrade via FTP/FTP-TLS/Web GUI
• Dynamic DNS
• Link Monitoring • Built-in Daily Report
• Auto-Sync Configurations Authentication • Advanced Reporting (Vantage Report)
• Multiple WAN Load Balancing • Internal User Database • Centralized Network Management (Vantage CNM)
• VPN HA (Redundant Remote VPN Gateways) • Microsoft Windows Active Directory Manageable
• External LDAP/RADIUS User Database
Content Filtering
• ZyWALL OTP (One Time Password)* *: Sold separately.
• URL Blocking, Keyword Blocking
• Forced User Authentication (Transparent **: Requires a valid subscription.
• Exempt List (Blacklist and Whitelist)
Authentication)
• Blocks Java Applet, Cookies and Active X
• Dynamic URL Filtering Database (Powered by
BlueCoat)**
Specifications
Standards Compliance Hardware Specifications Power Requirements
• HSF (Hazardous Substance Free): • Memory: 2 GB RAM/256 MB Flash • Input Voltage: 100-240 V, 50-60 Hz, 3-6 A
RoHS and WEEE • Interfaces: 6 10/100/1000BASE-T RJ-45 • Power Rating: 200 W
• EMC: FCC Part 15 Class A, CE-EMC Class A, C-Tick interfaces and 2 Dual-Personality GbE
Class A, VCCI Class A interfaces (RJ-45 or SFP open slot) Environmental Specifications
• Safety: CSA International (ANS/UL60950-1, • Console: 1 D-Sub 9-pin Female (RS232C) • Operating Temperature: 0ºC ~ 40ºC/32ºF ~ 104ºF
CSA60950-1, EN60950-1, IEC60950-1) • AUX: 1 D-Sub 9-pin Male (RS232C) • Storage Temperature: -30ºC ~ 60ºC/-22ºF ~ 140ºF
• LED: PWR1, PWR2, SYS, AUX, CARD, HDD • Humidity: 5% ~ 90% (non-condensing)
Performance and Capacity • Power Switch
• SPI Firewall Throughput: 2 Gbps • Reset Pinhole Certifications
• IPSec VPN (AES) Throughput: up to 500 Mbps • Buzzer Reset Button • ICSA Certified Firewall
• Max. Concurrent NAT Sessions: 1,000,000 • SEM Slot: 1 (Security Extension Module) • ICSA Certified IPSec VPN
• Max. IPSec VPN Tunnels: up to 2,000 • Card Slot: 1 (CardBus) • ICSA Certified Anti-Virus
• Max. SSL VPN Tunnels: up to 750 • USB*: 2 (USB Host, 2.0)
• New Session Rate: 20,000 (sessions/sec) • HDD Slot*: 1 (SATA, 2.5”)
*: These hardware accessories will be supported in future firmware release
Physical Specifications
• 19-inch, 2-RU (rack-mount kit included)
• Dimensions: 430 (W) x 487 (D) x 89 (H) mm
• Weight: 10.5 kg
Accessories (sold separately)
Security Extension Module
Specifications Summary
Model Name UTM Performance VPN Performance Max. IPSec VPN Tunnels Max SSL VPN Users
400 Mbps 500 Mbps 2,000 750
400 Mbps 100 Mbps 1,000 250
100 Mbps 500 Mbps 2,000 750
For customers require full security features both For customers who is seeking for threat For customers in need of intensive VPN
VPN and UTM threat protections. The SEM-DUAL protection and requiring L7 security applications to build up mighty VPN
unleashes full horse power of the ZyWALL USG inspection against massive traffic. The SEM- concentrator in central site while requires
2000 platform with mighty VPN and UTM UTM is engineered to deliver mighty UTM highest level of redundancy. Specialized in
performance. performance: robust 400 Mbps throughput VPN applications, the SEM-VPN accelerates
with both Anti-Virus and IDP security VPN performance.
• SecuASIC CIP-3001 for UTM Acceleration (Anti-
Virus and IDP) features turned on.
• Advanced VPN Crypto to Boost up VPN
• Advanced VPN Crypto to Boost up VPN • SecuASIC CIP-3001 for UTM Acceleration Performance
Performance (Anti-Virus and IDP) • VPN Performance: up to 500 Mbps (IPSec, large
• UTM Performance: up to 400 Mbps (HTTP, large • UTM Performance: up to 400 Mbps (HTTP, packet)
packet) large packet) • Simultaneous IPSec VPN Tunnels: Up to 2,000
• VPN Performance: up to 500 Mbps (IPSec, large IPSec VPN Tunnels
packet) • Simultaneous SSL VPN Users: Up to 750* SSL
• Simultaneous IPSec VPN Tunnels: Up to 2,000 VPN Users
IPSec VPN Tunnels
*: SSL VPN user license sold separately; 5 included.
• Simultaneous SSL VPN Users: Up to 750* SSL
VPN Users
Transceiver
Optical Transmission Distance vs. Fiber Cable Specification Operational Ranges
Model Name Receiver Wavelength Connector 62.5um 50um 9/10um
Sensitivity Multi-Mode Fiber Multi-Mode Fiber Single-Mode Fiber Supply Voltage Max Current