ZyWALL USG 1000
Article number: 36623
Listed in category: IT-Security / Smartcards and Encryption > ZyWALL USG 1000 from brakensiek.de
ZyWALL USG 1000
Internet Security Appliance - 1000 + 50 IPSec VPN SSL tunnel with max. 150Mbit and firewall up. 300Mbit
Unified Security Gateway for Small and Medium enterprises / medium sized organizations
- High performance VPN concentrator (IPsec, SSL, L2TP)
- 1000 VPN tunnels with 150Mbit
- Firewall with 300Mbit
- User-specific access policies
- Proactive network protection
- Reliable network functionalities
- Device High Availability and Load Balancing multiple WAN
- Bandwidth Management
- VoIP Security
- Content Filtering
High-performance VPN concentrator with both IPSec VPN and SSL VPN
The ZyWALL USG 1000 Unified Security Gateway has developed a variety of security services to offer based on a robust hardware-accelerated platform.
The integration of IPSec VPN and SSL VPN technologies, the ZyWALL USG 1000 to build virtual private networks (VPN) between remote locations such as branch offices, locations of business partners and even remote workers, which may over a potentially Hotel unsecured hotspot login.
Communication channels are securely encrypted to minimize the potential for data loss / theft of data during the transmission of confidential information over insecure networks like the Internet.
The VPN feature "hub and spoke" is able, the outlay for the policy management in a complex to minimize longer-site corporate network infrastructure.
Proactive Network Protection against a wide range of threats
By integrating the latest technologies on a robust platform, the ZyWALL USG 1000 is offering to be able to multi-layer protection for security-aware businesses.
The gateway anti-virus security service on the ZyWALL USG 1000 was developed by Kaspersky Labs, the technology provides the fastest response time for emerging viruses and spyware. Thus, various threats at the network edge and stop viruses and spyware are kept away from corporate networks. With an integrated SecuASIC co-processor, the ZyWALL USG 1000 is able to offer, even at high network utilization robust and reliable performance.
With the signature-based IDP engine (Intrusion Detection and Prevention) leads the ZyWALL USG 1000 from Layer 7 packet inspection for protocol / traffic anomaly or matched patterns. Thus, the ZyWALL USG 1000 comprehensive IDP capabilities to potential worms, viruses, trojans and VoIP threats, etc. to identify proactively.
In response to the ever-changing threats, cutting-edge signatures / patterns can be automatically downloaded from the ZSDN infrastructure and installed on your ZyWALL USG 1000th
Application Patrol to Manage the Use of IM/P2P
The ZyWALL USG 1000 was specially developed for stress-free management of IM/P2P applications in modern networking. Equipped with AppPatrol, a central control panel for various IM/P2P allows you to create granular access policies based on the ever-changing security needs: identifying and restricting different access levels of prevailing IM/P2P-Protokolle, restriction of access time for different user groups, setting up bandwidth limits for certain P2P applications and prioritization of VoIP traffic for best call quality over slow WAN ISP connections. Altogether, the ZyWALL USG 1000 is an ideal solution to solve the dilemma in terms of productivity and safety.
Zugriffstgranularität through custom policy engine
In addition to the basic skills of Zugriffssteureung, intelligent, user-aware policy engine on the ZyWALL USG was developed in 1000 to make informed decisions about packet forwarding according to various criteria (user ID, user group, access times and network quota, etc.). This can set up the security personnel access policies against a set of security features such as VPN, Content Filter and Application Patrol.
Together with VLAN and custom security zones' s security policies can be effectively used in business to protect against unauthorized access to network resources.
Ensures Quality of Service Bandwidth Management
The ZyWALL USG 1000 provides bandwidth management features for traffic prioritization to ensure that the bandwidth can be secured or restricted depending on the interface / protocol. The security staff can, regardless of the direction of the connection bandwidth for a variety of applications or computer hosts on the corporate network to assign. For example it is possible to assign time-critical applications such as VoIP or videoconferencing a higher priority and bigger bandwidth to ensure high quality transmission services. In addition, ZyWALL USG 1000 allows the monitoring of bandwidth usage with comprehensive statistical reports.
VoIP Security: Protecting the Converged Networks
Because of the many benefits, more and more businesses are deploying VoIP applications on their networks. The transition to VoIP, however, is also associated with security risks and voice quality issues.
The ZyWALL USG 1000 is a VoIP-friendly firewall, reducing the risks associated with the use of VoIP by offering the SIP/H.323 ALG feature to open only the required ports during VoIP calls dynamically, after the conversation are the open ports are closed automatically to prevent port sniffing too. The IDP function is able to prevent attacks usually associated with VoIP. Ultimately, by establishing VoIP traffics over VPNs with traffic prioritization, security holes and reduces the call quality of ISP connections are improved.
High Availability Features Guarantee Non-Stop Operations for Mission-Critical Applications
The high-availability features, the ZyWALL USG 1000 allows the easy creation of a highly available and secure network for your business. To minimize the impact of failures of individual dots as small as possible, the ZyWALL USG 1000 supports the high availability of devices to the network availability in the event of a failure to provide a network device continues.
On the WAN side, the ZyWALL USG 1000 supports multiple ISP links to ensure the availability of the Internet in the event of a disconnect to guarantee an Internet service provider. The multiple-WAN load balancing optimizes bandwidth usage over each ISP link.
Specifications
Performance and Power
- SPI Firewall throughput: 350 Mbit / s
- IPSec VPN (AES) Throughput: 150 Mbit / s
- Maximum Concurrent NAT Sessions: 200,000
- Maximum IPSec VPN Tunnels: 1,000
- Maximum SSL VPN Tunnels: 50
- New Session Rate: 13,000 (sessions / sec.)
Gateway Anti-Virus
- Stream-based gateway antivirus protection from Kaspersky Labs
- Covers the most active viruses in the wild list from
- Scans HTTP / FTP / SMTP / POP3 / IMAP4
- Automatic Signature Update
- No file size limit
- Blacklist / Whitelist
-: Requires valid antivirus subscription
Application Patrol
- IM / P2P detailed access control
- Integration with Scheduling / Rate Limit / user-specific
- IM / P2P Up-To-Date Support
- Real-time analysis
-: Requires a valid IDP subscription
Intrusion Detection and Prevention
- In-line Mode (Routing / Bridge)
- Zone-Based IDP Inspection
- Customizable Protection Profile
- Signature-Deep Packet Inspection
- Automatic Signature Update
- User-Defined Signatures
- Traffic Anomaly: Scanning Detection and Flood Protection
- Protocol Anomaly: HTTP / ICMP / TCP / UDP
-: Requires a valid IDP subscription
Content Filtering
- URL blocking, keyword blocking
- Exempt List (Blacklist and Whitelist)
- Blocks Java Applet, cookies and Active X
- Content filtering service category (Dynamic URL Filtering Database by BlueCoat)
-: Requires valid content filter subscription
VPN
- IPSec VPN
- Encryption (AES / 3DES / DES)
Authentication (SHA-1 / MD5)
- Key Management (Manual Key / IKE)
-Perfect Forward Secrecy (DH Group 1/2/5)
NAT over IPSec
-Dead Peer Detection / Replay Detection
- PKI (X.509)
Registration Certificate (CMP / SCEP)
- Xauth authentication
VPN Concentrator (Hub and Spoke VPN)
-Support for L2TP over IPSec
- SSL VPN
-Secure Remote Access Client (Reverse Proxy Mode)
-SecuExtender (Full Tunnel Mode)
-Unified Policy Enforcement
-Supports two-factor authentication
-Customizable User Portal
Network
- Routing Mode / Bridge Mode / Mixed Mode
- Layer 2 Port Grouping
- Ethernet / PPPoE / PPTP
- Tagged VLAN (802.1Q)
- Virtual Interface (Alias Interface)
- Policy-Based Routing (User)
- Policy-Based NAT (SNAT / DNAT)
- RIP v1 / v2
- OSPF
- IP Multicasting (IGMP v1 / v2)
- DHCP Client / Server / Relay
- Built-in DNS server
- Dynamic DNS
Bandwidth Management
- Bandwidth Priority
- Policy-based Traffic Shaping
- Maximum / Guaranteed Bandwidth
- Bandwidth Borrowing
SPI Firewall
- Zone-Based Access Control List
- Configurable security zone
- Stateful Packet Inspection
- DoS / DDoS protection
- User-Aware Policy Enforcement
- ALG supports custom ports
Authentication
- Internal user database
- Microsoft Windows Active Directory
- External LDAP / RADIUS User Database
- ZyWALL OTP (One Time Password)
- Force User Authentication (Transparent Authentication)
High Availability
- Device HA (Active-Passive mode)
- Device Failure Detection
- Connection monitoring
- Auto-Sync configuration
- Multiple WAN Load Balancing
- VPN HA (Redundant Remote VPN Gateways)
System Management
- Role-Based Administration
- Simultaneous administration logins
- Multilingual Web GUI (HTTPS / HTTP)
- Object-Based Configuration
- Command Line Interface (Console / WebConsole / SSH / TELNET)
- Extensive local reports
- Syslog (4 Servers)
- E-mail Warning (2 servers)
- SNMP v2c (MIB II)
- Real-time traffic monitoring
- Default to system configuration
- Text-based configuration file
- Firmware upgrade via FTP / FTP-TLS / WebGUI
- Advanced Reporting (Vantage Report 3.1 Patch 1 -)
- Centralized Network Management (Vantage CNM 3.0 -)
-: Future releases
Certification
- ICSA-certified firewall
- ICSA-certified IPSec VPN
-: Certification Pending
Hardware Specifications
- Memory: 1 GB RAM / 256 MB Flash
- Interface: GbE x 5 (RJ-45 with LED)
- Auto-negotiation and auto MDI / MDI-X
- Console: RS-232 (DB9F)
- AUX: RS-232 (DB9M)
- LEDs: PWR, SYS, AUX, HDD
- Power Switch: Yes
- Reset Button: Yes
- Expansion card slot: Yes (1)
- USB: Yes (2)
- Optional HDD: Yes (IDE, 2.5 ")
- This hardware accessories will be supported with future firmware releases
Physical Specifications
- Rack-mountable: Yes (19 "rack-mounting kit included)
- Dimensions: 430.7 (W) x 292.0 (D) x 43.5 (H) mm
- Weight: 4,700 g
Electrical Requirements
- Input voltage: 100-240V/AC, 50/60 Hz, 1 A Max
- Power: 80W Max
Environmental Specifications
- Operating Temperature: 0 ° C ~ 40 ° C
- Storage Temperature: -30 ° C ~ 60 ° C
- Humidity: 5% ~ 90% (no condensation)
Standard Compliance
- HSF (Hazardous Substance Free): RoHS and WEEE
- EMC: FCC Part 15 Class A, CE-EMC Class A, C-Tick Class A, VCCI Class A
- Safety: CSA International (ANS/UL60950-1, CSA60950-1, EN60950-1, IEC60950-1)
Internet Security Appliance - 1000 + 50 IPSec VPN SSL tunnel with max. 150Mbit and firewall up. 300Mbit
Unified Security Gateway for Small and Medium enterprises / medium sized organizations
- High performance VPN concentrator (IPsec, SSL, L2TP)
- 1000 VPN tunnels with 150Mbit
- Firewall with 300Mbit
- User-specific access policies
- Proactive network protection
- Reliable network functionalities
- Device High Availability and Load Balancing multiple WAN
- Bandwidth Management
- VoIP Security
- Content Filtering
High-performance VPN concentrator with both IPSec VPN and SSL VPN
The ZyWALL USG 1000 Unified Security Gateway has developed a variety of security services to offer based on a robust hardware-accelerated platform.
The integration of IPSec VPN and SSL VPN technologies, the ZyWALL USG 1000 to build virtual private networks (VPN) between remote locations such as branch offices, locations of business partners and even remote workers, which may over a potentially Hotel unsecured hotspot login.
Communication channels are securely encrypted to minimize the potential for data loss / theft of data during the transmission of confidential information over insecure networks like the Internet.
The VPN feature "hub and spoke" is able, the outlay for the policy management in a complex to minimize longer-site corporate network infrastructure.
Proactive Network Protection against a wide range of threats
By integrating the latest technologies on a robust platform, the ZyWALL USG 1000 is offering to be able to multi-layer protection for security-aware businesses.
The gateway anti-virus security service on the ZyWALL USG 1000 was developed by Kaspersky Labs, the technology provides the fastest response time for emerging viruses and spyware. Thus, various threats at the network edge and stop viruses and spyware are kept away from corporate networks. With an integrated SecuASIC co-processor, the ZyWALL USG 1000 is able to offer, even at high network utilization robust and reliable performance.
With the signature-based IDP engine (Intrusion Detection and Prevention) leads the ZyWALL USG 1000 from Layer 7 packet inspection for protocol / traffic anomaly or matched patterns. Thus, the ZyWALL USG 1000 comprehensive IDP capabilities to potential worms, viruses, trojans and VoIP threats, etc. to identify proactively.
In response to the ever-changing threats, cutting-edge signatures / patterns can be automatically downloaded from the ZSDN infrastructure and installed on your ZyWALL USG 1000th
Application Patrol to Manage the Use of IM/P2P
The ZyWALL USG 1000 was specially developed for stress-free management of IM/P2P applications in modern networking. Equipped with AppPatrol, a central control panel for various IM/P2P allows you to create granular access policies based on the ever-changing security needs: identifying and restricting different access levels of prevailing IM/P2P-Protokolle, restriction of access time for different user groups, setting up bandwidth limits for certain P2P applications and prioritization of VoIP traffic for best call quality over slow WAN ISP connections. Altogether, the ZyWALL USG 1000 is an ideal solution to solve the dilemma in terms of productivity and safety.
Zugriffstgranularität through custom policy engine
In addition to the basic skills of Zugriffssteureung, intelligent, user-aware policy engine on the ZyWALL USG was developed in 1000 to make informed decisions about packet forwarding according to various criteria (user ID, user group, access times and network quota, etc.). This can set up the security personnel access policies against a set of security features such as VPN, Content Filter and Application Patrol.
Together with VLAN and custom security zones' s security policies can be effectively used in business to protect against unauthorized access to network resources.
Ensures Quality of Service Bandwidth Management
The ZyWALL USG 1000 provides bandwidth management features for traffic prioritization to ensure that the bandwidth can be secured or restricted depending on the interface / protocol. The security staff can, regardless of the direction of the connection bandwidth for a variety of applications or computer hosts on the corporate network to assign. For example it is possible to assign time-critical applications such as VoIP or videoconferencing a higher priority and bigger bandwidth to ensure high quality transmission services. In addition, ZyWALL USG 1000 allows the monitoring of bandwidth usage with comprehensive statistical reports.
VoIP Security: Protecting the Converged Networks
Because of the many benefits, more and more businesses are deploying VoIP applications on their networks. The transition to VoIP, however, is also associated with security risks and voice quality issues.
The ZyWALL USG 1000 is a VoIP-friendly firewall, reducing the risks associated with the use of VoIP by offering the SIP/H.323 ALG feature to open only the required ports during VoIP calls dynamically, after the conversation are the open ports are closed automatically to prevent port sniffing too. The IDP function is able to prevent attacks usually associated with VoIP. Ultimately, by establishing VoIP traffics over VPNs with traffic prioritization, security holes and reduces the call quality of ISP connections are improved.
High Availability Features Guarantee Non-Stop Operations for Mission-Critical Applications
The high-availability features, the ZyWALL USG 1000 allows the easy creation of a highly available and secure network for your business. To minimize the impact of failures of individual dots as small as possible, the ZyWALL USG 1000 supports the high availability of devices to the network availability in the event of a failure to provide a network device continues.
On the WAN side, the ZyWALL USG 1000 supports multiple ISP links to ensure the availability of the Internet in the event of a disconnect to guarantee an Internet service provider. The multiple-WAN load balancing optimizes bandwidth usage over each ISP link.
Specifications
Performance and Power
- SPI Firewall throughput: 350 Mbit / s
- IPSec VPN (AES) Throughput: 150 Mbit / s
- Maximum Concurrent NAT Sessions: 200,000
- Maximum IPSec VPN Tunnels: 1,000
- Maximum SSL VPN Tunnels: 50
- New Session Rate: 13,000 (sessions / sec.)
Gateway Anti-Virus
- Stream-based gateway antivirus protection from Kaspersky Labs
- Covers the most active viruses in the wild list from
- Scans HTTP / FTP / SMTP / POP3 / IMAP4
- Automatic Signature Update
- No file size limit
- Blacklist / Whitelist
-: Requires valid antivirus subscription
Application Patrol
- IM / P2P detailed access control
- Integration with Scheduling / Rate Limit / user-specific
- IM / P2P Up-To-Date Support
- Real-time analysis
-: Requires a valid IDP subscription
Intrusion Detection and Prevention
- In-line Mode (Routing / Bridge)
- Zone-Based IDP Inspection
- Customizable Protection Profile
- Signature-Deep Packet Inspection
- Automatic Signature Update
- User-Defined Signatures
- Traffic Anomaly: Scanning Detection and Flood Protection
- Protocol Anomaly: HTTP / ICMP / TCP / UDP
-: Requires a valid IDP subscription
Content Filtering
- URL blocking, keyword blocking
- Exempt List (Blacklist and Whitelist)
- Blocks Java Applet, cookies and Active X
- Content filtering service category (Dynamic URL Filtering Database by BlueCoat)
-: Requires valid content filter subscription
VPN
- IPSec VPN
- Encryption (AES / 3DES / DES)
Authentication (SHA-1 / MD5)
- Key Management (Manual Key / IKE)
-Perfect Forward Secrecy (DH Group 1/2/5)
NAT over IPSec
-Dead Peer Detection / Replay Detection
- PKI (X.509)
Registration Certificate (CMP / SCEP)
- Xauth authentication
VPN Concentrator (Hub and Spoke VPN)
-Support for L2TP over IPSec
- SSL VPN
-Secure Remote Access Client (Reverse Proxy Mode)
-SecuExtender (Full Tunnel Mode)
-Unified Policy Enforcement
-Supports two-factor authentication
-Customizable User Portal
Network
- Routing Mode / Bridge Mode / Mixed Mode
- Layer 2 Port Grouping
- Ethernet / PPPoE / PPTP
- Tagged VLAN (802.1Q)
- Virtual Interface (Alias Interface)
- Policy-Based Routing (User)
- Policy-Based NAT (SNAT / DNAT)
- RIP v1 / v2
- OSPF
- IP Multicasting (IGMP v1 / v2)
- DHCP Client / Server / Relay
- Built-in DNS server
- Dynamic DNS
Bandwidth Management
- Bandwidth Priority
- Policy-based Traffic Shaping
- Maximum / Guaranteed Bandwidth
- Bandwidth Borrowing
SPI Firewall
- Zone-Based Access Control List
- Configurable security zone
- Stateful Packet Inspection
- DoS / DDoS protection
- User-Aware Policy Enforcement
- ALG supports custom ports
Authentication
- Internal user database
- Microsoft Windows Active Directory
- External LDAP / RADIUS User Database
- ZyWALL OTP (One Time Password)
- Force User Authentication (Transparent Authentication)
High Availability
- Device HA (Active-Passive mode)
- Device Failure Detection
- Connection monitoring
- Auto-Sync configuration
- Multiple WAN Load Balancing
- VPN HA (Redundant Remote VPN Gateways)
System Management
- Role-Based Administration
- Simultaneous administration logins
- Multilingual Web GUI (HTTPS / HTTP)
- Object-Based Configuration
- Command Line Interface (Console / WebConsole / SSH / TELNET)
- Extensive local reports
- Syslog (4 Servers)
- E-mail Warning (2 servers)
- SNMP v2c (MIB II)
- Real-time traffic monitoring
- Default to system configuration
- Text-based configuration file
- Firmware upgrade via FTP / FTP-TLS / WebGUI
- Advanced Reporting (Vantage Report 3.1 Patch 1 -)
- Centralized Network Management (Vantage CNM 3.0 -)
-: Future releases
Certification
- ICSA-certified firewall
- ICSA-certified IPSec VPN
-: Certification Pending
Hardware Specifications
- Memory: 1 GB RAM / 256 MB Flash
- Interface: GbE x 5 (RJ-45 with LED)
- Auto-negotiation and auto MDI / MDI-X
- Console: RS-232 (DB9F)
- AUX: RS-232 (DB9M)
- LEDs: PWR, SYS, AUX, HDD
- Power Switch: Yes
- Reset Button: Yes
- Expansion card slot: Yes (1)
- USB: Yes (2)
- Optional HDD: Yes (IDE, 2.5 ")
- This hardware accessories will be supported with future firmware releases
Physical Specifications
- Rack-mountable: Yes (19 "rack-mounting kit included)
- Dimensions: 430.7 (W) x 292.0 (D) x 43.5 (H) mm
- Weight: 4,700 g
Electrical Requirements
- Input voltage: 100-240V/AC, 50/60 Hz, 1 A Max
- Power: 80W Max
Environmental Specifications
- Operating Temperature: 0 ° C ~ 40 ° C
- Storage Temperature: -30 ° C ~ 60 ° C
- Humidity: 5% ~ 90% (no condensation)
Standard Compliance
- HSF (Hazardous Substance Free): RoHS and WEEE
- EMC: FCC Part 15 Class A, CE-EMC Class A, C-Tick Class A, VCCI Class A
- Safety: CSA International (ANS/UL60950-1, CSA60950-1, EN60950-1, IEC60950-1)
new products
last update:
22.05.2012
