• High performance VPN concentrator - using IPSec VPN to secure connections in between headquarters, branch offices, partners. Road warriors and telecommuters can use SSL or L2TP VPN to securely access the company network without having to install VPN software.
• The ICSA-certified, stateful inspection firewall protects the network and vital Internet services like e-mail, Web browsing, servers, and file transfers.
• For protection against viruses and spyware, choose the ICSA-certified ZyXEL Anti-Virus or one powered by Kaspersky Labs.
• Scalable UTM and/or VPN performance by adding SEM-DUAL and SEM_VPN card* (Security Extension Module).
• The Application Patrol can let your device become an application firewall. This function controls application detail action include IM and P2P applications like MSN and BitTorrent, and even who can use specific features within an   application.
• The Intrusion Detection and Prevention (IDP) engine protects your network from intrusions such as Trojans and worms.
• Endpoint web link protection can provide endpoint when they connect to internet use web browser. They can quickly find those web site have malicious software like warm, Trojan, Virus, etc. or not. To protect your client in first mile.
• The anti-spam feature can tag or discard unsolicited commercial or junk e-mail.
• User-aware configuration lets you control access to applications or resources and apply security scans by user or user group.
• Bandwidth management lets you prioritize and limit traffic so time-sensitive applications like VoIP and video conferencing work properly.
• High availability features such as device HA, redundant power module, and multiple ISP links in a single WAN trunk - guarantees non-stop operation for mission-critical applications.
  *: Sold separately.

Features

Firewall

• ICSA Labs certificate
• Routing and transparent (bridge) mode
• Zone-Based Access Control List
• Stateful Packet Inspection
• NAT, PAT
• Policy base NAT
• VLAN tagging
• User-Aware Policy Enforcement
• SIP/H.323 NAT traversal
• ALG Supports Custom Ports

Virtual Private Network (VPN)

• ICSA labs Certificate IPSec VPN
• PPTP, L2TP, IPSec
• Algorithm: AES/3DES/DES
• Authentication: SHA-1/MD5
• Key Management: Manual Key/IKE
• Perfect Forward Secrecy: DH Group 1/2/5
• IPSec NAT Traversal
• Dead peer Detection/Relay Detection
• PKI (X.509) Certificate Support
• Hub and Spoke VPN Support
• Simple wizard support 
• Auto reconnect VPN        

SSL VPN

• Clientless Secure Remote Access
• Support Reverse Proxy Mode and Full Tunnel Mode 
• Unified Policy Enforcement
• Supports Two-factor Authentication
• Customizable User Portal

Intrusion Detection and Prevention(IPS)

• Routing and transparent (Bridge) mode
• Zone-Based IDP Inspection
• Customizable Protection Profile
• Automatic Signature Updates
• Custom Signatures
• Protocol anomaly detection and protection
• Traffic Anomaly Detection and Protection
• Flooding Detection and Protection
• DoS/DDoS Protection

Anti-Virus

• ICSA-Certified ZyXEL Anti-Virus or Kaspersky Anti-Virus*
• Stream-Based Anti-Virus engine
• Zone base AV protection
• HTTP/FTP/SMTP/POP3/IMAP4 protocal support
• Automatic Signature Updates
• No File Size Limitation
• Blacklist/Whitelist Support

Application Patrol

• Application, IM/P2P, stream base media, VoIP Granular Access Control
• Detail access control of IM (Chat, file transfer, video)
• Application and IP/P2P bandwidth control
• User authentication support 
• IM/P2P signature auto update
• Support more than 15 catalogs IM and P2P 
• Real-Time Statistical Reports
• Maximum/Guaranteed Bandwidth

Anti-Spam

• Zone to Zone Protection
• Transparently intercept mail via SMTP/POP3 protocols
• Blacklist/Whitelist support
• Support DNSBL checking
• Junk mail tag support
• Statistics report

High Availability

• Active-Passive Mode
• Device Failure Detection and notification
• Support ICMP and TCP ping check
• Link status Monitor
• Auto-Sync Configurations  
• VPN HA (Redundant Remote VPN Gateways)

Content Filtering

• Web security (Security Web access): ZyXEL Security Browsering
• URL Blocking, Keyword Blocking
• Profile base setting
• Exempt List (Blacklist and Whitelist)
• Blocks Java Applet, Cookies and Active X
• Dynamic URL Filtering Database (Powered by BlueCoat)**
• Unlimited user Licenses support
• Customize warning messages

Networking

• Routing Mode/Bridge Mode/Mixed Mode
• Layer 2 Port Grouping
• Ethernet/PPPoE
• Tagged VLAN (802.1Q)
• Virtual Interface (Alias Interface)
• Policy-Based Routing (User-Aware)
• Policy-Based NAT (SNAT/DNAT) 
• Dynamic routing(RIP v1/v2, OSPF, IP Multicasting (IGMP v1/v2) 
• DHCP Client/Server/Relay
•  Built-in DNS Server
• Dynamic DNS Support
• Multiple WAN Load Balancing more than 2 port
• Per host session limit
• Guaranteed bandwidth
• Maximum bandwidth
• Ingress traffic policing
• Priority-bandwidth utilization

Authentication

• Local User Database
• Microsoft Windows Active Directory integrate 
• External LDAP/RADIUS User Database
• Xauth over RADIUS for IPSec IPV
• ZyWALL OTP (One Time Password)*
• Forced User Authentication (Transparent Authentication)
• IP/MAC address binding

System Management

• Role-Based Administration
• Multiple Administrator Login
• Multi-Lingual Web GUI (HTTPS/HTTP)
• Out-of-band Management (AUX)
• Object-Based Configuration
• Command Line Interface (Console/Web Console/SSH/TELNET)
• SNMP v2c (MIB-II)
• System Configuration Rollback
• Firmware upgrade via FTP/FTP-TLS/Web GUI

Logging/Monitoring

• Comprehensive Local Logging
• Syslog (send to up to 4 servers)
• E-mail Alert (send to up to 2 servers)
• Real-Time Traffic Monitoring
• Built-in Daily Report
• Advanced Reporting (Vantage Report)
• Centralized Network Management (Vantage CNM) Manageable

Specifications

Standards Compliance

• HSF (Hazardous Substance Free): RoHS and WEEE
• EMC: FCC Part 15 Class A, CE-EMC Class A, C-Tick Class A, VCCI Class A
• Safety: CSA International (ANS/UL60950-1, CSA60950-1, EN60950-1, IEC60950-1)

Performance and Capacity

• SPI Firewall Throughput: 2 Gbps
• IPSec VPN (AES) Throughput: up to 400 Mbps
• UTM Throughput up to 400 Mbps
• Max. Concurrent NAT Sessions: 1,000,000
• Max. IPSec VPN Tunnels: up to 2,000
• Max. SSL VPN Tunnels: up to 750
• New Session Rate: 25,000 (sessions/sec)

Hardware Specifications

• Memory: 2 GB RAM/256 MB Flash
• Interfaces: 6 10/100/1000BASE-T RJ-45 interfaces and 2 Dual-Personality GbE interfaces (RJ-45 or SFP open slot)
• Console: 1 D-Sub 9-pin Female (RS232C)
• AUX: 1 D-Sub 9-pin Male (RS232C)
• LED: PWR1, PWR2, SYS, AUX, CARD, HDD
• Power Switch
• Reset Pinhole
• Buzzer Reset Button
• SEM Slot: 1 (Security Extension Module)
• Card Slot: 1 (CardBus)
• USB*: 2 (USB Host, 2.0)
• HDD Slot*: 1 (SATA, 2.5")

*: These hardware accessories will be supported in future firmware release

Physical Specifications

• 19-inch, 2-RU (rack-mount kit included)
• Dimensions: 430 (W) x 487 (D) x 89 (H) mm
• Weight: 10.5 kg

Power Requirements

• Input Voltage: 100-240 V, 50-60 Hz, 3-6 A
• Power Rating: 200 W

Environmental Specifications

• Operating Temperature: 0ºC ~ 40ºC/32ºF ~ 104ºF
• Storage Temperature: -30ºC ~ 60ºC/-22ºF ~ 140ºF
• Humidity: 5% ~ 90% (non-condensing)

Certifications

• ICSA Certified Firewall
• ICSA Certified IPSec VPN
• ICSA Certified Anti-Virus