Unified Security Gateway for Small and

Medium-Sized Businesses
Benefits
Provides IPSec VPN and SSL VPN in a Single Box
ZyWALL USG 300 is a Unified Security Gateway that integrates comprehensive enterprise-class security
features tailored for SMB (Small and Medium-sized Businesses).

With streamlined integration of both IPSec VPN and SSL VPN technologies, the ZyWALL USG 300 is an ideal
solution for organizations requiring intensive VPN applications across distributed networks.

No matter you are in a remote branch office or at an unreliable hotel hotspot, the ZyWALL USG 300 can
ł Hybrid VPN establish secure communication tunnels with IPSec and/or SSL protection. Another benefit of the
ł Comprehensive Threat integration is that the user-aware access control, scheduling, bandwidth usage and anti-threat security
Protection features can be enforced against inbound and outbound traffics of the protected network resources.
ł IM/P2P Management
ł User-Aware Policy Engine Real-time Protection against Ever-Evolving Threats
ł Bandwidth Management By integrating cutting-edge technologies on a robust platform, the ZyWALL USG 300 is competent to
provide multi-layered security for security-aware businesses.
ł VoIP Security
Powered by Kaspersky Labs, the gateway anti-virus security service on ZyWALL USG 300 has the world’s
ł High Availability
shortest response time against emerging viruses; as a result, it helps stopping threats on the network edge
and keeps viruses/malwares out of corporate networks. With dual SecuASIC (security co-processor) built-in,
the ZyWALL USG 300 can still deliver robust and reliable performance even under heavy networking loads.

In addition, the IDP feature can detect harmful attacks and take necessary actions against the malicious or
suspicious activities. The signature-based IDP engine can effectively detect protocol or traffic anomalies,
support behavior pattern matching and prevent malicious attacks on the application layer.

Application Patrol to Manage the Use of IM/P2P Applications

The ZyWALL USG 300 is specially crafted to manage the use of IM/P2P applications in modern networking
Internet Security environments without hassle. Armed with AppPatrol, a central dashboard for managing various types of
Appliance IM/P2P applications, security staff can easily create fine-grained access policies based on ever-changing
security needs: identifying and restricting different access levels of prevailing IM/P2P protocols, restricting
time of access for different groups of users, enforcing bandwidth quota against certain types of P2P
ZyWALL application and prioritizing VoIP traffics to ensure best call quality over slow WAN ISP links. Altogether, the
USG 300 ZyWALL USG 300 is an ideal solution to solve the dilemma in terms of productivity and security.
User-Aware Policy Engine Enables Access Granularity
In addition to basic access control capabilities, the intelligent user-aware policy engine on the ZyWALL USG 300 is designed to make packet-forwarding
decisions based on multiple criteria (such as user ID, user group, time of access and network quota, etc.). Furthermore, security staff can apply access policies
against a variety of security features such as VPN, Content Filter and Application Patrol.

In conjunction with VLAN and custom security zones, corporate security policies can be effectively enforced to prevent unauthorized access to the
network resources.

Bandwidth Management Ensures Quality of Service

The ZyWALL USG 300 provides bandwidth management features for traffic prioritization to guarantee or restrict bandwidth usage per interface/protocol.
Security staff can allocate bandwidth for a variety of applications or computer hosts on the corporate network, regardless of the direction of the connection.
For example, it’s possible to assign higher priority and larger bandwidth to time-critical applications such as VoIP and video conferencing for quality
transmission services. In addition, the ZyWALL USG 300 allows you to keep track of bandwidth usage with comprehensive statistical reports.

VoIP Security: Protecting the Converged Networks

Attracted by the benefits, more and more businesses are deploying VoIP applications on their networks. Along with the transition to VoIP also comes with
security risks and voice quality issues.

As a VoIP-friendly firewall, the ZyWALL USG 300 reduces the security risks associated with the adoption of VoIP by offering the SIP/H.323 ALG feature to
dynamically open only the required ports during VoIP calls; once the call is complete, the opened ports are automatically closed to prevent port sniffing.
The IDP feature can detect and prevent attacks usually associated with VoIP deployments. Ultimately, by establishing VoIP traffics over VPNs with traffic
prioritization, security staff can minimize security breaches while optimizing call quality over the existing ISP links.

High Availability Features Guarantee Non-Stop Operations for Mission-Critical Applications

With the High Availability features, the ZyWALL USG 300 helps the security staff to easily set up a highly reliable and secure network infrastructure for your
business. To minimize the impact of single-point failures, the ZyWALL USG 300 supports device HA (High Availability) to assure network availability should
any device failure happen.

On the WAN side, the ZyWALL USG 300 can connect multiple ISP links to ensure Internet availability in case a single ISP link becomes unreliable. The multiple-
WAN load-balancing feature can also optimize the bandwidth usage over each ISP link.
Specifications
Performance and Capacity SSL VPN • Multi-Lingual Web GUI (HTTPS/HTTP)
• SPI Firewall Throughput: 200 Mbps • Clientless Secure Remote Access • Object-Based Configuration
• IPSec VPN (AES) Throughput: 100 Mbps (Reverse Proxy Mode) • Command Line Interface (Console/WebConsole/
• Maximum Concurrent NAT Sessions: 60,000 • SecuExtender (Full Tunnel Mode) SSH/TELNET)
• Maximum IPSec VPN Tunnels: 200 • Unified Policy Enforcement • Comprehensive Local Logging
• Maximum SSL VPN Tunnels: 10 • Supports Two Factor Authentication • Syslog (4 Servers)
• New Session Rate: 2,000 (sessions/sec) • Customizable User Portal • E-mail Alert (2 Servers)
• SNMP v2c (MIB-II)
Gateway Anti-Virus Networking • Real-Time Traffic Monitoring
• Stream-Based Gateway Anti-Virus Powered by • Routing Mode/Bridge Mode/Mixed Mode • System Configuration Rollback
Kaspersky Labs • Layer 2 Port Grouping • Text-Based Configuration File
• Covers Top Active Viruses in the Wild List • Ethernet/PPPoE/PPTP • Firmware upgrade via FTP/FTP-TLS/WebGUI
• Scans HTTP/FTP/SMTP/POP3/IMAP4 • Tagged VLAN (802.1Q) • Advanced Reporting (Vantage Report 3.1*)
• Automatic Signature Update • Virtual Interface (Alias Interface) • Centralized Network Management (Vantage
• No File Size Limitation • Policy-Based Routing (User-Aware) CNM 3.0*)
• Blacklist/Whitelist • Policy-Based NAT (SNAT/DNAT) *: Future release
• RIP v1/v2
Application Patrol • OSPF Certifications
• IM/P2P Granular Access Control • IP Multicasting (IGMP v1/v2) • ICSA Firewall Certified*
• Integrated with Scheduling/Rate-Limit/ • DHCP Client/Server/Relay • ICSA IPSec VPN Certified*
User-Aware • Built-in DNS Server *: Certificate pending
• IM/P2P Up-To-Date Support* • Dynamic DNS
• Real-Time Statistical Reports Hardware Specifications
*: Requiring valid IDP subscription Bandwidth Management • Memory: 256 MB RAM/256 MB Flash
• Bandwidth Priority • Interface: GbE x 7 (RJ-45, with LED)
Intrusion Detection and Prevention • Policy-Based Traffic Shaping • Auto-Negotiation and Auto MDI/MDI-X
• In-line Mode (Routing/Bridge) • Maximum/Guaranteed Bandwidth • Console: RS-232 (DB9F)
• Zone-Based IDP Inspection • Bandwidth Borrowing • AUX: RS-232 (DB9M)
• Customizable Protection Profile • LED Indicator: PWR, SYS, AUX, CARD1, CARD2
• Signature-Based Deep Packet Inspection SPI Firewall • Power Switch: Yes
• Automatic Signature Update • Zone-Based Access Control List • Reset Pinhole: Yes
• Custom Signatures • Customizable Security Zone • Extension Card Slot: Yes* (2)
• Traffic Anomaly: Scanning Detection and • Stateful Packet Inspection • USB: Yes* (2)
Flood Protection • DoS/DDoS Protection *: These hardware accessories will be supported in future
• Protocol Anomaly: HTTP/ICMP/TCP/UDP • User-Aware Policy Enforcement firmware release

• ALG Supports Custom Ports

Content Filter Physical Specifications
• URL Blocking, Keyword Blocking Authentication • Rack Mountable: Yes (19-inch, rack-mount kit
• Exempt List (Blacklist and Whitelist) • Internal User Database included)
• Blocks Java Applet, Cookies and Active X • Microsoft Windows Active Directory • Dimensions: 430.0 (W) x 201.2 (D) x 42.0 (H) mm
• Dynamic URL Filtering Database (BlueCoat) • External LDAP/RADIUS User Database • Weight: 2,800 g
• ZyWALL OTP (One Time Password)
VPN • Force User Authentication (Transparent Power Requirement
IPSec VPN Authentication) • Input Voltage: 100-240 VAC, 50/60 Hz, 0.55-0.3 A
• Encryptions (AES/3DES/DES) • Power Rating: 35 W Max
• Authentication (SHA-1/MD5) High Availability
• Key Management (Manual Key/IKE) • Device HA (Active-Passive Mode) Environmental Specifications
• Perfect Forward Secrecy (DH Group 1/2/5) • Device Failure Detection • Operating Temperature: 0ºC ~ 50ºC
• NAT over IPSec • Link Monitoring • Storage Temperature: -30ºC ~ 60ºC
• Dead Peer Detection/Replay Detection • Auto-Sync Configurations • Humidity: 20% ~ 95% (non-condensing)
• PKI (X.509) • Multiple WAN Load Balancing
• Certificate Enrollment (CMP/SCEP) • VPN HA (Redundant Remote VPN Gateways) Standard Compliance
• Xauth Authentication • HSF (Hazardous Substance Free): RoHS and WEEE
• L2TP over IPSec Support System Management • EMC: FCC Part 15 Class A, CE-EMC Class A, C-Tick
• Role-Based Administration Class A, VCCI Class A
• Simultaneous Administrative Logins • Safety: CSA International (ANS/UL60950-1,
CSA60950-1, EN60950-1, IEC60950-1)
Application Diagram

Incorporates both IPSec VPN & SSL VPN into a single box

Employee on
Home Computer
(IPSec) LAN Zone

WAN LAN

Internet Email BI Web-based Application Server

Server System Application (Inventory, Store...)
Employee Laptop
in Airport Kiosk ZyWALL USG 300
or in Hotel (SSL)

Encrypted Decrypted
File OA, ERP System Remote Network
Share CRM System Desktop Extend

Partner’s network
(Extranet via
IPSec VPN)

Powered by Kaspersky, BlueCoat, ICSA Firewall, ICSA VPN

For more produc t information, visit us on the web www.ZyXEL.com

Copyright © 2007 ZyXEL Communications Corp. All rights reserved. ZyXEL, ZyXEL logo are registered trademarks of ZyXEL Communications Corp. All other brands,
product names, or trademarks mentioned are the property of their respective owners. All specifications are subject to change without notice. 65-100-030002G 07/07