Professional Documents
Culture Documents
While technology has certainly simplified many aspects of our lives, there All-in-one Next Generation
is more than one side the story. Advancements in how people work and Firewall (NGFW) for small
collaborate can often create major challenges for small businesses. These businesses
include managing the rapidly growing number of smart devices accessing
networks, prioritizing and blocking a wide range of cloud-based productivity Complete network protection
applications, and guarding against daily web-based intrusions and attacks. with Anti-Virus, Anti-Spam,
As threats evolve and challenges diversify, it becomes more difficult for small Contetnt Filtering 2.0, IDP and
businesses stay on top of these changes with limited IT resources at their Application Patrol
disposal.
Robust SSL, IPSec and L2TP over
The new Zyxel USG Performance Series are all-in-one next-generation IPSec VPN connectivity
firewalls (NGFW) specifically designed with comprehensive UTM features
that including malware protection, application regulation, and budget Unified Security Policy
control in small business environments. The built-in wireless AP (USG40W
and USG60W) and WLAN controller offer instant wireless hotspot capability Integrated single-radio
and future WLAN scalability. The Zyxel USG Series supports VPN, allowing (USG40W) or dual-radio
businesses to securely access resources with their partner offices or (USG60W) wireless access point
headquarters. The all-in-one design integrates everything small businesses
need, delivering easier and more centralized management with a lower total
Cloud helper provides the
cost of ownership (TCO).
friendly firmware upgrade to
ensure its authenticity and
reliability.
Datasheet USG60/60W/40/40W
Benefits
Peace of mind security Simplified management procedure
The Zyxel USG Performance Series delivers enterprise- Managing complex configuration settings can be
grade Next Generation Firewall security without the hefty confusing and time-consuming. The Zyxel USG
price tag. It provides deep, extensive protection and Performance Series provides an easy mode setting in the
effective control of Web applicationslike Facebook, GUI for entry-level and SOHO users. Easy mode provides
Google Apps and Netflixwith such anti-malware an icon-based feature set and attractive dashboard
protection mechanisms as firewall, Anti-Virus, Anti-Spam, to simplify management and monitoring of the device.
Content Filtering, IDP and Application Patrol. Newly added Application and function settings also have integrated
Content Filtering 2.0 supports Geo IP Blocking to help wizards for user-friendly setup. Zyxel USG Performance
propel detection rates from strength to strength. No longer Series easy mode helps entry-level users and SOHO users
do small businesses need to worry about threats, spam or effortlessly take advantage of high-speed and secure
social networking sites decreasing productivity. networking.
Datasheet USG60/60W/40/40W 2
Next-Gen USG Quick Finder
USG1900
USG1100
USG310
USG210
USG110
USG60/60W
Model USG40/40W
Description Performance Series Advanced Series Extreme Series
Multi-WAN Yes Yes Yes Yes Yes Yes Yes
Unified security Yes Yes Yes Yes Yes Yes Yes
policy
SSL inspection - - Yes Yes Yes Yes Yes
Link - - - - Yes Yes Yes
Aggregation
(LAG)
Port grouping Yes Yes Yes Yes - - -
Device HA - - Yes Yes Yes Yes Yes
Device HA Pro - - Yes Yes Yes Yes Yes
Easy Mode Yes Yes - - - - -
Cloud Helper Yes Yes Yes Yes Yes Yes Yes
PCI DSS Yes Yes Yes Yes Yes Yes Yes
Compliance
Content Yes Yes Yes Yes Yes Yes Yes
Filtering 2.0*1
Hotspot - - Yes Yes Yes Yes Yes
Management*2
*1: SSL Inspection must be enabled for Content Filtering 2.0 Safe Search to function properly.
*2: Hotspot Management supports for USG310/1100/1900 in firmware ZLD4.20 or later, and for USG110/210 in firmware ZLD4.25 or later.
License Features
2.0
The Zyxel USG Performance Series provides a complete feature set to perfectly fit different business requirements as well
as to enable the maximum performance and security with an all-in-one appliance. Comprehensive network modularity
also empowers IT professionals to customize the system to meet their individual needs.
Datasheet USG60/60W/40/40W 3
Feature Highlights
Datasheet USG60/60W/40/40W 4
Application Diagram
Anti-malware protection
and application Non-productive
optimization Web applications
Remote
Desktop
Network
Extend
Inventory
Server
File
Sharing
VPN application
Branch offices, partners and
home users can deploy Zyxel
USGs/ZyWALLs for site-to-site
IPSec VPN connections
Branch offices can additional Microsoft
Azure
deploy IPSec VPN HA (load Branch Remote Network Inventory File
Office Microsoft Desktop Extend Server Sharing
balancing and failover) for
Azure Headquarters
always online VPN connectivity Branch Remote Network Inventory File
Office BIDesktop OA, ERP, Server
Web Extend Email Sharing
Remote users can securely USG110 IPSec VPN
System Apps CRM System Server
Unified Security Headquarters
access company resources Gateway DMZ Resources
with their computers or IPSec VPN HA
IPSec VPN BI Web OA, ERP,
Partner
Email
OfficeServer
USG110 System Apps CRM System
smartphones via SSL, IPSec UnifiedIPSec VPN Client
Security
for Windows OS
and L2TP over IPSec VPN Gateway
USG1900
DMZ Resources
IPSec IPSec
VPN HAVPN IPSec VPN
The headquarter USG/ZyWALL Unified Security Gateway
Partner Office
IPSec VPNTravelling USG1100
can also establish an IPSec Client
for Windows OS
Employee Unified Security Gateway
VPN connection with Microsoft SSL VPN
USG1900 IPSec VPN
Azure for secured access IPSec VPN
SecuExtender SSL
VPN Client for Unified
L2TP overSecurity Gateway IPSec VPN
SP350E Switch
Service
to a variety of cloud-based Travelling
Windows/Mac OS IPSec VPN
Gateway USG1100
Printer Access
applications Employee In-House Unified Security Gateway
Staff Point
SSL VPN
Travelling Login Login
Employee IPSec VPN
SecuExtender SSL SP350E
VPN Client for L2TP over USG40W
Travelling Guest Network Switch
Staff Network
Windows/Mac OS EmployeeIPSec VPNUnified Security Service
Gateway Gateway
Hotspot Management
Printer Access
Home
User Point
Travelling Login Login
Employee
Travelling USG40W Guest Network Staff Network
Employee Unified Security
Gateway Hotspot Management
Datasheet USG60/60W/40/40W 5
Specifications
Hardware Specifications
10/100/1000 Mbps RJ-45 4 x LAN/DMZ, 4 x LAN/DMZ, 3 x LAN/DMZ, 3 x LAN/DMZ,
ports 2 x WAN 2 x WAN 1 x WAN, 1 x OPT 1 x WAN, 1 x OPT
USB ports 2 2 1 1
Console port Yes (DB9) Yes (DB9) Yes (RJ-45) Yes (RJ-45)
Rack-mountable Yes Yes - -
Fanless Yes Yes Yes Yes
System Capacity & Performance *1
Datasheet USG60/60W/40/40W 6
Model USG60 USG60W USG40 USG40W
License Service
Anti-Virus (AV) Yes Yes Yes Yes
Intrusion detection and Yes Yes Yes Yes
prevention (IDP)
& Application Patrol
Anti-Spam Yes Yes Yes Yes
Content Filtering 2.0 Yes Yes Yes Yes
(CF2.0)*7
Power Requirements
Power input 12 V DC, 3.0 A max. 12 V DC, 3.0 A max. 12 V DC, 2.0 A max. 12 V DC, 2.0 A max.
Max. power 19.0 28.0 14.0 17.0
consumption (watt)
Heat dissipation (BTU/ 64.83 95.54 47.77 58.01
hr)
Physical Specifications
Item Dimensions 242 x 175 x 36/ 272 x 171 x 36/ 216 x 143 x 33/ 216 x 143 x 33/
(WxDxH) 9.53 x 6.89 x 1.42 10.71 x 6.73 x 1.42 8.50 x 5.63 x 1.30 8.50 x 5.63 x 1.30
(mm/in.)
Weight 1.25/2.76 1.46/3.23 0.89/1.96 0.91/2
(kg/lb.)
Packing Dimensions 394 x 240 x 101/ 427 x 247 x 73/ 381 x 216 x 79/ 381 x 216 x 79/
(WxDxH) 15.51 x 9.45 x 3.98 16.81 x 9.72 x 2.87 15.00 x 8.50 x 3.11 15.00 x 8.50 x 3.11
(mm/in.)
Weight 2.25/4.96 2.23/4.92 1.57/3.46 1.63/3.59
(kg/lb.) (without bracket)
2.42/5.34
(with bracket)
Included accessories Power adapter Power adapter Power adapter Power adapter
Rack mounting kit Rack mounting kit DB9 - RJ-45 DB9 - RJ-45 cable for
(optional, by regions) cable for console console connection
Antenna connection Antenna
Environmental Specifications
Ope- Temperature 0C to 40C 0C to 40C 0C to 40C 0C to 40C
rating (32F to 104F) (32F to 104F) (32F to 104F) (32F to 104F)
Humidity 10% to 90% 10% to 90% 10% to 90% 10% to 90%
(non-condensing) (non-condensing) (non-condensing) (non-condensing)
Storage Temperature -30C to 70C -30C to 70C -30C to 70C -30C to 70C
(-22F to 158F) (-22F to 158F) (-22F to 158F) (-22F to 158F)
Humidity 10% to 90% 10% to 90% 10% to 90% 10% to 90%
(non-condensing) (non-condensing) (non-condensing) (non-condensing)
MTBF (hr) 815,463.9 497,644 414,329.4 386,931.7
Certifications
EMC FCC Part 15 (Class FCC Part 15 (Class FCC Part 15 (Class FCC Part 15 (Class
B), CE EMC (Class B), B), CE EMC (Class B), B), CE EMC (Class B), B), CE EMC (Class B),
C-Tick (Class B), BSMI C-Tick (Class B), BSMI C-Tick (Class B), BSMI C-Tick (Class B), BSMI
Safety LVD (EN60950-1), BSMI LVD (EN60950-1), BSMI LVD (EN60950-1), BSMI LVD (EN60950-1), BSMI
Note:
* This matrix with firmware ZLD 4.20 or later.
*1: Actual performance may vary depending on network conditions and activated applications.
*2: Maximum throughput based on RFC 2544 (1,518-byte UDP packets).
*3: VPN throughput measured based on RFC 2544 (1,424-byte UDP packets).
*4: AV and IDP throughput measured using the industry standard HTTP performance test (1,460-byte HTTP packets). Testing done with multiple flows.
*5: Maximum sessions measured using the industry standard IXIA IxLoad testing tool.
*6: Including Gateway-to-Gateway and Client-to-Gateway.
*7: *SafeSearch function in CF2.0 need to enable SSL Inspection firstly and not for small business models
Datasheet USG60/60W/40/40W 7
Wireless Specifications
Model USG60W USG40W
Standard compliance 802.11 a/b/g/n 802.11 b/g/n
Wireless frequency Concurrent 2.4 & 5 GHz 2.4 GHz
Radio 2 1
SSID number 16 8
Maximum US (FCC) 24.3 dBm, 2 antennas 24.3 dBm, 2 antennas
transmit 2.4 GHz
power US (FCC) 25.8 dBm, 2 antennas -
(Max. total 5 GHz
channel) EU (ETSI) 18.6 dBm (EIRP), 2 antennas 19.6 dBm (EIRP), 2 antennas
2.4 GHz
EU (ETSI) 28.4 dBm (EIRP), 2 antennas -
5 GHz
No. of antenna 2.4 GHz: 2T2R MIMO 2.4 GHz: 2T2R MIMO
5 GHz: 2T2R MIMO (Detachable, SMA-R)
(Detachable, SMA-R)
Antenna gain 3 dBi 3 dBi
Data rate 802.11 b/g: 1, 2, 5.5, 6, 9, 11, 12, 18, 24, 36, 48 and 802.11 b/g: 1, 2, 5.5, 6, 9, 11, 12, 18, 24, 36, 48 and
54 Mbps 54 Mbps
802.11a: 6, 9, 12, 18, 24, 36, 48 and 54 Mbps 802.11n: up to 300 Mbps in MCS15
802.11n: up to 300 Mbps in MCS15 (40 MHz; GI = 400 ns)
(40 MHz; GI = 400 ns)
Receive 2.4 GHz 11 Mbps -87 dBm 11 Mbps -87 dBm
sen-sitivity 54 Mbps -74 dBm 54 Mbps -74 dBm
HT20 -71 dBm HT20, MCS15 -71 dBm
HT40 -68 dBm HT40, MCS15 -68 dBm
5 GHz 54 Mbps -75 dBm -
HT20, MCS15 -71 dBm
HT40, MCS15 -69 dBm
Features Set
Software Features
Firewall IPv6 addressing Encryption: AES (256-bit), 3DES and
ICSA-certified firewall DNS DES
Routing and transparent (bridge) DHCPv6 Support Route-based VPN Tunnel
modes Bridge Interface (VTI)
Stateful packet inspection VLAN Key management: manual key, IKEv1
User-aware policy enforcement PPPoE and IKEv2 with EAP
SIP/H.323 NAT traversal Static routing Perfect forward secrecy (DH groups)
ALG support for customized ports Policy routing support 1, 2, 5, 14
Protocol anomaly detection and Session control IPSec NAT traversal
protection Firewall and ADP Dead peer detection and relay
Traffic anomaly detection and IPSec VPN detection
protection Intrusion Detection and Prevention PKI (X.509) certificate support
Flooding detection and protection (IDP) VPN concentrator
DoS/DDoS protection Application Patrol Simple wizard support
RPS-enabled for desirable Content Filtering 2.0 VPN auto-reconnection
performance in chaotic Anti-Virus, Anti-Malware VPN High Availability (HA): load-
environments Anti-Spam balancing and failover
L2TP over IPSec
IPv6 Support IPSec VPN
GRE and GRE over IPSec
Dual stack Authentication: SHA-2 (512-bit), SHA-1
NAT over IPSec
IPv4 tunneling (6rd and 6to4 and MD5
Zyxel VPN client provisioning
transition tunnel) ICSA-certified IPSec VPN
Datasheet USG60/60W/40/40W 8
SSL VPN Blocks java applets, cookies and DHCP client/server/relay
Supports Windows and Mac OS X ActiveX Dynamic DNS support
Supports full tunnel mode Dynamic, cloud-based URL filtering WAN trunk for more than 2 ports
Supports 2-step authentication database Per host session limit
HTTP, FTP, SMTP, POP3 and IMAP4 Unlimited user license support Guaranteed bandwidth
protocol support Customizable warning messages and Maximum bandwidth
Automatic signature updates redirection URL Priority-bandwidth utilization
No file size limitation HTTPs Domain filtering Bandwidth limit per user
Customizable user portal GeoIP Blocking Bandwidth limit per IP
Monitors traffics based on country GRE
Intrusion Detection and Prevention
policy
(IDP) Authentication
URL blocking and keyword blocking
Routing and transparent (bridge) Local user database
mode Unified Security Policy Microsoft Windows Active Directory
Signature-based and behavior- Unified policy management interface integration
based scanning Supported UTM features: Anti-Virus, External LDAP/RADIUS user
Automatic signature updates Anti-Spam, IDP, Content Filtering 2.0, database
Customizable protection profile Application Patrol, firewall (ACL) XAUTH, IKEv2 with EAP VPN
Customized signatures supported 3-tier configuration: object-based, authentication
profile-based, policy-based Web-based authentication
Application Patrol
Policy criteria: zone, source and Forced user authentication
Granular control over the most
destination IP address, user, time (transparent authentication)
important applications
Pre-defined UTM profiles for different IP-MAC address binding
Identifies and controls application
user groups SSO (Single Sign-On) support
behavior
Supports over 15 application WLAN Management System Management
categories Support AP Controller (APC) version Authentication: SHA-2 (512-bit), SHA-1
Application bandwidth management 1.97 and MD5
Supports user authentication Wireless L2 isolation Role-based administration
Real-time statistics and reports Supports auto AP FW update Multiple administrator logins
IDP/ADP support on social networks Scheduled Wi-Fi service Supports Cloud Helper
such as likes and posts on Facebook Dynamic Channel Selection (DCS) Multi-lingual Web GUI (HTTPS and
Client steering for 5GHz priority and HTTP)
Anti-Virus
sticky client prevention Command line interface (console,
Supports Kaspersky Anti-Virus
Auto healing provides a stable and Web console, SSH and telnet)
signatures
reliable coverage SNMP v1, v2c, v3
Identifies and blocks over 650,000
IEEE 802.1x authentication System configuration rollback
viruses
Captive portal Web authentication Firmware upgrade via FTP, FTP-TLS
Stream-based Anti-Virus engine
Customizable captive portal page and Web GUI
HTTP, FTP, SMTP, POP3 and IMAP4
RADIUS authentication Dual firmware images
protocol support
Wi-Fi Multimedia (WMM) wireless Cloud CNM SecuManager
Automatic signature updates
QoS
No file size limitation Logging and Monitoring
CAPWAP discovery protocol
Comprehensive local logging
Anti-Spam
Mobile Broadband Syslog (to up to 4 servers)
Transparent mail interception via
WAN connection failover via 3G and Email alerts (to up to 2 servers)
SMTP and POP3 protocols
4G* USB modems Real-time traffic monitoring
Configurable POP3 and SMTP ports
Auto fallback when primary WAN Built-in daily report
Sender-based IP reputation filter
recovers Advanced reporting with Vantage
Recurrent Pattern Detection (RPD)
* For specific models supporting the 3G and 4G Report
technology dongles on the list, please refer to the Zyxel
Zero-hour virus outbreak protection product page at 3G dongle document. Zyxel One Network
X-Header support ZON Utility
Networking
Blacklist and whitelist support IP configuration
Routing mode, bridge mode and
Supports DNSBL checking Web GUI access
hybrid mode
Spam tag support Firmware upgrade
Ethernet and PPPoE
Statistics report Password configuration
NAT and PAT
Smart Connect
Content Filtering 2.0 VLAN tagging (802.1Q)
Location and system name update
Social media filtering Virtual interface (alias interface)
Discover neighboring devices
Malicious Website filtering Policy-based routing (user-aware)
One-click remote management
URL blocking and keyword blocking Policy-based NAT (SNAT)
access to the neighboring Zyxel
Blacklist and whitelist support Dynamic routing (RIPv1/v2 and OSPF)
devices
Datasheet USG60/60W/40/40W 9
Licenses
Security
Product Kaspersky IDP & Application Content Filtering Anti-Spam
Anti-Virus Patrol 2.0
USG60/60W 1 year/2 years 1 year/2 years 1 year/2 years 1 year/2 years
USG40/40W 1 year/2 years 1 year/2 years 1 year/2 years 1 year/2 years
Notes:
1. Zyxel USGs can be purchased with bundled 12-month standard license (Anti-Virus, Anti-Spam, Content Filtering and IDP) with
extra 1-month trial.
2. Licenses can be easily activated, renewed and managed at myZyxel.
3. License bundles may vary according to region. Please contact your local sales representative for more information.
Datasheet USG60/60W/40/40W 10
Accessories
Datasheet USG60/60W/40/40W 11
For more product information, visit us on the web at www.zyxel.com
Copyright 2017 Zyxel Communications Corp. All rights reserved. Zyxel, Zyxel logoare registered
trademarks of Zyxel Communications Corp. All other brands, product names, or trademarks mentioned
are the property of their respective owners. All specifications are subject to change without notice. 5-100-00816016 01/17
Datasheet USG60/60W/40/40W