Security Service
Firewall
- ICSA-certified corporate firewall
- Routing and transparent (bridge)
modes
- Stateful packet inspection
- User-aware policy enforcement
- SIP/H.323 NAT traversal
- ALG support for customized ports
- Protocol anomaly detection and
protection
- Traffic anomaly detection and
protection
- Flooding detection and protection
- DoS/DDoS protection
Unified Security Policy
- Unified policy management interface
- Support Content Filtering,
Application Patrol, firewall (ACL/SSL)
- Policy criteria: zone, source and
destination IP address, user, time
Intrusion Detection and Prevention
(IDP)
- Routing and transparent (bridge)
mode
- Signature-based and behavior
based scanning
- Customized signatures supported
- Automatic signature updates
Application Patrol
- Granular control over the most
important applications
- Identifies and controls application
behavior
- Supports 30+ application categories
- Supports user authentication
- Real-time statistics and reports
Anti-Malware
- Stream-based scan engine (Stream
Mode)
- HTTP, FTP, SMTP, and POP3 protocol
supported
- No file size limitation
- Automatic signature updates
E-mail Security
- Transparent mail interception via
SMTP and POP3 protocols
- Spam and Phishing mail detection
- Blacklist and whitelist support
- Supports DNSBL checking
URL Threat Filter
- Botnet C&C websites blocking
- Malicious URL blocking
- Supports External URL blacklist
Content Filtering
- HTTPs domain filtering
- SafeSearch support
- Whitelist websites enforcement
- URL blacklist and whitelist with
keyword blocking
- Customizable warning messages
and redirect URL
- Customizable Content Filtering block
page
- URL categories increased to 111
- CTIRU (Counter-Terrorism Internet
Referral Unit) support
IP Exception
- Provides granular control for target
source and destination IP
- Supports security service scan
bypass for IDP, Anti-Malware and
URL Threat Filter
VPN
IPSec VPN
- Key management:
IKEv1 (x-auth, mode-config),
IKEv2 (EAP, configuration payload)
- Encryption: DES, 3DES, AES (256-bit)
v
- Authentication: MD5, SHA1, SHA2
(512-bit)
- Perfect forward secrecy (DH groups)
support 1, 2, 5, 14, 15-18, 20-21
- PSK and PKI (X.509) certificate support
- IPSec NAT traversal (NAT-T)
- Dead Peer Detection (DPD) and relay
detection
- VPN concentrator
- Route-based VPN Tunnel Interface
(VTI)
- VPN high availability (Failover, LB)
- GRE over IPSec
- NAT over IPSec
- L2TP over IPSec
- Zyxel VPN client provisioning
- Support iOS L2TP/IKE/IKEv2 VPN
client provision
SSL VPN
- Supports Windows and Mac OS X
- Supports full tunnel mode
- Supports 2-Factor authentication
Networking
WLAN Management
- Supports AP Controller (APC) version
3.60
- 802.11ax Wi-Fi 6 AP and WPA3 support
- 802.11k/v/r support
- Wireless L2 isolation
- Supports auto AP FW update
- Scheduled WiFi service
- Dynamic Channel Selection (DCS)
- Client steering for 5 GHz priority and
sticky client prevention
- Auto healing
- Customizable captive portal page
- WiFi Multimedia (WMM) wireless QoS
- CAPWAP discovery protocol
- Multiple SSID with VLAN
- Supports ZyMesh
- Support AP forward compatibility
- Rogue AP Detection
Mobile Broadband
- WAN connection failover via 3G and
4G* USB modems
- Auto fallback when primary WAN
recovers
IPv6 Support
- Dual stack
- IPv4 tunneling (6rd and 6to4
transition tunnel)
- SLAAC, static IP address
- DNS, DHCPv6 server/client
- Static/Policy route
- IPSec (IKEv2 6in6, 4in6, 6in4)
Connection
- Routing mode, bridge mode and
hybrid mode
- Ethernet and PPPoE
- NAT and PAT
- NAT Virtual Server Load Balancing
- VLAN tagging (802.1Q)
- Virtual interface (alias interface)
- Policy-based routing (user-aware)
- Policy-based NAT (SNAT)
- GRE
- Dynamic routing (RIPv1/v2 and OSPF,
BGP)
- DHCP client/server/relay
- Dynamic DNS support
- WAN trunk for more than 2 ports
- Per host session limit
- Guaranteed bandwidth
- Maximum bandwidth
- Priority-bandwidth utilization
- Bandwidth limit per user
- Bandwidth limit per IP
- Bandwidth management by application
- Link Aggregation support*1
Management
Nebula Cloud Management
- Unlimited Registration & Central
Management (Configuration,
Monitoring, Dashboard, Location Map
13 Datasheet ZyWALL USG FLEX 500 / 700
& Floor Plan Visual) of Nebula Devices
- Network Function Scheduling (SSID/
PoE/Firewall Rules)
- MAC-Based and 802.1X Authentication
- Captive Portal Authentication
Authentication
- Local user database
- External user database: Microsoft
Windows Active Directory, RADIUS,
LDAP
- IEEE 802.1x authentication
- Captive portal Web authentication
- XAUTH, IKEv2 with EAP VPN
authentication
- IP-MAC address binding
- SSO (Single Sign-On) support
- Supports 2-factor authentication
with Google Authenticator as the
second factor for administrator
account
System Management
- Role-based administration
- Multi-lingual Web GUI (HTTPS and
HTTP)
- Command line interface (console,
web console, SSH and telnet)
- SNMP v1, v2c, v3
- System configuration rollback
- Configuration auto backup
- Firmware upgrade via FTP, FTP-TLS
and Web GUI
- New firmware notify and auto
upgrade
- Dual firmware images
- Cloud CNM SecuManager
Logging and Monitoring
- Comprehensive local logging
- Syslog (to up to 4 servers)
- Email alerts (to up to 2 servers)
- Real-time traffic monitoring
- Built-in daily report
- Cloud CNM SecuReporte