Zyxel USG FLEX Firewall Series

Advanced Security and Performance for Modern Networks

Introducing the USG FLEX Series

The latest USG FLEX 100 provides a unified management platform, enhancing protection from firewalls to access points with automatic responses. The newly designed USG FLEX Series minimizes computing power usage while maximizing firewall performance, delivering up to 5x UTM performance with cloud flexibility and collaborative protection. This series is ideal for small to mid-sized businesses seeking to connect and secure their operations.

Key Benefits

Nebula Together: Integrate USG FLEX into the Nebula Cloud Management family with the ZLD5.0 update. Implement Zero-Trust Network Security with granular policy, access authentication, and secured WiFi to protect against untrusted devices, users, and applications.
Flexible Management: Adapt to on-premises or Nebula cloud management.
Advanced Threat Detection: Benefit from precise detection with cloud query express mode.
Multi-Layered Protection: Enjoy high assurance protection against various threats.
Web Security: Utilize DNS and URL content filtering to ensure web security.
Edge Threat Containment: Automatically contain threats at the network edge.
Secure WiFi: Guarantee security for remote work environments.
Enhanced Security: Add two-factor authentication for an extra layer of protection.

Enhanced Security Features

Higher Precision Detection

Zyxel Security Cloud continuously learns from threat information. The USG FLEX series features advanced Anti-Malware with cloud query express mode, leveraging billions of signatures. This cloud query, with its high detection rate, verifies file hashes within seconds, providing superior threat identification.

Diagram Description: A visual representation showing a growing database feeding into the Zyxel Security Cloud, which then processes a query for an unknown file, resulting in a 'Malicious' classification.

Best Threat Intelligence Alliance

To ensure optimal network protection, USG FLEX integrates threat intelligence from leading cybersecurity companies and organizations. This broad malware coverage and multi-sourced database increase threat detection accuracy. Web Filtering is also included, safeguarding all internet access, with specific features like CTIRU (Counter-Terrorism Internet Referral Unit) to restrict access to terrorist materials online.

High Assurance Multi-Layered Protection

The USG FLEX is designed with multi-layer protection against internal and external threats. Its multiple security services allow for restriction of inappropriate application usage or web access. Zyxel offers industry-leading DNS content filtering, eliminating blind spots in encrypted traffic with TLS 1.3, without requiring SSL inspection. This comprehensive approach safeguards your network against all threats.

Simplified and Unified Licensing Experience

Zyxel streamlines the license purchase and renewal process, offering a consistent migration path between on-premise and cloud platforms. This ensures partners can quickly adapt to a secure environment with flexibility across various network scenarios.

Block Security Threats

Diagram Description: A flowchart illustrating security measures. From 'Internet', traffic flows through 'USG FLEX'. Security services include 'URL Threat Filter', 'Anti-Malware', 'IPS', and 'Application Patrol'. Risk mitigation includes 'Web Filtering' and 'Geo Enforcer'.

Zyxel Security Subscriptions

Diagram Description: An icon representing Zyxel Security Subscriptions, possibly indicating a suite of security services.

Performance and Connectivity

Performance Boost

The newly designed platform offers up to 125% firewall performance and maximizes UTM performance by minimizing computing power usage. An additional 500% UTM performance is achieved with cloud query express mode.

Diagram Description: Two bars indicating performance gains: 'Gains Up to 125% Firewall Performance' and 'Gains Up to 500% UTM Performance'. Images of Zyxel USG FLEX devices are shown.

Stay Ahead of Threats with CDR

Collaborative Detection & Response (CDR) identifies threats and risks in complex organizational workforces. USG FLEX firewalls provide network admins with rule-based security policies. Threats detected on connected clients are synced with the Nebula control center for automatic response and containment at the network edge (e.g., Wireless Access Points). This is ideal for decentralized network infrastructures, offering automatic protection.

Same Security Across Networks

Zyxel's Secure WiFi feature enables the creation of a 'drop-in' Access Point that replicates office SSIDs and automatically establishes a secure tunnel, ensuring seamless access to the corporate network. This simplifies deployment with a plug-n-play option while maintaining high control over remote workplace security.

Level Up Security with 2FA Network Access

Passwords alone are insufficient for network security. Two-factor authentication (2FA) ensures unauthorized users cannot access company databases or email accounts. Zyxel Two-Factor Authentication allows organizations to verify user identities accessing networks via remote desktops and personal mobile devices.

Remote Workplace and Office Network Integration

Diagram Description: An illustration showing a 'Remote Workplace' with a 'Remote AP' connecting via a 'Secure Tunnel' to an 'Office Network' with an 'USG FLEX Series' device.

Two-Factor Authentication Visualization

Diagram Description: Icons representing two layers of security, possibly depicting fingerprint and a lock, symbolizing two-factor authentication.

Comprehensive Services

Comprehensive Web Filtering Service

USG FLEX Firewall provides enhanced web filtering and security through reputation and category-based filtering. Dynamic content categorization analyzes unknown websites and domains, identifying undesirable categories like gambling, pornography, and games. The DNS content filter offers an improved approach to inspecting web access, especially for websites using ESNI (Encrypted Server Name Indication), where traditional URL filtering may fail.

Diagram Description: A cloud graphic with various icons representing web filtering categories and security checks, connected to a network stream.

Analytics Report and Enhanced Insights

The USG FLEX series dashboard offers user-friendly traffic summaries and threat statistics. SecuReporter provides advanced threat analysis with correlation features, enabling proactive tracking of network status to prevent future threats. Centralized visibility of network activities aids in managing multiple clients.

Diagram Description: A screenshot of the SecuReporter interface showing logs, statistics, and analysis tools.

Comprehensive Connectivity

The ZyWALL USG FLEX series not only protects your network but also supports Hospitality features, including Hotspot and concurrent device upgrades. Time-based bundles allow users to pay only for what they need.

Specifications Overview

The following tables detail the specifications for the USG FLEX series, including hardware, system capacity, performance, security features, VPN capabilities, and WLAN management.

Hardware Included License

Service/Component	On Premises	Nebula Cloud	Pack License	Single License
UTM	●	●	●	-
Hospitality	●	●	●	-
Nebula	-	●	●	-
Secure WiFi	●	●	●	●

License Service

UTM License	Feature
Web Filtering	Block access to malicious or risky websites
IPS	Deep-packet inspection against known attacks from Network
Application Patrol	Automatically categorize and manage the network application usage
Anti-Malware	Scan files at the gateway or Zyxel security cloud for malware and other threats
Collaborative Detection & Response	Automatically contain threats at the network edge
Email Security	Fast detection to block spam/phishing mail with malicious contents
SecuReporter	Cloud-based intelligent analytics and report
Security Profile Sync	An easy-to-use tool to help business sync up security profiles across multiple networks

Hospitality License	Feature
Hotspot Management	Various Network Access Control
Concurrent device	Top up allowed number of connected clients

Specifications Summary

Model	USG FLEX 100	USG FLEX 100W	USG FLEX 200	USG FLEX 500	USG FLEX 700
SPI Firewall Throughput (Mbps)	900	900	1,800	2,300	5,400
VPN Throughput (Mbps)	270	270	450	810	1,100
Max. TCP Concurrent Sessions	300,000	300,000	600,000	1,000,000	1,600,000
Max. Concurrent IPsec VPN Tunnels	40	40	100	300	500
Concurrent SSL VPN Users	30	30	60	150	150
Security Features	All Yes	All Yes	All Yes	All Yes	All Yes
VPN Features	IKEv2, IPSec, SSL, L2TP/IPSec	IKEv2, IPSec, SSL, L2TP/IPSec	IKEv2, IPSec, SSL, L2TP/IPSec	IKEv2, IPSec, SSL, L2TP/IPSec	IKEv2, IPSec, SSL, L2TP/IPSec
WLAN Management	Default 8 AP, Max 24 AP	Default 8 AP, Max 24 AP	Default 8 AP, Max 40 AP	Default 8 AP, Max 72 AP	Default 8 AP, Max 264 AP

Physical Specifications (Dimensions WxDxH / Weight)

Model	USG FLEX 100 / 100W	USG FLEX 200	USG FLEX 500	USG FLEX 700
Dimensions (mm/in.)	216 x 147.3 x 33 / 8.50 x 5.80 x 1.30	216 x 147.3 x 33 / 8.50 x 5.80 x 1.30	272 x 187 x 36 / 10.7 x 7.36 x 1.42	430 x 250 x 44 / 16.93 x 9.84 x 1.73
Weight (Kg/lb.)	0.85 / 1.87	0.85 / 1.87	1.4 / 3.09	3.3 / 7.28

Environmental Specifications

Parameter	Value
Operating Temperature	0°C to 40°C / 32°F to 104°F
Operating Humidity	10% to 90% (non-condensing)
Storage Temperature	-30°C to 70°C / -22°F to 158°F
Storage Humidity	10% to 90% (non-condensing)

Wireless Specifications (USG FLEX 100W)

Specification	Value
Standard Compliance	802.11 a/b/g/n/ac
Wireless Frequency	2.4 / 5 GHz
SSID Number	8
Max Transmit Power (Max. total channel)	25 dBm (2.4 GHz), 25 dBm (5 GHz)
No. of Antenna	3 detachable antennas
Antenna Gain	2 dBi @ 2.4GHz, 3 dBi @ 5 GHz
Data Rate	802.11n: up to 450Mbps; 802.11ac: up to 1300Mbps
Frequency Band (IEEE 802.11 b/g/n)	2.4 GHz: USA (FCC): 2.412 to 2.462 GHz; Europe (ETSI): 2.412 to 2.472 GHz; TWN (NCC): 2.412 to 2.462 GHz
Frequency Band (IEEE 802.11 a/n/ac)	5 GHz: USA (FCC): 5.150 to 5.250 GHz, 5.250 to 5.350 GHz, 5.470 to 5.725 GHz, 5.725 to 5.850 GHz; Europe (ETSI): 5.15 to 5.35 GHz, 5.470 to 5.725 GHz; TWN (NCC): 5.15 to 5.25 GHz, 5.25 to 5.35 GHz, 5.470 to 5.725 GHz, 5.725 to 5.850 GHz
Receive Sensitivity (2.4 GHz)	11 Mbps ≤ -87 dBm; 54 Mbps ≤ -74 dBm
Receive Sensitivity (5 GHz)	54 Mbps ≤ -74 dBm; HT40, MCS23 ≤ -68 dBm; VHT40, MCS9 ≤ -62 dBm

Software Features

Security Service

Firewall: ICSA-certified corporate firewall, routing and transparent (bridge) modes, stateful packet inspection, user-aware policy enforcement, SIP/H.323 NAT traversal, ALG support, protocol anomaly detection, traffic anomaly detection, flooding detection, DoS/DDoS protection.
Unified Security Policy: Unified policy management interface, supports Content Filtering, Application Patrol, Firewall (ACL/SSL), policy criteria: zone, source and destination IP address, user, time.
Intrusion Detection and Prevention (IDP): Routing and transparent (bridge) mode, signature-based and behavior-based scanning, customized signatures, automatic signature updates.
Application Patrol: Granular control over important applications, identifies and controls application behavior, supports 30+ application categories, user authentication, real-time statistics and reports.
Anti-Malware: Stream-based scan engine (Stream Mode), supports HTTP, FTP, SMTP, and POP3 protocols, no file size limitation, automatic signature updates.
E-mail Security: Transparent mail interception via SMTP and POP3, spam and phishing mail detection, blacklist and whitelist support, supports DNSBL checking.
URL Threat Filter: Botnet C&C websites blocking, malicious URL blocking, supports external URL blacklist.
Content Filtering: HTTPS domain filtering, SafeSearch support, whitelist websites enforcement, URL blacklist and whitelist with keyword blocking, customizable warning messages and redirect URL, customizable Content Filtering block page, URL categories increased to 111, CTIRU support.

VPN and Networking

VPN Features

IPSec VPN: Key management (IKEv1, IKEv2), encryption (DES, 3DES, AES), authentication (MD5, SHA1, SHA2), perfect forward secrecy, PSK and PKI support, NAT traversal, Dead Peer Detection, route-based VPN, high availability, GRE over IPSec, NAT over IPSec, L2TP over IPSec, Zyxel VPN client provisioning.
SSL VPN: Supports Windows and Mac OS X, full tunnel mode, 2-Factor authentication.

Networking

WLAN Management: Supports AP Controller (APC) version 3.60, 802.11ax Wi-Fi 6, WPA3 support, 802.11k/v/r support, Wireless L2 isolation, auto AP FW update, scheduled WiFi service, dynamic channel selection, client steering, auto healing, customizable captive portal page, WiFi Multimedia (WMM) QoS, CAPWAP discovery protocol, multiple SSID with VLAN, ZyMesh support, AP forward compatibility, Rogue AP Detection.

Management and Connectivity

Mobile Broadband

WAN connection failover via 3G and 4G USB modems, auto fallback when primary WAN recovers.

IPv6 Support

Dual stack, IPv4 tunneling (6rd, 6to4), SLAAC, static IP address, DNS, DHCPv6 server/client, static/policy route, IPSec (IKEv2 6in6, 4in6, 6in4).

Connection

Routing, bridge, hybrid modes, Ethernet, PPPOE, NAT, NAT Virtual Server Load Balancing, VLAN tagging, virtual interface, policy-based routing, policy-based NAT, GRE, dynamic routing (RIP, OSPF, BGP), DHCP client/server/relay, dynamic DNS, WAN trunking, per host session limit, guaranteed/maximum bandwidth, priority-bandwidth utilization, bandwidth limit per user/IP, bandwidth management by application, Link Aggregation support.

Nebula Cloud Management

Unlimited registration & central management (configuration, monitoring, dashboard, location map, floor plan visual) of Nebula devices.
Network Function Scheduling (SSID/ PoE/Firewall Rules).
MAC-Based and 802.1X Authentication.
Captive Portal Authentication.

Authentication

Local user database, external user database (Active Directory, RADIUS, LDAP), IEEE 802.1x authentication, captive portal web authentication.
XAUTH, IKEv2 with EAP VPN authentication, IP-MAC address binding, SSO support, 2-factor authentication with Google Authenticator.

System Management

Role-based administration, multi-lingual Web GUI, command line interface, SNMP v1, v2c, v3, system configuration rollback, configuration auto backup, firmware upgrade (FTP, FTP-TLS, Web GUI), new firmware notify and auto upgrade, dual firmware images, Cloud CNM SecuManager.

Logging and Monitoring

Comprehensive local logging, Syslog (up to 4 servers), email alerts (up to 2 servers), real-time traffic monitoring, built-in daily report, Cloud CNM SecuReporter.

Access Point Compatibility

Secure Tunnel for Remote AP

Functions	Remote AP	Number of Tunnel Mode AP	Supported Remote AP
ATP	ATP100(W)	6	WAX650S, WAX610D, WAX510D, WAC500, WAC500H
	ATP200	10
	ATP500	18
	ATP700	66
	ATP800	130
USG FLEX	USG FLEX100(W)	6
	USG FLEX200	10
	USG FLEX500	18
	USG FLEX700	66
VPN	VPN50	10
	VPN100	18
	VPN300	66
	VPN1000	258

Managed AP Service

Product	Unified AP	Unified Pro AP
Models	NWA5301-NJ, NWA5121-NI, NWA5123-AC HD, NWA5123-AC, NWA5123-NI	WAC5302D-S, WAX510D, WAC5302D-Sv2, WAC500, WAC500H*, WAC6303D-S, WAC6553D-E	WAC6103D-I, WAC6503D-S, WAC6502D-E, WAC6502D-S, WAX650S, WAC610D*

Functions

Function	Value
Central management	Yes
Auto provisioning	Yes
Data forwarding	Local bridge
ZyMesh	Yes

Service Gateway Printer (SP350E)

The SP350E Service Gateway Printer is designed for hotspot management. It features a 58mm paper roll width, 10/100 Mbps RJ-45 port, and supports various Zyxel models including USG FLEX 200, 500, 700, and VPN series.

Optional Transceivers

A range of optional transceivers are available for enhanced connectivity, including SFP+ and Gigabit modules for multi-mode and single-mode fiber, supporting various distances and DDMI.

	Zyxel ZyWALL USG FLEX Firewall Series: Comprehensive Security and Connectivity Explore the Zyxel ZyWALL USG FLEX Firewall series, offering advanced security features, cloud management, and robust performance for small to mid-sized businesses. Learn about its multi-layered protection, zero-trust security, and seamless integration with Nebula.
	Zyxel USG FLEX Series User's Guide: Setup, Configuration, and Management Explore the Zyxel USG FLEX Series User's Guide for detailed instructions on setting up, configuring, and managing your network security gateway. Learn about VPNs, security features, and cloud management.
	Zyxel ZyWALL USG FLEX Firewall Series Datasheet Datasheet for the Zyxel ZyWALL USG FLEX Firewall series, detailing models 100, 100W, 200, 500, and 700. Features include precise protection, flexible subscriptions, high assurance multi-layered security, performance boosts, and comprehensive connectivity for businesses.
	Zyxel ZyWALL USG FLEX 100/100W/200/500/700 Datasheet Explore the Zyxel ZyWALL USG FLEX series, a powerful and flexible firewall solution offering advanced threat protection, high performance, and scalable security subscriptions for businesses.
	Zyxel USG FLEX H Series Handbook Comprehensive handbook detailing the setup, configuration, and management of Zyxel USG FLEX H Series firewalls, covering VPNs, security services, authentication, and Nebula integration.
	Zyxel USG FLEX H Series Release Note V1.35 Patch 1 Detailed release notes for the Zyxel USG FLEX H Series Security Firewall, version V1.35 Patch 1, covering new features, bug fixes, supported platforms, and known issues.
	Zyxel USG FLEX H Series Release Note V1.35 Patch 1 Details the firmware release notes for Zyxel USG FLEX H Series Security Firewalls, version V1.35 Patch 1, including supported platforms, new features, bug fixes, and known issues.
	Zyxel USG FLEX H Series Release Note V1.35 Patch 1 Details the firmware release notes for the Zyxel USG FLEX H Series Security Firewall, version V1.35 Patch 1, including new features, bug fixes, supported platforms, and known issues.