Zyxel ZyWALL USG FLEX Firewall Series

Precise protection. Flexible subscription.

Overview

Introducing the latest USG FLEX Series – USG FLEX, delivering higher levels of performance and flexibility. The USG FLEX platform continues its tradition of providing the latest, leading technologies, all while offering a complete suite of security subscriptions with seamless, scalable gateway connectivity. Zyxel aims to provide a top-of-the-line experience for all business owners.

Benefits

Higher precision detection uncovers threats: Zyxel Security Cloud continuously learns from collected threat information. The USG FLEX series supports advanced Anti-Malware with cloud query express mode, expanding billions of signatures. The cloud query with high detection rate helps verify file hashes within seconds.
Precise detection with cloud query express mode
High assurance multi-layered protection
Boosts up to 125% firewall performance and 500% UTM performance
Flexible subscription options for your security needs
Robust SSL, IPSec, and L2TP over IPSec VPN connectivity and VPN high availability (HA)
Enabled hospitality features with hotspot, AP management, and concurrent device upgrades

The USG FLEX firewall integrates threat intelligence from leading companies and organizations in the cybersecurity field for scaled information about file and real-time threat data. By leveraging a wider malware coverage with multiple-sourced databases, this increases the accuracy in threat detection. Web Filtering is also included to safeguard all internet access, especially with CTIRU (Counter-Terrorism Internet Referral Unit) to restrict access to terrorist materials online.

USG FLEX is designed with multi-layer protection against multiple types of threats from both internal and external sources. URL Threat Filter, Anti-Malware, and Intrusion Prevention block external attacks, while Application Patrol and Web Filtering empower users to restrict inappropriate application usage or web access. It eliminates blind spots in all encrypted traffic with SSL inspection, supporting TLS 1.3, thus safeguarding your network without any unattended gaps.

The newly designed platform offers up to 125% firewall performance and maximizes UTM performance by minimizing computing power usage, achieving an additional 500% UTM performance with cloud query express mode.

USG FLEX security services transform your firewall into a comprehensive security solution. Add Unified Threat Management (UTM) and Hospitality bundled services to get the protection and connectivity that meet your network needs. You can also choose from a single license whenever required, such as Web Filtering, Anti-Malware, SecuReporter Premium, and more.

Analytics and Insights

The USG FLEX series dashboard provides user-friendly traffic summaries and threat statistic visuals. Utilize SecuReporter for further threat analysis with its correlation feature design, making it easy to proactively track network status and prevent future threat events. It offers centralized visibility of network activities for easy management of multiple clients.

Connectivity and Remote Access

ZyWALL USG FLEX series not only protects your network but also supports Hospitality features including Hotspot, AP management with WiFi 6 support, and concurrent device upgrades. You can purchase time-based bundles or quantity-based licenses to optimize your initial investment and scale your environment.

As demands for remote access and work-from-home increase, USG FLEX offers IPsec, SSL, or L2TP based VPNs to provide flexible secure network options for common operating systems. The Setup Wizard simplifies VPN connection in just four steps. USG FLEX series is also validated by Microsoft Azure and AWS for SMB convenience, enabling hybrid networks by combining onsite and cloud-based infrastructure.

Specifications

Model	USG FLEX 100	USG FLEX 100W	USG FLEX 200	USG FLEX 500	USG FLEX 700
WiFi Standard	-	802.11 a/b/g/n/ac	-	-	-
10/100/1000 Mbps RJ-45 ports	4 x LAN/DMZ, 1 x WAN, 1 x SFP	4 x LAN/DMZ, 1 x WAN, 1 x SFP	4 x LAN/DMZ, 2 x WAN, 1 x SFP	7 (configurable), 1 x SFP (configurable)	12 (configurable), 2 x SFP (configurable)
USB3.0 ports	1	1	2	2	2
Console port	Yes (RJ-45)	Yes (RJ-45)	Yes (DB9)	Yes (DB9)	Yes (DB9)
Rack-mountable	Yes	Yes	Yes	Yes	Yes
Fanless	Yes	Yes	Yes	-	-
SPI firewall throughput (Mbps)	900	900	1,800	2,300	5,400
VPN throughput (Mbps)	270	270	450	810	1,100
VPN IMIX throughput (Mbps)	100	100	160	240	550
IDP throughput (Mbps)	540	540	1,100	1,500	2,000
AV throughput (Mbps)	360	360	570	800	1,450
UTM throughput (AV and IDP)	360	360	550	800	1,350
Max. TCP concurrent sessions	300,000	300,000	600,000	1,000,000	1,600,000
Max. concurrent IPsec VPN tunnels	40	40	100	300	500
Concurrent SSL VPN users	30	30	60	150	150
VLAN interface	8	8	16	64	128
Concurrent devices logins (default/max.)	64/64	64/64	64/200	200/300	500/800
SPI firewall throughput (Mbps) (Speedtest)	760	760	810	810	840
Managed AP number (default/max.)	8/24	8/24	8/40	8/72	8/264
Recommend max. AP in 1 AP Group	10	10	20	60	200
Anti-Malware	Yes	Yes	Yes	Yes	Yes
IPS (IDP)	Yes	Yes	Yes	Yes	Yes
Application Patrol	Yes	Yes	Yes	Yes	Yes
Email Security	Yes	Yes	Yes	Yes	Yes
Web filtering (CF)	Yes	Yes	Yes	Yes	Yes
SecuReporter Premium	Yes	Yes	Yes	Yes	Yes
VPN	IKEv2, IPSec, SSL, L2TP/IPSec	IKEv2, IPSec, SSL, L2TP/IPSec	IKEv2, IPSec, SSL, L2TP/IPSec	IKEv2, IPSec, SSL, L2TP/IPSec	IKEv2, IPSec, SSL, L2TP/IPSec
SSL (HTTPS) inspection	Yes	Yes	Yes	Yes	Yes
2-Factor Authentication	Yes	Yes	Yes	Yes	Yes
Hotspot Management	Yes	Yes	Yes	Yes	Yes
Ticket printer support/ Support Q'ty (max.)	-	-	Yes (SP350E)/10	Yes (SP350E)/10	Yes (SP350E)/10
Microsoft Azure	Yes	Yes	Yes	Yes	Yes
Amazon VPC	Yes	Yes	Yes	Yes	Yes
Device HA Pro	-	-	-	Yes	Yes
Link Aggregation (LAG)	-	-	-	Yes	Yes

Hardware Bundled with Licenses

License Type	UTM Security Pack (1Year +30-Day trial)	Hospitality Pack (30-Day trial)	Single (À La Carte) License
Included Services	Web Filtering, IPS(IDP), Application Patrol, Anti-Malware, Email Security, SecuReporter	Managed AP Service, Hotspot Management*, Concurrent device	Web Filtering1, Anti-Malware (1YR/2YRS), Managed AP Service (Quantity Based), Hotspot Management (Perpetual), Concurrent device (Quantity Based2)

* Hotspot Management is available on USG FLEX 200/500/700 only.

*1: Will include Email Security license service.

*2: Allowing additional connected clients is available to USG FLEX 500/700 only.

License Service

License Type	Feature
UTM License	Web Filtering: Block access to malicious or risky web sites IPS(IDP): Deep-packet inspection against known attacks from Network Application Patrol: Automatically categorize and manage network application usage Anti-Malware: Scan files at the gateway or Zyxel security cloud for malware and other threats Email Security: Fast detection to block spam/phishing mail with malicious contents SecuReporter: Cloud-based intelligent analytics and report
Hospitality License	Managed AP Service: AP auto discovery and provisioning Hotspot Management: Various Network Access Control Concurrent device: Top up allowed number of connected clients

License Type

Feature

UTM License

Web Filtering: Block access to malicious or risky web sites
IPS(IDP): Deep-packet inspection against known attacks from Network
Application Patrol: Automatically categorize and manage network application usage
Anti-Malware: Scan files at the gateway or Zyxel security cloud for malware and other threats
Email Security: Fast detection to block spam/phishing mail with malicious contents
SecuReporter: Cloud-based intelligent analytics and report

Hospitality License

Managed AP Service: AP auto discovery and provisioning
Hotspot Management: Various Network Access Control
Concurrent device: Top up allowed number of connected clients

Software Features

Security Service

Firewall: ICSA-certified corporate firewall, Routing and transparent (bridge) modes, Stateful packet inspection, User-aware policy enforcement, SIP/H.323 NAT traversal, ALG support for customized ports, Protocol anomaly detection and protection, Traffic anomaly detection and protection, Flooding detection and protection, DoS/DDoS protection.
Unified Security Policy: Unified policy management interface, Support Content Filtering, Application Patrol, firewall (ACL/SSL), Policy criteria: zone, source and destination IP address, user, time.
Intrusion Detection and Prevention (IDP): Routing and transparent (bridge) mode, Signature-based and behavior based scanning, Customized signatures supported, Automatic signature updates.
Application Patrol: Granular control over most important applications, Identifies and controls application behavior, Supports 30+ application categories, Supports user authentication, Real-time statistics and reports.
Anti-Malware: Stream-based scan engine (Stream Mode), HTTP, FTP, SMTP, and POP3 protocol supported, No file size limitation, Automatic signature updates.
E-mail Security: Transparent mail interception via SMTP and POP3 protocols, Spam and Phishing mail detection, Blacklist and whitelist support, Supports DNSBL checking.
URL Threat Filter: Botnet C&C websites blocking, Malicious URL blocking, Supports External URL blacklist.

Content Filtering

HTTPs domain filtering, SafeSearch support, Whitelist websites enforcement, URL blacklist and whitelist with keyword blocking, Customizable warning messages and redirect URL, Customizable Content Filtering block page, URL categories increased to 111, CTIRU (Counter-Terrorism Internet Referral Unit) support.

IP Exception

Provides granular control for target source and destination IP, Supports security service scan bypass for IDP, Anti-Malware and URL Threat Filter.

VPN

IPSec VPN: Key management (IKEv1, IKEv2), Encryption (DES, 3DES, AES), Authentication (MD5, SHA1, SHA2), Perfect forward secrecy support, PSK and PKI (X.509) certificate support, IPSec NAT traversal (NAT-T), Dead Peer Detection (DPD), VPN concentrator, Route-based VPN Tunnel Interface (VTI), VPN high availability (Failover, LB), GRE over IPSec, NAT over IPSec, L2TP over IPSec, Zyxel VPN client provisioning, Support iOS L2TP/IKE/IKEv2 VPN client provision.
SSL VPN: Supports Windows and Mac OS X, Supports full tunnel mode, Supports 2-Factor authentication.

Networking

WLAN Management: Supports AP Controller (APC) version 3.60, 802.11ax Wi-Fi 6 AP and WPA3 support, 802.11k/v/r support, Wireless L2 isolation, Supports auto AP FW update, Scheduled WiFi service, Dynamic Channel Selection (DCS), Client steering for 5 GHz priority and sticky client prevention, Auto healing, Customizable captive portal page, WiFi Multimedia (WMM) wireless QoS, CAPWAP discovery protocol, Multiple SSID with VLAN, Supports ZyMesh, Support AP forward compatibility, Rogue AP Detection.
Mobile Broadband: WAN connection failover via 3G and 4G* USB modems, Auto fallback when primary WAN recovers.
IPv6 Support: Dual stack, IPv4 tunneling (6rd and 6to4 transition tunnel), SLAAC, static IP address, DNS, DHCPv6 server/client, Static/Policy route, IPSec (IKEv2 6in6, 4in6, 6in4).
Connection: Routing mode, bridge mode and hybrid mode, Ethernet and PPPoE, NAT and PAT, NAT Virtual Server Load Balancing, VLAN tagging (802.1Q), Virtual interface (alias interface), Policy-based routing (user-aware), Policy-based NAT (SNAT), GRE, Dynamic routing (RIPv1/v2 and OSPF, BGP), DHCP client/server/relay, Dynamic DNS support, WAN trunk for more than 2 ports, Per host session limit, Guaranteed bandwidth, Maximum bandwidth, Priority-bandwidth utilization, Bandwidth limit per user, Bandwidth limit per IP, Bandwidth management by application, Link Aggregation support*1.

Management

Authentication: Local user database, External user database (Microsoft Windows Active Directory, RADIUS, LDAP), IEEE 802.1x authentication, Captive portal Web authentication, XAUTH, IKEv2 with EAP VPN authentication, IP-MAC address binding, SSO (Single Sign-On) support, Supports 2-factor authentication with Google Authenticator as the second factor for administrator account.
System Management: Role-based administration, Multi-lingual Web GUI (HTTPS and HTTP), Command line interface (console, web console, SSH and telnet), SNMP v1, v2c, v3, System configuration rollback, Configuration auto backup, Firmware upgrade via FTP, FTP-TLS and Web GUI, New firmware notify and auto upgrade, Dual firmware images, Cloud CNM SecuManager.
Logging and Monitoring: Comprehensive local logging, Syslog (to up to 4 servers), Email alerts (to up to 2 servers), Real-time traffic monitoring, Built-in daily report, Cloud CNM SecuReporter.

Access Point Compatibility List

Product	Models	Unified AP	Unified Pro AP
		NWA5301-NJ, NWA5121-NI, NWA5123-AC HD, NWA5123-AC, NWA5123-NI, WAC5302D-S, WAX510D, WAC500, WAC500H	WAC6103D-I, WAC6503D-S, WAC6502D-E, WAC6552D-S, WAC6502D-S, WAC6303D-S, WAC6553D-E, WAX650S, WAX610D*
Functions	Central management	Yes	Yes
	Auto provisioning	Yes	Yes
	Data forwarding	Local bridge	Local bridge/Data tunnel
	ZyMesh	Yes	Yes

* From APC3.0, commercial gateways supporting APC technology are able to recognize APs with FW release higher than APC3.0 as Forward Compatible APs. Resellers can introduce newly-available Zyxel APs with basic features supported without upgrading any new controller firmware.

	Zyxel ZyWALL USG FLEX Firewall Series: Comprehensive Security and Connectivity Explore the Zyxel ZyWALL USG FLEX Firewall series, offering advanced security features, cloud management, and robust performance for small to mid-sized businesses. Learn about its multi-layered protection, zero-trust security, and seamless integration with Nebula.
	Zyxel ZyWALL USG FLEX 100/100W/200/500/700 Datasheet Explore the Zyxel ZyWALL USG FLEX series, a powerful and flexible firewall solution offering advanced threat protection, high performance, and scalable security subscriptions for businesses.
	Zyxel SecuReporter User's Guide Explore the Zyxel SecuReporter User's Guide for comprehensive insights into managing network security. Learn to aggregate logs, analyze security events, and gain real-time visibility with this cloud-based analytics tool from Zyxel.
	Zyxel USG FLEX Firewall Series: Advanced Security and Performance Explore the Zyxel USG FLEX Firewall series, offering enhanced security, high performance, and flexible cloud management for small to mid-sized businesses. Learn about features like Zero-Trust Network Security, multi-layered protection, and advanced threat intelligence.
	Zyxel USG FLEX H Series Handbook Comprehensive handbook detailing the setup, configuration, and management of Zyxel USG FLEX H Series firewalls, covering VPNs, security services, authentication, and Nebula integration.
	Zyxel USG FLEX Series User's Guide: Setup, Configuration, and Management Explore the Zyxel USG FLEX Series User's Guide for detailed instructions on setting up, configuring, and managing your network security gateway. Learn about VPNs, security features, and cloud management.
	Zyxel USG FLEX H Series User's Guide Comprehensive user guide for Zyxel USG FLEX H Series network security gateways, covering setup, configuration, management, and features like VPN, security policies, and monitoring.
	Zyxel USG FLEX H Series Release Note V1.35 Patch 1 Detailed release notes for the Zyxel USG FLEX H Series Security Firewall, version V1.35 Patch 1, covering new features, bug fixes, supported platforms, and known issues.