VPN typu site-to-site and remote access (server role) USG20-VPN — Zyxel Community
USG20-VPN/USG20W-VPN VPN Firewall The latest USG20-VPN/USG20(W)-VPN is equipped with one single cloud management platform while strengthening the robust VPN connections across the branch offices and chain stores with an easy-to-use, integrated security solution designed specifically for your needs. USG20(W)-VPN delivers the best-of-breed protection without the cost or complexity. Benefits Nebula Together The USG20-VPN/USG20W-VPN is now part of the Nebula cloud management family with the same easy management interface and streamlined configuration & updates. The network functions and management services are pushed to the cloud and are optimized for managing distributed networks. Flexible to adapt to On Premises or Nebula cloud Manage all distributed networks from one single screen Web Filtering protects you from undesirable content Device Insight provides better visibility and control Analytics report and enhanced insights Datasheet USG20-VPN/USG20W-VPN COMMUNITY BIZ FORUM Secure Retail/Branch Network The USG20-VPN/USG20W-VPN provides comprehensive VPN connection types including IKEv2 & IPsec VPN. All offer customers secured remote connections. IPsec VPN hardware engine for high-efficiency VPN tunnel. VPN load balance/failover with IKEv2 ensures strong VPN reliability and security for your business. Centralized Provisioning from Nebula With Zero-Touch deployment and simplified centralized management, installation and operation is no longer a hassle. After being registered to a network, the USG20-VPN/ USG20W-VPN will automatically be discovered when it's connected, then the preconfigured settings are automatically applied. The USG20-VPN/USG20W-VPN is designed specifically for the needs of small business and branch locations, delivering enterprise-class security. Advanced networking and security features like Web Filtering, Security Profile Sync, and SecuReporter improves security by blocking access to malicious or risky websites, along with controlled access with integrated firewall policy for highly granular blocking and filtering, creating a unified security solution for both wired and wireless networks. The USG20-VPN/USG20W-VPN helps customers to comply with regulations by offering log archiving service without the need for additional hardware and software installation. All from One Place with Ease From access points, switches, security gateways and firewalls, all Nebula devices are managed through the cloud using an intuitive interface that allows you to configure, manage, and troubleshoot all distributed networks from one single screen without the complexity of remote site access. Comprehensive Content Filtering Service USG20-VPN/USG20W-VPN delivers enhanced content filtering functionality and security through its powerful combination of both reputation and category-based filtering. The dynamic content categorization analyzes the content of a previously unknown website and domain, then determines if it belongs to an undesirable category including gambling, pornography, games, and many others. A newly added DNS content filter offers a better approach to inspect web access, particularly when the website is deploying ESNI (Encrypted Server Name Indication) where the traditional URL filtering is not applicable to the destination domain. Datasheet USG20-VPN/USG20W-VPN 2 Deep Insight Into All Your Devices Device Insight gives you more visibility of your networks including wired, wireless, BYOD, and IoT devices. Enable it to identify devices with distinct security segments down to individual level. Device insights also detect vulnerabilities that are associated with those devices. It helps SMB(s) to reduce the number of human hours spent on investigation. Continuing with our goal of providing our customers with increased visibility, Zyxel SecuReporter gives your organization comprehensive endpoint inventory dashboard. Analytics Report and Enhanced Insights USG20-VPN/USG20W-VPN dashboard gives user-friendly traffic summary and threat visual statistics. Utilize SecuReporter for further threat analysis with correlation feature design, making it easy to proactively trackback network status to prevent the next threat event. Centralized visibility of network activities for you to easily manage multiple clients. Simplified Management Procedure Managing complex configuration settings can be confusing and time-consuming. Zyxel USG20-VPN/USG20W-VPN provides an "easy mode" setting in the GUI for entry-level and SOHO users. Easy mode provides an icon-based feature set and attractive dashboard to simplify management and monitoring of the device. Application and function settings also have integrated wizards for user-friendly setup. Zyxel USG20-VPN/USG20W-VPN easy mode helps entry-level users and SOHO users effortlessly take advantage of high-speed and secure networking. Zyxel One Network Experience Aiming for relieving our customers from repetitive operations of deploying and managing a network, Zyxel One Network is designed to simplify the configuration, management, and troubleshooting, allowing our customers to focus on the business priorities. Zyxel One Network presents an easy-to-use tool, Zyxel One Network Utility (ZON Utility), to realize speed network setup. Zyxel Smart Connect allows Zyxel networking equipment to be aware and recognize each other and further facilitating the network maintenance via one-click remote functions such as factory reset or power cycling. Zyxel One Network redefines the network integration across multiple networking products from switch to WiFi AP and to Gateway. Datasheet USG20-VPN/USG20W-VPN 3 Licenses Licensed Pack The USG20-VPN/USG20W-VPN provides an indispensable feature set to perfectly fit small business requirements as well as to gain essential security services needed to protect against cyberattacks. Nebula Control Center (NCC) offers multiple subscription options to meet customers' needs. The Nebula Plus/Professional Pack gives you some peace of mind at more control over your network updates and visibility, or even the most advanced management of cloud networking. On Premises Feature Included Nebula Feature Included Service / Component On Premises Content Filter Pack Web Filtering SecuReporter Security Profile Sync Network Premium Nebula Professional Pack Nebula Professional Pack Service Nebula Plus Pack Nebula Plus Pack Service *: Please contact your local customer service if you can't use your content filter license with Nebula. On Cloud Specifications Model Product photo USG20-VPN USG20W-VPN Hardware Specifications 10/100/1000 Mbps RJ-45 ports USB ports Console port Rack-mountable Fanless System Capacity & Performance*1 SPI firewall throughput*2 (Mbps) VPN throughput (Mbps) VPN IMIX Throughput (Mbps)*3 Max. TCP concurrent sessions*5 Max. concurrent IPsec VPN tunnels*6 Recommended gateway-to-gateway IPsec VPN tunnels VLAN interface Speed Test Performance SPI firewall throughput*9 (Mbps) Key Features Security Service Content Filtering*7 SecuReporter*7 2-Factor Authentication Device Insight Security Profile Synchronize (SPS)*7 4 x LAN/DMZ, 1 x WAN, 1 x SFP 1 Yes (RJ-45) N/A Yes 350 90 40 20,000 10 5 8 320 Yes Yes Yes Yes Yes 4 x LAN/DMZ, 1 x WAN, 1 x SFP 1 Yes (RJ-45) N/A Yes 350 90 40 20,000 10 5 8 320 Yes Yes Yes Yes Yes Datasheet USG20-VPN/USG20W-VPN 4 Model USG20-VPN Key Features VPN Features VPN IKEv2, IPSec, L2TP/IPSec Microsoft Azure Yes Amazon VPC Yes Management & Nebula Cloud Mode Yes Connectivity Nebula Cloud Monitoring Mode Yes Easy Mode Yes Concurrent devices logins*8 64 Power Requirements Power input 12V DC, 2.0 A max. Max. power consumption 12 (Watt Max.) Heat dissipation (BTU/hr) 40.92 Physical Specifications Item dimensions (WxDxH) (mm/in.) 216 x 143 x 33 / 8.50 x 5.63 x 1.30 weight (kg/lb.) 0.88 / 1.94 Packing dimensions (WxDxH) (mm/in.) 276 x 185 x 98 / 10.87 x 7.28 x 3.86 weight (kg/lb.) 1.41 / 3.11 Included accessories · Power adapter · RJ-45 - RS-232 cable for console connection Environmental Specifications Operating environment Temperature Humidity Storage environment Temperature Humidity MTBF (hr) Certifications EMC Safety 0°C to 40°C / 32°F to 104°F 10% to 90% (non-condensing) - 30°C to 70°C / - 22°F to 158°F 10% to 90% (non-condensing) 1110,795(at 25°C) and 655,130(at 40°C) FCC Part 15 (Class B), IC, CE EMC (Class B), RCM, BSMI BSMI, UL USG20W-VPN IKEv2, IPSec, L2TP/IPSec Yes Yes Yes Yes Yes 64 12V DC, 2.0 A max. 18 61.38 216 x 143 x 33 / 8.50 x 5.63 x 1.30 0.94 / 2.06 (Antenna included) 276 x 185 x 98 / 10.87 x 7.28 x 3.86 1.50 / 3.31 · Power adapter · RJ-45 - RS-232 cable for console connection · Antenna 0°C to 40°C / 32°F to 104°F 10% to 90% (non-condensing) - 30°C to 70°C / - 22°F to 158°F 10% to 90% (non-condensing) 856,823 (at 25°C) and 468,457(at 40°C) FCC Part 15 (Class B), IC, CE EMC (Class B), RCM, BSMI BSMI, UL *: This matrix with firmware ZLD5.38 or later. *1: Actual performance may vary depending on system configuration, network conditions, and activated applications. *2: Maximum throughput based on RFC 2544 (1,518-byte UDP packets). *3: VPN throughput measured based on RFC 2544 (1,424-byte UDP packets); IMIX: UDP throughput based on a combination of 64 byte, 512 byte and 1424 byte packet sizes. *4: Anti-malware (with Express Mode) and IPS throughput measured using the industry standard HTTP performance test (1,460-byte HTTP packets) Testing done with multiple flows. *5: Maximum sessions measured using the industry standard IXIA IxLoad testing tool *6: Including Gateway-to-Gateway and Client-to-Gateway. *7: With Zyxel service license to enable or extend the feature capacity. *8: This is the recommend maximum number of concurrent logged-in devices. *9: The Speedtest result is conducted with 1Gbps WAN link in real world and it is subject to fluctuate due to quality of the ISP link. Datasheet USG20-VPN/USG20W-VPN 5 Wireless Specifications Model Standard compliance Wireless frequency Radio SSID number Maximum transmit power (Max. total channel) No. of antenna Antenna gain Data rate Frequency band Receive sensitivity USG20W-VPN 802.11 a/b/g/n/ac 2.4 GHz/5 GHz 1 4 US (FCC) 2.4 GHz: 25 dBm, 3 antennas US (FCC) 5 GHz: 25 dBm, 3 antennas EU (ETSI) 2.4 GHz: 20 dBm (EIRP), 3 antennas EU (ETSI) 5 GHz: 20 dBm (EIRP), 3 antennas 3 detachable antennas · 2 dBi @2.4 GHz · 3 dBi @5 GHz · 802.11n: Up to 450 Mbps · 820.11ac: Up to 1300 Mbps 2.4 GHz (IEEE 802.11 b/g/n): · USA (FCC): 2.412 to 2.462 GHz · Europe (ETSI): 2.412 to 2.472 GHz · TWN (NCC): 2.412 to 2.462 GHz 5 GHz (IEEE 802.11 a/n/ac): · USA (FCC): 5.150 to 5.250 GHz; 5.250 to 5.350 GHz; 5.470 to 5.725 GHz; 5.725 to 5.850 GHz · Europe (ETSI): 5.15 to 5.35 GHz; 5.470 to 5.725 GHz · TWN (NCC): 5.15 to 5.25 GHz; 5.25 to 5.35 GHz; 5.470 to 5.725 GHz; 5.725 to 5.850 GHz 2.4 GHz: · 11 Mbps -87 dBm · 54 Mbps -77 dBm · HT20 -71 dBm · HT40 -68 dBm 5 GHz: · 54 Mbps -74 dBm · HT40, MCS23 -68 dBm · VHT40, MCS9 -62 dBm · HT20, MCS23 -71 dBm · VHT20, MCS8 -66 dBm · VHT80, MCS9 -59 dBm Software Features Security Service Firewall · ICSA-certified corporate firewall · Routing and transparent (bridge) modes · Stateful packet inspection · SIP NAT traversal · H.323 NAT traversal*1 · ALG support for customized ports · Protocol anomaly detection and protection · Traffic anomaly detection and protection · Flooding detection and protection · DoS/DDoS protection Web Filtering · HTTPs domain filtering · SafeSearch support: Google, YouTube, and Microsoft Bing*1 · Allow List websites enforcement · URL Block and Allow List with keyword blocking · Customizable warning messages and redirect URL · Customizable Content Filtering block page · URL categories increased to 111 · CTIRU (Counter-Terrorism Internet Referral Unit) support · Support DNS base filtering (domain filtering) Geo Enforcer · Geo IP blocking · Geographical visibility on traffics statistics and logs · IPv6 address support*2 Device Insight · Agentless Scanning for discovery and classification of devicess · View all devices on the network, including wired, wireless, BYOD, IoT, and SecuExtender (remote endpoint) on SecuReporter · Visibility of network devices (switches, wireless access points, firewalls) from Zyxel or 3rd party vendors VPN IPSec VPN · Encryption: DES, 3DES, AES (256-bit) · Authentication: MD5, SHA1, SHA2 (512- bit) · Support Route-based VPN Tunnel Interface (VTI) · Key management: IKEv1 (x-auth, mode-config), IKEv2 (EAP, configuration payload) · Perfect forward secrecy (DH groups) support 1, 2, 5, 14, 15-18, 20-21 · IPSec NAT traversal (NAT-T) · Dead Peer Detection (DPD) and relay detection · PSK and PKI (X.509) certificate support · VPN concentrator · Route-based VPN Tunnel Interface (VTI) · VPN auto-reconnection · VPN high availability (Failover, LB) · L2TP over IPSec · GRE and GRE over IPSec Datasheet USG20-VPN/USG20W-VPN 6 · NAT over IPSec · SecuExtender Zero Trust VPN Client provisioning · Support native Windows, iOS/macOS and Android (StrongSwan) client provision*1 · Support 2FA Email/SMS*1 · Support 2FA Google Authenticator Networking Mobile Broadband*1 · WAN connection failover via 3G and 4G* USB modems · Auto fallback when primary WAN recovers IPv6 Support*1 · Dual stack · IPv4 tunneling (6rd and 6to4 transition tunnel) · IPv6 addressing · DNS, DHCPv6 server/client · Bridge · VLAN · PPPoE · Static/Policy route · Session control · Firewall and ADP · IPSec (IKEv2 6in6, 4in6, 6in4) · Content Filtering Connection · Routing mode · Bridge mode and hybrid mode*1 · Ethernet and PPPoE · NAT and PAT · NAT Virtual Server Load Balancing · VLAN tagging (802.1Q) · Virtual interface (alias interface) · Policy-based routing (user-aware)*1 · Policy-based NAT (SNAT) · Dynamic routing (RIPv1/v2 and OSPF, BGP)*1 · DHCP client/server/relay · Dynamic DNS support · WAN trunk for more than 2 ports · Per host session limit · Guaranteed bandwidth · Maximum bandwidth · Priority-bandwidth utilization · Bandwidth limit per user · Bandwidth limit per IP · GRE*1 · BGP Management Nebula Cloud Mode · Unlimited Registration & Central Management (Configuration, Monitoring, Dashboard, Location Map & Floor Plan Visual) of Nebula Devices · Zero Touch Auto-Deployment of Hardware/Configuration from Cloud · Over-the-air Firmware Management · Central Device and Client Monitoring (Log and Statistics Information) and Reporting · Security Profile Sync Nebula Cloud Monitoring Mode · Monitor device on/off status · Firmware upgrade operation · Manage firewall licenses · Access remote GUI (requires Nebula Pro Pack) · Backup and restore firewall configurations (requires Nebula Pro Pack) Authentication · Local user database · Cloud user database*2 · Built-in user database · External user database: Microsoft Windows Active Directory, RADIUS, LDAP · IEEE 802.1x authentication · Captive portal Web authentication · XAUTH, IKEv2 with EAP VPN authentication · Web-based authentication · Forced user authentication (transparent authentication) · IP-MAC address binding · SSO (Single Sign-On) support*1 · Supports 2-factor authentication Google Authenticator SMS/Email System Management · Role-based administration · Multiple administrator logins · Supports Cloud Helper · Multi-lingual Web GUI (HTTPS and HTTP) · Command line interface (console, Web console, SSH and telnet)*1 · SNMP v1, v2c, v3 · System configuration rollback*1 · Configuration auto backup*1 · Firmware upgrade via FTP, FTP-TLS, and web GUI*1 · Dual firmware images · Cloud CNM SecuManager*1 Logging/Monitoring · Comprehensive local logging · Syslog (send to up to 4 servers) · Email alerts (send to up to 2 servers) · Real-time traffic monitoring · System status monitoring · Built-in daily report · Cloud CNM SecuReporter Zyxel One Network · ZON Utility IP configuration Web GUI access Firmware upgrade Password configuration · Smart Connect Location and System Name update Discover neighboring devices One-click remote management access to the neighboring Zyxel devices Subscription Services · Content Filter Pack Web Filtering SecuReporter Security Profile Sync · Nebula Professional Pack · Nebula Plus Pack *: For specific models supporting the 3G and 4G dongles on the list, please refer to the Zyxel product page at 3G dongle document *1: Only supported in On Premises Mode *2: Only supported in Nebula Cloud Mode Datasheet USG20-VPN/USG20W-VPN 7 Accessories Transceivers (Optional) Model SFP10G-SR* SFP10G-LR* SFP-1000T Speed 10-Gigabit SFP+ 10-Gigabit SFP+ Gigabit SFP-LX-10-D Gigabit SFP-SX-D Gigabit SFP-BX1310-10-D*1 Gigabit SFP-BX1490-10-D*1 Gigabit Connector Duplex LC Duplex LC RJ-45 Single LC Single LC Single LC Single LC Wavelength 850 nm 1310 nm - 1310 nm 850 nm 1310 nm(TX) 1490 nm(RX) 1490 nm(TX) 1310 nm(RX) Max. Distance 300 m/ 328 yd 10 km/ 10936 yd 100 m/ 109 yd 10 km/ 10936 yd 500 m/ 601 yd 10 km/ 10936 yd 10 km/ 10936 yd *:only USG2200 series supports 10-Gigabit SFP+ *1: SFP-BX1310-10-D & SFP-BX1490-10-D, SFP-BX1310-E & SFP-BX1550-E must be used in pairs. Optical Fiber Type DDMI Multi Mode Yes Single Mode Yes Multi Mode - Single Mode Yes Multi Mode Yes Single Mode Yes Single Mode Yes For more product information, visit us on the web at www.zyxel.com Copyright © 2024 Zyxel and/or its affiliates. All rights reserved. All specifications are subject to change without notice. Datasheet USG20-VPN/USG20W-VPN 20/12/24Adobe PDF Library 17.0 Adobe InDesign 19.5 (Windows)