USG FLEX 500

USG FLEX Firewall

Flexible Deployment with Precise Protection.

The latest USG FLEX 500 provides one single management platform on the cloud while expanding and strengthening the protection from firewalls to access points with automatic responses. The newly designed USG FLEX Series is capable of minimizing computing power usage and maximizing firewall performance, delivering up to 5x UTM performance with cloud flexibility and collaborative protection to help connect and secure small or mid-sized business users.

USG FLEX firewalls, the new addition to the Nebula cloud management family, strongly empowers the full-blown Zyxel Security Matrix in Nebula, further optimizing Nebula with holistic security and protection for SMB business networks. Zyxel provides a centralized provisioning security policy to the remote workforce from Nebula and traffic shaping eliminating the network bottleneck to fuel the best business productivity.

Zero Trust Networks Security

Remote working is here to stay, USG FLEX series applies the principles of zero trust access. It ensures the same security controls are applied to HQ, branch offices, home, or wherever your remote workers reside. Create access policy with device contextual such as OS version or device category to enforce network segmentation. This reduces the attack surface and prevents threats from spreading.

 

 

 

USG FLEX minimizes risk by adding granular policies and access authentication for the ever-growing needs of a secure workplace. Improve protection across identities, devices, applications, and network. Reduce risk and build trust across your entire digital assets.

High Assurance Multi-layered Protection

USG FLEX is designed with multi-layer protection against multiple types of threats from in and out. Multiple security services empower you to restrict users’ inappropriate application usage or web access. Zyxel offers leading-industry DNS content filter, eliminating blind spots in all encrypted traffic with TLS 1.3 without the need to deploy SSL inspection. All together safeguarding your network without any unattended gaps.

 

Simplified and Unified Licensing Experience

We know the experience from license purchase and renewals are equally important to our partners. We’ve optimized the licensing management platform and brought a consistent migration path between on-premise and our cloud platform. We make sure our partners can quickly adapt to a secure environment without the hassle but retaining the flexibility for those who need to practice the same security across networks scenarios.

Just Connect with Nebula

Comprehensive Reputation Filtering Service

USG FLEX Firewall delivers enhanced Reputation filtering functionality and security through its powerful combination of both reputation and category-based filtering. When it comes to the Zyxel Reputation Filter, we are talking about three services: IP Reputation, DNS threat Filter, and URL threat filter.

IP Reputation

Provides a database of known malicious public IP addresses that enables the gateway to take action on receiving traffic from/to an IP address on the list.

URL Threat Filter

Helps mitigate malware and phishing attacks by blocking malicious webpages by filtering the malicious traffic based on URL category.

DNS Threat Filter

If a domain has been known to be e.g. phishing before, the firewall will automatically block that domain. DNS Threat Filter is effective against any IP protocol.

Same Security Across Networks

We offer a wide array of products that allow different remote access options including firewalls for headquarters and branch offices, remote access points with Secure WiFi and VPN client for off-site employees, extending endpoint protection.

 

Safeguarding Remote Connectivity to Your Corporate Network

Businesses striking a balance on productivity and security protection becomes a priority with growing number of devices. Whether it is a wired, wireless, or a IoT device, the Secure WiFi service is used to build a secure L2 tunnel for Work-From-Home user to extend the working experience easily and securely, as if you were in the office with the safety of both two-factor authentication and secure tunnel, which boosts up productivity and eases IT support. The Secure WiFi service also unlocks the number of managed APs to maximum for the USG FLEX firewall.

 

Deep Insight Into All Your Devices

Device Insight gives you more visibility of your networks including wired, wireless, BYOD, and IoT devices. You can create access policy with device contextual such as OS version or device category to enforce network segmentation. This reduces the attack surface and prevents threats from spreading. It also helps SMB(s) reduce time spent on investigation. Continuing with our goal of providing our customers with increased visibility, Zyxel SecuReporter gives your organization comprehensive endpoint inventory dashboard.

 

Level Up Security with 2FA Network Access

Password is not enough to secure your network access. You need a second form of authentication to ensure unauthorized users can’t access your company’s databases, email accounts and more. Google Authentication allows your organizations to authenticate the identities of users accessing your networks through remote desktops and personal mobile devices.

Comprehensive Web Filtering Service

USG FLEX Firewall delivers enhanced web filtering functionality and security through its powerful combination of both reputation and category-based filtering. The dynamic content categorization analyzes the content of a previously unknown website and domain, then determines if it belongs to an undesirable category including gambling, pornography, games, and many others. A newly added DNS content filter offers a better approach to inspect web access, particularly when the website is deploying ESNI (Encrypted Server Name Indication) where the traditional URL filtering is not applicable to the destination domain.

Stay Ahead of Threats with CDR

Collaborative Detection & Response (CDR) is used to identify threats and risks posed in the more complex organization workforce, workload, and workplace. USG FLEX firewalls to Nebula provides network admins with a rule-based security policy. The firewalls detect a threat on any of the connected clients and will sync with the Nebula control center, then automatically respond to cyber threats and contain the device(s) at the edge (Wireless Access Point) of your network. It is a perfect fit for IT to address the requirements of a decentralized network infrastructure and provide automatic protection.

 

 

 

 

Analytics Report and Enhanced Insights

USG FLEX series dashboard gives user-friendly traffic summary and threat statistic visuals. UtilizeSecuReporterfor further threat analysis with correlation feature design, making it easy to proactively trackback network status to prevent the next threat event. Centralized visibility of network activities for you to easily manage multiple clients.

Comprehensive Connectivity

ZyWALL USG FLEX series not only protects your network, but it also support hospitality features including hotspot and concurrent device upgrade. You can buy time-based bundle, so only pay what you need. We also provide Wireless Health Monitor giving you visibility into the connection state of client and access point issues, allowing network administrators to easily troubleshoot issues.

Specification

Hardware Specifications
Wireless standard -
10/100/1000 Mbps RJ-45 ports 7(Configurable), 1x SFP
USB 3.0 ports 2
Console port DB9
Rack-mountable Yes
Fanless -
System Capacity & Performance*1
SPI firewall throughput(Mbps)*2 2,300
VPN throughput (Mbps) 810
VPN IMIX Throughput (Mbps)*3 240
IPS throughput (Mbps)*4 1,500
Anti-Malware throughput (Mbps)*4 800
UTM throughput (Anti-Malware & IPS, Mbps)*4 800
Max. TCP concurrent sessions*5 1,000,000
Recommended gateway-to-gateway IPsec VPN tunnels 150
Max. concurrent IPsec VPN tunnels*6 300
Concurrent SSL VPN users 150
VLAN interface 64
Wireless Specifications
Standard compliance -
Wireless frequency -
Radio -
SSID number -
No. of antenna -
Antenna gain -
Data rate -
Key Features
Security Service
Sandboxing*7 Yes
Reputation Filter*7 Yes
IPS*7 Yes
Application Patrol*7 Yes
Email Security*7 Yes
Web Filtering*7 Yes
SecuReporter*7 Yes
Collaborative Detection & Response*7 Yes
SSL (HTTPS) Inspection Yes
Geo Enforcer Yes
2-Factor Authentication Yes
Device Insight Yes
Security Profile Synchronize*7 Yes
VPN Features
VPN IKEv2, IPSec, SSL, L2TP/IPSec
Microsoft Azure Yes
Amazon VPC Yes
WLAN Management
Default Number of Managed AP 8
Recommend max. AP in 1 AP Group 60
Secure WiFi Service*7 Yes
Maximum Number of Tunnel-Mode AP 18
Maximum Number of Managed AP 72
Management & Connectivity
Nebula Cloud Mode Yes
Nebula Cloud Monitoring Mode Yes
Device HA Pro -
Link Aggregation (LAG) -
Hotspot Management*7 Yes
Ticket printer support*9/ Support Qty (max.) Yes (SP350E) / 10
Concurrent devices logins (max.) *7*8 200/300
Power
Power input 12V DC, 4.17A
Max. power consumption (watt) 24.1
Heat dissipation (BTU/hr) 82.23
Physical Specifications
Item Dimensions (WxDxH)(mm/in.): 300 x 88 x 44/16.93 x 7.4 x 1.73
Weight (kg/lb.): 1.65/3.64
Packing Dimensions (WxDxH)(mm/in.): 351 x 152 x 245/13.82 x 5.98 x 9.65
Weight (kg/lb.): 2.83/6.24
Included accessories Power adapter
Power cord
Rack mounting kit
Environmental Specifications
Operating Temperature: 0°C to 40°C / 32°F to 104°F
Humidity: 10% to 90% (non-condensing)
Storage Temperature: -40°C to 70°C/-40°F to 158°F
Humidity: 10% to 90%(non-condensing)
MTBF (hr) 529,688.2
Acoustic noise 24.5dBA on <25degC Operating Temperature 41.5dBA on full FAN speed
Certifications
EMC FCC Part 15 (Class B)
CE EMC (Class B)
C-Tick (Class B)
BSMI
Safety LVD (EN60950-1)
BSMI

Note:

*: This matrix with firmware ZLD5.37 or later.

*1: Actual performance may vary depending on system configuration, network conditions, and activated applications.

*2: Maximum throughput based on RFC 2544 (1,518-byte UDP packets).

*3: VPN throughput measured based on RFC 2544 (1,424-byte UDP packets); IMIX: UDP throughput based on a combination of 64 byte, 512 byte and 1424 byte packet sizes.

*4: Anti-malware (with Express Mode) and IPS throughput measured using the industry standard HTTP performance test (1,460-byte HTTP packets). Testing done with multiple flows.

*5: Maximum sessions measured using the industry standard IXIA IxLoad testing tool.

*6: Including Gateway-to-Gateway and Client-to-Gateway.

*7: With Zyxel service license to enable or extend the feature capacity.

*8: This is the recommended maximum number of concurrent logged-in devices.

*9: With Hotspot Management license support.

*10: USG FLEX 100 rev1 is adopting a new hardware design equipped with 4 x LAN/DMZ, 1 x WAN.

 

* License subscription fee and permits may vary by country.
* All specifications are subject to change without notice.

 

More Data Sheet

Two Device Purchase Options
Bundled with UTM Device Only
Gold Security Pack No License Included*3
UTM Security Pack*1 No License Included*3
Hospitality Pack No License Included*3
Nebula Pro Pack*2 No License Included*3No License Included*3
Nebula Plus Pack No License Included*3
Secure WiFi No License Included*3

● Applicable on cloud mode

● Applicable on premises mode

*: Default bundle with UTM Security Pack is only applicable on USG FLEX100/100W/200/500/700

*1: UTM Security Pack gives additional 30-day trial of service on top of its formal 1-year license duration.

*2: 1-year Nebula Pro Pack is given free to USG FLEXs that are default bundled with UTM Security Pack

*3: Without UTM bundle you can also purchase licenses later. However the bundle option is highly advisable with lower total costs and seamless protection. Pay less and secure more!

 

 

What’s Include In UTM Security Pack

 

 

Service UTM Security Pack
Sandboxing
Reputation Filter
Web Filtering
Anti-Malware
IPS
Application Patrol
SecuReporter
Collaborative Detection & Response
Network Premium
Email Security
Security Profile Sync
Hotspot Management service
Concurrent Device Upgrade
Nebula Pro Pack Services
Nebula Plus Pack Services
Secure WiFi

Access Point Compatibility List

Product Unified AP Unified Pro AP
Models
  • NWA5301-NJ
  • NWA5121-NI
  • NWA5123-AC HD*1
  • NWA5123-AC
  • NWA5123-NI
  • WAC5302D-S
  • WAX510D*1
  • WAC5302D-Sv2
  • WAC500*1
  • WAC500H*1
  • WAC6103D-I
  • WAC6503D-S
  • WAC6502D-S
  • WAC6303D-S
  • WAC6553D-E
  • WAC6552D-S
  • WAC6502D-E
  • WAX650S
  • WAX630S
  • WAX610D
  • WAX640S-6E*2
  • WAX620D-6E*2
  • WAX655E

Functions Unified AP Unified Pro AP
Central management Yes Yes
Auto provisioning Yes Yes
Data forwarding Local bridge Local bridge/Data tunnel
ZyMesh Yes Yes

*1: Support both local bridge and data tunnel for data forwarding

*2: As Forward Compatible AP. 6GHz radio configuration is to be available in January, 2023

Have Any Questions?

Or simply wish to find out how Go Nimbus can help your business? Just click the button below.