Orders placed after 4PM on weekdays will not ship until the next business day. Orders placed after 11am Fridays will not ship until the following Monday.
Faster shipping methods may be available; just upgrade during checkout.
*Some exclusions apply.
Enter new zip code to refresh estimated delivery time.
Designed to protect users and businesses against a variety of network initiated threats, the USG40W-NB Performance Series Unified Security Gateway from ZyXel utilizes Next Generation Firewall (NGFW) technology to ward off malware, regulate applications, and much more. In addition to basic firewall protection, this gateway is designed to support VPN connectivity with a VPN throughput of up to 100 Mbps and SPI firewall throughput of up to 400 Mbps. Other VPN features include L2TP over IPSec and SSL VPN simplifying the process of configuring and managing extensive VPN networks.
In addition to enhanced VPN connectivity, the USG40W also comes equipped with Wi-Fi connectivity. This gateway doubles as an access point and operates on the 2.4 GHz wireless frequency along with support for 802.11b/g/n Wi-Fi networking standards. Users benefit from a single built-in wireless radio capable of handling up to 8 separate SSIDs while the 3 dBi antennas provide a wireless signal capable of reaching long distances for extensive wireless network coverage.
With a fanless design the USG40 is not only quiet, it helps to prevent dirt and debris from entering the unit. On the outside of the gateway you will find three Gigabit LAN and a single Gigabit WAN connector allowing multiple Ethernet enabled devices to connect directly to the network. In addition to Ethernet connectivity this gateway also features a single USB port designed to support USB modems to provide failover support should the initial network connection go down.
Built-In Single-Radio and Dual-Radio Wireless Access Points
It features built-in single-radio and dual-radio wireless access points that provides Wi-Fi for small offices straight out of the box. With an integrated WLAN controller, the USG enables businesses to easily provide Wi-Fi in multiple other areas such as reception areas and meeting rooms when Wi-Fi demand grows.
Single Point of Management
Designed for businesses with limited IT resources, the USG helps you connect, protect, and manage with reduced complexity. The unified security policy design offers easy, unified, and streamlined management of all the security features, while the integrated WLAN controller provides centralized management of up to 10 APs. All this is integrated into a single solution, making it easy for users to manage VPN, wireless and security all from one device.
It delivers enterprise-grade Next Generation Firewall security. It also provides deep, extensive protection, and effective control of Web applications such as Facebook, Google Apps, and Netflix with such anti-malware protection mechanisms as firewall, antivirus, anti-spam, content filtering, IDP, and application intelligence.
Unified Security Policy
Unified security policy offers object-based management and a unified configuration interface for firewall and all security-related policies. You can easily apply all policy criteria to every UTM feature, reduce configuration time, and get streamlined policy management.*
*UTM Licenses are not included with this model.
The gateway supports high-throughput IPSec, L2TP over IPSec, and SSL VPN for a wide range of site-to-client and site-to-site VPN deployments. Reinforced with the advanced SHA-2 encryption, it provides secure VPN for business communications.
It features a robust fanless design to prevent dirt and dust from entering operating environments that can cause potentially catastrophic failures. The fanless design of it offers zero-noise cooling and non-overheating features to ensure silent operation in small or quiet office environments.
Integrated WLAN Controller
The integrated WLAN controller supports CAPWAP, and enables centralized authentication and access management of multiple APs in the network. The USG can manage two APs by default, and up to ten APs with license upgrade.
Intrusion Detection and Prevention
ZyXEL's IDP system uses Deep Packet Inspection (DPI) technology that can scan multiple layers and protocols to inspect vulnerabilities invisible to simple port and protocol-based firewalls. The system eliminates false positives with a database of malware signatures and provides effective protection against intrusions from unknown back doors.
Dual-WAN and Mobile Broadband
It provides high Internet uptime with dual-WAN and mobile broadband support. The dual-WAN works with two Ethernet WAN connections for active-active load balancing or active-passive failover. Comprehensive mobile broadband USB modems are also supported for WAN backup.
The branch offices, partners, and home users can deploy USG ZyWALLs for site-to-site IPSec VPN connections. Branch offices can additionally deploy IPSec VPN HA (load balancing and failover) for always online VPN connectivity. Remote users can securely access company resources with their computers or smartphones via SSL, IPSec, and L2TP over IPSec VPN. The headquarter USG/ZyWALL can also establish an IPSec VPN connection with Microsoft Azure for secured access to a variety of cloud-based applications.
In the Box
ZyXEL USG40W-NB Performance Series Unified Security Gateway (Hardware Only)
ICSA-certified firewall (certification in progress)
Routing and transparent (bridge) modes
Stateful packet inspection
User-aware policy enforcement
SIP/H.323 NAT traversal
ALG support for customized ports
Protocol anomaly detection and protection
Traffic anomaly detection and protection
Flooding detection and protection
IPv6 Ready gold logo (certification in progress)
IPv4 tunneling (6rd and 6 to 4 transition tunnel)
Firewall and ADP
Intrusion Detection and Prevention (IDP)
Application intelligence and optimization
ICSA-certified IPSec VPN (certification in progress)
Encryption: AES (256-bit), 3DES and DES
Authentication: SHA-2 (512-bit), SHA-1 and MD5
Key management: manual key, IKEv1 and IKEv2 with EAP
Perfect forward secrecy (DH groups) support 1, 2, 5
IPSec NAT traversal
Dead peer detection and relay detection
PKI (X.509) certificate support
Simple wizard support
VPN High Availability (HA): Load-balancing and failover
L2TP over IPSec
GRE and GRE over IPSec
NAT over IPSec
ZyXEL VPN client provisioning
SSL VPN Throughput
Supports Windows and Mac OS X
Supports full tunnel mode
Supports 2-step authentication
Customizable user portal
Intrusion Detection and Prevention
Routing and transparent (bridge) mode
Signature-based and behavior-based scanning
Automatic signature updates
Customizable protection profile
Customized signatures supported
WAN connection failover via 3G and 4G* USB modems
Auto fallback when primary WAN recovers
*4G USB modem support available in future firmware upgrades
Routing mode, bridge mode, and hybrid mode
Ethernet and PPPoE
NAT and PAT
VLAN tagging (802.1Q)
Virtual interface (alias interface)
Policy-based routing (user-aware)
Policy-based NAT (SNAT)
Dynamic routing (RIPv1/v2 and OSPF)
Dynamic DNS support
WLAN trunk for more than 2 ports
Per host session limit
Bandwidth limit per user
Bandwidth limit per IP
Local user database
Microsoft Windows Active Directory integration
External LDAP/RADIUS user database
XAUTH, IKEv2 with EAP VPN authentication
Forced user authentication (transparent authentication)
IP-MAC address binding
SSO (Single Sign-On) support
Multiple administrator logins
Multi-lingual Web GUI (HTTPS and HTTP)
Command line interface (console, Web console, SSH, and TELNET)
SNMP v2c (MIB-II)
System configuration rollback
Firmware upgrade via FTP, FTP-TLS, and Web GUI
Dual firmware images
Logging and Monitoring
Comprehensive local logging
Syslog (to up to 4 servers)
Email alerts (to up to 2 servers)
Real-time traffic monitoring
Built-in daily report
Advanced reporting with Vantage Report