ZyXEL USG40W-NB Performance Series Unified Security Gateway (Hardware Only)

ZyXEL USG40W-NB Performance Series Unified Security Gateway (Hardware Only)
Key Features
  • Built-In Single/Dual-Radio Wireless AP
  • Supports 802.11b/g/n Standard Compliance
  • Unified Security Policy
  • Robust VPN
Show More
Designed to protect users and businesses against a variety of network initiated threats, the USG40W-NB Performance Series Unified Security Gateway from ZyXel utilizes Next Generation Firewall (NGFW) technology to ward off malware, regulate applications, and much more. In addition to basic firewall protection, this gateway is designed to support VPN connectivity with a VPN throughput of up to 100 Mbps and SPI firewall throughput of up to 400 Mbps. Other VPN features include L2TP over IPSec and SSL VPN simplifying the process of configuring and managing extensive VPN networks.
Special Order
Expected availability: 3-7 business days
$45/mo. suggested payments.*
with 6 Mos. Promo Financing
Akiva M., B&H Computer Expert

True Know-How

Ask Our Experts


ZyXEL USG40W-NB Overview

  • 1Description
  • 2Built-In Single-Radio and Dual-Radio Wireless Access Points
  • 3Single Point of Management
  • 4Security
  • 5Unified Security Policy
  • 6Robust VPN
  • 7Fanless
  • 8Integrated WLAN Controller
  • 9Intrusion Detection and Prevention
  • 10Dual-WAN and Mobile Broadband
  • 11VPN Application

Designed to protect users and businesses against a variety of network initiated threats, the USG40W-NB Performance Series Unified Security Gateway from ZyXel utilizes Next Generation Firewall (NGFW) technology to ward off malware, regulate applications, and much more. In addition to basic firewall protection, this gateway is designed to support VPN connectivity with a VPN throughput of up to 100 Mbps and SPI firewall throughput of up to 400 Mbps. Other VPN features include L2TP over IPSec and SSL VPN simplifying the process of configuring and managing extensive VPN networks.

In addition to enhanced VPN connectivity, the USG40W also comes equipped with Wi-Fi connectivity. This gateway doubles as an access point and operates on the 2.4 GHz wireless frequency along with support for 802.11b/g/n Wi-Fi networking standards. Users benefit from a single built-in wireless radio capable of handling up to 8 separate SSIDs while the 3 dBi antennas provide a wireless signal capable of reaching long distances for extensive wireless network coverage.

With a fanless design the USG40 is not only quiet, it helps to prevent dirt and debris from entering the unit. On the outside of the gateway you will find three Gigabit LAN and a single Gigabit WAN connector allowing multiple Ethernet enabled devices to connect directly to the network. In addition to Ethernet connectivity this gateway also features a single USB port designed to support USB modems to provide failover support should the initial network connection go down.

Built-In Single-Radio and Dual-Radio Wireless Access Points

It features built-in single-radio and dual-radio wireless access points that provides Wi-Fi for small offices straight out of the box. With an integrated WLAN controller, the USG enables businesses to easily provide Wi-Fi in multiple other areas such as reception areas and meeting rooms when Wi-Fi demand grows.

Single Point of Management

Designed for businesses with limited IT resources, the USG helps you connect, protect, and manage with reduced complexity. The unified security policy design offers easy, unified, and streamlined management of all the security features, while the integrated WLAN controller provides centralized management of up to 10 APs. All this is integrated into a single solution, making it easy for users to manage VPN, wireless and security all from one device.


It delivers enterprise-grade Next Generation Firewall security. It also provides deep, extensive protection, and effective control of Web applications such as Facebook, Google Apps, and Netflix with such anti-malware protection mechanisms as firewall, antivirus, anti-spam, content filtering, IDP, and application intelligence.

Unified Security Policy

Unified security policy offers object-based management and a unified configuration interface for firewall and all security-related policies. You can easily apply all policy criteria to every UTM feature, reduce configuration time, and get streamlined policy management.*
*UTM Licenses are not included with this model.

Robust VPN

The gateway supports high-throughput IPSec, L2TP over IPSec, and SSL VPN for a wide range of site-to-client and site-to-site VPN deployments. Reinforced with the advanced SHA-2 encryption, it provides secure VPN for business communications.


It features a robust fanless design to prevent dirt and dust from entering operating environments that can cause potentially catastrophic failures. The fanless design of it offers zero-noise cooling and non-overheating features to ensure silent operation in small or quiet office environments.

Integrated WLAN Controller

The integrated WLAN controller supports CAPWAP, and enables centralized authentication and access management of multiple APs in the network. The USG can manage two APs by default, and up to ten APs with license upgrade.

Intrusion Detection and Prevention

ZyXEL's IDP system uses Deep Packet Inspection (DPI) technology that can scan multiple layers and protocols to inspect vulnerabilities invisible to simple port and protocol-based firewalls. The system eliminates false positives with a database of malware signatures and provides effective protection against intrusions from unknown back doors.

Dual-WAN and Mobile Broadband

It provides high Internet uptime with dual-WAN and mobile broadband support. The dual-WAN works with two Ethernet WAN connections for active-active load balancing or active-passive failover. Comprehensive mobile broadband USB modems are also supported for WAN backup.

VPN Application

The branch offices, partners, and home users can deploy USG ZyWALLs for site-to-site IPSec VPN connections. Branch offices can additionally deploy IPSec VPN HA (load balancing and failover) for always online VPN connectivity. Remote users can securely access company resources with their computers or smartphones via SSL, IPSec, and L2TP over IPSec VPN. The headquarter USG/ZyWALL can also establish an IPSec VPN connection with Microsoft Azure for secured access to a variety of cloud-based applications.
UPC: 760559121297


Ports3 x LAN/DMZ (RJ-45)
1 x WAN (RJ-45)
1 x OPT (RJ-45)
1 x USB
1 x Console
AP Controller Version1.0
Managed AP NumberDefault: 2
Maximum: 10
Power Input12 VDC, 2.0 A maximum
Power Consumption14.0 W maximum
CertificationsEMC: FCC Part 15 (Class B), CE EMC (Class B), C-Tick (Class B), and BSMI
Safety: LVD (EN60950-1), BSMI
MTBF386,931.7 hours
Wireless Specifications
Standard Compliance802.11b/g/n
Wireless Frequency2.4 GHz
Transmit PowerUS (FCC) 2.4 GHz: 24.3 dBm, 2 x antennas
EU (ETSI) 2.4 GHz: 17 dBm, 2 x antennas
Number of Antennas2.4 GHz: 2T2R MIMO (detachable, SMA-R)
Antenna Gain3 dBi
Data Rate802.11 b/g: 1, 2, 5.5, 6, 9, 11, 12, 18, 24, 36, 48, and 54 Mb/s
802.11n: Up to 300 Mb/s in MCS15 (40 MHz; GI = 400 ns)
Receive Sensitivity2.4 GHz: 11 Mb/s ≤ -87 dBm
54 Mb/s ≤ -77 dBm
HT20, MCS15 ≤ -71 dBm
HT40, MCS15 ≤ -68 dBm
System Capacity and Performance
SPI Firewall Throughput400 Mb/s
VPN Throughput100 Mb/s
IDP Throughput55 Mb/s
UTM Throughput (AV and IDP)50 Mb/s
AV Throughput50 Mb/s
Unlimited User LicensesYes
TCP Concurrent Sessions20,000 (maximum)
Concurrent IPsec VPN Tunnels10
New TCP Session Rate3,000
Concurrent SSL VPN Users7
SSL VPN User Number2
Customizable ZonesYes
IPv6 SupportYes
FirewallICSA-certified firewall (certification in progress)
Routing and transparent (bridge) modes
Stateful packet inspection
User-aware policy enforcement
SIP/H.323 NAT traversal
ALG support for customized ports
Protocol anomaly detection and protection
Traffic anomaly detection and protection
Flooding detection and protection
DoS/DDoS protection
IPv6 SupportIPv6 Ready gold logo (certification in progress)
Dual stack
IPv4 tunneling (6rd and 6 to 4 transition tunnel)
IPv6 addressing
Static routing
Policy routing
Session control
Firewall and ADP
Intrusion Detection and Prevention (IDP)
Application intelligence and optimization
Content filtering
Anti-virus, anti-malware
IPsec VPNICSA-certified IPSec VPN (certification in progress)
Encryption: AES (256-bit), 3DES and DES
Authentication: SHA-2 (512-bit), SHA-1 and MD5
Key management: manual key, IKEv1 and IKEv2 with EAP
Perfect forward secrecy (DH groups) support 1, 2, 5
IPSec NAT traversal
Dead peer detection and relay detection
PKI (X.509) certificate support
VPN concentrator
Simple wizard support
VPN auto-reconnection
VPN High Availability (HA): Load-balancing and failover
L2TP over IPSec
GRE and GRE over IPSec
NAT over IPSec
ZyXEL VPN client provisioning
SSL VPN ThroughputSupports Windows and Mac OS X
Supports full tunnel mode
Supports 2-step authentication
Customizable user portal
Intrusion Detection and PreventionRouting and transparent (bridge) mode
Signature-based and behavior-based scanning
Automatic signature updates
Customizable protection profile
Customized signatures supported
Unified Security PolicyUnified policy management interface
Supported UTM features: anti-virus, antispam, IDP, content filtering, application intelligence, firewall (ACL)
3-Tier Configuration: Object-based, profile based, policy-based
Policy Criteria: Zone, source, and destination IP address, user, time
WLAN ManagementZyXEL AP Controller (APC) 1.0 compliant
Client RSSI threshold to prevent sticky clients
IEEE 802.1x authentication
Captive portal Web authentication
Customizable captive portal page
RADIUS authentication
Wi-Fi Multimedia (WMM) wireless QoS
CAPWAP discovery protocol
Mobile BroadbandWAN connection failover via 3G and 4G* USB modems Auto fallback when primary WAN recovers
NetworkingRouting mode, bridge mode, and hybrid mode
Ethernet and PPPoE
VLAN tagging (802.1Q)
Virtual interface (alias interface)
Policy-based routing (user-aware)
Policy-based NAT (SNAT)
Dynamic routing (RIPv1/v2 and OSPF)
DHCP client/server/relay
Dynamic DNS support
WLAN trunk for more than 2 ports
Per host session limit
Guaranteed bandwidth
Maximum bandwidth
Priority-bandwidth utilization
Bandwidth limit per user
Bandwidth limit per IP
AuthenticationLocal user database
Microsoft Windows Active Directory integration
External LDAP/RADIUS user database
XAUTH, IKEv2 with EAP VPN authentication
Web-based authentication
Forced user authentication (transparent authentication)
IP-MAC address binding
SSO (Single Sign-On) support
System ManagementRole-based administration
Multiple administrator logins
Multi-lingual Web GUI (HTTPS and HTTP)
Command line interface (console, Web console, SSH, and TELNET)
System configuration rollback
Firmware upgrade via FTP, FTP-TLS, and Web GUI
Dual firmware images
Logging and MonitoringComprehensive local logging
Syslog (to up to 4 servers)
Email alerts (to up to 2 servers)
Real-time traffic monitoring
Built-in daily report
Advanced reporting with Vantage Report
VPN, Management and ReportingManaged APs: Add 8 APs
SecuExtender SSL VPN Client: Add 5 clients
IPSec VPN Client: For 1/5/10/50 clients
Vantage Report: For 1/5/25/100 devices
CompatibilityAccess Point
NWA5120 Series (Unified Access Point)

NWA5000 Series (Managed Access Point)

NWA3000-N Series (Unified Pro Access Point)
Functions central management, auto provisioning, and local bridge data forwarding
TemperatureOperating: 32 to 104°F (0 to 40°C)
Storage: -22 to 158°F (-30 to 70°C)
HumidityOperating: 10 to 90% (non-condensing)
Storage: 10 to 90% (non-condensing)
Dimensions (W x H x D)8.50 x 1.30 x 5.63" (216.00 x 33.00 x 143.00 mm)
Weight1.63 lb (3.59 kg)
Packaging Info
Package Weight3.55 lb
Box Dimensions (LxWxH)14.9 x 8.6 x 3.1"
See any errors on this page? Let us know


Browsing History