ZyXEL Communications Next-Generation USG Firewall Hardware Only - USG40W-NB

Item # ZYXUSG40WNB (Part # USG40W-NB)
Not Available
Brand new, USA Warranty
and choose One-Day Shipping at checkout.
Item Description:
USG40W-NB - Next Generation Unified Security Gateway 802.11n Wireless w/10 VPN Tunnels, SSL VPN, 1 GbE WAN, 1 OPT GbE, 3 GbE LAN/DMZ (Non-Bundled, Hardware only, USG40W UTM Service Licenses Sold Separately)

Truly Integrated Security for Remote Offices; Retail Locations and Small Businesses

The advancements in how people work and collaborate have brought three major challenges to small businesses. With the BYOD trend; small businesses today need to provide more Wi-Fi for an exploding amount of smart devices. The use of cloud-based social and productivity applications not only requires small businesses to be able to control; prioritize and block different applications to stay productive; but also opens doors to new Web attacks. As threats evolve and these business challenges diversify; IT costs will only continue to grow; which is a real problem for small businesses with limited IT resources.

The new ZyXEL USG Performance Series are all-in-one Next Generation Firewalls (NGFW) specifically designed to fulfill the demands BYOD; malware protection; application regulation; and budget control in small business environments. The built-in wireless AP (USG40W and USG60W) and WLAN controller offer instant wireless hotspot capability and future WLAN scalability. Comprehensive UTM features and application intelligence technology provides deep; extensive protection; while keeping businesses in control of how Web applications are used. The all-in-one design integrates everything small businesses need; delivering easier; more centralized management and lower total cost of ownership (TCO).

  • All-in-one Next Generation Firewall (NGFW) for small businesses
  • Anti-malware protection with firewall; anti-virus; anti-spam; content filtering; IDP; and next-generation application intelligence
  • Robust SSL; IPSec and L2TP over IPSec VPN connectivity
  • Integrated single-radio (USG40W) or dual-radio (USG60W) wireless access point
  • Built-in WLAN controller for centralized management of up to 10 APs

Spend less; get more

The ZyXEL USG Performance Series offers small businesses the lowest total cost of ownership. The all-in-one design provides everything small businesses need: anti-malware protection; VPN connectivity; integrated WLAN controller; and built-in wireless access point. This truly integrated security solution eliminates the need to purchase multiple appliances for different functions; and allows small businesses to connect; protect and manage with just one device.

Peace of mind security

The ZyXEL USG Performance Series delivers enterprise-grade Next Generation Firewall security without the hefty price tag. It provides deep; extensive protection and effective control of Web applications-like Facebook; Google Apps and Netflix-with such anti-malware protection mechanisms as firewall; ant-virus; anti-spam; content filtering; IDP and application intelligence. No longer do small businesses need to worry about threats; spam or social networking sites decreasing productivity.

Wi-Fi where you need it

Addressing the trend of BYOD; the ZyXEL USG Performance Series helps small businesses provide Wi-Fi wherever there is demand. The USG40W and USG60W feature built-in single-radio and dual-radio wireless access points that can provide Wi-Fi for small offices straight out of the box. With an integrated WLAN controller; the USG Performance Series enables businesses to easily provide Wi-Fi in multiple other areas like reception areas and meeting rooms when Wi-Fi demand grows.

Single point of management

Designed specifically for businesses with limited IT resources; the ZyXEL USG Performance Series helps users connect; protect and manage with reduced complexity. The unified security policy design offers easier; more unified and streamlined management of all the security features; while the integrated WLAN controller provides centralized management of up to 10 APs. All this is integrated into a single solution; making it easy for users to manage VPN; wireless and security all from one device.

Built-in Wireless AP

Built with single-radio and dual-radio wireless access points; the ZyXEL USG40W and USG60W are ideal for retail and office environments. The USG60W integrates 802.11 a/b/g/n technology that delivers Wi-Fi over both the 2.4 GHz and the 5 GHz spectrums.

Unified Security Policy

Unified security policy offers object-based management and a unified configuration interface for firewall and all security-related policies. Users can easily apply all policy criteria to every UTM feature; reduce configuration time; and get more streamlined policy management.


Powered by Kaspersky SafeStream II gateway anti-virus; ZyXEL USGs provide comprehensive and real-time protection against malware threats before they enter the network. ZyXEL USGs can identify and block over 650;000 viruses right at the gate and provide high-speed scanning with stream-based virus scanning technology.


With a cloud-based IP reputation system; ZyXEL anti-spam can deliver accurate; zero-hour spam outbreak protection by analyzing up-to-the-minute sender reputation data from highly diverse traffic sources. It can detect spam outbreaks in the first few minutes of emergence regardless of spam language or format.

Robust VPN

ZyXEL USGs support high-throughput IPSec; L2TP over IPSec and SSL VPN for a wide range of site-to-client and site-to-site VPN deployments. Reinforced with the advanced SHA-2 encryption; the ZyXEL USGs provide the most secure VPN for business communications.

Integrated WLAN Controller

The integrated WLAN controller supports CAPWAP; and enables centralized authentication and access management of multiple APs in the network. The ZyXEL USG Performance Series can manage 2 APs by default; and up to 10 APs with license upgrade.

Application Intelligence

ZyXEL's USG Performance Series can identify; categorize and control over 3;000 social; gaming; productivity; and other Web applications and behaviors. Users can prioritize productive applications; throttle acceptable ones; and block unproductive applications to boost productivity and prevent bandwidth abuse.

Intrusion Detection & Prevention (IDP)

ZyXEL's IDP system uses deep packet inspection (DPI) technology that can scan multiple layers and protocols to inspect vulnerabilities invisible to simple port- and protocol-based firewalls. ZyXEL's IDP eliminates false positives with a database of malware signatures and provides effective protection against intrusions from unknown back doors.

Content Filtering

ZyXEL content filtering helps screen access to websites that are not business related or malicious. With a massive; cloud-based database of over 140 billion URLs that are continuously analyzed and tracked; ZyXEL provides highly accurate; broad and instant protection against malicious Web content.

Dual-WAN & Mobile Broadband

The ZyXEL USG Performance Series provides high Internet uptime with dual-WAN and mobile broadband support. Dual-WAN works with two Ethernet WAN connections for active-active load balancing or active-passive failover. Comprehensive mobile broadband USB modems are also supported for WAN backup.


The ZyXEL USG Performance Series features a robust fanless design to prevent dirt and dust from entering operating environments to cause potentially catastrophic failures. The fanless design of USGs offers zero-noise cooling and non-overheating features to ensure silent operation in small or quiet office environments.

Anti-Malware Protection and Application Optimization

  • Enabling anti-virus; anti-spam and intrusion prevention; business networks gain deep; extensive protection against all types of malware threats
  • Content filtering enables businesses to deny access to Websites that are malicious or not business-related
  • Application intelligence technology not only enable businesses to block or throttle non-productive Web applications; but also optimize Web applications that increase productivity

VPN Application

  • Branch offices; partners and home users can deploy ZyXEL USGs/ ZyWALLs for site-to-site IPSec VPN connections
  • Branch offices can additionally deploy IPSec VPN HA (load balancing and failover) for always online VPN connectivity
  • Remote users can securely access company resources with their computers or smartphones via SSL; IPSec and L2TP over IPSec VPN
  • The headquarter USG/ZyWALL can also establish an IPSec VPN connection with Microsoft Azure for secured access to a variety of cloud-based applications


Hardware Specifications

  • 10/100/1000 Mbps RJ-45 ports: 3 x LAN/DMZ; 1 x WAN; 1 x OPT
  • USB ports: 1
  • Console port: Yes (RJ-45)
  • Fanless: Yes

System Capacity & Performance

  • SPI firewall throughput (Mbps): 400
  • VPN throughput (Mbps): 100
  • IDP throughput (Mbps): 55
  • AV throughput (Mbps): 50
  • UTM throughput (AV and IDP): 50
  • Unlimited user licenses: Yes
  • Max. TCP concurrent sessions: 20000
  • New TCP session rate: 3000
  • Max. concurrent IPsec VPN tunnels: 10
  • Max. concurrent SSL VPN users: 7
  • Included SSL VPN user no.: 2
  • Customizable zones: Yes
  • IPv6 support: Yes
  • VLAN interface: 8

WLAN Management

  • AP Controller (APC) ver.: 1
  • Managed AP number (default/max.): 2/10

Built-in Wireless LAN

  • Standard compliance: 802.11 b/g/n
  • Wireless frequency: 2.4 GHz
  • Radio: 1
  • SSID number: 8
  • Maximum transmit power (Max. total channel):US (FCC) 2.4 GHz: 24.3 dBm; 2 antennas; EU (ETSI) 2.4 GHz: 17 dBm; 2 antennas
  • No. of antenna: 2.4 GHz: 2T2R MIMO (Detachable; SMA-R)
  • Antenna gain: 3 dBi
  • Data rate: 802.11 b/g: 1; 2; 5.5; 6; 9; 11; 12; 18; 24; 36; 48 and 54 Mbps; 802.11n: up to 300 Mbps in MCS15 (40 MHz; GI = 400 ns)
  • Receive sensitivity(2.4 GHz): 11 Mbps = -87 dBm; 54 Mbps = -77 dBm; HT20; MCS15 = -71 dBm; HT40; MCS15 = -68 dBm

Key Software Features

  • Virtual Private Network (VPN): Yes (IPSec; SSL; L2TP over IPSec)
  • Firewall: Yes
  • Anti-Virus (AV): Yes
  • Anti-spam: Yes
  • Content Filtering (CF): Yes
  • Application intelligence and optimization: Yes
  • Intrusion Detection and Prevention (IDP): Yes
  • Single Sign-On (SSO): Yes
  • WLAN controller: Yes

Power Requirements

  • Power input: 12 V DC; 2.0 A max.
  • Max. power consumption (watt): 14

Physical Specifications

  • Dimensions (WxDxH)(mm/in.): 216 x 143 x 33 / 8.50 x 5.63 x 1.30
  • Weight (kg/lb.): 0.91 / 2
  • Included accessories: Power adapter; DB9 - RJ45 cable for console connection; Antenna

Environmental Specifications

  • Operating temperature: 0 degreeC to 40 degreeC (32 degreeF to 104 degreeF)
  • Storage temperature: -30 degreeC to 70 degreeC (-22 degreeF to 158 degreeF)
  • Operating humidity: 10% to 90%(non-condensing)
  • Storage humidity: 10% to 90%(non-condensing)
  • MTBF (hr): 386931.7


  • EMC: FCC Part 15 (Class B); CE EMC(Class B); C-Tick (Class B); BSMI
  • Safety: LVD (EN60950-1); BSMI


  • ICSA-certified firewall (certification in progress)
  • Routing and transparent (bridge) modes
  • Stateful packet inspection
  • User-aware policy enforcement
  • SIP/H.323 NAT traversal
  • ALG support for customized ports
  • Protocol anomaly detection and protection
  • Traffic anomaly detection and protection
  • Flooding detection and protection
  • DoS/DDoS protection

IPv6 Support

  • IPv6 Ready gold logo (certification in progress)
  • Dual stack
  • IPv4 tunneling (6rd and 6to4 transition tunnel)
  • IPv6 addressing
  • DNS
  • DHCPv6
  • Bridge
  • VLAN
  • PPPoE
  • Static routing
  • Policy routing
  • Session control
  • Firewall and ADP
  • IPSec VPN
  • Intrusion Detection and Prevention (IDP)
  • Application intelligence and optimization
  • Content filtering
  • Anti-virus; anti-malware
  • Anti-spam


  • ICSA-certified IPSec VPN (certification in progress)
  • Encryption: AES (256-bit); 3DES and DES
  • Authentication: SHA-2 (512-bit); SHA-1 and MD5
  • Key management: manual key; IKEv1 and IKEv2 with EAP
  • Perfect forward secrecy (DH groups) support 1; 2; 5
  • IPSec NAT traversal
  • Dead peer detection and relay detection
  • PKI (X.509) certificate support
  • VPN concentrator
  • Simple wizard support
  • VPN auto-reconnection
  • VPN High Availability (HA): load-balancing and failover
  • L2TP over IPSec
  • GRE and GRE over IPSec
  • NAT over IPSec
  • ZyXEL VPN client provisioning


  • Supports Windows and Mac OS X
  • Supports full tunnel mode
  • Supports 2-step authentication
  • Customizable user portal

Intrusion Detection and Prevention (IDP)

  • Routing and transparent (bridge) mode
  • Signature-based and behavior-based scanning
  • Automatic signature updates
  • Customizable protection profile
  • Customized signatures supported

Application Intelligence and Optimization

  • Granular control over the most important applications
  • Identifies and controls over 3;000 applications and behaviors
  • Supports over 15 application categories
  • Application bandwidth management
  • Supports user authentication
  • Real-time statistics and reports


  • Supports Kaspersky anti-virus signatures
  • Identifies and blocks over 650;000 viruses
  • Stream-based anti-virus engine
  • HTTP; FTP; SMTP; POP3 and IMAP4 protocol support
  • Automatic signature updates
  • No file size limitation


  • Transparent mail interception via SMTP and POP3 protocols
  • Configurable POP3 and SMTP ports
  • Sender-based IP reputation filter
  • Recurrent Pattern Detection (RPD) technology
  • Zero-hour virus outbreak protection
  • X-Header support
  • Blacklist and whitelist support
  • Supports DNSBL checking
  • Spam tag support
  • Statistics report

Content Filtering

  • Social media filtering
  • Malicious Website filtering
  • URL blocking and keyword blocking
  • Blacklist and whitelist support
  • Blocks java applets; cookies and ActiveX
  • Dynamic; cloud-based URL filtering database
  • Unlimited user license support
  • Customizable warning messages and redirection URL

Unified Security Policy

  • Unified policy management interface
  • Supported UTM features: anti-virus; antispam; IDP; content filtering; application intelligence; firewall (ACL)
  • 3-tier configuration: object-based; profilebased; policy-based
  • Policy criteria: zone; source and destination IP address; user; time

WLAN Management

  • ZyXEL AP Controller (APC) 1.0 compliant
  • Client RSSI threshold to prevent sticky clients
  • IEEE 802.1x authentication
  • Captive portal Web authentication
  • Customizable captive portal page
  • RADIUS authentication
  • Wi-Fi Multimedia (WMM) wireless QoS
  • CAPWAP discovery protocol

Mobile Broadband

  • WAN connection failover via 3G and 4G USB modems
  • Auto fallback when primary WAN recovers 4G USB modem support available in future firmware upgrades


  • Routing mode; bridge mode and hybrid mode
  • Ethernet and PPPoE
  • NAT and PAT
  • VLAN tagging (802.1Q)
  • Virtual interface (alias interface)
  • Policy-based routing (user-aware)
  • Policy-based NAT (SNAT)
  • Dynamic routing (RIPv1/v2 and OSPF)
  • DHCP client/server/relay
  • Dynamic DNS support
  • WAN trunk for more than 2 ports
  • Per host session limit
  • Guaranteed bandwidth
  • Maximum bandwidth
  • Priority-bandwidth utilization
  • Bandwidth limit per user
  • Bandwidth limit per IP


  • Local user database
  • Microsoft Windows Active Directory integration
  • External LDAP/RADIUS user database
  • XAUTH; IKEv2 with EAP VPN authentication
  • Web-based authentication
  • Forced user authentication (transparent authentication)
  • IP-MAC address binding
  • SSO (Single Sign-On) support (Download SSO Agent)

System Management

  • Role-based administration
  • Multiple administrator logins
  • Multi-lingual Web GUI (HTTPS and HTTP)
  • Command line interface (console; Web console; SSH and TELNET)
  • SNMP v2c (MIB-II)
  • System configuration rollback
  • Firmware upgrade via FTP; FTP-TLS and Web GUI
  • Dual firmware images


  • Comprehensive local logging
  • Syslog (to up to 4 servers)
  • Email alerts (to up to 2 servers)
  • Real-time traffic monitoring
  • Built-in daily report
  • Advanced reporting with Vantage Report
This Kit Includes: