Like every other website on the planet, SmallNetBuilder uses cookies. Our cookies track login status, but we only allow admins to log in anyway, so those don't apply to you. Any other cookies you pick up during your visit come from advertisers, which we don't control.
If you continue to use the site, you agree to tolerate our use of cookies. Thank you!
Privacy Policy

Wi-Fi Router Charts

Click for Wi-Fi Router Charts

Mesh System Charts

Click for Wi-Fi Mesh System Charts

LAN & WAN Reviews

Tags:
{multithumb}
Next-Gen Unified Security Gateway-Performance Series
At a glance
ProductZyxel Next-Gen Unified Security Gateway-Performance Series (USG40)   [Website]
SummaryDual WAN UTM router with Gigabit ports, IPsec and SSL gateways, one-to-one NAT, bandwidth management and more
Pros• Big performance gain over USG20
• VPN solutions for IPSec, SSL, and L2TP
• Powerful application management features
Cons• L2TP configuration is challenging
• More than 10 IPsec & 2 SSL tunnels cost extra
• IPsec client not bundled
• UTM bundle license renewal is very expensive

Typical Price: $323  Buy From Amazon

Introduction

Updated 12/11/14: Various updates & corrections

In June, ZyXEL introduced its new Performance and Advanced series Unified Threat Management (UTM) devices. The Performance series includes the USG40, USG40W, USG60, and USG60W. The Advanced series includes the USG110, USG210, and USG310.

The Performance series models with "W" indicate Wi-Fi. The USG40W has an integrated N300 class 2.4 GHz only access point and the USG60W has an integrated dual-band N600 class AP. ZyXEL recommends the USG40/USG40W for networks with 1-10 users, and the USG60/USG60W for networks with 10-25 users.

ZyXEL refers to the Performance series devices as "all-in-one Next Generation Firewalls." In this review, I'm going to take a look at the ZyXEL USG40, which is a significant update to the ZyXEL USG20 I reviewed awhile back.

Inside

The USG40 is housed in a gray metal case with red trim, similar to ZyXEL's styling for the USG20 and ZyWALL 110. The USG40 measures 9.53"W x 6.89"H x 1.42" H. The power supply is external. Unlike the USG20 and ZyWALL 110, the USG40 has passive cooling, thus it runs silent which is nice if the router is located near humans. The USG40 has adhesive rubber feet for desktop use.

The front of the USG40, as shown in the diagram below, presents the status and port LEDs.

Front

Front

The rear of the USG40, as shown in the diagram below, is where you'll find the RJ45 ports and USB port.

Rear

Rear

Internally, the USG40 has a single-core Cavium CN6010 CPU, 1 GB DDR3 RAM, 4 GB Flash and a Qualcomm Atheros AR8327-BL1A 7 port Gigabit Ethernet switch. A shot of the USG40 mainboard is below. The USG60 has the same RAM and flash but swaps in a dual-core Cavium CN6020 and adds a Qualcomm Atheros AR8033-AL1A Gigabit Ethernet PHY.

USG 40 Main Board

USG 40 Main Board

Features

The USG40 is a feature-rich device as you can see in the below list compiled from ZyXEL's data sheet and website.

Hardware
  • (5) 10/100/1000 RJ45 ports
  • (1) USB port
  • OPT port can be used for DUAL WAN or LAN
  • Fanless
Performance Ratings
  • 400 Mbps Firewall throughput
  • 100 Mbps VPN throughput
  • 50 Mbps UTM throughput
  • 20,000 max sessions
Networking
  • 802.1Q VLAN (8 VLAN Interfaces)
  • WAN connection failover via 3G and 4G USB modems
  • PPPoE
  • Static routing
  • Dynamic routing (RIPv1/v2 and OSPF)
  • Policy-based routing
  • Policy-based NAT (SNAT)
  • Dynamic DNS support
  • Per host session limit
  • Guaranteed and max bandwidth controls
  • Priority-bandwidth utilization
  • Bandwidth limits per user and IP
IPv6
  • Dual stack
  • IPv4 tunneling (6rd and 6to4 transition tunnel)
  • DHCPv6
WLAN
  • 802.11b/g/n 2.4 GHz (USG40W)
  • 802.11a/b/g/n 2.4 GHz & 5 GHz (USG60W)
  • ZyXEL AP Controller (APC) 1.0 compliant
  • IEEE 802.1x authentication
  • Captive portal Web authentication
  • RADIUS authentication
  • Wi-Fi Multimedia (WMM) wireless QoS
  • CAPWAP discovery protocol
IPsec and L2TP VPN
  • Encryption: AES (256-bit), 3DES and DES
  • Authentication: SHA-2 (512-bit), SHA-1 and MD5
  • PKI (X.509) certificate support
  • VPN High Availability (HA): load-balancing and failover
  • L2TP over IPsec
  • GRE and GRE over IPsec
  • NAT over IPsec
  • ZyXEL VPN client provisioning
SSL VPN
  • Supports Windows and Mac OS X
  • Full tunnel mode
  • 2-step authentication
  • Customizable user portal
Security/Firewall
  • UTM features: anti-virus, anti-spam, IDP, content filtering, application intelligence, firewall (ACL)
  • Unified policy management interface
  • Policy criteria: zone, source and destination IP address, user, time
  • Stateful packet inspection
  • User-aware policy enforcement
  • SIP/H.323 NAT traversal
  • ALG support
  • Protocol anomaly detection and protection (ADP)
  • Traffic anomaly detection and protection (ADP)
  • Flooding detection and protection
  • DoS/DDoS protection
  • Anti-malware protection
 Intrusion Detection and Prevention (IDP)
  • Routing and transparent (bridge) mode
  • Signature-based and behavior-based scanning
  • Automatic signature updates
  • Customizable protection profile
  • Customized signatures supported
Application Intelligence and Optimization
  • Identifies and controls over 3,000 applications and behaviors
  • Supports over 15 application categories
  • Application bandwidth management
  • Supports user authentication
  • Real-time statistics and reports
Anti-Virus
  • Kaspersky SafeStream II gateway anti-virus
  • Identifies and blocks over 650,000 viruses
  • Stream-based anti-virus engine
  • HTTP, FTP, SMTP, POP3 and IMAP4 protocol support
  • Automatic signature updates
Anti-Spam
  • Transparent mail interception via SMTP and POP3 protocols
  • Configurable POP3 and SMTP ports
  • Sender-based IP reputation filter
  • Recurrent Pattern Detection (RPD) technology
  • Zero-hour virus outbreak protection
  • X-Header support
  • Blacklist and whitelist support
  • Supports DNSBL checking
  • Spam tag support
  • Statistics report
Content Filtering
  • Social media filtering
  • Malicious Website filtering
  • URL blocking and keyword blocking
  • Blacklist and whitelist support
  • Blocks java applets, cookies and ActiveX
  • Dynamic, cloud-based URL filtering database
  • Unlimited user license support
  • Customizable warning messages and redirection URL
Authentication
  • Local user database
  • Microsoft Windows Active Directory integration
  • External LDAP/RADIUS user database
  • XAUTH, IKEv2 with EAP VPN authentication
  • Web-based authentication
  • Forced user authentication (transparent authentication)
  • IP-MAC address binding
  • SSO (Single Sign-On) support
System Management
  • 3-tier configuration: object-based, profile-based, policy-based
  • Role-based administration
  • Multiple administrator logins
  • Multi-lingual Web GUI (HTTPS and HTTP)
  • Command line interface (console, Web console, SSH and TELNET)
  • SNMP v2c (MIB-II)
  • System configuration rollback
  • Firmware upgrade via FTP, FTP-TLS and Web GUI
  • Dual firmware images
Logging and Monitoring
  • Local logging
  • Syslog (to up to 4 servers)
  • Email alerts (to up to 2 servers)
  • Real-time traffic monitoring
  • Built-in daily report

Support Us!

If you like what we do and want to thank us, just buy something on Amazon. We'll get a small commission on anything you buy. Thanks!

Don't Miss These

  • 1
  • 2

Most Read This Week

Over In The Forums

MediaTek Announces World's First Complete Wi-Fi 7 Platforms for Access Points and Clients
Wan aggregation on Asus AX86s running Merlin 386.5_2
Exporting Certificates from LetsEncrypt
RT-AC86U - Dual WAN setup question...
AX86U DNS Leak with original DNS data. vpn problem