Datasheet

ManualsBrandsZYXEL ManualsNetwork Routers & SwitchesVPN router 1000 MBit/s VPN2S

1

2

3

4

5

5Datasheet ZyWALL VPN2S

VPN

• IPSec, L2TP over IPSec (Server/

Client), L2TP (Server/Client), PPTP

• Key management: manual key, IKEv1

and IKEv2 with EAP

• Encryption: AES (128/192/256 bits),

3DES

• Support generating SHA-1 & SHA-2

certiﬁcate

• Perfect forward secrecy (DH groups

2/5/14)

• Up to 20 concurrent VPN tunnels

• Hardware VPN engine

• IPSec NAT traversal

• VPN dead peer detection, relay

detection, and auto-reconnection

• PKI (X.509) certiﬁcate support

• VPN wizard for easy setup

• VPN failover

VLAN/Interface Group

• VLAN tagging (802.1Q)

• 802.1P

• Multiple subnets

• DHCP option 60, 61, 125

• WAN/LAN bridge for triple play

• Port-Based VLAN

Routing and NAT

• Port forwarding

• Port triggering

• Address mapping (One-to-One,

Many-to-One, Many-to-Many)

• Policy route

• Static route

• Dynamic route (RIPv1/v2)

• Up to max. 50,000 concurrent NAT

sessions

Ethernet LAN

• DHCP server/relay

• Static DHCP

• Additional subnet (IP alias)

• Wake on LAN

• DHCP option 66, 67, 150

• DNS entry

• IGMP snooping

• DNS proxy and query forwarding by

domain name

Bandwidth Management

• Bandwidth limitation (upstream/

downstream)

• Class-based bandwidth

management

• QoS policer for guaranteed

bandwidth

• QoS shaper for rate limit by outgoing

interface

• 8-Level queue priority

System Management

• Multi-lingual Web GUI

• Firmware upgrade via Web GUI, FTP,

TR-069, and Cloud Helper

• USB ﬁle sharing

• AAA server

• Certiﬁcate management

• HTTP/HTTPS

• SSH

• Telnet

• TR-069

• SNMP v1, v2c

IPv6

• IPv4/IPv6 dual stack

• DS-Lite

• 6RD

• SLAAC

• DHCPv6 client/server

• Static IP

• DNS

• MLD proxy

*: For speciﬁc models supporting the 3G and 4G

dongles on the list, please refer to the Zyxel

product page at 3G dongle document.

Feature Sets

Ethernet WAN

• IPoE/PPPoE

• DHCP Client/Static IP

• Routing mode/Bridge mode

• IGMP proxy

• DHCP option 43, 60, 61, 120, 121, 125

• Outgoing VLAN tagging (802.1Q)

• Conﬁgurable MTU

• Port setting (LAN port can be

conﬁured as WAN port)

• MAC clone

Mobile WAN

• WAN connection via 3G/4G USB

Dongle*

• Authentication type (PPP/CHAP)

• Budget control (Time budget/Data

budget)

Multi-WAN

• Load balance/failover

• Load balance algorithm (Weight

round robin/Least load ﬁrst/Spillover)

• Connectivity check (Auto fallback

when primary WAN recovers)

• Dynamic DNS and default server for

multiple interfaces

Firewall/Security

• Stateful Packet Inspection (SPI)

• DoS/DDoS protection (Protocol

anomaly, trafﬁc anomaly, ﬂooding

dection)

• Firewall ﬂow chart

• Up to 500 ﬁrewall rules

• MAC ﬁlter

• Firewall rule schedules

• Device service access control

• Zone control