- Stateful inspection firewall with DoS protection
- Multiple NAT modes for multiple WAN IP sharing
- Decent speed

- User Interface

The Stats

The Basics

• Power

• System

• 100Mbps, Link/Activity, for LAN ports

• Link/Activity  for the WAN por

• One RJ45 10BaseT for the WAN

• One RJ45 auto sensing 10/100BaseT LAN

• Power

• Console (9p female D serial port)

• printed User Guide

• Read Me First sheet

• CDRom with HTML Applications notes, PDF copy of User guide, PNC Commander Windows admin programs, more

• one normal UTP cable

• one crossover UTP cable

• DB-9M to DB25F/DB-9F serial "Y" cable

• NO Hardware Reset switch

• NO Uplink or Normal / Crossover switch for LAN Port (see this page if this concerns you!)

Introduction

The good news is that the P312's firewall works, it's pretty speedy, and ZyXEL has taken steps to improve their Telnet-only user interface with the much-improved, but Windows-only "PNC" (Prestige Network Commander) admin application.  The 312 also supports five different NAT modes (Multi-NAT) that advanced users with multiple IP addresses will find handy.

The bad news is that the admin interface, although improved for Windows users, still has a ways to go.  The logging features of the P312 also leave something to be desired, and port forwarding is still limited to single ports.  Read on for the full story...

Setup and Basic Features

The P312 comes with a printed User's Guide that I found to be much improved over Guides that came with previous ZyXEL products.  There seemed to be more explanations of features such as filtering, and the chapters describing the 312's firewall and multiple NAT modes were helpful.  I would like to see more real examples of how to use the multiple NAT modes, however (more on this later).  

You can download documentation, firmware, and PNC software from ZyXEL's FTP site. The Prestige series FAQ, P312 support notes, and Support Web site might help you solve problems, too.  The supplied CD has HTML copies of applications notes for the P310 and P312, and PDF copies of the User guides for both products.

The router default configuration has the WAN set to be a DHCP client and the LAN DHCP server enabled,  so many users will just be able to plug and go. It also comes set to 192.168.1.1 and a default password, which you should change as soon as possible, since it's commonly known!

If you can't use the default configuration, there's still hope for a smooth setup.  The setup for the 312 using the Windows PNC (Prestige Network Commander) utilities was a much better experience than my past experiences with ZyXEL's Telnet based SMT (System Management Terminal).  Note that I said Windows-Based.  You'll need to be running Win95, 98, or NT4 to use the PNC.  Anything else, and you're back to Telnet and command lines, and no "Quick Start" guide to help you either!  (See this tip for using the PNC with other ZyXEL and Netgear products.)  Let's see what you can do with the PNC. (Click on any of the screenshots to open a new window with a full-sized view)

Pretty Nice Controls..

If you are running the right flavor of Windows, I advise you to just pop the CD into your drive, click on the top "PNC" menu choice in the window that comes up, and run the installer, which even does some basic networking functionality checks.  After your system reboots, you should be taken to the "Internet Access Wizard" where you can do basic setup as shown below

You'll probably spend more time in the Advanced Setup PNC module, where you can access most of the 312's Ethernet setup info, get system status, view and set logging, and most importantly view and configure filters! (more on that later)

Remote Administration

For remote administration, you can Telnet into the "Manager Interface" from the WAN side, after you establish a Firewall policy to allow Telnet sessions from the WAN (more on this later).  You may also be able to use the PNC applications from the WAN, but I didn't test this.

The router allows only one login at a time, whether via the web, Telnet interface, or PNC application.  Note that the messages (or lack thereof) that the second user gets can be confusing.  

The PNC will pop up a window asking you to reset the Subnet Mask if you try to use two of the three PNC applications simultaneously.  Don't do it.  Just say No and log out of the PNC application that you're not using.

The Telnet Manager Interface will also log you out automatically after 5 minutes, but the PNC apps will stay connected indefinitely!  If you want to change this timeout value you can, but you need to drop down to the third control interface, the command line interface mode.  This mode can be accessed from the Telnet interface or Advanced PNC app and if you love typing cryptic commands in response to cryptic prompts, you'll be right at home!

More setup & Firmware upgrading

You can manually set the 312's WAN port information or have it act as a DHCP client and obtain everything automatically.  It can handle "host name" authentication (like @Home uses) , the RoadRunner TAS Authentication methods, and allow you to set the WAN interface MAC address equal to that of a NIC connected to the LAN side.  This last method will help MediaOne/RR users whose service is tied to a specific NIC avoid having to call in their new MAC address.

On the LAN side, you can set the starting IP and range of addresses that the DHCP server will hand out (up to a max of 32 addresses), or disable it and assign your IP info manually. Note that the DHCP server will also hand out Domain information if you've entered it, a handy feature for @Home users.

The PPPoE setup allows you to enter your account login information and set an idle timeout.  The User name can be up to 45 characters long.

Firmware upgrading can be done either via FTP or by using the PNC Advanced Setup's System Update feature.