- Stateful inspection firewall with DoS protection
- Multiple NAT modes for multiple WAN IP sharing
- Time based content filtering
- Decent speed

- No port range forwarding
- Still need Telnet interface for some features

Updates

10/17/01 - New V3.50(WA.0) firmware upgrade available that adds support for IPSec VPN.

9/21/01 - Added Content Filtering feature info.

The Basics

• Power

• System

• 100Mbps, Link/Activity, for LAN ports

• Link/Activity  for the WAN por

• One RJ45 10BaseT for the WAN

• One RJ45 auto sensing 10/100BaseT LAN

• Power

• Console (9p female D serial port)

• printed User Guide

• Read Me First sheet

• Documentation CD

• one normal UTP cable

• one crossover UTP cable

• DB-9M to DB25F/DB-9F serial "Y" cable

• NO Hardware Reset switch

• Has Uplink or Normal / Crossover switch for LAN Port

Introduction

ZyXEL's ZyWALL 10 is a moderately priced, full featured stateful inspection based firewall. It also supports five different NAT modes (Multi-NAT) that advanced users with multiple IP addresses will find handy.  But the User Interface, although improved, still doesn't provide access to all features, and you may find the port forwarding features too limited...

Setup and Basic Features

The ZyWALL 10 is pretty much the same product as the Prestige 312 that I reviewed about a year ago, with the following differences:

• Schedulable Content Filtering has been added

• Redesigned user interface

• Slightly smaller physical package

The new user interface drops the two Windows-based "PNC" applications that were used as the primary administration tools on the P312, replacing them with browser-based admin screens.  These screens (see the examples below) give access to many, but not all of the 10's features, so you'll still need to use the Telnet interface to access the others. Since firmware upgrading can be done via FTP or TFTP, the result of all these changes is that the ZyWALL 10 is no longer limited to Windows-only administration for users who aren't happy with a Telnet only user interface.

The router default configuration has the WAN set to be a DHCP client and the LAN DHCP server enabled,  so many users will just be able to plug and go. It also comes set to 192.168.1.1 and a default password, which you should change as soon as possible, since it's commonly known!

You can manually set the WAN port information or have it act as a DHCP client and obtain everything automatically.  It can handle "host name" authentication (like @Home uses), the RoadRunner TAS Authentication methods, and allow you to set the WAN interface MAC address equal to that of a NIC connected to the LAN side.  This last method will help AT&T Broadband users whose service is tied to a specific NIC avoid having to call in their new MAC address.

On the LAN side, you can set the starting IP and range of addresses that the DHCP server will hand out (up to a max of 32 addresses), or disable it and assign your IP info manually. Note that the DHCP server will also hand out Domain information if you've entered it, a handy feature for @Home users.

The PPPoE setup allows you to enter your account login information and set an idle timeout.  The User name can be up to 45 characters long.

Remote Administration

For remote administration, you can Telnet into the "Manager Interface" from the WAN side, after you establish a Firewall policy to allow Telnet sessions from the WAN (more on this later).  You can also use the Web admin pages from the WAN, after establishing a SUA server (forwarding port 80) to 192.168.1.1 and establishing a Firewall policy to allow HTTP access.

The router allows only one login at a time, whether via the web, Telnet interface, or PNC application.  Access via either interface times out after 5 minutes.

If you want to change either the timeout, or set a "trusted IP address" that will be the only address allowed to connect via the 10's WAN side, you'll need to access the Telnet manager.