ZyXEL ZyWALL 10 Internet Security Gateway - PracticallyNetworked.com Earthweb.com Practically Networked Home Earthweb developer.com HardwareCentral earthwebdeveloper CrossNodes Datamation
Welcome to PractiallyNetworked
Product Reviews

 • Routers
 • Hubs/Switches
 • Wireless Gateway
 • Wireless AP
 • Wireless NIC
 • Network Storage
 • Print Servers
 • Bluetooth Adapters
Troubleshooting
& Tutorials

 • Networking
 • Internet Sharing
 • Security
 • Backgrounders
 • Troubleshooting
    Guides

 • PracNet How To's
User Opinions
Practicallynetworked Glossary

 Find a Network Term  
 
Forums
About
Jobs
Home

  Most Popular Tutorials

• Microsoft Vista Home Networking Setup and Options
The most daunting part of upgrading to Windows Vista may be trying to figure out where in the layers of menus the networking and file-sharing options are hidden.

• Do It Yourself: Roll Your Own Network Cables
It may not be something you do everyday, but having the supplies and know-how to whip up a network cable on the spot can be very handy.

• Tips for Securing Your Home Router
Seemingly minor and easily overlooked settings can still have profound security implications. Here are some steps you can take to make sure your wired or wireless home router and by extension, your network is as secure as possible.

  Most Popular Reviews

• Microsoft Windows Home Server
If you have a home network, you'll welcome the easy file sharing, remote access and the image-based backup features of Windows Home Server.

• Iomega StorCenter Network Hard Drive
Iomega's fourth generation StorCenter Network Hard Drive brings many of the features found in higher-end storage devices down to an attractive price.

• MikroTik's The Dude
This free tool delivers many of the same capabilities that you'd find in pricey network monitoring tools. As long as you don't mind tinkering, The Dude is a decent network utility that should be worth the download.


 ZyXEL ZyWALL 10 Internet Security Gateway

Page 2 

 Author: Tim Higgins
 Review Date: 9/13/2001


Firewall


NOTE: Opening holes in your firewall can compromise your LAN's security if done incorrectly.

The web admin interface allows you to:

  • Enable / Disable the firewall

  • Setup emailing of firewall alerts

  • Set timing thresholds for Alert features

  • Configure rules and services

  • View Firewall logs

The product comes with a number of pre-defined services (sets of ports and protocols) and you can define 10 more.  You use these services to define 10 firewall rules for outbound (Local Network) traffic and 10 for Inbound (Internet) traffic. Each rule allows you to specify (see the screen shots below) whether the referenced service is passed or blocked, whether it's logged, and whether an email alert is sent when the rule is triggered.

  ZyWALL 10 - Internet Firewall screen   ZyWALL 10 - Firewall Rule Configuration screen

There are some additional Firewall features, such as the ability to set timeouts on various TCP, UDP and ICMP connection types.   On the downside, however, you can't define custom services using the ICMP protocol, and the logging could be better (more on that later).

An important point to remember is that you must have an Internet Firewall rule to match each SUA (or forwarded port), or your forwarded service won't work!

 

Multi-flavored NAT


What sets the ZyWALL 10 apart from most other routers that I've tested is its five different NAT modes (Multi-NAT). (Check this ZyXEL FAQ for more details.)

These new NAT modes will be useful primarily to people who have multiple IP addresses from their ISP.  

NOTE: The '10 has only one physical WAN port, so it can't be connected to multiple WAN feeds, i.e. both a cable modem and a DSL connection.  Your multiple WAN IP addresses must come from the same ISP.

With Multi-NAT, for example, you can have more than one of the same type server (HTTP for example) running on the same port number, but on different IP addresses (or domains).  This is like having multiple "DMZ" capability, but you still get the firewall protection for the servers.

The old "SUA" (Single User Account) NAT mode is still supported, and it fortunately has its own page in the product's Web admin interface.

ZyWALL 10 - SUA/NAT screen

So you can easily allow servers on your LAN can be accessed from the Internet, but you are limited to 12 single-port-number-to-LAN IP mappings.  You can't specify TCP or UDP protocol, and you can't map port ranges, either.  One of the twelve mappings is dedicated to the Default Server mapping.  This is similar to the DMZ Host, or Exposed Computer feature on other routers.  Another mapping is dedicated to Port 1026 "RR Reserved", so this leaves 10 single port mappings that you can actually use.

  • Page 1
  • Page 3

  •  Add YOUR Opinion  

     Opinion Summary:     93.8%   |   6.3%  |   out of 16 reviews  
     Read Reviews by Users  

    Print this Page 



    Earthwebnews.com Earthweb developer.com HardwareCentral earthwebdeveloper CrossNodes Datamation


    Home | Networking | Backgrounders | Internet Sharing | Security | HowTo | Troubleshooting | Reviews | News | About | Jobs | Tools | Forums