ZyXel Prestige 652 Series ADSL Security Router - PracticallyNetworked.com Earthweb.com Practically Networked Home Earthweb developer.com HardwareCentral earthwebdeveloper CrossNodes Datamation
Welcome to PractiallyNetworked
Product Reviews

 • Routers
 • Hubs/Switches
 • Wireless Gateway
 • Wireless AP
 • Wireless NIC
 • Network Storage
 • Print Servers
 • Bluetooth Adapters
& Tutorials

 • Networking
 • Internet Sharing
 • Security
 • Backgrounders
 • Troubleshooting

 • PracNet How To's
User Opinions
Practicallynetworked Glossary

 Find a Network Term  

  Most Popular Tutorials

• Microsoft Vista Home Networking Setup and Options
The most daunting part of upgrading to Windows Vista may be trying to figure out where in the layers of menus the networking and file-sharing options are hidden.

• Do It Yourself: Roll Your Own Network Cables
It may not be something you do everyday, but having the supplies and know-how to whip up a network cable on the spot can be very handy.

• Tips for Securing Your Home Router
Seemingly minor and easily overlooked settings can still have profound security implications. Here are some steps you can take to make sure your wired or wireless home router — and by extension, your network — is as secure as possible.

  Most Popular Reviews

• Microsoft Windows Home Server
If you have a home network, you'll welcome the easy file sharing, remote access and the image-based backup features of Windows Home Server.

• Iomega StorCenter Network Hard Drive
Iomega's fourth generation StorCenter Network Hard Drive brings many of the features found in higher-end storage devices down to an attractive price.

• MikroTik's The Dude
This free tool delivers many of the same capabilities that you'd find in pricey network monitoring tools. As long as you don't mind tinkering, The Dude is a decent network utility that should be worth the download.

 ZyXel Prestige 652 Series ADSL Security Router

 Author: Joseph Moran 
 Review Date: 12/20/2002

Model Number: Prestige 652 ($499)


  • Includes DSL CPE and provides line diagnostics
  • Strong firewall, filtering, alerting and logging


  • Not all features configurable via Web browser-interface

On the surface, the ZyXel Prestige 652 may appear to be another garden-variety broadband router, but it's clearly targeted at small businesses rather than the home or home office markets. The Prestige 652's features, flexibility, and price ($499) all reflect the business focus. It is distinguished by a strong and flexible firewall, a comprehensive content filtering capability, and excellent alert and logging features.

The Prestige 652 also includes built-in DSL equipment, so you can't use it in conjunction with a cable modem (ZyXel has other products that incorporate cable modem hardware). The Prestige 652 provides but one 10/100 Ethernet port, so an additional switch is a must unless you've got a one-computer network. (The port features an uplink switch so you can use either a straight-through or crossover cable.) The unit also provides a console port for direct configuration from a PC and a serial port that can connect to either a analog or ISDN modem as a backup to the DSL.


Because the Prestige 652 incorporates its own DSL CPE, the first order of business is to chuck whatever DSL gateway your ISP provided you with, since it won't be necessary and can't be used with the 652. Indeed, the Prestige 652 is just the type of device you would likely get from your ISP for business-level DSL service.

As a result, if you haven't received the 652 from your Internet provider, the initial setup procedure of the unit will require a little bit of preparation and gathering of information in advance. You'll need circuit-specific information like the Virtual Circuit Identifier and the type of encapsulation in use. The 652 supports eight different encapsulation methods, including PPPoE, (Point-to-Point Protocol over Ethernet) and PPPoA (Point-to-Point Protocol over ATM).

The kind of information that's required to get the 652 up and running is typically not published by the ISP for customer use, and you may or may not be able to obtain it from the technical support line. In my case, my ISP was unable to help me and I ultimately received assistance from ZyXel technical support.

Given the proper information, the setup is relatively straightforward. It's wizard-based, and only consists of about a half-dozen fields. Once I had the telco info, getting Internet connectivity took only about 20 seconds.

The Prestige 652 features the obligatory Web-based configuration utility, but that's not the only, or even the necessarily the best, way to interact with the unit. Like all ZyXel products, the 652 is based on the ZyNOS operating system, and in addition to the Web-based interface, you can also configure the unit via telnet or console cable. When connected to the unit in this way, you're presented with ZyXel's SMT (System Management Terminal), a menu-driven interface, but you can also configure the router via a command line interface similar to Cisco's IOS.

Most people will probably choose to configure the unit via a browser-based interface, and the most features are configurable this way. Some of the more advanced features can only be accessed via the SMT or command line modes.

Basic Features

The ZyXel supports many of the customary features of a broadband router, whether for business or home use. This includes things like Network Address Translation (NAT), Dynamic DNS, and DHCP. The 652 takes some of these features a step further than usual, however.

For example, the unit can serve as a DHCP server, but also as a DHCP relay, obtaining and distributing addresses obtained from another DHCP server on a remote network. It also supports both one-to-one and many-to-many NAT, so if you happen to have a range of global IP addresses from your ISP, you can map them individually or as groups to specific internal addresses, which is helpful when you want to precisely monitor network traffic.

A testament to the potential complexity of the ZyXel Prestige 652 is the size and scope of its manual. It's 330 pages long, so fortunately for the environment the manual is provided as a PDF and not a printed document. Most of the manual deals with configuring the router directly via the ZyNOS SMT, so you can probably safely toss it to the side unless you plan  to employ some of the more advanced features of the router.

On the other hand, the manual is worth a perusal if security is important to you. The firewall section not only goes into considerable depth in discussing the Prestige 652's security capabilities, it also provides good technical explanations of various kinds of IP denial-of-service attacks like SYN flood, Smurf, and Teardrop.


The space the Prestige 652 manual devotes to security is not surprising, and the firewall features of the router reflect this level of attention. You can specify individual sets of rules for LAN to WAN and WAN to LAN traffic, and you can separately define TCP, UDP, and ICMP timeouts to ensure that inactive sessions are dropped after a given amount of time.

Here's a nice feature: any rule you define can have an alert associated with it, so attacks can be immediately logged and/or e-mailed to the network administrator.

The Prestige 652 provides VPN capability via IPSec (but not the older PPTP or L2TP protocols) and it provides two levels of encryption -- DES (56-bit) and 3DES (168-bit). Two simultaneous VPN tunnels are possible.

Remote Management and Logging

When it comes to remote management capability, the Prestige 652 gives you a good deal more flexibility than most routers. Like others, you can specify a client IP address and port for remote access. However the Prestige 652 can be accessed remotely three different ways-- via the Web, Telnet, or FTP, and you can apply individual settings for each type. You can also individually specify whether each type is accessible from the LAN, WAN or both.

The Prestige 652's Maintenance menu includes a system status page that goes beyond simply displaying the LAN and WAN address information -- also available is such information as link state, upstream and downstream bandwidth, and the CPU load on the LAN port. There's also a diagnostics page that lets you run various tests on your DSL circuit, including checking the noise margins on both the upstream and downstream connections.

Recognizing that control of employee Internet access is important in a business environment, the Prestige 652 includes some fairly sophisticated content control features. You can block your users' access to Web sites by keyword, and you can dictate a schedule for when the blocking will take place. The schedule can be particular days of the week, every day, or just certain part of the day. For the boss, you can also specify an IP address or range of addresses that signify trusted users that are exempt from the content filtering restrictions.

Those who like to keep close tabs on the happenings of their network will really like the Prestige 652, because it has more logs than Abraham Lincoln's birthplace. The content filters, VPN, and firewall are all separately logged. Because logs are useless unless read, you don't need to connect to the router to check them; they can be output to a Syslog server (though you need to configure that via SMT).


Given the ZyXel Prestige 652's features and price, it's almost certainly overkill for a typical home or home office deployment. Because you might need to use the menu or command line methods for some configuration, it's not necessarily the product for neophytes or those who want a "plug it in and go" solution. But for strong security, logging, and alert features it's a good choice a small and growing business.

 Add YOUR Opinion  

Print this Page 

Earthwebnews.com Earthweb developer.com HardwareCentral earthwebdeveloper CrossNodes Datamation

Home | Networking | Backgrounders | Internet Sharing | Security | HowTo | Troubleshooting | Reviews | News | About | Jobs | Tools | Forums