PracticallyNetworked.com
Practically Networked Logo
ZyWALL 1 & ZyWALL 50 Internet Security Gateways

 Author: Ronald Pacchiano
 Review Date: 8/14/2002

 Add Your Review
 Read 3 Reviews by Users


Models: ZyWALL 1 ($179 MSRP) & ZyWALL 50 ($799 MSRP)

If nothing else, the advent of broadband technology has emphasized numerous security holes in many of our most trusted network operating systems. These shortcomings prove that we can't take our privacy for granted and need to take every precaution to protect ourselves and our data from Internet intruders. High-end network routers however can be very expensive and the cost of hiring specially trained people to ensure that the job is done right doesn't help matters. ZyXEL Communications understands this situation and developed a series of Internet Security Gateways the just might be what your looking for.

Their ZyWALL series of routers are incredibly feature rich, are available for various environments and can be configured by a person with a minimum of network experience. In spite of a deceivingly simple installation, the ZyWALL products have enough bell and whistles to please even the most demanding tech-heads. And while the ZyWALL routers are by no means cheap, the feature set they offer makes them a veritable bargain.

We recently we had the chance to spend some time with two products in the ZyWALL family; the almost $200 street ZyWALL 1 and the ZyWALL 50 which retails for around $630. These two products are very similar in operation and function, but are designed for two very different audiences.

For the home office user or telecommuter there's the ZyWALL 1. This model shares the majority of its features with the ZyWALL 50. In addition to the basic goodness of the ZyWALL 1 feature set, the ZyWALL 50 has higher aspirations and is aimed directly at the needs of small business users. Advanced firewall capabilities, superior content filtering and the ability to generate a large number of VPN tunnels make this a total Internet Security Solution.

Pros:

  • Highly customizable
  • Support for Dynamic DNS
  • Detailed logging and alerts via e-mail
  • Supports up to 50 VPN Tunnels (ZyWALL 50)
  • Excellent content filtering    

Cons:

  • No auto-sensing ports
  • User Guide on CD only
  • No integrated switch (ZyWALL 50)
  • Firewall rule creation can be confusing

Basic Features

Both the ZyWALL 1 and ZyWALL 50 are DSL/Cable modem routers with integrated firewall and VPN functionality. They share many common features, but differentiate in the number of VPN tunnels they support and the depth of the content filtering they provide.

ZyXEL designed both of these products to support numerous routing protocols. These include TCP/IP, RIP-1, RIP-2, ICMP, ARP, IP Multicast and IP Alias. An abundance of security protocols provide network users with even greater protection.

Encryption comes in the form of Network Address Translation (NAT), PPTP, IP Sec, Digital Encryption Standard (DES), Triple DES (3DES) and Internet Key Exchange (IKE). To help defend against Denial of Service (DoS) attacks the ZyWALL products make use of Stateful Packet Inspection (SPI) technology to continuously examine incoming data packets. The ZyWALL 50 can support one PPTP server connection at any given time and both units have built-in support for Dynamic DNS. This is important for users that don't have access to a static IP address.

Small business administrators will like the two products' logging and content filtering capabilities. Content filtering on the ZyWALL 50 is excellent. It can be configured by either domain name, keyword, or a subscription based content filtering service. Filter updates can be setup for automatic download on either a daily, weekly or monthly basis and is free for 6 months. On the ZyWALL 50 workstations can be exempted from the filtering. Filtering capabilities on the ZyWALL 1 are based on Keywords and specific services can be blocked, but there is no subscription service available. The ZyWALL 1 can exempt one workstation from the filtered services and sites.

The system and filter logs of both products collect a wealth of information to help with the monitoring of network traffic. Logs can collect data on anything from System Errors to blocked Web sites and even network attacks in real-time. When someone tries to visit a restricted site they are informed that the site has be blocked and to contact the System Administrator. The access attempted is then logged. The routers reports on which Web sites have been visited, which IP address made the request and the time that the access took place. These logs can be e-mailed to the administrator daily or weekly.

Management

Almost every aspect of the routers operation can be customized using the browser based interface. NAT settings can be altered, static routes and additional firewall rules can also be created. Specific Web features like ActiveX, Java and cookies can be blocked as well. The Filtering capabilities were very good and kept restricted sites from being reached when using either the qualified domain name or the sites IP address.

Both ZyWALL products have built-in DHCP capabilities and can handle client IP assignments. A 4-port switch is integrated into the ZyWALL 1 so you can get a small group of users up and running quickly. Auto-sensing ports are not part of the package, so you'll need to use the uplink switch when working with crossover and straight through cabling. The ZyWALL 50 doesn't have hub or switch ports on it. So you'll need to make sure you have an external switch available before you begin that network installation. I would have liked to have seen at least an 8-port switch on the unit.

One of the most valuable features of these products is their ability to generate a secure Virtual Private Network (VPN) tunnel with other offices or remote users. IPSec in conjunction with SHA-1 and MD5 authentication techniques have come a long way in securing VPN traffic. The ZyWALL 50 can support up to 50 VPN tunnels while the ZyWALL 1 is limited to only one VPN tunnel.

Installation and Configuration

The Web-based management system is well thought out, easy to navigate and simple to use. For most users the configuration wizard will get your router properly configured. Advanced menus and maintenance screens will smooth out any installation glitches that the wizard can't solve. Future updates to the gateways operation are easily installed thanks to an upgradeable firmware.

Connecting both products to our network was very straightforward and required nothing more then plugging in the ZyWALL and connecting the appropriate LAN and WAN ports. In the case of the ZyWALL 1, we just connected our PCs to the integrate 4-port 10/100 switch and plugged the cable modem into the available WAN port. The ZyWALL 50 required connecting the router to an external switch.

Our Road Runner cable modem automatically assigned the ISP information to both ZyWALL products so we were functional without having to perform any additional configuration. DHCP is enabled by default so our workstations were assigned IP addresses automatically.

SUMMARY

The ZyWALL 1 and ZyWALL 50 Internet Security Gateways are both easy to install, configure and administrator. Most of the features can be setup by a person with a moderate amount of networking experience, but if your going to try and tackle some of its more advanced features, like firewall rule creation or NAT customization, you had better have a good understanding of network operations.

The ZyWALL 50 is an impressive piece of hardware that offers many of the options of a CISCO router without the need for a CCNA to do the configuration. Although it's somewhat pricey, the ZyWALL 1 is ideal for the telecommuter and is ideal suited to its task.

Jupitermedia is publisher of the internet.com and EarthWeb networks.


Copyright 2003 Jupitermedia Corporation All Rights Reserved.
Legal Notices,  Licensing,Reprints, &Permissions,  Privacy Policy.
http://www.internet.com/
http://www.earthweb.com/