Review Price free/subscription
ZyXEL has been partial to a spot of diversification lately, as in our exclusive review of the NSA-2400 where we saw it move into the hotly contested desktop NAS appliance market. Now, its latest ZyWALL SSL 10 aims to give it a foothold in the world of SSL VPNs.
The appeal of SSL VPNs to small businesses hasn’t been missed by most SMB networking vendors with the majority catching on this year and delivering low cost appliances. Billion was one of the first with its well-featured BiGuard S10 and was followed quickly by Netgear and Linksys. Tipping the price scales at over £200 puts the SSL 10 firmly in the same ball park as Billion and Netgear and here we see whether it has the features to square up to them.
This compact appliance supports up to 10 SSL VPN tunnels but can be upgraded to 25 tunnels. It comes with a quad of switched Fast Ethernet ports and a single RJ-45 WAN port, which can be connected to a broadband modem or to an existing gateway. It has its own SPI/NAT firewall so can front an Internet connection, or you can drop it into a DMZ behind an existing firewall.
The web interface is easy enough to use and a wizard helps configure the appliance either as a gateway or when it’s on a DMZ. To secure access to LAN resources the appliance uses a combination of user authentication and group membership plus network objects. For authentication you have plenty of choices as you can use the appliance’s local user database but it also supports AD, LDAP and RADIUS servers.
SSL application objects are used to define a service and associated IP address on the LAN. For web based applications you specify the address of the hosting server and choose web server, web mail or OWA (Office Web Access) as the server type. For non-web applications you define them as applications with an associated IP address, TCP or UDP transport and service type. Lastly, you have basic file sharing objects, which contain a system’s IP address and the share path to a file or directory that will be presented to a remote user. If you want to give full access to the LAN you define the address subnet as a VPN Network, which will create a fully encrypted tunnel allowing access to the local network.