Verdict

Demand for all-in-one security appliances in the small business sector has been growing significantly over the past year as these products aim to provide a simple plug-and-go solution that requires the minimum of IT expertise to use. ZyXEL makes a move into this territory with its latest ZyWALL family which it coins unified threat management (UTM) firewall/VPN appliances.

The ZyWALL 5 on review is the entry point of this new range and offers the complete gamut of security services starting with standard NAT/SPI firewalling and support for up to ten IPSec VPN tunnels. There’s much more on offer as you can implement IDP (intrusion detection and prevention), anti-virus and anti-spam measures, as well as full web content filtering. ZyXEL also offers a pricing structure that allows you to pick and choose which components to want to install. However, there are a few provisos that you need to be aware of which we’ll discuss further on.

The ZyWALL 5 is a solid little steel box which comes equipped with a 266MHz Intel IXP422 network processor and 32MB of SDRAM memory. Four switched Fast Ethernet ports are provided for LAN connections and the single Ethernet WAN port can be used to connect to an existing gateway or an ADSL or cable modem with an Ethernet interface. Any of the LAN ports can be designated for DMZ duties if required.

Two serial ports at the rear offer local access to the CLI (command line interface) and a dial-up failover modem connection. There’s also a PC Card slot alongside and it’s this that makes the ZyWALL 5 unique as it accepts the optional ZyWALL Turbo Card. It might look like a wireless PC Card but it actually provides hardware acceleration for the IDP and anti-virus services. It’s here that you need to make a big decision as the slot also accepts a wireless card. However, without the Turbo Card you can’t use the anti-virus and IDP features, both of which will be automatically disabled if it isn’t installed.

General installation on our test network was a brief affair and for Internet access we used an intelligent ActionTec R4500U ADSL modem which worked fine with the ZyWALL 5. The web interface is simple enough to use and opens with a basic status report on the system and interfaces and offers a couple of wizards for setting up Internet access and creating VPN tunnels. The appliance needs to be registered with ZyWALL after which you can download trials of the anti-virus, IDP, anti-spam and content filtering services. Unfortunately, ZyXEL has been very good at going off half-cocked with some of its latest product launches as at the time of review the anti-spam service wasn’t available due to a minor bug so the updates for this won’t be ready until November.

Anti-virus measures need no introduction as this comes courtesy of Kasperksy Labs. You can apply scanning to FTP, HTTP, POP3 and SMTP protocols so web and email traffic will be checked and apply these settings to any combination of LAN, WAN and DMZ ports. Infected files are destroyed if required and the Turbo Card gives the appliance enough oomph to scan inside archived files as well. IDP services cover all the common types of attacks and signature files for both this and the anti-virus component can be downloaded manually or automatically at specific intervals that can be as frequent as every hour.

Content filtering is a managed service provided by Blue Coat so the category database is maintained on its website and each web request from the LAN and WLAN will be passed across for checking. The pause is imperceptible during this process and you can pick and choose from over fifty categories to block and also stop ActiveX controls, Java applets and cookies from being downloaded. Transgressors can be sent a custom message in their web browser and be redirected to another URL as well. The appliance also maintains a cache of recent web sites visited for improved performance.

If you do opt for wireless access instead note that the appliance only accepts ZyXEL’s ZyAIR G-100 wireless PC Card which we successfully confirmed during testing. Plenty of security features become available as along with WEP and WPA you get support for a range of 802.1x authentication methods and the appliance can use an external RADIUS server or its own internal user database for authenticating wireless users.

Pricewise, ZyXEL is offering a comparatively good deal as you can buy the appliance and Turbo Card for around £369 (ex. VAT) or if you already have the appliance, the card combined with a one year IDP/anti-virus subscription costs £270 (ex. VAT). Content filtering will set you back £49 for one year and when the anti-spam service becomes available this will add a further £65 to the bill.

”’Verdict”’

As a complete Internet security solution the ZyWALL 5 is a good value bundle that can be customised to suit a range of budgets. It’s very easy to install, configure and use and offers a good range of security measures. However, the fact that you have to choose between wireless access and the IDP/anti-virus measures is a minor irritation.

Trusted Score