HomeComputersSecurity DevicesNetwork SecurityFirewall DevicesZyXEL ZyWALL USG300 Unified Security Gateway and Firewall w/200 VPN Tunnels, SSL VPN, 7 Gigabit Ports, and High Availability |
|  | | | Customer Reviews: | | | Average Customer Review: ( 32 customer reviews )
Write an online review and share your thoughts with other customers.
Most Helpful Customer Reviews
26 of 28 found the following review helpful:
 Great SOHO VPN Firewall Nov 22, 2010
By WPB Consulting
While ZyXEL may not be that well known in the consumer network gear market, they make some good enterprise level gear. The USG line from ZyXEL is middle ground between simple consumer products and highly configurable enterprise products.
I have used the ZyXEL ZyWALL 2 PLUS Internet Security Firewall, 4 Port 10/100 Fast Ethernet Switch, w/ 5 IPSec VPN Tunnelsand the (discontinued) 1P for several years without issue; primarily for maintaining an IPSEC VPN tunnel. While the 2 Plus and 1P were more consumer grade, the USG20 is a step beyond. It has a plethora of configuration options available, and wringing out optimal performance from the device is not for the faint of heart. Having a background in network configuration will make the job easier, otherwise, plan to spend some time with the instruction manual.
ZyXEL's online resources, customer support and forum support are very good; they strive to make sure your problems get solved. They offer timely firmware updates to correct problems.
The ZyWALL USG20 not only has basic packet inspection firewall and traffic anomaly detection functionality, but has a significant number of features at this price point:
* Flexible Security Zones
* IPSEC and SSL VPN
* VLANs
* Bandwidth Management
* Content filtering/ Anti-SPAM
* Reporting
The UI is somewhat straightforward, however, the concept of Objects may confuse some. Objects are used to define re-used elements throughout the configuration. For example, an IP address range may be defined and named IP_RANGE_1. This name is then used throughout the configuration screens when setting up features that use that same address range.
There isn't much you can't do with this, that you could with a device costing several times as much.
Pros:
* Price vs Features ratio
* Highly configurable
* USB 3G support
* Configuration wizards for some set-up
* SSL VPN support
* 4 Gig ports
* Runs cool
Cons:
* No PPTP/L2TP VPN
* Object oriented configuration can be confusing
* SSL VPN limited to few applications and hard to get working.
* So configurable that it takes a while to fully set-up.
* Manual recommends unit SHOULD NOT be wall mounted. (Why?)
13 of 13 found the following review helpful:
Great features for the money! Aug 31, 2011
By Classless
I bought this router from a competitor but wanted to leave a review here. The amount of features that you get out of this router is unbelievable for the price you pay. I'll point out my pros and cons about the unit but I will start by saying that this is not a dlink/linksys/netgear plug and play router, you need to have a good understanding of networking in order to use the unit to even half of its full potential.
Pros:
IPSec VPN
SSL VPN (ridiculously easy to configure, and there is a network extension option so that you can actually be put on the network and have full access to your resources)
Extensive firewall options (seriously there's a ton of options)
Cisco-like CLI
Ability to integrate with Active Directory (I use this with the ssl vpn, can be kind of tricky to configure though)
Bandwidth Management (very flexible options for this, you can really lock down how much bandwidth devices/programs can have and set priorities as well)
Object based (this is really useful, instead of specifying IP address in NAT/Firewall/BWM you can create objects and then specify the object so that in case you need to change it, you only need to change it in one location. You can even group objects together to consolidate firewall/BWM rules)
True DMZ (you can actually dedicate a port to the DMZ and then just have the others on lan subnets)
Free U.S. based technical support for the life of the unit (I called them before purchasing the unit to get information on it and the gentlemen was very courteous and knowledgeable. It's comforting to know that if I have issues I can get a hold of someone, who is American, within minutes). The firmware updates are free for the life of the unit as well.
Cons:
No L2TP/IPsec (Zyxel says this will be available in a firmware update, not sure exactly when though)
Occasionally the user interface will be stuck in a "loading" state when browsing. It only happens once or twice a week and clearing the cache usually fixes the issue.
The unit does feel a little bit cheap without a metal enclosure, but it does a pretty good job of getting rid of heat.
The unit has the "authentication policy" option which allows you to force users to enter a username and password when accessing some or all network resources (including the internet) to further increase security on the network however I have found that it doesn't work very well. For example, some times it wont prompt me to enter credentials and other times it will ask for them and after i enter them the network resource wont come up.
Closing thoughts:
The unit does also have content filter/ADP(anomaly detection and protection)/anti spam but I have not used any of these features though I have heard good things especially from the content filter. The content filter requires a license that you must purchase (you are given a 30 day trial) and the ADP and Anti Spam appear to come with the unit without a license (at least from understanding).
I mentioned it before (and other have as well) but its worth mentioning again that you get a lot of features for the price you pay. I've been very happy with the router since day one (I've had it about three weeks now). Hope this review helps somebody out there.
***Update 12-24-2011***
I've had the firewall for about five months now and it's still running strong. I haven't had any issues so far and after doing a firmware update I am now able to get the authentication policy to work properly. It also seems that Zyxel is releasing a major firmware update next month for all their USG series firewalls which will add IPv6 support as well as L2TP support.
12 of 12 found the following review helpful:
Great product with only one flaw Oct 26, 2010
By Kelly
This is one of the best priced and most feature rich routers I've ever used. I've used sonic walls about 5 years in the past and we had a linksys dual wan router before this. Once we needed more than one external ip the linksys just couldn't cut it. The firewall would either be fully off or fully on with secondary ip's, so we had to find another solution. Having used sonic walls in the past I looked at them first but a price/feature comparison lead me straight to the ZyWall USG100.
Setup for the device seems complicated at first, with assigning ip's to machines, ports to groups, and other things that I've not encountered with a firewall before. But these extra steps in the beginning save so much time later on. Instead of having routes and many firewall rules assigned to an ip, you would assign it to a virtual object stored in the zywall which has all of it's information. So when a change to the machines ip is required you don't have to go in and change every single rule and route, you just modify the virtual object and your done.
So far it's done everything we've needed and suprised us with its flexibility. And it would have 5 stars from me except for one slight failing. The vpn setup is a bit unruly when it comes to macs. Just for a standard vpn it requires a free 3rd party program (ipsecuritas) with a bit of setup that a normal user would balk at. Also the ssl vpn which ZyXEL boasts about is just a no go for macs, it just isn't supported.
It's a great product for a great price. It does everything well except for the vpn working with macs. If they can fix that then they would get 5 stars from me.
8 of 8 found the following review helpful:
Great Firewall, AV, IPS, SSL VPN licenses are overpriced and hard to find Jul 30, 2011
By M. Greeder
I needed a firewall that would keep up with 100Mbps Comcast cable modem down speeds. I own a DLink 655 extreme N and a Linksys / Cisco E3000. Both limited my down rate to about 40Mbps. The Zyxel ZyWall USG200 easily keeps up with the data rate. I've seen down rate hit 80+Mbps. It has all of the expected firewall features and allows policies to be built and assigned to groups or users. It is also very flexible in allowing the 2 WAN ports to be configured to work either together to increase capacity or provide redundancy or independently. The 4 internal GBEN ports can be assigned to different VLANs with a flexible rule set determining what traffic is allowed to what port.
The SSL VPN works with a IE9, IE8, Firefox, and Google chrome running on Windows 7, Vista, and XP (it will probably work with others, but that's all that I've tried it on).
The big downside to this firewall is that the Anti-virus, IPS (Intrusion Protection System), and Content Filter (from Blue Coat) only come with a 30day license. After 30 Days, you have to buy a license for each. The cost of the licenses is way too high (ranging from $150 per year to $400.00 per year for each of the features, AV, IPS, and Content Filter). This is not clear in any of the product descriptions. I like the firewall well enough, but the licensing scheme is a major downside. Oh, you can also buy Zyxel OTP (One Time Password) hard tokens to use for logging onto the system. Those run $132.00 for ten.
In addition to the cost, the licenses are not easy to find.
One note on the SSL VPN... the built in license only allows 2 concurrent VPN sessions. Additional VPN sessions require the purchase of yet another license to increase the concurrent limit.
In summary, it's a good Firewall but the AV, IPS, content filter, and SSL VPN licenses are overpriced and hard to find. I would have given the firewall 5 stars if it were not for the licensing issues with the feature components.
11 of 12 found the following review helpful:
 Know what you are buying Aug 06, 2011
By Citizen
The USG 20 is a very feature rich and powerful device for the money. It has features that until very recently could be found in expensive commercial network appliances. Don't mistake this device for a simple home gateway. I have had it for a few months now and have a few observations.
1) Configuring this device is not for the faint of heart. If you don't have a reasonable level of IT skill, this may not be for you. The manual is almost 1000 pages. It is poorly translated to English and unclear in places.
2) ZyXel has been delivering firmware updates at a rapid pace (10/12/2010, 4/25/2011 and 6/3/2011). This is good because they are clearly supporting it. It is also bad because there are a lot of bug fixes. These fixes included a fix for a serious security flaw that was found earlier this year by RedTeam PenTesting GMBH. This kind of flaw should not have escaped from any security vendor. Worse, I could not find any indication that ZyXel notified it's customers to update their firmware.
3) In all firmware versions to date, the firewall does not cut off active sessions when a schedule rule is applied. If you intend to use this device to limit your kids computer time, it doesn't work. This is a flaw that affects many users.
4) The first unit I received died within 24 hours. Amazon replaced it and the second unit has been fine. It does run hot so it cannot be placed where airflow is restricted. I have mine on a wire rack style shelf to allow airflow underneath and above the device. I would not be comfortable stacking another device above it.
5) There were indications in ZyXel support responses and in online reviews that support for IPV6 would be added by the end of last year. That was one of the reasons I bought it. The capability has not shown up.
See all 32 customer reviews on Amazon.com
|
| | |
|
|
