ZyXEL has tossed its hat into the crowded VPN arena with its ZyWALL series of firewall/VPN appliances aimed at small to medium-size businesses. Some of the appliances are also designed to fit the needs of SOHOs, schools, and telecommuters.
The products range from the ZyWALL 1, designed for home users and telecommuters, up to the ZyWALL 100 (shown in Figure A), which supports up to 100 VPN connections and is designed for companies that need to support a large number of mobile users or telecommuters.
ZyXEL does a good job of fulfilling the capability needs of its target market, and the ZyWALLs are also very affordable. I found the prices ranged from about $155 for the ZyWALL 1 to $980 for the ZyWALL 100 (priced through Amazon.com).
As the product names suggest, the ZyWALL products include VPN support for anywhere from one to 100 IPSec connections. The firewall component performs the following:
- Packet filtering
- Stateful packet inspection
- Access control
- URL blocking
The firewall can also block DoS attacks and can display and log alerts as needed. ZyWALL is preconfigured to automatically block “pings of death,” SYN floods, LAND attacks, IP spoofing, and similar attacks. You can use the firewall as an Internet filtering appliance as well, and it supports CyperPatrol lists. You can block URLs, Java, ActiveX, and cookies.
The ZyWALL is also a full-function router. Its routing support includes:
- RIPv1 and v2
- IP alias
- IP multicast
- Programmable static routes
ZyWALL includes NAT for multiple IPs to conceal the network from the Internet and supports DNS proxy, dynamic DNS, and traceroute. In addition, ZyWALL supports Internet time calibration, Telnet, and command history.
Interface and setup
You can configure ZyWALL via a Web interface or via Telnet. The appliance uses a default IP address you can access by launching a browser or you can Telnet in to it.
Specific firewall settings are easily configured via the Web interface. You can set options and preferences in the following areas:
- Summary (access rules)
- Attack alerts
The Summary area houses the basic rules that determine what the firewall allows in and out. If ZyWALL's default rules don’t fit your security needs, you can set up custom rules to:
- Block unwanted traffic to the Internet, including IRC.
- Allow specific traffic, such as database synchronization.
- Block particular users from accessing the Web server.
- Restrict protocol use to specified users.
ZyWALL’s user’s guide includes detailed information about the rule logic so that you can configure them to correctly perform the intended actions. The user’s guide also presents you with a checklist to determine how the rules you set up will affect users. This will help you find out whether your rules are sound. You can specify the default action (such as block or forward) to take on a packet if no rules apply to that packet.
For alerts and logs, you can specify the e-mail addresses of individuals and groups to direct messages to when incidents occur. ZyWALL is preconfigured to block attacks, but you can set preferences for how and when it will send alerts when attacks are detected. You can also set up thresholds for attacks—for example, you might want to tell ZyWALL when to begin deleting half-open sessions to prevent DoS attacks from succeeding.
The ZyWALL interface and commands are comparable to those of similar products and the products include detailed user manuals. The combination of these two factors make configuration fairly easy.
Who will benefit?
ZyXEL’s ZyWALL series seems ideally suited to SOHOs and telecommuters. It’s an affordable appliance that enables those who work out of their homes to secure their Internet communications and transactions and to share broadband connections with other PCs on their home networks.
It’s also a good solution for organizations that support telecommuters or use VPNs to link users and sites to the home office. The ZyWALL 100 supports up to 100 VPN connections and offers a cost-effective means of securing communications over these links. The firewall feature with its custom rules gives administrators a lot of control over what traffic they allow in and out over these connections to help maintain security and ensure that traffic is business related.
ZyWALL’s low price also makes it an attractive solution. And because ZyXEL offers a range of products to suit different needs, anyone from home office users to medium-size organizations can find the right ZyWALL for their network.
The ZyWALL series is ICSA certified, so the products have been tested and shown to be effective at securing Internet communications. ZyXEL’s products are worth considering because of the nice bundle of features they offer:
- Firewall protection
- Customizable rules
- VPN support for up to 100 connections
- ICSA certification
- Reasonable price
If you’re in the market for a firewall/VPN appliance and have relatively modest needs and budget, ZyXEL may offer a ZyWALL that suits your purposes.