ZyXEL ZyWALL 70 review
This year’s PC Pro reader survey identified a strong demand from SMEs for all-in-one security appliances – a trend that hasn’t gone unnoticed by vendors as they queue up to jump on the bandwagon. ZyXEL has traditionally focused on the lower end of this market with a wide range of low-cost DSL combo routers, but the new ZyWALL family is a stab at larger businesses.
The ZyWALL 70 combines NAT/SPI firewall duties, support for IPsec VPNs, optional web content filtering and wireless support. The gaping holes in ZyXEL’s armour are anti-virus, anti-spam and intrusion prevention, and we were advised that ZyXEL plans to support these when it releases its ZyNOS 4 operating system. Offered as a free firmware upgrade, it will provide a yearly subscription service to these extra features.
The ZyWALL 70 comes with plenty of ports to play with and a key feature is the pair of WAN ports that can act as primary and secondary Internet connections and also in a load-balancing mode. There’s even more redundancy available, as the serial port can be used to connect a modem for a tertiary dial-up link. By assigning priorities to the three links, the router is forced to use the highest-priority link if available. So placing the dial-up link at the bottom of the list means it will only be used if the two WAN ports have failed.
With the appliance in routing mode, we encountered no problems with installation. Web management is supported, and the CLI (command-line interface) is well designed and simple to use. The browser interface is as easy to navigate, although it does look a little sparse due to the lack of security features currently supported. The firewall comes with default policies that cover general usage of the LAN, WAN and DMZ ports, but you can easily add your own. These cover traffic direction, port combinations and IP services and use a built-in scheduler to determine what days and times they’re to be activated.
Up to 100 site-to-site and client IPsec VPNs are supported, although ZyXEL’s creation method has to be one of the most complicated for an SME product. The manual makes a good job of clarifying the process, but it’s lengthy. Basic URL filtering and active content blocking come as standard. The optional web content filtering adds another £199 per year and uses the Cerberian-hosted service provided by Blue Coat. It’s worth the extra outlay, as it provides checks on more than 50 content categories and good logging facilities.
Wireless support is another option and requires a PC Card placed in the slot at the rear, although only ZyXEL’s own ZyAIR cards are supported, and just five specific models at that. We tried using a Netgear 802.11g PC Card and all the router did was continually reboot until we removed it. However, with wireless access implemented, you get the full gamut of encryption options and security features, and you can also create VPN connections for wireless clients.
ZyXEL’s move into SME security-appliance territory puts it up against veterans such as SonicWALL and WatchGuard. For the price, the ZyWALL 70 offers reasonably good value. Firewall and content-filter features are extensive, although if you’re tempted we’d wait until ZyXEL makes this a true all-rounder.