ZyXEL ZyWALL 35 UTM review

Dave Mitchell Read more October 7, 2009

£569

Price when reviewed

ZyXEL moved into the all-in-one security appliance market earlier this year with its family of ZyWALL products all supporting its UTM (Unified Threat Management) features. The plan was to deliver NAT/SPI firewalling, support for IPSec VPNs, web content filtering, anti-virus, anti-spam and intrusion prevention. However, when we reviewed the ZyWALL 70, many of these features had yet to be implemented and we recommended waiting until ZyXEL had made them all available. We now take a look at the ZyWALL 35 to see how well the company has progressed with its promises.

Aimed at SMBs looking for a low-cost security appliance, the ZyWALL 35 brings together a four-port Fast Ethernet switch and plenty of Internet failover features, as it offers a pair of WAN ports and a serial port for a backup modem connection. An unusual feature on all the ZyWALL products is the PC Card slot at the rear, and the price of the review unit includes ZyXEL’s ZyWALL Turbo Card that provides hardware acceleration for the IDP (Intrusion, Detection and Prevention) and anti-virus services. However, the slot also accepts one of five ZyAIR wireless PC Cards, allowing it to function as an 802.11b/g access point. Without the Turbo Card installed, the anti-virus and IDP features will both be automatically disabled. So you have a choice to make, as you can’t have built-in UTM and wireless support from the same device.

We found installation a cinch. After we connected an ActionTec intelligent ADSL modem to the first WAN port, DHCP had Internet access up and running for our test clients without us even touching the web management console. When you do load it, you’ll find the interface is easy enough to use, with the homepage providing a status report on the system and interfaces. Usefully, the two Ethernet WAN ports can be linked together in an active/passive team or as a load-balanced active pair. Two wizards help to set up Internet access and VPN tunnels. The appliance needs to be registered, after which you can download trials of the UTM services. The Mailshell anti-spam feature uses an external database plus black and white lists. There are plenty of options for handling dodgy mail, as you can add tags to the subject line of spam and phishing messages, discard SMTP mail and change the spam score threshold.

Content filtering is a managed service that comes courtesy of Blue Coat, and prices start at £49 for a year’s subscription. Over 50 categories can be blocked and you can also stop ActiveX controls, Java applets and cookies from being downloaded. Custom messages can be sent to anyone accessing a banned site and you can also redirect them to another URL.

Kasperksy looks after the anti-virus service, which can be applied to FTP, HTTP, POP3 and SMTP protocols on any or all of the LAN, WAN and DMZ ports. Signature files for both the IDP and anti-virus services can be downloaded manually or automatically.

For the price, ZyXEL is offering a comprehensive security solution and plenty of WAN backup facilities. Configuration and management are well handled and although it’s been a long wait, the UTM features make this little appliance a good all-rounder.