jk's blog

ZyXEL – ZyWALL USG 50 First Impressions

We just got one of these. It’s a low-cost firewall. Some folks on forums have said that ZyXEL uses a proprietary OS, ZyNOS, and perhaps they do, but not on this device. The latest firmware download includes a spreadsheet with FOSS software listed, and it includes the Linux kernel and a bunch of popular networking software.

I haven’t built Linux firewalls in a few years, so I’m out of touch. The firewall feels a little Linuxy, but there’s a layer of configuration objects that helps to glue all the different services together.

(I’ve also been studying the Edgewater routers, and it appears to be Linux as well, but with a different layer of stuff atop the Linux foundation. So these companies are doing a bit of value-add on top of the regular Linux software stack.)

This firewall includes a 4-port switch that is backed by a 3-port router. Each port can be assigned to one of three networks: lan1, lan2, dmz. The default config is two LANs and the DMZ, and you can rearrange them a little bit. I mention this here, because it’s not in the advertising I saw on websites.

I think the underlying hardware probably has five independently addressable ethernet interfaces. It’s just pre-configured to give you two wans and three lans.

IMO, the price of this device is in-line with what you might build for yourself, with the advantage that it’s managed. The antivirus and antispam features, though, seem to not be worth it, unless you’re really not interested in managing security. The DIY solutions I’ve made with the standard apps, like Spamassassin, have been pretty good, and better than what this router offers. The question is cost-benefit, because the benefits of even mediocre filtering outweigh the low cost of the service.

This is a weird segment of the market, with competition from SonicWall, WatchGuard, EdgeWater, Barracuda, BlueCoat, MikroTik, Untangle, Netgear and others. Most of these are built on Linux or some other Unix, and run the same software. The prices vary significantly.

An old-style DIY router would require a lot of LAN ports, meaning either a bunch of etherexpress cards, or one of those expensive multi-port cards, and would consume a lot of power. A new-style one would use a router motherboard from a website like routerboards.com, which again costs a bit of money, but save on power costs. There’s really no way to win with firewall/routers.

There have been some interesting platforms for building routers. SuperMicro has a small server, the 5015A, that’s a dual core Atom CPU with two gig ether ports, $330, but it’s got no memory or disk. You’d have to add around $100 worth of SSD and RAM, to get a 2GB server. A dual port ethernet card is another $80 or so. Building a big multi-port firewall is pretty expensive. It’d probably beat this ZyXEL USG 50, but it would also be pretty pricey, though not as expensive as a Cisco or HP.

Attachment Size
DSCN2869.JPG 33.15 KB