ZyWall 1 VPN Internet Security
Gateway link
Score: 2/3
Review Type: Hands On
Reviewer: Chris Kaminski
Date: Feb 12, 2001
Overview
The ZyWall 1 is ZyXEL’s basic firewall/router with
an IPSec VPN end point built in. As an Internet connection sharing device,
ZyXEL has always come out on top because of their excellent firewall
capabilities and stability. As a VPN device, the ZyWall 1 implements a
single standard IPSec channel. Unfortunately ZyXEL did not implement
enough features into their web interface.
Setup and Admin
Setup is done with a fairly straightforward web
based wizard. Although setup is not aimed at a beginner, someone familiar
with networking and broadband would have nor problem with the setup. I
would like to have seen some ISP specific information included to help
beginners set this device up.
Administration is also done with a web interface,
telnet interface or SNMP. ZyXEL has improved the web administration by
alleviating the need to open telnet sessions to simply set up a web server
(yeah!) The did however dump the easy to use telnet menu system that
allowed you to do some pretty advanced configurations using just the
menu’s. Now a telnet session dumps you into the native ZyNOS operating
system of the router.
The Dynamic DNS client built in is a nice touch, but
you are stuck using DynDNS.org. I wonder why others are not listed?
Perhaps in the next firmware update.
Security
Security is one area ZyXEL has always shined. The
built in firewall with SPI is the same used in their higher end corporate
devices and can protect your network very well against most kinds of DoS
attack. The email alert system built into the firewall can send email
messages when your network is attacked. It can also send alerts when users
on your network try to access web sites you have ‘blocked’.
 Although some advanced of ZyXel products like
services blocking were rather difficult to set up, the new web based
interface is a breeze to use. Simply select the application you wish to
block (like FTP, IRC, WEB, etc) and then set the days and times to block.
The BIG problem with this interface is that you can not specify custom
port or port ranges to block. For instance, if I wanted to block my kids
from playing multi-player games on-line while they were home from school
‘sick’, I could not do that. I am sure that the telnet interface would
allow such things, but ZyNOS (the router OS) is an inappropriate interface
for any home user.
VPN
Having a VPN client & server built into your
router is ALWAYS cool. You can use it to connect to your IPSec based work
VPN or you can connect into your home network across the internet using
any standard IPSec client. The ZyWall 1 supports only a SINGLE VPN
connection though. Purchase the ZyWall 10 if you need to keep a couple
connections active – up to 10.
Summary
ZyXEL makes good solid products that are reliable –
the ZyWall 1 is no exception. Some of the new features in the web based
user interface are nice, but there are some things that are completely
missing. Settings for remote administration, custom port blocking, Syslog
or SNMP trap based firewall logging and more are all functions the router
should expose through the web interface but does not. They are not even
easily accessible through the telnet interface.
Beginners would find the router nice once it is set
up – intermediate level users will become frustrated having to learn ZyNOS
to accomplish some tasks.
Last Note: The product literature for
the ZyWall mention Cookie/ActiveX and Java blocking. I was unable to
find the option in the web interface. UPDATE:
This will be included in
the next firmware release - after v3.50
| 
ZyWall 1 - VPN router
Menu:
