Like every other website on the planet, SmallNetBuilder uses cookies. Our cookies track login status, but we only allow admins to log in anyway, so those don't apply to you. Any other cookies you pick up during your visit come from advertisers, which we don't control.
If you continue to use the site, you agree to tolerate our use of cookies. Thank you!

Wi-Fi Router Charts

Click for Wi-Fi Router Charts

Mesh System Charts

Click for Wi-Fi Mesh System Charts

Performance, Pricing and Closing Thoughts

The UTM features on the USG100 have a price, both in throughput and dollars.  Inspecting packets and filtering traffic will slow down the router's throughput, some features more than others.  Fortunately, each of the features can be individually enabled or disabled, which gave me the ability to test each feature's impact on throughput.

For the data in Table 1, I used Jperf to measure throughput, with a TCP window size of 16.0 kBytes and a 10 second test length.  I started with all security features off, then measured throughput with only one feature on at a time.  With seven different features, it would be nearly impossible to test all the permutations, so I didn't even try. But I did test throughput with all features on, as shown in the last row.


Throughput (Mbps)

All Off 104 96 101
Firewall Only 83 82 81
AppPatrol Only 18 17 17
AV Only 55 51 55
IDP Only 21 50 20
ADP Only 57 58 56
CF Only 96 89 92
AS Only 102 96 101
All On 16 17 16
Table 1: Throughput vs. mode

As shown, throughput is over 100 Mbps without any traffic filters.  However, enabling the Firewall knocks throughput down to 82 Mbps.  Running Anti-Virus filtering will drop throughput down to 51-55 Mbps, and turning on all UTM features reduces network throughput to 16-17 Mbps

Based on a couple of trial combinations, it seems that the slowest individual feature sets the throughput for combinations of features. For example, enabling the Firewall, AV, CF and AS produced throughput of about 49 Mbps, which is just below the throughput value of the AV feature alone.

Notice that IDP filtering drops throughput to 20-21 Mbps on WAN-LAN and LAN1-LAN2, but LAN-WAN throughput was 50 Mbps.  This was due to using the default IDP rule, which only filters traffic terminating on a LAN interface.  This points out that performance may be improved by ensuring your filtering rules are only applied to specific interfaces.

Obviously, throughput suffers when using all the UTM features, which makes me wonder if the device has a powerful enough processor and enough RAM.  The four minute reboot times I mentioned in Part 1 also make me suspect that it could be somewhat underpowered.

Recapping the pricing from Part 1, as I write this, the USG100 can be found on-line for as low as $456.  (Just scroll down to see the shopping box for current pricing.) A one year subscription for Anti-Virus and IDP runs $166.10, and a one year subscription for all UTM features, including AV, IDP, CF and AppPatrol is $246.95.

It's important to note that I couldn't crash this device.  In over a month of testing and use on my network, I turned on and off every single feature on this appliance numerous times.  I plugged and unplugged devices, added and deleted profiles, changed IP addresses and subnets, etc.  Not once did it crash or require a power cycle, and I consider myself uniquely talented at causing devices to freeze!  Based on my testing of other UTM devices, that is a strong plus for the USG100.

With the ability to enable and disable security features as desired, and customize them to apply to individual network needs, the Zyxel USG100 is a powerful and highly flexible UTM appliance.  If you're looking for a single device at the core of your small network for providing Internet access, managing internal networking, and enforcing network security, I think the USG100 is a solid choice.

Support Us!

If you like what we do and want to thank us, just buy something on Amazon. We'll get a small commission on anything you buy. Thanks!

Don't Miss These

  • 1
  • 2