Performance, Pricing and Closing Thoughts
The UTM features on the USG100 have a price, both in throughput and dollars. Inspecting packets and filtering traffic will slow down the router's throughput, some features more than others. Fortunately, each of the features can be individually enabled or disabled, which gave me the ability to test each feature's impact on throughput.
For the data in Table 1, I used Jperf to measure throughput, with a TCP window size of 16.0 kBytes and a 10 second test length. I started with all security features off, then measured throughput with only one feature on at a time. With seven different features, it would be nearly impossible to test all the permutations, so I didn't even try. But I did test throughput with all features on, as shown in the last row.
Table 1: Throughput vs. mode
As shown, throughput is over 100 Mbps without any traffic filters. However, enabling the Firewall knocks throughput down to 82 Mbps. Running Anti-Virus filtering will drop throughput down to 51-55 Mbps, and turning on all UTM features reduces network throughput to 16-17 Mbps.
Based on a couple of trial combinations, it seems that the slowest individual feature sets the throughput for combinations of features. For example, enabling the Firewall, AV, CF and AS produced throughput of about 49 Mbps, which is just below the throughput value of the AV feature alone.
Notice that IDP filtering drops throughput to 20-21 Mbps on WAN-LAN and LAN1-LAN2, but LAN-WAN throughput was 50 Mbps. This was due to using the default IDP rule, which only filters traffic terminating on a LAN interface. This points out that performance may be improved by ensuring your filtering rules are only applied to specific interfaces.
Obviously, throughput suffers when using all the UTM features, which makes me wonder if the device has a powerful enough processor and enough RAM. The four minute reboot times I mentioned in Part 1 also make me suspect that it could be somewhat underpowered.
Recapping the pricing from Part 1, as I write this, the USG100 can be found on-line for as low as $456. (Just scroll down to see the shopping box for current pricing.) A one year subscription for Anti-Virus and IDP runs $166.10, and a one year subscription for all UTM features, including AV, IDP, CF and AppPatrol is $246.95.
It's important to note that I couldn't crash this device. In over a month of testing and use on my network, I turned on and off every single feature on this appliance numerous times. I plugged and unplugged devices, added and deleted profiles, changed IP addresses and subnets, etc. Not once did it crash or require a power cycle, and I consider myself uniquely talented at causing devices to freeze! Based on my testing of other UTM devices, that is a strong plus for the USG100.
With the ability to enable and disable security features as desired, and customize them to apply to individual network needs, the Zyxel USG100 is a powerful and highly flexible UTM appliance. If you're looking for a single device at the core of your small network for providing Internet access, managing internal networking, and enforcing network security, I think the USG100 is a solid choice.