Like every other website on the planet, SmallNetBuilder uses cookies. Our cookies track login status, but we only allow admins to log in anyway, so those don't apply to you. Any other cookies you pick up during your visit come from advertisers, which we don't control.
If you continue to use the site, you agree to tolerate our use of cookies. Thank you!

Router Charts

Click for Router Charts

Router Ranker

Click for Router Ranker

NAS Charts

Click for NAS Charts

NAS Ranker

Click for NAS Ranker

More Tools

Click for More Tools

LAN & WAN Reviews

Unified Security Gateway
At a glance
ProductZyxel Unified Security Gateway (ZyWall USG 20)   [Website]
SummaryBusiness class router with Gigabit ports, IPsec and SSL gateways, one-to-one NAT, bandwidth management and more
Pros• Gigabit WAN and LAN ports
• Up and downlink bandwidth control
• LAN ports can be reassigned to 2 subnets or DMZ
• One-to-one NAT
Cons• Low # of VPN tunnels
• Very limited 3G USB modem support

Typical Price: $170  Buy From Amazon

Updated 5/20/2011 - The USG20 is the entry-level member of ZyXEL's third-generation Unified Security Gateway line. It combines an SPI+NAT firewall, IPsec and SSL VPN gateways, anti-spam and content filtering and multi-WAN connectivity including 3G backup into a security gateway aimed at small businesses with 1-5 users.

Unlike its bigger siblings, the USG20 stops short of being a full UTM, because it doesn't include anti-virus or intrusion detection and prevention (IDP). It does, however, have something many lower-cost business routers don't have—Gigabit WAN and LAN ports.

The 1-5 user recommendation is based on the USG20's CPU horsepower. But it also is related to the number of VPN tunnels supported, which are one SSL and two IPsec.

Updated 4/25/2011 All indicators are on the front and all ports are on the back. Those ports are pretty flexible, too and can be assigned to different subnets (each with separate DHCP server), used as alternate WAN ports or assigned as a dedicated DMZ port. The USB port supports only four Huawai USB 3G cards (E220, E270, E169 and E800), though, making this feature essentially useless for U.S. users. This also makes the failover from WAN to WWAN feature also unable to be used by U.S. buyers.

ZyXEL USG20 rear

The board top photo below shows the CPU underneath a fan-cooled heatsink. ZyXEL told us that it's a Cavium CN5010. It's a popular processor choice among VPN current VPN routers, also used in Cisco's RV042v3, RV 120W and RV220W,

The fan runs very quietly, though and you'll hardly notice it in a quiet home office and would never hear it over the din of a normal office.

Devices with part numbers that can be seen include a Realtek RTL8367R 5+1-port Gigabit Ethernet switch, 256 MB of Samsung RAM, Phison PS2232DB flash controller, SMSC USB2313 USB 2.0 3 port hub and Altera EPM240T MAX II CPLD.

ZyXEL USG20 board top

Flipping the board over reveals two flash devices, 256 MB (Mx 29LV160) and 128 MB (Samsung K9F1G08U0B).

ZyXEL USG20 board bottom

We'll cover the USG20's features in a complete review later. But in the meantime, here's a summary of its key features:

  • DHCP, Static, PPPoE, PPTP WAN types
  • DHCP server with MAC address reservation
  • VLAN support
  • Per host session limiting
  • Multiple WAN support with failover and load balance modes
  • Static and dynamic routing
  • SPI firewall disable, multicast, WAN ping and IDENT filtering and Proxy, Java, ActiveX and Cooking blocking
  • Single port forwarding and Port Range forwarding and triggered ports
  • HTTPS admin access
  • URL keyword blocking
  • Blacklist-based Anti-spam
  • Optional subscription Content Filtering via Blue Coat ($77 / year)
  • Uplink and downlink QoS, priority and bandwidth limit modes
  • Local logging, syslog and emailed alerts
  • 2 IPsec site-to-site / client-to-gateway tunnels
  • 1 SSL client-to-gateway tunnel

Routing Performance

Routing throughput running the latest 2.21 (BDQ.2) firmware and our router test process measured around 58 Mbps WAN to LAN and 42 Mbps LAN to WAN. The IxChariot composite plot below shows upload speed drastically lower than download in the simultaneous routing test.

ZyXEL USG20 throughput plots

The Maximum Simultaneous Connection test and the USG20's firewall didn't seem to get along, since I was able to get only 8 simultaneous sessions after multiple tries. Note that ZyXEL specs 6,000 maximum sessions tested using Ixia's IxLoad test tool.

Updated 5/20/2011- Retest of the Maximum Simultaneous Connections with ADP disabled yielded 29,986 sessions.

We last looked at a ZyXEL USG back in 2008, with the first-generation USG100. But a lot has changed since then, so we did a full review. You can also test-drive a USG50's admin interface, which is very similar to the USG20's to get a feel for things. You can also compare it to other products using the Router Charts and Router Finder.

More LAN & WAN

Wi-Fi System Tools
Check out our Wi-Fi System Charts, Ranker and Finder!

Support Us!

If you like what we do and want to thank us, just buy something on Amazon. We'll get a small commission on anything you buy. Thanks!

Over In The Forums

Hi all, new here.Is there an option to disable asus router's page redirection?My issue is the following:I have a double nat setup. I have a DSL modem ...
Hi to all!!! a few moments ago i was looking at System log and I found this:Code: Oct 15 06:40:13 kernel: br0: port 4(eth4) entered forwarding stateO...
I've owned the Asus AC66U router for a couple years now, running John's fork 374.43 V17E5. Have had no issues other than the random reboots (which see...
View attachment 14790 ​ Qualcomm announced today their first 60GHz Wi-Fi chipsets based on the 802.11ay-draft specification.QCA64x8 series (QCA6438 a...
Continuation of. . .https://www.snbforums.com/threads/custom-firmware-build-for-r7800-v-1-0-2-60sf.48805/New version of my custom firmware build: 1.0....

Don't Miss These

  • 1
  • 2
  • 3