Like every other website on the planet, SmallNetBuilder uses cookies. Our cookies track login status, but we only allow admins to log in anyway, so those don't apply to you. Any other cookies you pick up during your visit come from advertisers, which we don't control.
If you continue to use the site, you agree to tolerate our use of cookies. Thank you!

Router Charts

Click for Router Charts

Router Ranker

Click for Router Ranker

NAS Charts

Click for NAS Charts

NAS Ranker

Click for NAS Ranker

More Tools

Click for More Tools

LAN & WAN Reviews

ADP

Key security features of the USG20 are configured in the Anti-X menu.  These features are Anomaly Detection and Prevention (ADP), Content Filtering, and Anti-Spam protection.

Zyxel's ADP seems to be a poor man's version of Intrusion Detection System (IDS) and Intrusion Detection and Prevention (IDP).  The USG20's ADP feature protects against network threats such as port scans, DoS (Denial of Service) attacks, and protocol based attacks via http, tcp, udp and icmp.

Zyxel's ADP, like an IDS/IDP system, relies on signature databases for detecting unsafe traffic types.  A signature is a traffic pattern or characteristic that is considered potentially malicious.  The firewall  compares incoming and outgoing traffic against its database of patterns, and blocks those that match the patterns it holds in its database.  The USG20 updates its ADP database from Zyxel which has a partnership with Lionic for current signature files.

ADP is enabled by default.  Enabling and disabling ADP is a simple check box.  Options for customizing ADP includes defining which zones (LAN1, LAN2, DMZ) are to be protected by ADP and selecting traffic types (port scans and floods) and protocols (http, tcp, udp, icmp) to be scanned.

Running a port scan on the USG20 triggered dozens of messages in the log, all alerting of unsafe traffic hitting the firewall and blocked.  As you can see in the log output in Figure 10, the USG20 successfully detected the traffic anomaly and blocked it.  (A port scan is both a useful tool for a network administrator, as well as for a hacker.  It scans a device for possible open ports that can be used for unauthorized access.)

Log messages from port scan

Figure 10: Log messages from port scan

The USG20's ADP functionality isn't as comprehensive as an IDS/IDP solution, but it has a key advantage in that it is free!

Content Filtering

The USG20 comes with a 30 day trial for Content Filtering, with a suggested retail price of $77 annually.  Content Filtering on the USG20 is facilitated through a partnership with BlueCoat.

Configuration of Content Filtering is pretty straightforward and consistent with the object oriented methods found in other menus.  First, a Filter Profile is created.  Within the Filter Profile, you define whether a web page will generate a warning, be blocked or passed, and/or whether it will trigger a log report. 

There are 66 different managed web site categories, shown in Figure 11, plus three categories for filtering sites known to be risky for Phishing, Spyware/Malware, and Spyware/Privacy.

Log messages from port scan

Figure 11: Web filter categories

Web features such as ActiveX, Java, Cookies, and Web Proxies can also be blocked.  A white list and  a black list of web sites, as well as key words found in URLs can also be defined as part of the Filter Profile.

Once the Filter Profile is created, it is applied to a Policy where the schedule, zones, and users that will be subject to the Filter Profile are specified.  In addition, a custom message and URL to redirect end users can be applied.

I looked up smallnetbuilder.com in the Profile tool, it is listed as a Computers/Internet site, so I created and applied a simple Profile to block Computers/Internet sites.  Upon browsing to smallnetbuilder.com, I was presented with the below default message.

The web access is restricted. Please contact with administrator.(Computers/Internet)

It's a good thing the default message can be edited!  Nevertheless, filtering seemed to work as expected.  Selecting all categories for filtering is a bit excessive, you can't even go to Google, but the USG20 certainly provides plenty of filtering options.

Anti-Spam

The USG20's Anti-Spam feature is based on do-it-yourself lists of black lists, white lists, and domain names.  This is not a very comprehensive solution, as it leaves the blocking definitions up to the network administrator instead of leveraging a database of known spammers.  On the other hand, it is cost effective because there isn't a monthly or annual subscription cost.

Emails matching a black list or domain list can be blocked, or tagged with a specific text string and forwarded.  The default tag is [SPAM], which can be customized.  Figure 12 is a screen shot of a simple domain list I set up to tag all emails from yahoo.com.  Once tagged, I set up a rule in my email program (Outlook) to delete emails with the [SPAM] tag.

Anti-spam setup

Figure 12: Anti-spam setup

More LAN & WAN

Wi-Fi System Tools
Check out our Wi-Fi System Charts, Ranker and Finder!

Support Us!

If you like what we do and want to thank us, just buy something on Amazon. We'll get a small commission on anything you buy. Thanks!

Over In The Forums

Hey guys,I have the RT-AC68U router using 384.11_2 Merlin firmware. My main device (desktop connected via ethernet) seems to interfere with another de...
I have AX88U running 384.12 beta (but this problem also occurs on 384.11, therefore it is not the problem of beta firmware). I have tried to set up WP...
Hello everyone. I am new here, and I am trying to figure out how to do something. I would like to run 6 to 8 IP cameras and view them with my phone re...
Hi guys,I got the router several days ago and was trying to enable the 160mhz mode. However I can't find channel 50 and 114 (160mhz channel) in the li...
Hi everyone once more.I've noticed that on some points at my home, I get very weak WiFi signal.What should be a best buy? A WiFi Extender or an Access...

Don't Miss These

  • 1
  • 2
  • 3