We tested router performance using our standard test method with firmware V4.10(AALA.1). Measurements were made with the router in its default state, which has ADP and Security policy control enabled. A security policy was added to forward all WAN ports to LAN so IxChariot WAN to LAN tests were not blocked. For the Maximum Simultaneous Connection test, we disabled session limits (default=1000) and disabled ADP.
The results below compare the ZyXEL USG40 to the USG20. It's pretty clear that the USG40 is about 4x faster than the USG20 it replaces as the entry-level member of ZyXEL's Security Gateway family.
|WAN - LAN||234.5||58.1|
|LAN - WAN||242.1||41.9|
|Maximum Simultaneous Connections||19,997||29,986|
Table 2: Routing throughput summary
Unidirectional router throughput is shown in the plot below. We measured 234.5 Mbps for download and 242.1 Mbps for upload on the USG40.
Simultaneous up/downlink router throughput is shown in the plot below. We measured the USG40 at 225.5 Mbps, which is also over 4x faster than the USG20.
Max connections on the USG40 is 19,997, which is less than the max connections of 29,986 on the USG20. However, ZyXEL spec'd the USG40 for 20,000 connections, so it is hitting that target exactly. 20,000 connections should be more than enough for the USG40's target network of 1-10 users.
We did some quick checks to see if security services affected routing throughput. We found disabling ADP raised WAN to LAN throughput to 280 Mbps. Enabling all UTM services except App Patrol did not change down or up throughput from the default configuration results.
ZyXEL told me that the list price for the USG40 with a 1 year license for all UTM features runs $420. But Amazon sells the USG40 with a 1 year license for all UTM features at around $212. That's a pretty good deal. Not so good a deal is the UTM bundle renewal price of $230!
VPN tunnels can also run up your cost. Out of the box, you get support for 10 IPsec tunnels and 2 SSL tunnels. Support for only 2 SSL tunnels without buying additional licenses is a bit disappointing. An additional 10 IPsec licenses are $399 and an additional 5 SSL licenses run $135 as listed on ZyXEL's licensing page. Also note ZyXEL doesn't bundle any IPsec client licenses and they run $65 a pop.
If you haven't dealt with a UTM class appliance before, be prepared for a steep learning curve. Even with the extensive manual, built-in configuration wizards and application note library, the USG40 is going to take some work to get up and running. Still, the USG40 offers a very compelling value proposition for small businesses or even individuals looking to step up their network's security to a whole new level.