The USG menu remains very similar to the previous models I reviewed. When you log in, you're presented with a dashboard showing a graphical image of the front of the device that accurately reflects the current LED status. The dashboard, shown below, provides device information, system status, system resource utilization (CPU, Memory, Flash, USB Storage, and Active Sessions), interface status, security feature status, and content filter statistics.
New to the USG configuration menus are links providing useful information on a technology or configuration. These links actually take you to a ZyXEL website called OneSecurity, full of useful information and guides. For example, in the VPN, Content Filtering and Anti-Spam menus there is a "Configuration Walkthrough" link, which brings up a helpful pdf document with screenshots and instructions. Below is a screenshot showing the Configuration Walkthrough link in the SSL menu.
SSL Configuration Help Screen
In addition to the Configuration Walkthrough links, there are also Troubleshooting, Download, and Info links for additional assistance. I hope ZyXEL continues to add to these links. For example, the Configuration Walkthrough link in the IPsec menu brings up a document on configuring Site-to-Site VPNs, but not on Client-to-Site VPNs.
ZyXEL told me they are going to upload to their knowledge base a handbook for the USG20-VPN that will include multiple guides on configuration, including IPsec.
The USG20-VPN has a single 10/100/1000 RJ45 WAN port. There is also a Gigabit fiber SFP (small-form factor pluggable) port that can be used as a WAN port.
As noted earlier, a 3G/4GB USB dongle can be connected to the USG20-VPN USB port and used as a WAN port. The USG20-VPN can be used a Multi-WAN router if you have two of the three types of WAN interfaces (RJ45, SFP, USB). The USB port on the USG20-VPN can also be used to store sys logs and diagnostic information. It can not be used for shared network storage, though.
If you have multiple WAN interfaces, the USG20-VPN supports directing specific traffic types to specific WAN interfaces, as well as load balancing between WAN interfaces. A guide on configuring WAN load balancing/failover is located here. Load balancing methods include Weighted Round Robin (balances traffic over the WAN interfaces based on assigned weights), Least Load First (balances traffic over the WAN interfaces by sending new traffic to the least used interface), and Spillover (sends all traffic to one interface until full, then to the second interface).
There are four 10/100/1000 RJ45 LAN ports. Each of the four ports can be configured as lan1, lan2, or dmz interface types. By default, devices connected to lan1 ports are on the 192.168.1.0/24 subnet, devices connected to lan2 ports are on the 192.168.2.0/24 subnet, and devices connected to dmz ports are on the 192.168.3.0/24 subnet.
The USG20-VPN also supports 802.1Q VLAN tagging. Adding VLANs to the USG20-VPN creates a VLAN interface. ZyXEL doesn't specify a VLAN limit on the USG20-VPN. As a reference, the USG40 spec sheet shows support for up to 8 VLANs.
The USG20-VPN also supports GRE (Generic Route Encapsulation) tunnels, as well as IPv6 in IPv4 and 6to4 tunnels. Creating any one of these tunnels creates a new tunnel interface on the USG20-VPN.
The USG20-VPN has extensive support for IPv6. IPv6 is a global setting that has to be enabled in the System-IPv6 menu. Once enabled, IPv6 configuration screens are available for configuring Interfaces, Security Policies, VPNs, and other menus involving IP addresses.
Bandwidth utilization rules on the USG20-VPN can be applied by traffic type, user, or source IP address. A Configuration Walkthrough isn't available and would be helpful for this feature, but I muddled through using the manual.
As a basic test, I did a quick speed test (speedtest.net) to determine my ISP speed. Before I enabled Bandwidth Management, my speed test results were 56.58 Mbps down and 5.65 Mbps up, shown below.
Speedtest Before BW Control
Then I enabled a Bandwidth Management rule to limit all traffic from my IP address to 1 Mbps, my configuration is shown below.
Once the configuration was applied, I ran speed test again. As you can see below, my throughput was limited to approximately 1 Mbps down and 1 Mbps up, as configured.
Speedtest After BW Control
The USG20-VPN optionally supports two UTM (Unified Threat Management) features. The licenseable features are Content Filtering and Anti-Spam. A 30 day trial license for both is activated when you register the router with ZyXEL. The OneSecurity site has information about recent security updates along with details on each of their UTM features. You can access this website by clicking the Content Filter or Anti-Spam Info link in either menu.
ZyXEL states their Content Filtering solution "covers 8 malware categories and 64 content categories for real-time analysis, management and site blocking". You can also manually enter websites to block or permit. To categorize websites, ZyXEL uses "over 200 industry-leading Web data centers, boasting the broadest coverage around for content filtering".
I followed the Configuration Walkthrough in the USG20-VPN menu to enable Content Filtering. Basically, you enable the feature and select categories of websites you'd like to block. There is a helpful test tool in the configuration menu where you can enter a URL to determine its category. The screenshot shows categories you can filter. Finally, you create and apply a Policy to filter Internet traffic based on the selected categories.
Content Filtering Categories
I did a simple before and after test on Content Filtering. First, I verified I could surf to http://www.smallnetbuilder.com/ . Second, I used the ZyXEL test tool to identify as a "Computers & Technology" website. Third, I implemented a Policy to block the category "Computers & Technology." Last, I tested my Policy. I got the below message on my screen when trying to surf to http://www.smallnetbuilder.com/ , validating the USG20-VPN Content Filtering capability. Note, you can customize the block message and provide a redirect URL if desired.