Like every other website on the planet, SmallNetBuilder uses cookies. Our cookies track login status, but we only allow admins to log in anyway, so those don't apply to you. Any other cookies you pick up during your visit come from advertisers, which we don't control.
If you continue to use the site, you agree to tolerate our use of cookies. Thank you!

Router Charts

Click for Router Charts

Router Ranker

Click for Router Ranker

NAS Charts

Click for NAS Charts

NAS Ranker

Click for NAS Ranker

More Tools

Click for More Tools

LAN & WAN Reviews


The USG menu remains very similar to the previous models I reviewed. When you log in, you're presented with a dashboard showing a graphical image of the front of the device that accurately reflects the current LED status. The dashboard, shown below, provides device information, system status, system resource utilization (CPU, Memory, Flash, USB Storage, and Active Sessions), interface status, security feature status, and content filter statistics.



New to the USG configuration menus are links providing useful information on a technology or configuration. These links actually take you to a ZyXEL website called OneSecurity, full of useful information and guides. For example, in the VPN, Content Filtering and Anti-Spam menus there is a "Configuration Walkthrough" link, which brings up a helpful pdf document with screenshots and instructions. Below is a screenshot showing the Configuration Walkthrough link in the SSL menu.

SSL Configuration Help Screen

SSL Configuration Help Screen

In addition to the Configuration Walkthrough links, there are also Troubleshooting, Download, and Info links for additional assistance. I hope ZyXEL continues to add to these links. For example, the Configuration Walkthrough link in the IPsec menu brings up a document on configuring Site-to-Site VPNs, but not on Client-to-Site VPNs.

ZyXEL told me they are going to upload to their knowledge base a handbook for the USG20-VPN that will include multiple guides on configuration, including IPsec.


The USG20-VPN has a single 10/100/1000 RJ45 WAN port. There is also a Gigabit fiber SFP (small-form factor pluggable) port that can be used as a WAN port.

As noted earlier, a 3G/4GB USB dongle can be connected to the USG20-VPN USB port and used as a WAN port. The USG20-VPN can be used a Multi-WAN router if you have two of the three types of WAN interfaces (RJ45, SFP, USB). The USB port on the USG20-VPN can also be used to store sys logs and diagnostic information. It can not be used for shared network storage, though.

If you have multiple WAN interfaces, the USG20-VPN supports directing specific traffic types to specific WAN interfaces, as well as load balancing between WAN interfaces. A guide on configuring WAN load balancing/failover is located here. Load balancing methods include Weighted Round Robin (balances traffic over the WAN interfaces based on assigned weights), Least Load First (balances traffic over the WAN interfaces by sending new traffic to the least used interface), and Spillover (sends all traffic to one interface until full, then to the second interface).

There are four 10/100/1000 RJ45 LAN ports. Each of the four ports can be configured as lan1, lan2, or dmz interface types. By default, devices connected to lan1 ports are on the subnet, devices connected to lan2 ports are on the subnet, and devices connected to dmz ports are on the subnet.

The USG20-VPN also supports 802.1Q VLAN tagging. Adding VLANs to the USG20-VPN creates a VLAN interface. ZyXEL doesn't specify a VLAN limit on the USG20-VPN. As a reference, the USG40 spec sheet shows support for up to 8 VLANs.

The USG20-VPN also supports GRE (Generic Route Encapsulation) tunnels, as well as IPv6 in IPv4 and 6to4 tunnels. Creating any one of these tunnels creates a new tunnel interface on the USG20-VPN.

The USG20-VPN has extensive support for IPv6. IPv6 is a global setting that has to be enabled in the System-IPv6 menu. Once enabled, IPv6 configuration screens are available for configuring Interfaces, Security Policies, VPNs, and other menus involving IP addresses.

Bandwidth Management

Bandwidth utilization rules on the USG20-VPN can be applied by traffic type, user, or source IP address. A Configuration Walkthrough isn't available and would be helpful for this feature, but I muddled through using the manual.

As a basic test, I did a quick speed test ( to determine my ISP speed. Before I enabled Bandwidth Management, my speed test results were 56.58 Mbps down and 5.65 Mbps up, shown below.

Speedtest Before BW Control

Speedtest Before BW Control

Then I enabled a Bandwidth Management rule to limit all traffic from my IP address to 1 Mbps, my configuration is shown below.

Bandwidth Config

Bandwidth Config

Once the configuration was applied, I ran speed test again. As you can see below, my throughput was limited to approximately 1 Mbps down and 1 Mbps up, as configured.

Speedtest After BW Control

Speedtest After BW Control

Content Filtering

Content Filtering

Content Filtering

The USG20-VPN optionally supports two UTM (Unified Threat Management) features. The licenseable features are Content Filtering and Anti-Spam. A 30 day trial license for both is activated when you register the router with ZyXEL. The OneSecurity site has information about recent security updates along with details on each of their UTM features. You can access this website by clicking the Content Filter or Anti-Spam Info link in either menu.

ZyXEL states their Content Filtering solution "covers 8 malware categories and 64 content categories for real-time analysis, management and site blocking". You can also manually enter websites to block or permit. To categorize websites, ZyXEL uses "over 200 industry-leading Web data centers, boasting the broadest coverage around for content filtering".

I followed the Configuration Walkthrough in the USG20-VPN menu to enable Content Filtering. Basically, you enable the feature and select categories of websites you'd like to block. There is a helpful test tool in the configuration menu where you can enter a URL to determine its category. The screenshot shows categories you can filter. Finally, you create and apply a Policy to filter Internet traffic based on the selected categories.

Content Filtering Categories

Content Filtering Categories

I did a simple before and after test on Content Filtering. First, I verified I could surf to . Second, I used the ZyXEL test tool to identify as a "Computers & Technology" website. Third, I implemented a Policy to block the category "Computers & Technology." Last, I tested my Policy. I got the below message on my screen when trying to surf to , validating the USG20-VPN Content Filtering capability. Note, you can customize the block message and provide a redirect URL if desired.

Content Filter Message

Content Filter Message

More LAN & WAN

Wi-Fi System Tools
Check out our Wi-Fi System Charts, Ranker and Finder!

Support Us!

If you like what we do and want to thank us, just buy something on Amazon. We'll get a small commission on anything you buy. Thanks!

Over In The Forums

I'm running rsync (installed from Entware) between an AC86U (local) and AX56U (remote) to move some files between the two routers - both at 384.17.The...
HelloAfter an update of Skynet with an error (I have seen the error go by quickly and it seems to me that it indicates filesystem in read only mode) I...
I've googled and read too much on AiMesh, APs, Repeaters, confuses the heck out of me and just need someone that knows what they are talking about to ...
I'm running version 384.17 of Asuswrt-Merlin on an RT-AC66U_B1, I have an openvpn-event script in /jffs/scripts that uses a template that calls a vpns...
It is normal to r7800 router taking 2 minutes or more to connect the internet ? or there is something wrong in the setup ?

Don't Miss These

  • 1
  • 2
  • 3