Updated 5/23/2011 - RV220W info corrected. EPS AV feature clarified
|At a Glance|
|Product||ZyXEL Unified Security Gateway (USG20)|
|Summary||Business class router with Gigabit ports, IPsec and SSL gateways, one-to-one NAT, bandwidth management and more|
|Pros||• Endpoint Security checking
• Free Anomaly Detection
• Flexible Network Options
• Multiple information and report options
|Cons||• Manual lacks examples
• Limited number of VPN tunnels
In this review, I'm going to cover Zyxel's USG20 security router. This small network security device has quite a few networking and security options. Although the USG20 isn't a full Unified Threat Management (UTM) device because it lacks anti-virus and intrusion detection and prevention, it provides some excellent security and networking features.
I looked at Zyxel's USG100 UTM device a couple years ago, and the USG20 shares a lot of its functionality. So I'll refer to that review periodically. The USG20 isn't just a refresh of an older device, though. The USG20 introduces some new features. Note that Zyxel also offers the USG20W that includes a wireless AP.
Physically, the USG20 is a desktop device, measuring 8.25” (W) x 5.5” (D) x 1.25” (H). It does not have rack mounting options. There is an internal fan which is audible, but I didn't find it any more offensive than the fan in my laptop.
The front of the device (Figure 1) has the device's indicator lights.
Figure 1: USG20 Front Panel
The rear of the device (Figure 2) has the physical Ethernet ports, a console port, USB port, reset button and power connector.
Figure 2: USG20 Rear Panel
As Tim covered recently, the USG20 is powered by a Cavium CN5010 CPU running at 400MHz paired with 256 MB of DDR2 RAM, 128 MB of Flash, and a Realtek RTL8367R Ethernet chip.
Figure 3: USG20 Board top
One of the strengths of the USG20 is that it provides a good amount of information in various formats. Logging into the USG20 web GUI presents a useful dashboard of high level status indicators, shown in Figure 4.
Figure 4: USG20 Status page
Configuration of the USG20 is object oriented, meaning you create an object, such as an IP address, a user, a schedule, an application, etc. and then apply it elsewhere in the configuration. As I mentioned in my review of the USG100, I like this form of configuration because it is very flexible. Once you get used to it, you can create numerous configuration options that are easy to select.
There are three main menus in the USG20. The first menu is labeled Monitor which has 13 different screens for viewing status of the hardware and network activity, statistics on various activities, and log messages.
The second menu is labeled Configuration. There are 40 different configuration screens available via this menu, many with multiple tabs. I like the layout of the menu; I found it intuitive to navigate and responsive.
The third menu is labeled Maintenance. The options here enable upgrading firmware, backing up and restoring configurations, rebooting and shutting down the device, as well as a useful packet capture tool. I used this menu to upgrade the USG20 to the latest firmware, as well as to restore it to factory default settings.
The USG20 supports SSH and Telnet access if you prefer to configure it via the command line (CLI). SSH is enabled by default, Telnet has to be enabled if you wish to use it. The USG20 also has a console port and comes with a console cable, enabling configuration if you can't get into the device via the network. The USG20's CLI commands follow a similar structure as other major network providers, such as Cisco and Juniper, and “?” is available to display command line configuration options. Zyxel also has a CLI reference guide in their on line download library.
The USG20's manual is over 900 pages long but, quite frankly, not very useful. The manual is long on descriptions of the configuration options and short on basic configuration examples. It is a good thing the menus are intuitive!