ZyXEL says the Gateway supports VPN pass-through for PPTP, IPsec and L2TP clients. But in keeping with the no-firewall-controls policy, in the unlikely event you need to host any of these flavored VPN gateways behind the B-4000, you won't be able to do it.
Logging and Other Features
The logging and monitoring features of the Gateway tend to concentrate on the user accounts, as you might expect. You get log pages that show the currently-active accounts, account log (history), current users, DHCP clients, and user sessions (Figure 5).
Figure 5: User Sessions log
(click on the image for a full-sized view)
Most of the log pages have buttons that let you sort the info by data columns and the Current User page has Disconnect buttons for each entry.
For a more permanent record, you can use the syslog feature to send selected info to a syslog daemon on either the LAN or WAN side of the Gateway. The choices again tend toward subscriber and accounting info, although you can also log system information, reboots and admin logins. I didn't have much luck getting this feature to work, since no matter what I selected I got an "Invalid Syslog Server Checkbox Select !" message.
None of the options include traffic logging and I found a few quirks in the log features, with the biggest being the fact that only authenticated users appear in any of the log pages when you have authentication turned on. Since the B-4000's "Walled Garden" feature (more on this later) allows limited Internet access for anonymous users, I would prefer to see them listed in the Current Users log. But instead you'll have to rely on the DHCP Client and Session List pages for evidence of those users.
I also found the Session List page wasn't really a log, but more a real-time display of open sessions. Once a session port established through the B-4000's firewall was closed, its listing disappeared from the page.