Zyxel ZyWall ATP100 review: Cost-effective, but not cloudy

Not every business needs an enterprise-grade UTM. If you’re looking for something simpler and cheaper, Zyxel’s ZyWall ATP100 could well be the answer. Designed for small offices of up to 25 users, it borrows key features from Zyxel’s high-end USG series and adds cloud threat intelligence, sandboxing and analytics - all for a price that’s very hard to argue with.

It comes in the form of a fanless desktop unit with one Gigabit WAN port, four copper LAN connectors and an SFP fibre socket for longer cable runs. Across these connections, Zyxel quotes a firewall throughput of 1Gbit/sec, dropping to 380Mbits/sec with all security services enabled.

The £434 asking price includes a year-long Gold licence, after which renewals cost £212 per annum. The licence enables all services, including web-content filtering, application security, IDP, anti-spam, geo-enforcement and the SecuReporter web-based analytics and reporting service. The one box that’s notably unticked is cloud management, as Zyxel recently had to withdraw its SecuManager cloud management app due to security issues. This means that, for now, all ATP appliances can only be managed via their local web console, and there’s sadly no word on when or whether that will change.

Installation is swift, thanks to a wizard that enables internet access, installs the latest firmware and activates default security services. Since reporting data is stored in the cloud, you’re prompted to decide whether personal information such as email addresses and usernames should be uploaded; if not, you can still generate the full range of reports, but they’ll be anonymised.

For the best protection against malware, the anti-malware service can be set to operate in hybrid mode, which combines a local signature database with Zyxel’s online threat intelligence to check whether downloaded files are safe. Any files that haven’t been seen before are automatically dispatched to a cloud-based sandbox service for analysis: friendly files are allowed through, while those that are deemed a threat will be destroyed.

Another service you might want to customise is App Patrol, which lets you control access to over 3,500 apps including webmail services, instant messenger platforms, Facebook and Twitter. To this, Zyxel’s web-content filtering adds over 100 categories of website that can be blocked; during testing, we found few sites slipped past it. Unusually, it’s also possible to enable geo-enforcement, by creating an address object for the region or country you want to block, then subjecting it to a security policy.

Enabling email protection is as easy as toggling on the sender-reputation and content-analysis features, and selecting whether suspect messages should be dumped or tagged for processing by local mail clients. The IDP, IP reputation and URL threat-filter services are even simpler to activate – a single click will do it, although you can pull up advanced settings and modify their behaviour should you so wish.

For everyday administration, two dashboard views keep you in touch with the action. One presents a hardware status overview along with port traffic statistics; the other one, rather more excitingly, provides seven-day charts and graphs of all security activity, with details of top apps and any detected threats. The SecuReporter service exposes a wealth of information about all web, app and threat activity, with the Analyzer page providing insights into security indicators, sandbox activity, traffic and users at risk. Custom reports can be sent to multiple recipients at regular intervals.

Network gateway protection is a must for any business, and the ZyWall ATP100 is a worthy choice. The lack of cloud management means it’s not suitable for companies with workers spread across multiple sites, but the range of security measures on hand is persuasive, especially considering the price.

Zyxel ZyWall ATP100 specifications