ZyXEL USG60W UTM review

ZyXEL’s affordable USG60W could be the perfect all-in-one security appliance for SMBs.

IT Pro Value
Price
£348
  • Top value; Extensive security features; 2.4GHz and 5GHz wireless; Fan-less appliance
  • UTM performance less than claimed; Some features complex to set up

ZyXEL's next generation of UTM appliances offer small businesses a one-stop shop for all their gateway security needs. Along with an SPI firewall and support for IPsec and SSL VPNs, they can be beefed up with web content filtering, anti-virus, anti-spam, IDP and ZyXEL's own application patrol.

The USG60W on review goes one step beyond as it provides dual band 5GHz and 2.4GHz wireless services and can manage up to 10 wireless APs. The USG60W supports 60 users although this is more a limitation of the hardware as ZyXEL doesn't employ a per-user licensing scheme.

It hits the spot for value as the base appliance with firewall and support for 2 SSL VPNs costs a shade under 300. A full one year bundle with all security services pushes this to only 348.

The appliance has Gigabit all round with four LAN ports and two for WAN connections where it can perform load balancing or failover. The two USB ports support storage devices for storing logs on or mobile broadband adapters which can be used for failover.

The dashboard uses status widgets which can be easily moved around as required

Advertisement
Advertisement - Article continues below

Easy deployment

To deploy the USG60W just point a web browser at its default address and follow the quick start wizard. This is designed to get Internet access up and running first so it can download the latest firmware.

ZyXEL's web console opens with a tidy dashboard using widgets for various status readouts. You can decide which widgets you want to see and customise the dashboard by dragging them around to suit.

The four LAN ports can be grouped into one of three zones each with their own DHCP server. The appliance defaults to having all ports as members of the LAN1 zone but it's easy enough to change them.

It's worth sorting out your network objects next as these define things such as users, groups, services, schedules, applications and wireless AP profiles. When creating security policies you'll find objects are referenced in most of them.

The UTM components include anti-spam which is configured using profiles and rules

Security policies

Each port zone is assigned a security policy with firewall rules defining inbound and outbound routes, time schedules, users and services. UTM profiles are enabled within policies and for web content filtering you can create multiple profiles and choose from over 60 URL categories to block or allow. 

For IDP profiles you have preconfigured rule sets which can be tweaked to suit. Kaspersky handles anti-virus duties but there isn't much to do here as you just decide whether to have it destroy infected files, log all activities and peer into ZIP and RAR archives.

The USG60W functions as a transparent gateway so it can scan email straight from the box. First, you enable the sender reputation, mail content analysis and virus outbreak detection global features and then create profiles that log, drop or tag suspected spam messages.

The appliance can send web filtering data to ZyXEL's web portal for use in graphical reports

Advertisement
Advertisement - Article continues below

Application patrol and wireless

The application patrol feature controls a wide range of apps and ZyXEL provides details of over 3,000. These include apps such as IM, P2P, VoIP, media streaming, file transfer and mail.

You define application objects first where you search by category though the list and choose those you want to control. Now you can add the objects to a profile and decide whether to allow or deny this traffic.

There are some useful management tools for social networking with both Facebook and Twitter on the list. For the latter you can decide whether to allow users to tweet, follow or post messages while for Facebook you only have options to block users logging in or accessing media.

Separate objects are used to control the 2.4GHz and 5GHz radios and each can present up to 8 SSIDs. Profiles defining a security scheme are assigned to each SSID and you can block users on one SSID from seeing those on another. 

The lab's Ixia Xcellon-Ultra NP blades recorded an average of 65Mbits/sec with AV and IDP enabled

Ixia performance tests

We tested performance with the lab's Ixia XM2 chassis and its two Xcellon-Ultra NP blades. ZyXEL claims a raw firewall throughput of 1,000Mbits/sec but this test doesn't give an indication of real world speeds as it only uses lightweight UDP packets.

With an IxLoad test configured for 512KB HTTP web pages, we saw firewall throughput of around 180Mbits/sec. With AV enabled in our policy, this fell to 70Mbits/sec 20Mbits/sec less than ZyXEL claims.

UTM performance stayed fairly steady as with IDP also enabled, performance dropped marginally to 65Mbits/sec. We can't argue with ZyXEL's 40,000 concurrent connection (CCs) claim as with 1byte web pages and a 50,000 CC load objective, IxLoad reported a tidy 39,998 CCs.

Advertisement
Advertisement - Article continues below

Reporting and conclusion

The console's monitor tab provides statistics tables on all UTM components, interfaces and traffic plus managed wireless APs and clients. It also sends web content filter data to ZyXEL's web portal where you can pull up graphical reports on blocked or allowed categories and URLs.

Small businesses may struggle with the complex relationship between the numerous security policies and profiles but it's worth persevering as they offer a versatile range of security measures. The price for a 1-year bundle is remarkably low and made all the more tempting by the integral dual-band wireless and AP management features.

Verdict

The USG60W offers an impressive range of security measures and tops them off with dual-band wireless. Configuration can get complicated but small businesses will be hard pushed to find better value elsewhere.

Chassis: Desktop/rack mount chassis

Network: 6 x Gigabit (2 x WAN, 4 x LAN/DMZ)

Wireless: Concurrent 5GHz and 2.4GHz - 802.11a/b/g/n

Other ports: 2 x USB2, serial port

Power: External PSU

Management: Web browser

Warranty: 5 years

Featured Resources

The IT Pro guide to Windows 10 migration

Everything you need to know for a successful transition

Download now

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Software-defined storage for dummies

Control storage costs, eliminate storage bottlenecks and solve storage management challenges

Download now

6 best practices for escaping ransomware

A complete guide to tackling ransomware attacks

Download now
Advertisement

Recommended

Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/operating-systems/microsoft-windows/354297/this-exploit-could-give-users-free-windows-7-updates
Microsoft Windows

This exploit could give users free Windows 7 updates beyond 2020

9 Dec 2019
Visit/security/identity-and-access-management-iam/354289/44-million-microsoft-customers-found-using
identity and access management (IAM)

44 million Microsoft customers found using compromised passwords

6 Dec 2019
Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Visit/business/business-strategy/354304/ex-apple-cpu-architect-accuses-the-firm-of-invading-privacy
Business strategy

Ex-Apple CPU architect accuses the firm of invading privacy

10 Dec 2019