ZyXEL USG60W UTM review

ZyXEL’s affordable USG60W could be the perfect all-in-one security appliance for SMBs.

IT Pro Value
Price
£348
  • Top value; Extensive security features; 2.4GHz and 5GHz wireless; Fan-less appliance
  • UTM performance less than claimed; Some features complex to set up

ZyXEL's next generation of UTM appliances offer small businesses a one-stop shop for all their gateway security needs. Along with an SPI firewall and support for IPsec and SSL VPNs, they can be beefed up with web content filtering, anti-virus, anti-spam, IDP and ZyXEL's own application patrol.

The USG60W on review goes one step beyond as it provides dual band 5GHz and 2.4GHz wireless services and can manage up to 10 wireless APs. The USG60W supports 60 users although this is more a limitation of the hardware as ZyXEL doesn't employ a per-user licensing scheme.

It hits the spot for value as the base appliance with firewall and support for 2 SSL VPNs costs a shade under 300. A full one year bundle with all security services pushes this to only 348.

The appliance has Gigabit all round with four LAN ports and two for WAN connections where it can perform load balancing or failover. The two USB ports support storage devices for storing logs on or mobile broadband adapters which can be used for failover.

The dashboard uses status widgets which can be easily moved around as required

Easy deployment

To deploy the USG60W just point a web browser at its default address and follow the quick start wizard. This is designed to get Internet access up and running first so it can download the latest firmware.

ZyXEL's web console opens with a tidy dashboard using widgets for various status readouts. You can decide which widgets you want to see and customise the dashboard by dragging them around to suit.

The four LAN ports can be grouped into one of three zones each with their own DHCP server. The appliance defaults to having all ports as members of the LAN1 zone but it's easy enough to change them.

It's worth sorting out your network objects next as these define things such as users, groups, services, schedules, applications and wireless AP profiles. When creating security policies you'll find objects are referenced in most of them.

The UTM components include anti-spam which is configured using profiles and rules

Security policies

Each port zone is assigned a security policy with firewall rules defining inbound and outbound routes, time schedules, users and services. UTM profiles are enabled within policies and for web content filtering you can create multiple profiles and choose from over 60 URL categories to block or allow. 

For IDP profiles you have preconfigured rule sets which can be tweaked to suit. Kaspersky handles anti-virus duties but there isn't much to do here as you just decide whether to have it destroy infected files, log all activities and peer into ZIP and RAR archives.

The USG60W functions as a transparent gateway so it can scan email straight from the box. First, you enable the sender reputation, mail content analysis and virus outbreak detection global features and then create profiles that log, drop or tag suspected spam messages.

The appliance can send web filtering data to ZyXEL's web portal for use in graphical reports

Application patrol and wireless

The application patrol feature controls a wide range of apps and ZyXEL provides details of over 3,000. These include apps such as IM, P2P, VoIP, media streaming, file transfer and mail.

You define application objects first where you search by category though the list and choose those you want to control. Now you can add the objects to a profile and decide whether to allow or deny this traffic.

There are some useful management tools for social networking with both Facebook and Twitter on the list. For the latter you can decide whether to allow users to tweet, follow or post messages while for Facebook you only have options to block users logging in or accessing media.

Separate objects are used to control the 2.4GHz and 5GHz radios and each can present up to 8 SSIDs. Profiles defining a security scheme are assigned to each SSID and you can block users on one SSID from seeing those on another. 

The lab's Ixia Xcellon-Ultra NP blades recorded an average of 65Mbits/sec with AV and IDP enabled

Ixia performance tests

We tested performance with the lab's Ixia XM2 chassis and its two Xcellon-Ultra NP blades. ZyXEL claims a raw firewall throughput of 1,000Mbits/sec but this test doesn't give an indication of real world speeds as it only uses lightweight UDP packets.

With an IxLoad test configured for 512KB HTTP web pages, we saw firewall throughput of around 180Mbits/sec. With AV enabled in our policy, this fell to 70Mbits/sec 20Mbits/sec less than ZyXEL claims.

UTM performance stayed fairly steady as with IDP also enabled, performance dropped marginally to 65Mbits/sec. We can't argue with ZyXEL's 40,000 concurrent connection (CCs) claim as with 1byte web pages and a 50,000 CC load objective, IxLoad reported a tidy 39,998 CCs.

Reporting and conclusion

The console's monitor tab provides statistics tables on all UTM components, interfaces and traffic plus managed wireless APs and clients. It also sends web content filter data to ZyXEL's web portal where you can pull up graphical reports on blocked or allowed categories and URLs.

Small businesses may struggle with the complex relationship between the numerous security policies and profiles but it's worth persevering as they offer a versatile range of security measures. The price for a 1-year bundle is remarkably low and made all the more tempting by the integral dual-band wireless and AP management features.

Verdict

The USG60W offers an impressive range of security measures and tops them off with dual-band wireless. Configuration can get complicated but small businesses will be hard pushed to find better value elsewhere.

Chassis: Desktop/rack mount chassis

Network: 6 x Gigabit (2 x WAN, 4 x LAN/DMZ)

Wireless: Concurrent 5GHz and 2.4GHz - 802.11a/b/g/n

Other ports: 2 x USB2, serial port

Power: External PSU

Management: Web browser

Warranty: 5 years

Featured Resources

The complete guide to changing your phone system provider

Optimise your phone system for better business results

Download now

Simplify cluster security at scale

Centralised secrets management across hybrid, multi-cloud environments

Download now

The endpoint as a key element of your security infrastructure

Threats to endpoints in a world of remote working

Download now

2021 state of IT asset management report

The role of IT asset management for maximising technology investments

Download now

Recommended

Ryuk behind a third of all ransomware attacks in 2020
Security

Ryuk behind a third of all ransomware attacks in 2020

29 Oct 2020
REvil hacking group says it has made more than $100m in a year
Security

REvil hacking group says it has made more than $100m in a year

29 Oct 2020
36 billion personal records exposed by hacks in 2020 so far
Security

36 billion personal records exposed by hacks in 2020 so far

29 Oct 2020
Trump website defaced in second successive cyber breach
Security

Trump website defaced in second successive cyber breach

28 Oct 2020

Most Popular

Do smart devices make us less intelligent?
artificial intelligence (AI)

Do smart devices make us less intelligent?

19 Oct 2020
Politicians need to stop talking about technology
Policy & legislation

Politicians need to stop talking about technology

21 Oct 2020
Best MDM solutions 2020
mobile device management (MDM)

Best MDM solutions 2020

21 Oct 2020