# ZyXEL Anyone?



## TruvisT (Feb 13, 2014)

Does anyone have any experience with ZyXEL firewall/vpn products? If so how did you like them and how well did they work for the tasks at hand?

For example:

http://www.zyxelguard.com/ZyWALL-USG100.asp

Many of the small businesses we manage are looking for VPN access and additional security over their basic ISP router setups, and I've been looking around for some options.


----------



## dano (Feb 13, 2014)

Only used a zyxel on a few occasions - one was way back in the day, which I barely remember, and then a modem I had from my ISP recently. The recent experience ended with me having to get another modem, as the c1000 didn't have or didn't play nice with ipv6. Otherwise, I would possibly look into things like the hardware that is compatible with pfsense?

http://www.hacom.net/catalog/phoenix-it-100-firewall-appliance

I would have said a vendor here, but I feel that paying for support or the ability to upgrade firmware, as hardware is EOL'd quickly, is something that is rather annoying and becomes expensive for the client. It seems that I have used many "hardware" fw/gw/nat/etc devices, and they always end up having to be replaced, before they really should have been, due to features or issues that cannot be added/appended to the current system. With the pfsense idea, you have a pretty stable system base, and updates happen here and there, and the device is small/low power for a small business to be ok with. IMHO


----------



## iWF-Jacob (Feb 13, 2014)

I've used them, they're not my favorite though. I find the interface super clunky and ineffective. The ones I had, had no CLI which was frustrating as well. However, once I got everything configured it worked just fine. I used a PPTP VPN behind it, nothing fancy. No complaints besides the interface.


----------



## TruvisT (Feb 13, 2014)

dano said:


> [...]
> 
> http://www.hacom.net/catalog/phoenix-it-100-firewall-appliance
> 
> I would have said a vendor here, but I feel that paying for support or the ability to upgrade firmware, as hardware is EOL'd quickly, is something that is rather annoying and becomes expensive for the client. It seems that I have used many "hardware" fw/gw/nat/etc devices, and they always end up having to be replaced, before they really should have been, due to features or issues that cannot be added/appended to the current system. With the pfsense idea, you have a pretty stable system base, and updates happen here and there, and the device is small/low power for a small business to be ok with. IMHO


I have considered pfSense actually. But the hard part I've found is actually finding hardware worth using without having to build an actual server or something. So thanks for that link for sure!

But I agree the big problem with a lot of this propriety hardware is they EOL it so you have to buy new typically or upgrade on a license. I personally like using *BSD for custom HID/Firewalls/ect... as you have so much more control to install SNORT ect...


----------



## Francisco (Feb 13, 2014)

TruvisT said:


> Does anyone have any experience with ZyXEL firewall/vpn products? If so how did you like them and how well did they work for the tasks at hand?
> 
> For example:
> 
> ...


Why not pack together a vyatta setup? You could even use those "edge router lite" solutions if they have an additional switch.

The edgerouter's are $100/ea and you can buy a small netgear prosafe switch for like $80.

The VPN throughput on the vyatta setup is likely way better than most of the appliances out there 

Francisco


----------

