Zyxel builds small-business wall

Although sold as an Internet security gateway for small business, Zyxel’s Zywall 100 also provides functions commonly found in routers, making it a solid one-appliance network solution for many small businesses.

The Zywall 100 begins with the basics of a good business-oriented firewall: It has ports for WAN connection, LAN connection, DMZ (where computers such as Web servers, accessible from outside the organization, are connected), console, and backup dial connections.

The backup connection port is the first hint that the Zywall 100 is more than a simple firewall. The list of provided functions includes NAT, DHCP, DDNS (dynamic DNS) support, bandwidth management, traffic redirect and static routing — in addition to normal security features such as in-bound and out-bound firewall rules, content filtering, and VPN support.

Setting up the Zywall 100 begins with a terminal (or terminal program) connected to the unit’s serial port. Initial network parameters, such as the unit’s IP address, are entered through the menu-based configuration software. Configuration then moves to the Web-based management software resident in the firewall. During setup, a technician will need to know details of the Internet connection and connection mechanism; the Zywall 100 does not include a DSL or cable modem, relying on an outboard modem to make the connection to the Internet.

The modem chosen to complete the connection is important because the Zywall 100 assumes the modem will be relatively unintelligent. In my tests, I tried connecting the firewall to the DSL router that connects the production network to the Internet. I quickly found that connecting to a router instead of a modem requires the included cross-over cable — a fact not mentioned in the documentation.

Once the proper cable was in place, I selected which of the boxes would provide network addresses, which would manage connections to the Internet, etc. It took a number of configuration steps and experiments to get the router and Zywall working together. Configuration with a DSL modem was straightforward in comparison; the Zywall handled all network routing functions.

Setting up firewall rules is easy, whether the rules are intended for content filtering, specific port/address blocking, or DoS attack parameters. The Web menus to set up all the parameters are easy to understand; I particularly liked the ability to set parameters that would respond to apparent DoS attacks and to apply sets of firewall rules to different client address ranges.

All activity was logged for viewing via the Web interface or entered into a system log on any designated server via syslog. It’s easy to set up e-mail notifications for when particular rules are violated or specific attacks detected, but the Zywall 100 does not create an error condition every time a log entry is made. That’s a convenience for admins who can review routine entries at their leisure.

Zywall 100 works with a DDNS service to provide small businesses with a public URL that points to the same server every time, even when the server’s IP address changes because the ISP recycles addresses every few hours. The DDNS service regularly checks the server’s IP address to make sure that the URL remains good. It also supports 802.11a/b/g wireless security with MAC address and RADIUS (Remote Authentication Dial-In User Service) server authentication and 802.11x encryption.

Still, the Zywall 100 isn’t perfect. If you already have a router in place, getting the two devices to work together will be, at best, an adventure. Although the Web-based management system is easy to navigate, there are parameters to be set (such as DSL connection setup) that go beyond “basic installation,” and the manual, while encyclopedic at nearly 500 pages, is not as helpful as it might be.

Overall, however, this is an extremely capable all-in-one security and routing gateway for a small business. The Zywall 100 is not cheap — but based on the functions it provides, and the overall ease with which it provides them, it could become a true networking bargain for the small business IT staff.