ZyXEL ZyWALL 10
A Cable/DSL Router with enhanced security features
| Date: | 04.10.2002 03:46 |
| Type: | Firewalls / VPN |
| Author: | John |
| Manufacturer: | ZyXEL |
| Product/Model: | ZyWALL 10 |
| List Price: | $299 |
| Online Price: | $220.99 @ Buy.com |
Introduction:
I started my experience with ZyXEL about two years ago when I reviewed the ZyXEL Prestige 314 router. In the end, my conclusion was basically such:
“The ZyXEL Prestige 314, no doubt about it, is a great deal. A Dynamic DNS client, advanced security features, low price, DHCP features, speed, and 4 port auto-sensing built in switch make this router a very top-notch router.
Now, the bad: for beginners setting up this router is a steep learning curve. The manual does not include clear instructions as to setting up the router and its major features. It assumes you know everything already and goes over things in major portions.”
I ran this router as my main home router for quite some time before moving on to newer technologies, and the time that I was using it I was quite satisfied with the performance.
Zyxel has offered a multitude of routers and firewalls; product lines cater both to business and home users. This particular unit, the ZyXEL ZyWALL 10 Internet Security Gateway combines many unique features which were terrific to use and configure to make my home LAN all-the-better. A short summation of this router’s features would reveal an intense content filtration system, advanced maintenance and logging, in depth help features within the router administration area, and much more. Read the material on the following pages of this review for a much more in depth review and testing of the features this router offers us.
Company supplied specifications of the ZyXEL ZyWALL 10:
| Benefits | ||||||||||||||||||||||||||||||||
| ||||||||||||||||||||||||||||||||
| Features | ||||||||||||||||||||||||||||||||
| ||||||||||||||||||||||||||||||||
| Physical Specification | ||||||||||||||||||||||||||||||||
|
The complete package: meet the ZyXEL ZyWALL 10
Sleek packaging, and a supremely stylish router arrived via Fed EX to my doorstep. ZyXEL seems to have kept the same shell for this router that they used on the P314, and I favor this style router over others. Looks, however are a personal preference- and one of the many subjective issues you will need to confront when purchasing a router. As the old clich? goes, "Looks aren't everything", and functionality is definitely number one on our list of priorities- we will review the functionality of this router later on. Below are the entire contents of what arrived in the box, minus the power cable which I forgot to include in the picture. Included in the box are a CD, a Read Me, both Straight and a Crossover Cat5 cable, a serial cable for connecting to the console port, the 12VDC power adaptor, and the actual router itself.
 | |
 | Here is the underbelly of the router. As you can see, it has the standard brackets on the bottom for the ability to hang the router on the wall. |
 | Front view of the unit. |
 | Another shot, showing the LEDs in action, as well as their layout. |
 | A shot of the rear of the router. It sports merely one LAN port, along with the standard WAN port, a console port, uplink button, power port and ground. |
 | Here is the "Read Me" that ZyXEL puts into the package. It has a "how to set up in Windows 95/98". I believe they do not throw in a guide for Windows 2000 or Windows XP due to the fact that the operating systems work on a higher level and auto sense much more, to the point where a total beginner can get things operating. Still... |
Let's move on to installation and administration of the unit.
Installation and a view of the Administration area
Due to the amount of email I receive on the subject I have decided to offer the following information... If you have never used a broadband router, and have never, ever heard of "HyperTerminal" you will be in for a bumpy ride. These are the major portions of my installation:
1. Put away the manual.
2. Turn off my main computer, turn off the cable modem. Can't be too safe guys. ;)
3. Connect the cable modem to the WAN port of the ZyXEL. Connect your NIC to the LAN port on the ZyXEL.
4. Turn it all on.
5. Plug the serial cable into COM1.
6. Open up HyperTerminal. Start -> Programs -> Accessories -> Communications
7. Configure HyperTerminal and get into the routers firmware. We need to change the router's internal time so the logs actually make sense.
8. Set up other computers and connect them to a hub or switch if you so desire.
9. Later on troubleshoot and get programs such as ICQ, Napster, hosting Q3 matches, etc. working.
Once into HyperTerminal, you will be greeted with the following screen. From here it is quite easy to navigate the menu system. We want to specifically find the time settings, because the router is not shipped with the correct internal time. Otherwise, the logs of incoming and outgoing data and attacks will not make sense because you will never know when anything happened. Type in "24" and you will get another menu, choose item #10 and you will get the screen below. Set the correct time and you are ready to go!
 | |
 | |
I for one absolutely hate having to use HyperTerminal for simple tasks as changing the time, perhaps it is laziness, but I much rather all the settings be accessible through a browser as well. ZyXEL has improved on this factor since the P314 I once had, and there are now many goodies to play with in via the web browser. Let's begin...
Enter the address 192.168.1.1 into the address bar and you are taken to the Password screen, as shown below. The default password gets you in, and you are immediately prompted to change it to your own password.
 | Main Menu |
At this point, if you choose to to do the wizard setup you will go through a several step process to configure your internet connection. Also, if you look in the upper right hand corner of all those browser shots you will see a "Help" Button. I found this to be one of the BEST features this router has to offer beginners. Simply click it, and a box pops up with tons of information. Below is the box that pops up for the first page of the Wizard Setup, and is one of the less complex of the bunch. Sadly, not all of the pages have the option- the button is there, but there is no popup information given. They also include a CD with tons of information, which will be covered in the wrap up.
 | |
 | A great feature this router exhibits is it's VPN (Virtual Private Network) functionality. You can set up 10 of them, get summaries on them, monitor them, and view VPN logs. |
Below are the pages from the Advanced area of the Administration for this router, and are self explanatory.
 | |
 | |
 | |
 | |
 | |
 | |
 | |
 | |
Security and Firewall features
The primary advantage of the ZyWALL 10 over competing products is the enhanced security features, and this router truly packs a punch. Below you can see the home screen of the Firewall's Administration area.
 | Firewall administration - main |
 | You can have alerts sent to you VIA email, having the router send logs of attacks to you no matter where you are. |
 | You can generate alerts depending upon your own criteria, for those lovely Sunday afternoons when some script kiddie decides to ddos your web server. |
 | Speaking of logs, here is what the firewall log looks like; notice how the time is wrong. I took this screencap before I telnetted into the router to change the router's system time and date. It is also a pain that you cannot copy and paste the text out of this box yourself to paste into a document or email to your ISP. However, what I did was I got the abuse email for my ISP and you set your router to automatically send an email directly to abuse@yourISP.com so you are no longer hassled with garnering information about an attacker and sending it to the ISP, the ZyWall can do it automatically for you. |
 | WAN To LAN policies for blocking packets regarding "Rules" that you set up yourself. |
 | LAN to WAN policies for blocking packets... |
 | With custom ports, you can open up a port or a range of ports for certain applications that you would like to have access and be accessed from the internet, such as game servers, ftp clients, and web servers. |
Content Filtration
If you are a business owner and you are tired of employees looking at things they shouldn't be, or downloading things they shouldn't be you will love this. If you are a good mother or father who want to shield their children from Drugs, Satan, and Rock and Roll then this is for you. To use the filtration feature of this router, you must have a subscription to the filter list; ZyXEL provides the first six months free, and from there out you are on your own. As you can see in red, "The Filter List has not been loaded". I clicked "Free" in the menu to register for my first free 6 month subscription to the filter service. You are basically paying for a list of sites that are downloaded and loaded to the router so it knows which domains to block... however, with the millions of sites going up PER DAY how effective will the content filtration system be?
 | Not only can you block all the categories but you can also block cookies, Java, ActiveX, and web proxies. Furthermore, you can chose what times of the day to block such categories, domain names, and custom sites that you put in yourself. |
 | Here is all you need for registration. |
 | Click on "List Update" and you are taken to this page. You can download the list and apply it, and even set it to auto-download for you at a specific date and time- yet another cool automatic feature this router presents. |
 | Click on "Exempt Zone" and put in the port range for the bosses or parents; you guys still have full internet access if you want to worship Satan (especially the bosses). |
 | Yet another cool option; you can block web URL's that contain keywords. This can be useful but USE DISCRETION! I was at an internet gazebo at the airport where you can pay to surf, and they had a bunch of words filtered... one being the word "Pee". Well, guess what... I couldn't browse www.sPEEdguide.net because of their moronic usage of a content filter, and I lost the $5 I paid to use it. |
 | Along with downloading the filter list that is provided, you can also add domains you want to block or take domains out of the list that you want to trust. Do you really want to get strict with where your employees or kids (or even yourselves) can go online? Then check "disable all web traffic except for Trusted Domains". |
 | Here is a look at the Content Filter Logs; They are empty, but they won't be for long. We have some content filter testing to do! |
Content Filter Testing
I checked all the categories, added "warez" and "hard" as two of the words to filter for URLS, and went to Google. A preliminary search for warez brought up the obvious warez.com, which when I attempted to load the router quickly blocked. Next, I went to two sites that I know have the word "Hard" in them, Hardocp.com and Hardforum.com - both were also blocked quickly. When I say "blocked quickly", I mean there was no hesitation from the router, the pages loaded instantly with the simple text message "Please contact your network administrator!!"
 | Here are the filter results so far. They show the time, date, source IP and action taken by the router. We are 3 for 3 so far, let's see if the router can keep it up. |
Anonymizer, a popular web proxy, and Gambling.com were blocked well enough... A few more tests of Porn sites yielded varying results, a few were blocked and a few others were not. A site on Sex Education showed up just fine, as shown below.
 | |
A search on satan led to a few million links on Google, a very large majority that I tested opened and loaded fine. The router did not do it's job in blocking them.
All in all, as I have previously mentioned, I believe the content list will always have it's flaws. At the pace the internet is growing, it is truly an impossible task to have a comprehensive list... EVER. I suggest you do your own testing with a combination of the content filtering list and keywords to your in your quest for a safe internet environment for your kids. As for employees, if you try to block entertainment, good luck. Some major sites may be blocked, but anything on the internet is deemed entertainment. If you have a specific task for them to do and ONLY do on the internet, I suggest you limit their browsing to the select few domains you want them to be able to reach.
Before I logged out of the Admin area, I made sure to make myself exempt from the Content Filtration and test that function, needless to say it worked.
Wrapping it all up
I did not do an official speed test due to the fact that this router has been out for a while, and no one has had major speeds issues with it, and the router is shooting large files around my home LAN at healthy speeds that meet and exceed my other routers. ZyXEL has always been known for having solid, fast routers, and the ZyWALL 10 is no different. Online security tests from GRC showed the router passing perfectly, every checked port was in "stealth mode", which is the least you could expect from a router devoted mainly to security. Not only is this router extremely secure, but the means and methods of configuring the router's security are extremely easy and web browser based. The only pain felt while installing the router was having to use HyperTerminal, which a newbie would not be able to do without some study. If you plan on having more than one computer routed to the internet, I suggest you get a switch. This is both a good and bad function of the router: bad because you have to buy the switch, yet good because you can buy the switch based upon the number of clients on the LAN. The router did not die on me once, it was very reliable in the over 1.5 weeks time which I ran it for long term testing which I do with all the routers that I come across. I develop a sense of how the router feels, and I was very pleased with the ZyWALL 10 in terms of reliability and performance. Although the ZyWALL has no hardware reset button, you don't need it unless you are making certain changes within telnet or the browser admin area, and the router reboots itself automatically after those changes are made.
Included with the router was a CD which my Lite ON 24x CDRW could not read, but my Lite ON 16x DVD could... It contains some great technical support, including screenshots of the Administration area that they have hand circled items in and have in depth information. I have made the content of the information included on the CD, including it's PDF's here, I hope you can review them before you purchase this router to see if it is right for you.
Some quotes from Pricegrabber.com shows the prices for this router hovering between $260 and $300 plus shipping. This price tag may thwart most home users from purchasing this router, seeing as how they can get a 4 Port Linksys from Buy.com for merely $80 and shipping costs. However, what you are paying for with this router are the added features that make it the special product it is. What is basically boils down to, is this question: Is a hardware content filtration system and advanced hardware firewall with VPN support what I need? I am confident this router will do a hell of a job filtering content that you tell it to, better so than software counterparts. For those of you working from home who need VPN and cable together, this is a sure thing- easy to set up and maintain. I had a friend recently spend two days straight with his Linksys trying to configure it to work with his cable modem/lan and still have VPN access to work- this is a product he may want to consider. If you will be using this router at a work environment where you have employees that you want to keep working, and make the most efficient use of the time you are paying them for, then this router will be a small investment towards more money saved in the long run.
In the business category, the router cleans up across the boards. The only area where I could find fault was the downloadable content filtration information which you would eventually have to pay for after 6 months. I try very hard to find fault in the products I am using, and the ZyWALL 10 eluded my attempts at finding fault for it's use in the business arena.
For a home user with little experience, this router may be a bit hard to set up, and considered 'going overboard' when routers which offer the same speeds and reliability are hundreds of dollars less in comparison. However, serious home users who know how to get the best out of this router will benefit from it's advanced features, and in the end not feel happy with some other routers' lesser features. A home user might chose to use the ZyWALL 1 instead, which incorporates very similar features, with the main differences being cost of the unit, and the fact it only allows for a single VPN tunnel instead of the 10 VPN tunnels in the ZyWALL 10.
As with any product; be it a router, video card, car, or a house you need to do your homework. Please read other reviews, as maybe another reviewer did not have the same luck I did with the product. Scan message boards for posts regarding the router, and see if others have been having problems with them. :)
Good Luck,
John
| Rating | |
|---|---|
| Price: |  |
| Features: | |
| Setup Ease: | |
| Tech Support / Manual: | |
| Reliability: | |
| Management: | |
| Performance (speed/latency): | |
| Security: | |
| Overall Rating: | |
Copyright © 1998 - 2003 Speed Guide, Inc. All rights reserved.
All trademarks and logos are © of their respective owners.