This device from ZyXEL targets mid-size enterprises and supports up to 200
users. A unique feature of this device is that it has a turbo card that looks
similar to a PCMCIA wireless card. This card enables anti-virus and anti-spam
features of this device. There are one LAN, two WAN, 4 DMZ ports that support
10/100 Mbps bandwidth. The two WAN ports ensure load balancing of WAN links.
Apart from these it also has one console port for terminal connection to the
device and a dial-up port with which you can connect to the device in case of
extreme failovers where all your WAN links fails. This was the only UTM in our
shootout which had optional support for wireless networking built in.
|
Tests and Results
We started downloading a number of viruses over HTTP and FTP. The results
were not very good as around 30% of the viruses passed through it. To test the
anti-spam performance, we downloaded approximately 1000 spams from our mail
server. At the first attempt the quantity of spam detected was very less
compared to the no. in other devices. But after we enabled an option called 'Use
external DataBase,' the no. of spams increased. This affected the performance of
the device and took around 30 minutes to download all the spams, taking the max
amongst the lot.
For checking the performance of IDS/IPS of this device, we ran a couple of
vulnerability scans and the results were good. In our test with Nessus this UTM
performed well compared to others. The Nessus report showed zero warnings and
zero holes for this device. Then we tried to jam its LAN port by flooding the
device from five different clients belonging to the same private network.
Internet access got blocked and it was not able to detect and block the attack,
which was not good for an IDS device. We tested the device for denial-of-service
attack and for this we ran the test from the public network and attacked its
public IP. The attack failed and the device kept working without any errors or
performance differences. We also ran a set of sniffing attacks, the device was
able to detect it, but was not able to detect the actual source from where the
attack was generating.
Bottomline: Cost-effective UTM for mid-size setups, having WAN
failover and optional wireless networking.