Top 10 Next Generation Firewall Appliance

9.7

Score

Fortinet FortiGate-60E / FG-60E Next Generation (NGFW) Firewall Appliance, 10 x GE RJ45 Ports

By Fortinet

9.5

Score

Fortinet FortiGate-50E / FG-50E Next Generation (NGFW) Firewall Appliance, 7X GbE RJ45 Ports

By FORTINET

Score

Fortinet FG-30E-BDL FortiGate Next Generation (NGFW) Firewall Appliance Bundle with 8x5 Forticare and FortiGuard

Fortinet FG-30E-BDL FortiGate Next Generation (NGFW) Firewall Appliance Bundle with 8×5 Forticare and FortiGuard

By FORTINET

8.8

Score

Zyxel Next Generation VPN Firewall with 1 WAN, 1 SFP, 4 LAN/DMZ Gigabit Ports [USG20-VPN]

By ZyXEL

8.2

Score

Sophos XG 125 Rev.3 Next-Gen VPN Firewall Appliance

By Visit the Sophos Store

7.7

Score

Fortinet FG-50E Next Generation (Ngfw) Firewall Appliance, 7X GbE RJ45 Ports

By FORTINET

7.3

Score

Fortinet | FortiGate 30E Next-Generation Network Security UTM Firewall | FG-30E

By Fortinet

Score

Zyxel Next Generation Unified Security Gateway with WLAN Controller and 4 LAN/DMZ, 2 WAN, 1 OPT Ports [USG110]

By Visit the ZyXEL Store

Score

ZyXEL Next Generation VPN Firewall with 2 WAN, 1 OPT, 4 LAN/DMZ Ports Includes 1-Year UTM Services Bundle [ZYWALL110]

By ZyXEL

Score

1. Fortinet FG-60E-BDL Fortigate Next Generation (Ngfw) Firewall Appliance Bundle with 8×5 Forticare and Fortiguard

Feature

Wan interfaces: 2
Wireless interfaces: no
Sessions per sec: 30, 000

2. Fortinet FortiGate-60E / FG-60E Next Generation (NGFW) Firewall Appliance, 10 x GE RJ45 Ports

Feature

FortiGate-60E Base Model | FG-60E
Includes 8×5 Trial Support
10 x GE RJ45 ports (including 7 x Internal Ports, 2 x WAN Ports, 1 x DMZ Port). Max managed FortiAPs (Total / Tunnel) 30 / 10
Firewall Throughput: 3 Gbps | New Sessions: 30000 | IPS: 400 Mbps | SSL VPN: 150 Mbps
Dimensions(in): 1.5 x 8.5 x 6.3 | Weight(lbs): 2

3. Fortinet FortiGate-50E / FG-50E Next Generation (NGFW) Firewall Appliance, 7X GbE RJ45 Ports

Feature

Free Shipping

Description

Fortinet FortiGate-50E / FG-50E Next Generation (NGFW) Firewall UTM Security Appliance – 7x GE RJ45 Ports (including 2x WAN Port & 5x Switch Ports) – (Hardware only – No subscription services are included)

4. Fortinet FG-30E-BDL FortiGate Next Generation (NGFW) Firewall Appliance Bundle with 8×5 Forticare and FortiGuard

Feature

Switch/LAN interfaces: 4x GbE RJ45
WAN Interfaces: 1
Sessions per Sec: 15,000
Coverage area – 2,000 to 3,000 square feet

Description

The FortiGate/Forti Wi-Fi 30E are compact, cost effective, all-in-one security appliances that deliver Fortinet’s Connected UTM. Ideal for small business, remote, customer premise equipment (CPE) and retail networks, these appliances offer the network security, connectivity and performance you need.

5. Zyxel Next Generation VPN Firewall with 1 WAN, 1 SFP, 4 LAN/DMZ Gigabit Ports [USG20-VPN]

Feature

High Performance Gigabit Ports 1x Internet (WAN) Port, 4x Local Network (LAN) Ports, 1x SFP Gigabit Fiber (SFP WAN) Port for Uplink to Fiber Internet Services
Up to 90Mbps Encrypted VPN throughput (IPsec/L2TP: 10 Concurrent, SSL: 5 Concurrent Upgradable to 15 Max) for Secure Remote Access, Office to Office or Device to Office
Up to 350Mbps Stateful Packet Inspection (SPI) Firewall and 20,000 Max TCP Concurrent Sessions ideal for Small Offices &lt
10 Users
FANLESS design and Desktop Form Factor for quiet no noise 0dB operation and installation anywhere
Easy to Install browser-based configuration and management interface with Quick and Easy setup/VPN wizards
Optional Website Content Filter Blocking and Anti-Spam Email Blocking (Subscription Required, Sold Seperately)
TRUSTED BRAND with LIMITED LIFETIME HARDWARE WARRANTY
FREE TECH SUPPORT / NO SUPPORT CONTRACTS

Description

Size:USG20-VPN (10 VPNs)

USG20-VPN – NEXT generation unified security Gateway vpn firewall. Provides an extensible design that enables Service prioritization for data. Design that delivers high availability, scalability, and for maximum flexibility and price/performance. The country of Origin is Taiwan.

6. Sophos XG 125 Rev.3 Next-Gen VPN Firewall Appliance

Feature

Sophos Next Generation Firewall XG 125 (rev.3) is ideal for SMB and branch offices at excellent price-to-performance ratio
Work with software modules (to be ordered) for the security features.
Firewall: 6.5 Gpbs, VPN: 700 Mbps, NGFW(IPS+App Ctrl): 1.1 Gbps, AV Proxy: 700 Mbps
Ports: 8 GbE copper, 2 GbE SFP
SFP transceivers sold separately Flexi Port Slot: 1 Swappable Components: opt. ext. Power, 3G/4G
Power Code: EU/UK/US Rackmount kit available (to be ordered separately)

7. Fortinet FG-50E Next Generation (Ngfw) Firewall Appliance, 7X GbE RJ45 Ports

Feature

Detects unknown attacks using dynamic analysis and provides automated Mitigation to stop targeted attacks

8. Fortinet | FortiGate 30E Next-Generation Network Security UTM Firewall | FG-30E

Feature

FortiGate 30E Base Wired Appliance | FG-30E
Includes 8×5 Trial Support
5 x GE RJ45 ports (Including 1 x WAN port, 4 x Switch ports), Max managed FortiAPs (Total / Tunnel) 2 / 2
Firewall Throughput: 0.95 Gbps | New Sessions: 15000 | IPS: 300 Mbps | SSL VPN: 35 Mbps
Dimensions(in): 1.61 x 8.27 x 5.24 | Weight(lbs): 2

9. Zyxel Next Generation Unified Security Gateway with WLAN Controller and 4 LAN/DMZ, 2 WAN, 1 OPT Ports [USG110]

Feature

Includes 1 Year of Anti-Virus (AV), Intrusion Detection and Prevention (IDP), Anti-Spam (AS), and Content Filtering (CF) UTM Services.
7 x GbE RJ-45, 2 x USB (multi-WAN and mobile broadband)
1,600 Mbps firewall throughput
400 Mbps VPN throughput (IPsec/L2TP: 100 Included, SSL: 5 Included Upgradable to 25 Max)
Comprehensive Anti-malware threat protection with firewall, anti-virus, content filtering,anti-spam,Intrusion detection and prevention, application intelligence and SSL inspection
Built in WLAN Controller for centralized management of ZyXEL access points
User-aware policy engine can set bandwith or network access based on user login or using Single Sign On
Comprehensive Anti-malware threat protection with firewall, Kaspersky anti-virus,content filtering,anti-spam,Intrusion detection & prevention, application intelligence and SSL inspection

Description

Size:USG110 (~50 Users <>

Zeal next generation unified security Gateway with WLAN controller and 4 LAN/DMZ, 2 WAN, 1 opt ports [USG110]

10. ZyXEL Next Generation VPN Firewall with 2 WAN, 1 OPT, 4 LAN/DMZ Ports Includes 1-Year UTM Services Bundle [ZYWALL110]

How does Amazon calculate star ratings?

Feature

Multi-core CPUs deliver up to 1 Gbps firewall throughput and 300 Mbps VPN throughput
More secure VPN connections with SHA-2 encryption
VPN high availability (HA) with dual-WAN failover and fallback support
L2TP support for iOS, Android and Windows mobile devices
Auto-provisioned client-to-site IPsec setup with Easy VPN
100 IPSEC VPN Tunnels, 25 SSL VPN Tunnels included
60,000 Concurrent Sessions
IPV6 Support

Description

Style:100 VPNs

Product Description

ZyWALL110 Application Diagram
View larger

Blazing-fast Performance
View larger

Comparison chart
View larger

Best-in-Class VPN and Firewall Throughput

The new ZyWALL 110 VPN Firewall is designed with multi-core CPUs to deliver the fastest VPN and firewall performance on the market. High-speed networking performance up to 1 Gbps firewall throughput and 300 Mbps VPN throughput keeps up with the high bandwidth demands of todays applications without sacrificing security. Designed with completely new and advanced hardware platforms, the new ZyWALL 110 VPN Firewall delivers uncompromising performance for high-speed site-to-site and client-to-site VPN

Safer, More Reliable VPN Connections (100 IPSec / 25 SSL)

Faster processors today have greatly boosted the capabilities of attackers to decrypt VPN tunnels. Legacy VPN encryption algorithms like Message Digest 5 (MD5) and Secure Hash Algorithm 1 (SHA-1) are no longer sufficient to guarantee secured external communications. Supporting the more advanced Secure Hash Algorithm 2 (SHA-2), the ZyWALL 110 provides the safest VPN connections in its class and ensures maximum security for business communications. The ZyWALL 110 VPN Firewall delivers reliable, non-stop VPN services with dual-WAN failover and fallback support. With two WAN connections — one primary and one for redundancy — the ZyWALL 110 VPN Firewall automatically switches to the backup connection should the primary link fail, and automatically switches back to the primary connection once it is back online.

Unlimited Business Mobility

To support dynamic, mobile business operations in today’s BYOD (bring your own device) business environment, the ZyWALL 110 VPN Firewall offer unlimited business mobility with Layer 2 Tunneling Protocol (L2TP) VPN for mobile devices. The ZyWALL 110 supports L2TP VPN on a wide variety of mobile Internet devices running the iOS, Android and Windows mobile platforms.

Zero-Configuration Remote Access

Virtual private networks provide businesses a secure and convenient way of sharing company resources with partners, customers, or employees on business trips. Yet typical VPN solutions are hard for non-technical users to configure, which greatly reduces their usability and convenience. The ZyWALL 110 VPN Firewall features Easy VPN to provide auto-provisioned client-to-site IPsec VPN setup. A wizard is available with the ZyXEL IPsec VPN client software that automatically retrieves the VPN configuration file from the remote ZyWALL 110 VPN Firewall and completes the IPsec VPN setup in 3 simple steps. ZyXEL’s Easy VPN lowers administration effort and allows partner, customers, or traveling employees to access company servers, email, or data centers easily and securely.

Ultra-fast Performance for Tomorrow’s VPN Deployments ZyXEL ZyWALL 110 VPN Firewall

Multi-core CPUs deliver up to 1 Gbps firewall throughput and 300 Mbps VPN throughput
7 High Throughput GbE Ports (2x WAN, 1x Optional WAN/LAN, 4x LAN/DMZ)
60,000 Sessions, IPv6, VLAN Support
100 IPSec New Generation VPN Security connections with SHA-2 encryption
25 SSL VPN tunnels included for easy VPN connection for remote clients
Multiple WAN load balancing function to increase internet bandwidth capacity
VPN high availability (HA) with dual-WAN failover and fallback support
L2TP support for iOS, easy connection of Android and Windows mobile devices
Auto-provisioned client-to-site IPsec setup with Easy VPN (Using ZyXEL IPSec VPN Client)

Amazon.com

Product information

Style:100 VPNs

Technical Details

Collapse all

Summary

Wireless Type

802.11abg

Other Technical Details

Brand

ZyXEL

Series

ZYWALL110

Item model number

ZYWALL110

Hardware Platform

ZyNOS

Operating System

Windows 7, Mac OS, Linux

Item Weight

4.41 pounds

Product Dimensions

14 x 6 x 10 inches

Item DimensionsL x W x H

14 x 6 x 10 inches

Color

Red/White

Power Source

Voltage

12 Volts

Manufacturer

ZYXEL

ASIN

B00E6IP2HI

Is Discontinued By Manufacturer

Date First Available

July 27, 2013

Technical Specification

User Guide [PDF ]

Additional Information

ASIN

B00E6IP2HI

Customer Reviews

60 ratings

3.9 out of 5 stars

Best Sellers Rank

#16,773 in Computers & Accessories (See Top 100 in Computers & Accessories)
#578 in Computer Routers

Date First Available

July 27, 2013

Warranty & Support

Amazon.com Return Policy:You may return any new computer purchased from Amazon.com that is "dead on arrival," arrives in damaged condition, or is still in unopened boxes, for a full refund within 30 days of purchase. Amazon.com reserves the right to test "dead on arrival" returns and impose a customer fee equal to 15 percent of the product sales price if the customer misrepresents the condition of the product. Any returned computer that is damaged through customer misuse, is missing parts, or is in unsellable condition due to customer tampering will result in the customer being charged a higher restocking fee based on the condition of the product. Amazon.com will not accept returns of any desktop or notebook computer more than 30 days after you receive the shipment. New, used, and refurbished products purchased from Marketplace vendors are subject to the returns policy of the individual vendor.

Product Warranty: For warranty information about this product, please click here

Customer reviews

5 star		56%
4 star		12%
3 star		11%
2 star		10%
1 star		11%

Customer images

See all customer images

There was a problem filtering reviews right now. Please try again later.

Cliff Schornak

Excellent SOHO router.

Reviewed in the United States on October 30, 2017

Style: 100 VPNsVerified Purchase

I ordered the 110 Firewall/VPN to replace a USG 50 I have been running for 5 years.My internet service had increased
during that time from 50Meg to 250Meg.My service provider replaced my modem with a DOCSIS 3 modem and I tested bandwidth
with directly connected PC,The directly connected PC got 280 Mbytes, while thru the USG50 I was getting less than 50.Turning off ADP
got me up to 75Megs.So I ordered this box which advertized 1.6Gbytes through the Firewall.
The Zyxel website seems to offer a service to convert the USG 50 configuration to the 110, but it only really works for USG 110.I was never able to figure out the difference between the two boxes, but USG 110 costs about $50 more.
I was able to setup the 110 by manually coping the settings from the USG50.Which was good, because I cleaned up a lot of settings that were no longer needed.
I have been pleased with the performance of the box.It is showing 280Megs throughput with ADP enabled and only hits 25% CPU during the
Speedtest.net test.
This box is probably overkill for personal use, but I work out of my house and I need the unit to nail up a VPN to my corporate network.I also have IP Phones and IP PBX operating behind it.It all just works.
I don't use the Service provider routers as I need much better control.I also utilize advanced features such as VLANs.I also have a lot of IOT and typically have > 60 active IP connected devices (smart switches, TVs, phones, tables besides computers and laptops.)

17 people found this helpful

Great little firewall ZyWall 310

Juan J. Casero

Reviewed in the United States on January 15, 2017

Style: 300 VPNsVerified Purchase

I went from used surplus server hardware on ebay running either pfsense or endian firewall to this ZyWALL 310 firewall.I could not be more happy that I did.In fact I should have done it much sooner.Even when the three fans on the back of the unit are at full speed during a bootup it is still much quieter than my Sun V20z or V60x servers that used to be my firewalls.It's like night and day.After bootup the fans throttle back to half speed and while I can still hear it they really don't bother me.As other reviewers have said it sounds like a laptop fan under stress that's it.Very tolerable in my opinion and this is important because I don't have a server closet.I telecommute to work from my home office and I have a half height server rack in my home office.There are three cisco SGP200-26 switches in that rack along with this zywall 310 firewall right next to my desk.I am able to work comfortably with this equipment in my office.This firewall software is a bit different than am I used to and while I do have some prior experience setting firewall rules I am not by any means a network engineer.Even so I was able to get this firewall up and running in a basic configuration in a short amount of time.The default rules they provide basically allows all outgoing traffic from all the lans and the dmz to the wan port.So it's just a matter of adding a few rules to block some services like ftp, telnet, pop3 and smtp that use plain text passwords.I also updated the firmware for the unit after registering it on zywall's website.The firmware update is very easy and there is a video on youtube that shows how to do it.Finally, the performance I am getting is phenomenal.With my pfsense or endian firewalls I could not break past the 100Mb/sec download rate.With this unit I immediately smashed through it and was downloading at the full 240 Mb/sec that my service allows.For me the benefits were obvious

1. Less noise in my office (except when I need to fire up my sun servers for development work)
2. Less heat being generated in my office
3. Faster download speeds
4. Nice and tidy fit in my server rack

I am happy I purchased the unit and I recommend it to anyone who just wants to get their work done without too much hassle.

6 people found this helpful

Will be returning this garbage. I would have been willing to overlook the ...

Eric M. Stone

Reviewed in the United States on April 7, 2018

Style: 100 VPNsVerified Purchase

Woke up to a downed network - the unit failed after less than 24 hours. Suggest you look elsewhere. Will be returning this garbage.

I would have been willing to overlook the very difficult to setup and horrible GUI. Had to login via SSH to actually get any work done.

6 people found this helpful

Good performance (when it works) - but firmware bugs, system crashes and VPN disconnects leave much to be desired

Robert T. Bruce

Reviewed in the United States on July 24, 2014

Style: 100 VPNsVerified Purchase

This is a long overdue review of the ZyWall 110. I wanted to love this little router, I really did, but found a host of issues that have yet to be fixed. On paper, the router seems superb - great specs, fast VPN, nice overall design (and look). But after using this router since September 2013, I can safely say that there is much to be desired. Let me start with the things I liked about the router:

----------
POSITIVES
---------
1) Fairly quick initial setup - I was able to plug the router in, and get up and running in 20 minutes or so. Well, almost. My first unit had a defective gigabit Ethernet port that would revert to 10/100 speeds after 3 hours of usage. This didn't impact initial connectivity, however, and a replacement unit fixed this issue (see negatives). The VPN setup is also a bit complicated (somewhat unnecessarily, IMHO - 3 disparate screens just to get the VPN configured - not including user management). But ZyXel tech support was very helpful and even remotely logged into my router and set the VPN up for me. Thanks! Which brings me to my next positive:

2) Free telephone tech support - ZyXel's support staff are based in the US, and their support engineers have been very helpful (to the extent they are able to help - especially given the router's limitations). However, the design engineers are all in Taiwan, while the telephone support staff is in the USA, so I'm not sure how often the two parties communicate to identify / resolve lingering issues.

3) GUI chock full of options - You can configure most (all?) of the router's features using the GUI interface. This is particularly if you're not familiar with CLI configuration (not my case, but worth mentioning). There are a lot of options, and I mean a lot. Not for the faint of heart, but spend enough time and even novices would get used to it. While the interface has a lot of features, there definitely could be some more thought put into the layout. I've often found myself having to click through various disconnected menu options to perform one simple task. But I'm listing this as a positive, since the options are there, and you can call tech support if you're really stuck.

4) Good router performance - at least when it works. I've test the router using QOS, and it does a good job. Much better load balancing than my previous router. While I haven't maxed out the router's throughput, it hasn't choked on my 75 megabit connection. SmallNetBuilder did test the router, however, and found the router throughput to be ~half the rated speed of 1 Gbps. I don't have that kind of connection yet, and by the time I do, hopefully the issue will be rectified by a firmware update.

5) Load balancing wan with fallback - while I never tried this feature, it seems like a nice option to have. But honestly, I think the target demographic (SMBs, homes?) would rarely use this feature, if ever. Regardless, +1 for effort

6) Multiple configurable Ethernet ports - for DMZ, VLANs, etc. Again, a feature I'm not currently utilizing, but nice to have. But given that companies are moving their servers to the cloud, and layer 3 switches do a better job with VLANs and intra-office routing, I'm not sure how beneficial these ports will ultimately be.

---------
NEGATIVES
---------
1) Crashes . Seriously. Three times in the past 7 months. The router interface froze on me, and locked me out of accessing the VPN, router configuration, or communicating directly with the router in any manner whatsoever. Oddly enough, internet access through the router wasn't impacted, just access to the router itself. I needed to physically reboot the router to restore access. This can be problematic if you're at a remote location (my situation). I had to buy a remote power switch that periodically pings the router and power cycles it in case it freezes. Totally unacceptable, IMHO.

2) Frequent VPN disconnections - I've found the router to frequently disconnect me from L2TP VPN connection. This is especially apparent during peak times. I've read that these issues aren't unique to ZyXel, but other router manufacturers have been able to mitigate these problems somehow. The disconnect issue is particularly bothersome as once you're disconnected, the previous state is locked for a few minutes and you can't log back in until the router drops the connection. This is incredibly frustrating, especially once it start happening more than two times in an hour.

3) No support for multiple remote IPSEC VPN clients behind a single public IP address. To be fair, this issue also isn't unique to ZyXel (something to do with the encrypted connection), but other manufacturers have been able to mitigate this limitation as well. In addition, if a remote user is logged into the VPN, another remote user with the same IP address as the VPN user is completely locked out from accessing the router services - VPN, configuration, etc. This is especially frustrating if you need to remotely modify router settings, and another user from your local LAN (assuming you're sharing public IPs) is logged into the VPN. Here's what I mean:
** Imagine two remote users behind the same public IP address, and the ZyXel 110 at a different location, with both IPSec VPN and router configuration access enabled over the WAN side. One remote user decides to log into the ZyXel 110 using the IPSec VPN. All is good. Then, the second user, using a different computer, decides to access the ZyXel 110 configuration page through the public IP address (not VPN). Denied! Even though the web interface uses a different port (SSL - 443) than the IPSec VPN, the ZyWall can't differentiate the traffic. Same thing happens if two users behind the same IP address try to use the VPN simultaneously.

4) Proprietary 2-step verification - You need to use ZyXel's silly offering - no support for 3rd party tools such as Google Authenticator. Really? Come on ZyXel. Other router manufacturers are on top of this, why aren't you? ZyXel's solution is pricey (you need a dongle) and cumbersome, given that Google's app is free and runs on most smartphones. The free price range also probably best fits the target market of ZyXel's customers - SMBs with limited budgets. I mean, if I wanted faux-enterprise security with a silly little dongle, I'd call Cisco and RSA (NSA?).

5) No support for OpenVPN, GRE routing, multicast tunnel, etc. It's not as though the router and it's fast processor couldn't handle these tasks. OpenVPN is great since it's highly secure and you can specify a port (unlike IPSEC). Certain WiFi hotspots block most ports aside from 80 and a few others, and only OpenVPN allows for custom port numbers to sidestep this limitation. Multicast routing and GRE tunnels have been available on other ZyXel routers in the past, but not with the 110. It's a guessing game when (if?) these features will ever make it to the 110. Ubiquiti Edge Router is only $100, and has supports all these aforementioned features - and more!

6) Infrequent firmware updates - I can't fathom this - especially since the router has some serious bugs. The latest router firmware (as of this writing) was dated in June 2014. Prior to that, it was Sept. 2013. Seriously, almost a year between firmware updates? Come on! It may be because ZyXel's design engineers are in Taiwan and they might not be reading the forums, or have infrequent communication with the tech support staff based in the USA. Whatever the case, one year is too long of a wait.

7) Weird IP address sorting scheme - IE if you click on Sort Ascending (or vice versa), you'll see x.x.x.1, x.x.x.101, x.x.x.2, etc. WTF? since when did 101 come before 2? So silly. Who came up with that logic?

8) No mounting holes underneath case - The manual indicates there are wall mounting holes (one of the reasons I initially bought the router), but that was a pipe dream. There are no mounting holes. At least for my unit (manufactured July 2013). Just a solid back. I guess somebody forgot to tell the factory. Silly factory.

9) Fan Noise - Okay it's not as loud as a laser printer, but it's still loud. Mind you, I have the router in a fairly quiet bedroom where you can actually hear the noise. What I can't figure out is why the fan was needed in the first place: The unit runs fairly cool (at least for the apps I run), and given the ridiculously spacious housing (you could cut off the left 1/3 of the router - it's just air), I'm sure lowering the fan speed, or ditching the fan altogether wouldn't be much of an issue.

10) Faulty Gigabit Ethernet port - I bought my unit in September 2013, and several times my gigabit connection would drop to 10/100 speeds. I tried various cables to no avail. This may have been a manufacturing issue. I replaced my unit and the problem went away, but there are reports of other people having the same issue. Caveat emptor.

11) Power brick - As I mentioned before - the router has a lot of empty space underneath the case. So why ZyXel didn't incorporate the power supply inside the unit is beyond me - but it certainly wasn't for a lack of space. Now, I have to keep track of yet another power brick (especially frustrating when moving things around), and since my unit is rack mounted -I now also need to find a place to mount the brick, as the dinky 2.5mm power connector won't support the brick's weight (it can't just dangle).

12) Logs and Reporting - A serious item of contention for me - especially since other SMB router manufacturers (along with DD-WRT, Tomato, etc) have much better graphical offerings. I found ZyWall's traffic reports to be confusing, and mostly unusable. Let me elaborate:
** Limited traffic statistic visibility - - You can only see a limited subset of current traffic going through the router (20 biggest, or last 20), yet there is a drop down menu that shows 50, 100, 200, as selectable options. I had to read through the fine print of the manual to realize that 20 is the limit. WTF? Why even present a drop down option then?
** No summary charts or data - looking for charts to identify biggest bandwidth users, sites most frequently visited, traffic by interface, period, etc? Ha! Good luck. The only solution I found was to upload the data to a syslog server and use that software to analyze your traffic.
** DHCP IP address binding list- Want to see what addresses have been assigned through DHCP, or which static IP addresses are active on the LAN side? Well, you can only do that if you enable IP address binding, which will block any devices with static IP addresses (unless you manually add them to the MAC table). Even then you won't see which devices are transmitting using static IPs on the LAN. Why this silly limitation? I have no clue. ZyXel, care to comment?
** Log File format - You can upload a plethora of data to a syslog server, but you need additional software to parse through the log(s), which only come in CIF or a proprietary VRPT format. These packages cost money, and most off the shelf CIF packages I encountered didn't support the ZyXel. ZyXel makes its own report analyzer, but that's another piece of software to buy just to get some basic summary data. Plus, it's overkill for most users. Come on ZyXel!

13) Limited USB port functionality - I found the USB port all but worthless. You can use it for only two purposes - Storing logs and connecting cellular modems. That's it. While many routers allow you to connect USB drives and have the router double as a NAS, the ZyWall 110 does not. You can add USB storage but only for log archival purposes. Fine. I have a separate NAS so no love lost. I was, however, disappointed to find that the router can't interface with battery backup units either (or any other peripherals with USB serial ports). My previous $30 cheapo router let me connect my APC battery backup via the USB interface and displayed the UPS status as well as sent me email alerts with any power related issues. I loved this feature as I could quickly monitor my UPS health without having to buy a new (and expensive) IP capable battery backup. I thought this was a basic feature that most routers supported, but the ZyWall 110 does not. In fact, the only uses for the USB ports are the ones I mentioned previously. Given these limited uses, I imagine that most people will find the USB ports utterly useless - just as I did.

14) Limited firewall filtering of IP addresses - Specifically, geographic IP address filtering. It's fairly common for routers in ZyWall's class to block IP address blocks from specified geographic areas (ie, North Korea, Iran, ZyXel Headquarters, etc). Not here. It's possible that ZyXel's other router offerings have this functionality, but definitely not this router.

15) No intelligent detection of Skype / torrent / or other L7 traffic. This is useful for QOS or bandwidth limiting purposes. To be fair, I believe ZyXel's USG offerings have this functionality in some form, but those routers cost a lot more and have subscription fees. With the ZyWall 110, you're mostly confined to shaping traffic using port ranges, which isn't very useful for prioritizing or controlling applications that dynamically assign ports (such as Skype or torrent apps). There are many other routers in the 110's class / price range that have at least some basic L7 functionality, but with ZyXel that functionality requires a different router and costs extra.

-----------
CONCLUSION:
-----------
All in all, the router has good performance when it works, but given all these limitations, there's a lot to be desired. I paid $360 for this router, but considering its limitations and the issues I encountered, I feel its overpriced. This is especially true when you consider offerings from the competition, particularly Ubiquiti's Edge Router which sells for $100.

Granted, the Edge Router lacks the multiple Ethernet ports, load balancing capability, and the GUI configurability, but its CLI configuration gives it options and flexibility that the ZyWall 110 can't match. The Ubiquiti router seems to mitigate a bulk of my issues above, and it has better performance (firewall throughput, VPN) to boot (according to Small Net Builder)!

It's just my $0.02. For whatever it's worth!

45 people found this helpful