ZyXel offers unified threat management for low-end net

ZyXel Communications has entered the unified threat-management fray by building content filtering, intrusion-prevention, anti-virus and anti-spam technology into its ZyWall 35 and ZyWall 70 combined firewall and VPN appliances.

In our test of the ZyWall 70 UTM with the ZyWall Turbo Card, which is necessary to accelerate the new anti-virus and IPS services, we found the combination provides a massive set of features that will make it very attractive to small and midsize businesses (SMB) looking for a more sophisticated firewall device. However, the ZyWall 70 UTM's capabilities are offset by its difficult-to-use policy management GUI and weak documentation, and a rapid release cycle - we were shipped three updates of the software during our three-month testing cycle.

We tested the ZyWall 70 UTM by installing it on a live customer site in Tucson, Ariz., that needed advanced UTM features, including both threat management (virus scanning and spyware blocking) and URL filtering (see "How we did it").

The ZyWall 70 UTM is a 1U, rack-mountable device with four control zones: LAN (one 10/100 Ethernet port), DMZ (four 10/100 Ethernet ports), WAN (two 10/100 Ethernet ports) and a wireless LAN (WLAN) slot. When the Turbo Card is installed, the appliance's UTM features are enabled, and wireless is disabled, because the Turbo Card takes the slot that the wireless would have.

ZyWall 70 appliance

Click to see:

The ZyWall 70 UTM is managed using a Web browser. Once you've set some basic parameters, such as IP addresses and network-address translation options, and have decided whether to bridge or route, the first impression when you start working on security policy is overwhelming confusion. ZyXel opens up with 16 rules, listing all four zones and all of the interactions between any two zones. From there, you can add rules to pass traffic through the system, or to block or selectively log traffic. Each rule not only has source and destination IP addresses and IP service, but also a schedule for when the rule is enabled.

It's not an unusable interface, but it's also not for someone who wants to dive in and click through a few simple configuration steps and be done with it. By enabling off-site management in our initial installation, we inadvertently enabled off-site SNMP, which ships with the default read and write passwords of "public". Within 24 hours the firewall was cracked into and shut down by an attacker using SNMP.

The lesson we learned is not to underestimate the number of details you need to be concerned with in configuring any part of the ZyWall 70 UTM or to assume that the software's default behavior is desirable. Unfortunately, the documentation is not a great help for most configuration changes. There's a lot of information, but much of it is poorly written and confusing.