Zyxel Zywall USG20 Review

[claykin]

PPTP has been mentioned to me several times, but it apparently has the same likelihood of being blocked (plus I have concerns about it being secure enough for my needs/wants).

PPTP is currently not supported in USG20/50. Zyxel claims support will be added in December 2011. probably when they release V3 firmware.

 

[abignet]

That is too bad. I may e-mail Zyxel and see if they have any recommended methods of configuring the client computer to somehow force all traffic over the SSL VPN connection (even though the VPN software itself is not configured to do that). I've wondered a little if it could be possible to create a "route" or something that would do that, but that is not something I am very familiar with.

So I did email Zyxel and the following is the response I recieved:

If you want to force all traffic through an SSL VPN you would need to change the routing table on the computer so it sends all traffic to the USG (this is not something we can help you with). You will also need to create a policy route on the USG, the policy route should specify that traffic with the source of SSL_POOL with a destination of ANY needs to take a hop at the WAN_TRUNK and enable the auto destination. This rule will route SSL VPN traffic to the internet connection.

I am new to all of this. If I were to purchase a USG20 and try to do the above, would that create any security issues of any kind (eg, would I be making the router or any of my computers somehow more vulnerable)?

Also, any advice on how I would need to change the routing tables (ie, example code would be great)? Once I know what code to use to change them to whatever they need to be (and how to change them back to normal as well) I could probably write a script or two to use whenever I was going to use the SSL VPN and then a script to use to set things back to normal for when I'm not using the VPN.

 

[flips]

Blocking P2P stuff on USG 20

For free content filtering consider setting up an OPENDNS account and enforce their DNS servers on your LAN. The USG20 will allow you to force DNS through OPENDNS.

We have one of these USG 20's, and I was wondering if there's a nice way to block p2p/torrent stuff on LAN2. Do any of you have any experience of successfully blocking this with either Content filtering or some other service?
(Some said I needed ADP or something like that, which is only available in bigger models.)

I haven't checked out OpenDNS, is it free for non-commercial use?

 

[TonyH]

For what it is, I love my Zywall USG 20W. Took a while to figure things out re: features and config. This is my main router at home now replacing ASUS RT-N66(I sold it).

 

[claykin]

We have one of these USG 20's, and I was wondering if there's a nice way to block p2p/torrent stuff on LAN2. Do any of you have any experience of successfully blocking this with either Content filtering or some other service?
(Some said I needed ADP or something like that, which is only available in bigger models.)

I haven't checked out OpenDNS, is it free for non-commercial use?

ADP is included in USG20. ADP stands for anomoly detection and prevention. This is not what you are looking for to filter P2P traffic. Look at the Content Filtering tab under ANTI-X.

I do recommend you try OPENDNS. Yes, its free for home users. I have heard that new "free" accounts are more limited today than they were previously. I have older accounts and can definitely filter P2P and force DNS through OpenDNS.

 

[flips]

Commtouch, BlueCoat, OpenDNS

ADP is included in USG20. ADP stands for anomoly detection and prevention. This is not what you are looking for to filter P2P traffic. Look at the Content Filtering tab under ANTI-X.

I do recommend you try OPENDNS. Yes, its free for home users. I have heard that new "free" accounts are more limited today than they were previously. I have older accounts and can definitely filter P2P and force DNS through OpenDNS.

Yes, I was remembering incorrectly. I was told that I would need "IDP/Application Patrol" to block P2P stuff, and that's available on USG 100 and better ...
Under Anti-X I can select either Commtouch or BlueCoat for content filtering. Will either of those let me easily filter P2P stuff? And can I filter stuff differently on LAN1 and LAN2?

As for OpenDNS, I'm wondering if it's only free for home use, as this ZyXEL router is located at a non-profit organization.

 

[claykin]

IDP is available on USG50 and higher

For content filtering, you can subscribe to either Commtouch or Bluecoat. See here for more details. Both are $77/year. http://us.zyxel.com/Products/Details.aspx?CategoryGroupNo=PDCA200881

You can also opt to go the old fashion way and create your own content filtering profiles. Yes, you can assign to either LAN1 or LAN2 or both.

Here's a link to OPENDNS free with content filtering. Check it out. https://store.opendns.com/get/home-free. They have a paid option for educational. https://www.opendns.com/business-solutions/k-12-education

 

[flips]

IDP is available on USG50 and higher

For content filtering, you can subscribe to either Commtouch or Bluecoat. See here for more details. Both are $77/year. http://us.zyxel.com/Products/Details.aspx?CategoryGroupNo=PDCA200881
You can also opt to go the old fashion way and create your own content filtering profiles. Yes, you can assign to either LAN1 or LAN2 or both.

Cool. Anyone tested this and how well Commtouch/Bluecoat works for blocking torrents etc? (And which is better?)
I assume that creating my own content filtering requires listing a lot of URLs and/or regexp's ...
I'll also play with OpenDNS to see how well it works here in Europe.

 

[Gunbuster]

USG 100-Plus?

Any chance of a USG 100-Plus review coming soon?

 

[elfeneco]

Sorry if this question is too recent compared to original thread but would you mind giving us exact reference for original FAN ?
I find mine quite noisy and would like to replace it by a new and quiet one.
Thank you very much !