Applications for a Security Appliance in SOHO/Small Business –
Do you need a dedicated security appliance at your SOHO/Small business? Well, it depends on what kind of work you do and how confidential are the documents you deal with. Have a look at the above embedded video to see some use-cases/applications of a dedicated security appliance.
The ZyXEL ZyWALL 20,20W,50 appliances are basically appliance-based firewalls and they come with additional (optional) subscription-based security features like content filtering (to control/secure Internet usage of employees); gateway-level anti-virus (for scanning email attachments before they reach your computers) and intrusion detection/prevention (to protect your network from being accessed by unwanted elements, either by force or by trickery).
Introductory video for ZyXEL ZyWALL 20,20W,50 Security Appliances –
The ZyXEL ZyWALL security appliances offer both IPSec VPN (client-based) and SSL VPN (Client-less). With IPSec VPN, you can set-up the appliance to connect securely over the Internet with another security appliance (that supports VPN) at the head-office, another branch-office, etc. All the files you send on the Internet between these two appliances, are encrypted. SSL VPN is used to enable mobile workers/roaming workers to access your network without the requirement of any VPN software (they can authenticate themselves using username/password through a customizable user portal) and start an encrypted session over the browser.
The built-in firewall enables to you control who can access what, in your network. You can determine which types of traffic/services are allowed, how people can access them, etc. You can write firewall rules or apply existing rules to make your network more secure.
Web-Content Filtering is a very useful feature to have. You can block Internet users (in your office) from accessing websites belonging to certain categories (like sports, adult, etc.) and you can prevent users wasting their time on social networking sites (by blocking access to these sites). You can always exempt certain sites, if these are aligned with your business processes. The web-filtering service also keeps checking for the type of sites accessed by your users and it automatically prevents your employees from accessing rogue sites, thereby preventing Internet threats like phishing/malware.
The WAN port allows you to connect broadband/cable Internet and the USB port allows you to connect 3G Internet. It’s good to have mobile Internet support, especially as a back-up in case of primary Internet failure. IPv6 support makes the security device future proof. Active Directory/LDAP/RADIUS support ensures that you can use your existing AAA directories with this UTM device. It also supports zone-based access control lists and customized user-portal/two-factor authentication for SSL VPN.
Two enterprise-level features offered in this appliance include application control and bandwidth control. You can determine who can access which applications on your network (for example, you can limit Instant Messenger to certain users). You can also limit the bandwidth that can be occupied by a single user/single device or a group of devices, in addition to providing a minimum guaranteed bandwidth to all the users. This will ensure that one high-bandwidth consuming user does not halt the network and the connectivity does not slow down beyond a certain minimum threshold (bandwidth).
The ZyXEL ZyWALL 20,20W,50 security appliances support router features like VLAN, dynamic routing (RIP, OSPF) and hence this device is a router+ firewall + UTM (combined unit). Such integrated-functionality devices save a lot of money and provide good value for their cost. This device supports a lot of enterprise-grade features and hence brings enterprise standards to SOHO/Small business.
For any UTM (including this), Content Filtering, Anti-Virus, Intrusion detection/prevention are subscription-based features that need to be purchased separately and need to be renewed every year. Do remember to take that cost into budgeting in addition to the appliance cost. At minimum, content filtering subscription is recommended.
You can allocate one port in this security appliance as a dedicated DMZ port that can host public-facing services like a web-server, etc. This appliance also supports Dynamic DNS and hence you can access the files in your internal network over the Internet using a domain-name, instead of having to remember a complicated IP address. This device is the only device in its class that supports 1-to-1 mapping of IP addresses. It can map multiple internal IP addresses to multiple external IP addresses.
ZyXEL provides US-based technical support over phone (ZyXEL Customer Care No – US: 800-255-4101) Even though this company may not be popular with residential category devices, they are quite popular in the enterprise segment. For this security unit, all support, updates and patches are provided at no extra cost.
There will be a short learning curve during the initial stages, especially if this is your first time setting up a firewall/UTM in your network. This device supports both GUI and CLI and hence users can choose one of them, based on their expertise level. It is suggested for users to explore the many options provided by this device and they are expected to read the user manual throughly before installation. It is not a plug and play device. Of course, you can also take the help of the technical support engineers from ZyXEL, over phone.
Further information/Technical Specs: ZyXEL ZyWALL Web-page for USG 20,20W,50 Security appliances.
Price (USD)/Buy From (US):
Amazon Web-page for,
1. ZyXEL ZyWALL USG 20 (1-5 users):
2. ZyXEL ZyWALL USG20W (1-5 users, built-in Wireless LAN):
3. ZyXEL ZyWALL USG50 (1-10 users):
Higher model to consider: ZyXEL ZyWALL USG100 (10-25 users):
You can follow the latest Computer Networking/IT Products released for homes/small businesses & reviews by subscribing to this blog with your email address in the top right-hand sidebar box: ‘Follow by E-mail’. You can expect one mail per week (max).