ZyXel pushes secure remote access for all
ZyWall delivers enterprise-level SSL VPN features to small to midsize businesses
The IPSec-style network access, called SecuExtender, works, but its usefulness is limited. On login, the Java client installs a virtual PPP adapter with an address on the host network. Users can connect to resources behind the appliance using programs such as Telnet and PuTTY, but they cannot map drives to network shares or browse to an internal Web server.
Among its strengths, the appliance can work with different authentication and authorization services. Admins can go with the built-in user list or choose from RADIUS, LDAP, or Active Directory. Unlike with the F5 and Aventail, admins can use only one type of authentication at a time with ZyWall – no mixing and matching here. But for most small office deployments, the integrated user database will be enough.
ZyWall employs a surprisingly granular approach to controlling access to resources at the network level. Admins can create policies on a per-user or per-group basis. Each policy defines the protocols, destination, time of day, and day of the week that the user is able to access the network. Admins can create very specific policies to control access to each resource.
I've come to expect end-point security compliance checks in enterprise SSL solutions, and accordingly, ZyWall covers eight different criteria on the connecting PC to make sure it fits in with the established security posture. For example, I created one policy for Windows XP PCs that required XP Service Pack 2, IE 7, and Norton AntiVirus, while a second policy for Windows 2000 clients required Service Pack 4 and IE 6. ZyWall will check for the presence of personal firewalls from Norton and McAfee, but not Microsoft.
Reporting and logging are available in the appliance, but they are below average. A monitor function allows admins to see who is connected and for how long (with the ability to kill the connection) – but not which services they are utilizing. The logging utility lists events as they occur, though with little in-depth information. Admins can direct log files to external mail servers or a Syslog server for archival purposes. The report feature is also limited; it captures only the user name if they authenticated their duration, browser type, and source IP address.
For small and medium-sized businesses, the ZyXel ZyWall SSL 10 VPN appliance is a good buy. It packs in plenty of useful features that can help small businesses have safe and secure remote access without the hassle of IPSec VPNs or fat clients. The Java client works fine on both Internet Explorer and Firefox, and once connected, performance isn't an issue. While I shouldn't expect extensive logging and reporting at this price point, it would be nice to have more information recorded to help diagnose connection issues or to audit user access. For its target audience, however, the ZyXel ZyWall is a great choice.