Print
Discuss
Send to friend
The name says it all. Or rather it does when you know that the ‘UTM’ part of the Zyxel Zywall 35 UTM stands for Unified Threat Management which, in this instance, means an appliance to protect a local area network (Lan) against just about anything the Internet can throw at it.
What you get is an intelligent, Asic-based (Application-Specific Integrated Circuit) switch with a set of six 10/100Mbits/sec Ethernet ports on the front of the rack-mountable unit.
Two of these connect the appliance to the Internet, with automatic load balancing plus failover should problems arise. The others are for Lan attachment, although each can also be configured as DMZ (demilitarised zone) ports to protect public-facing servers.
A PC Card slot can also be used to add wireless networking. However, most buyers will opt for the Zywall Turbo Card instead, as this hardware acceleration adapter is included as standard and, without it, the anti-virus and intrusion detection/prevention options don’t work.
There are no user limits on the Zywall 35 UTM, which can support up to 10,000 concurrent Internet connections. As such it can cope with networks of 50-100 users with ease, with other models available for smaller and larger networks.
All offer the same set of services, starting with a stateful inspection firewall and a VPN (virtual private network) server.
The VPN server is IPSec based with DES/3DES or AES encryption, but it’s site-to-site tunnelling only, which means a separate personal VPN server at the client end if you want to connect individual mobile users.
An anti-virus scanner based on Kaspersky technology is next up, along with a range of anti-spam tools including the ability to rate email against an external spam database.
Content filters based on Bluecoat technology can also be applied; and last, but by no means least, there’s an intrusion detection and prevention (IDP) filter.
This looks for and blocks unusual activity caused by trojans, spyware and other application-level infections, and can also filter instant messaging and peer-to-peer networking sessions.
Subscribe to the update services and the various filters involved will all be maintained automatically, and most can be used straight out of the box.
However, no two networks are alike and a degree of customisation will always be required. The usual graphical interface makes this fairly easy, but it’s not for the fainthearted and companies with limited expertise would be well advised to have it done for them.
As a gateway solution, the Zywall UTM can only protect users while they’re connected to the Lan. That means separate desktop protection for remote and mobile workers with independent Internet access.
There’s very little to go wrong in the appliance, which performed well in our tests blocking the dummy viruses and the spyware we tried to download.
It also identified most of the spam sent to it, but the only action it can take is to either block suspect messages completely or mark them and let them through.
Other products with local storage can quarantine suspect spam and viruses, and some even allow users to manage their own spam settings – an option not provided on the Zywall UTM.
However, this appliance does what the name implies, affording protection against a wide range of common Internet threats.
Plus it’s reasonably priced, although competition in this market is fierce and it’s worth looking at others before deciding what to buy.
All Network Tools
del.icio.us
Digg this
reddit!
