|At a glance|
|Product||Zyxel VPN Firewall (USG20-VPN) [Website]|
|Summary||Multi-WAN Gigabit Firewall/Router supporting IPsec, SSL and L2TP VPN and subscription UTM features|
|Pros||• Supports L2TP, SSL, and IPSec VPNs|
• Content Filtering and Anti-Spam protection
• Zone-based firewall
• WWAN USB adapter support
|Cons||• Could not get IPsec client-to-gateway working|
• Routing throughput lower than most current generation routers
Typical Price: $170 Buy From Amazon
Update 7/29/16: Client to Site IPsec works
ZyXEL has steadily expanded its security appliance / firewall product lines. But with three different families, buyers can be easily confused.
The "Unified Security Gateways" include the USG20 (reviewed in May 2011) and USG20W. In addition to VPN and Firewall features, the USG20/USG20W also support subscription-based Content Filtering and Anti-Spam UTM (Unified Threat Management) features. The USG20W adds single-band 802.11b/g/n wireless connectivity.
The "Next-Gen Unified Security Gateways" include the USG40 (reviewed in November 2014) and USG40W. In addition to VPN and Firewall features, the USG40/USG40W also support Content Filtering, Anti-Spam, Anti-Virus, and Intrusion Detection/Prevention UTM features. The current USG40 also has an improved multi-core processor. The USG40W adds single-band 802.11b/g/n wireless connectivity.
The "VPN Firewalls" include the USG20-VPN and USG20W-VPN. The USG20-VPN offers many of the same features as the USG20, with improved performance over the USG20. The USG20W-VPN adds dual-band AC1750 802.11aa/b/g/n/ac wireless connectivity.
The key differences between these product lines are summarized in Table 1. Essentially, the USG20-VPN is a faster version of the USG20, with the addition of an SFP port. The USG40 has even higher throughput than the USG20-VPN, an optional RJ45 port that can be used as a second WAN port, plus support for Anti-Virus (AV) and Intrusion Detection and Prevention (IDP).
|Firewall Throughput (Mbps)||175||350||400|
|VPN Throughput (Mbps)||75||90||100|
|Max IPsec VPN Tunnels||5||10||10|
|Max SSL VPN Tunnels||1||15||15|
|Intrusion Detection and Prevention||N||N||Y|
Table 1: Model comparison
With that out of the way, let's dig into the USG20-VPN.
The USG20-VPN has the same look as the USG20 and USG40. Its gray metal enclosure with red trim measures 8.5"x5.63"x1.3". It comes with an external power supply and adhesive rubber feet for desktop use. It is passively cooled, so runs silently. The USG20W-VPN is physically the same, with the addition of three external antennas.
The front of the USG20-VPN has a reset button, power, system, SFP and RJ45 status LEDs and USB 2.0 port. The port supports a small selection of WWAN adapters.
ZyXEL USG20-VPN Front
The rear of the USG20-VPN has the power connection, on/off button, SFP port, console port, and five 10/100/1000 RJ45 ports that can be assigned different roles. I'll describe this further in the Network section.
ZyXEL USG20-VPN Rear
The USG20-VPN runs on an 800MHz Cavium Octeon III CN7010 CPU with 2 GB of RAM and 4 GB of Flash. The Ethernet chipset is a Qualcomm QCA8337 Gigabit switch. Below is a shot of the main board; the CPU is hidden under the large heat sink.
ZyXEL USG20-VPN Main Board
The feature list below was compiled from ZyXEL's data sheet and website. It's pretty similar to what we found in the USG20 and USG40.