Performance and Closing Thoughts
I used IxChariot as described in this procedure to test routing and VPN tunnel throughput with firmware version V4.00(XU.2) | 07/26/2006 loaded in both routers. I don't bother to check Response (ping) times any more since all current routers have times below the minimum measurement resolution of 1 msec.
I tried to test UDP streaming throughput, but was unable to get the test to complete in either direction and with or without the 2 plus' firewall enabled. As I've noted before, Qcheck and IxChariot just don't get along with some NAT routers that also have SPI firewalls features.
Table 2 shows that using the firewall exacts a significant price in performance. But with 30+ Mbps of throughput available even with the firewall kicked in, there is plenty left for most broadband connections.
| Test Description | Throughput - Firewall enabled (Mbps) |
Throughput - Firewall disabled (Mbps) |
|---|---|---|
| WAN - LAN | 34.1 | 54.9 |
| LAN - WAN | 35.6 | 55.5 |
| Firmware Version | V4.00(XU.2) | 07/26/2006 | |
Table 2: Routing throughput
Table 3 shows the results for tunnel throughput, which are close enough to Zyxel's 24 Mbps spec and, once again, enough for most broadband connections. Note that I didn't run this test with the firewall disabled.
| Test Description | Throughput - Firewall enabled (Mbps) |
|---|---|
| Local to Remote | 22.2 |
| Remote to Local | 21.9 |
| Firmware Version | V4.00(XU.2) | 07/26/2006 |
Table 3: IPsec tunnel throughput
So what's the bottom line? Zyxel has packed a lot into the Zywall 2 plus, both in features and performance. But Zyxel has never distinguished itself with superior user interface design and the 2 plus continues that tradition. Yes, I know that the firewall has more bells and whistles than are found in products in this price class. But even the simplest NAT routers know how to throw the correct switches in their firewalls when a port is forwarded, so why can't the 2 plus do it, too?
The other missing nod to user friendliness is in the IPsec features. Some other vendors throw in at least a IPsec client trial with appliances in this class. Zyxel would be wise to do the same, complete with default settings and/or setup wizard that can get a newbie connected with a minimum of fuss. And two tunnels is pretty miserly, considering that Netgear's FVS124G supports 25 tunnels for about the same price and also has a 4 port gigabit switch and dual WAN ports.
All things considered, the Zyxel Zywall 2 plus is a good two-tunnel IPsec router with advanced firewall features. It should serve you well if you can live with its very small tunnel count and get your kicks from playing with rules-based firewalls.
It's harder than you think for that expensive router of yours to deliver all the throughput the big number on its box promises. We show you why.
Trying to decide between a router and a Wi-Fi System? This experiment should help you choose wisely.
Updated: Here's a quick primer on Wi-Fi 6E.
Wi-Fi ping spikes aren't always caused by a poor connection. Your router settings could be to blame.
Ever wonder what happens behind the scenes when Wi-Fi devices roam, or more likely don't? We'll show you why the "seamless" roaming Wi-Fi gear makers promise is still as elusive as a Yeti.
We reveal the secrets of why your devices don't always connect where you want them to and what you can do to fix it.