What's new

ZyXEL Introduces Cheaper UTM Gateway

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Jay_S

Regular Contributor
Now there's the recently announced zyxel USG40HE for home use, MSRP $199.

A general question about these UTM/NGFW appliances: when the IP/ID, AV and anti-spam subscriptions expire, are those features disabled? Or do they continue functioning but no longer receive definition updates? Gateway filtering with older definitions is still probably better than no gateway filtering at all. And I don't see many home users paying $100+ annual to renew the subs.
 
I've been thinking about a device like this for my home now that it is starting to fill up with Z-wave, Zigbee and other "internet of things" devices. How does the Zyxel USG40HE (new consumer-grade device) compare with the Bitdefender Box and the Shield (a funded kickstarter project)?
 
Last edited:
A general question about these UTM/NGFW appliances: when the IP/ID, AV and anti-spam subscriptions expire, are those features disabled? Or do they continue functioning but no longer receive definition updates?
I'm checking with ZyXEL. I would assume they stop working.
 
ZyXEL's reply

Here's ZyXEL's response:
The subscription-based services / features are disabled after a brief grace period (one week)
 
Would need to know what services were all engaged when the 50 Mbps was measured...

@ thiggins - Did zyxel offer any subscription pricing details?

If we assume home users upgrade infrequently, let's say this is a 5-year commitment. That's $199 (hw + 1st year subs) + 4 renewal years of subscriptions. Say the subs are $100 / year. That's $600 over 5 years.

What sort of pfsense (+ ClamAV & Snort IPS) box could you buy / build for $600? When $400 USD buys you a Supermicro 5018A-MLTN4 (quad core Avoton, 4 Intel NICs, 1U rackmount) ... I mean, even with RAM & storage you should be under $600.

www.newegg.com/Product/Product.aspx?Item=N82E16816101874

http://www.supermicro.com/products/system/1u/5018/sys-5018a-mltn4.cfm


Alternately, Sophos SG-105 hardware can be found $430 USD. I wonder if you can use their hardware with their free-for-home-use UTM software?

My point is: long-term, the subscription costs are a big disincentive for a home user to invest in these products. From my perspective, UTMs are still a niche in the small business market. The home UTM market must be unbelievably small.
 
Tim

Read your post about the USG40HE. I located the spec sheet and this answers some questions.

http://www.zyxel.com/us/en/uploads/images/ds_USG40HE.pdf

Seems the HE includes 1 year of content filtering and App Control but does NOT include the anti spam and antivirus licenses. Those are optional even for the 1st year.

It also appears the 40HE does not act as a WLAN controller for Zyxel APs nor does it support HA.

Seems like a nice SOHO solution, although If a user was planning on upgrading the 40HE to includes Gateway AV, they might as well spend the extra $75 and get the USG40. Potential buyers need to be aware that you must go for the USG110 or higher to get UTM that can scan HTTPS (or other secure) traffic.
 
Claykin: ZyXEL confirms it is the same hardware as the USG40. Only difference is the features as you point out.
 
I think the home security gateway, or whatever it will be called when the name gets jazzed up, is the next big thing in home networking. The idea of a cost effective guard dog that supplements network security is intuitively a next-gen product. It's for phones, NAS boxes, smart light bulbs and smart refrigerators, and anything else that can't look out for itself with AV products.

The key is cost effective. Zyxel is far too expensive for the average home user, assuming I understand their pricing correctly.

I'm hoping that pfsense gets itself squared away on my EdgerouterLite so I can play with it and maybe a paid subscription to a snort based product. For me, adding a SSL oriented VPN for secure internet access from afar is also important (like what I now have with OpenVPN and DD-WRT). This will be an excellent home brew frame of reference if pfsense ever follows through.

Commercially, the Bitdefender BOX sounds like a good start, but I would like more details on the quality of the proprietary software they use. Also, do I need or necessarily want software that can sniff HTTPS traffic?

Can anyone refer me to a book or set of articles that adequately describe this kind of product group conceptually?
 
Last edited:
AdvHomeServer said:
Can anyone refer me to a book or set of articles that adequately describe this kind of product group conceptually?

Fortinet sponsored a book Unified Threat Management For Dummies that's a good overview. Their site asks you to complete a form to access it. But Google finds the direct link to the PDF.

And I found this blog post illuminating:
https://blog.anitian.com/utm-v-ngfw-a-single-shade-of-gray/


Recently, I was tasked with shopping for a UTM appliance for the (very) small business I work for. To be honest, the whole experience was really frustrating. Some general trends I noticed (without naming names):

Vendors are rather secretive about their products' actual capabilities and what they cost. I suppose since UTM (now NGFW) is a newish space and secrecy is power, vendors must act like "keepers of sacred knowledge"; the only thing between the bad guys and your network is an annual license! It's not always easy to un-bundle feature subscriptions from support agreements.

Subscription and support licensing costs can be absurd. Some vendors price subscription / support services differently depending on hardware. This would make sense if/when hardware feature sets vary widely. But often annual licensing costs scale up irrationally. Hypothetical example: entry level box A has a single-core CPU & annual licensing & support: $250. Box B is identical but steps up to a dual-core CPU ... annual licensing & support: $350. For what?!

Hardware prices climb very quickly. Everyone makes an entry-level ~$300-500 appliance. This is rarely powerful enough for deep packet inspection features w/throughput above 40Mbps. That's probably fine in many home SMB cases, but if you need more performance expect hardware to exceed $1000.

All my experiences just made me more interested in pfsense. I still have yet to try it, but I'm slowly piecing together a test system.
 
Fortinet sponsored a book Unified Threat Management For Dummies that's a good overview. Their site asks you to complete a form to access it. But Google finds the direct link to the PDF.

And I found this blog post illuminating:
https://blog.anitian.com/utm-v-ngfw-a-single-shade-of-gray/

Thanks. I downloaded the pdf and bookmarked the site. Now I have a frame of reference.

Netgear or Asus or Symantec or whoever have a market waiting for them if they can figure out the product. Bitdefender is in the lead, but it's still early. Combining UTM with the firmware is the next big thing for router mfgrs. AC3200 is nice, but nobody really cares at this time.
 
Last edited:
Thanks. I downloaded the pdf and bookmarked the site. Now I have a frame of reference.

Netgear or Asus or Symantec or whoever have a market waiting for them if they can figure out the product. Bitdefender is in the lead, but it's still early. Combining UTM with the firmware is the next big thing for router mfgrs. AC3200 is nice, but nobody really cares at this time.
What do you mean "if they figure out the product"? What is there to figure out? How to do UTM with no subscription fee?

How can Bitdefender "be in the lead" when they don't even have a product out?
 
Netgear or Asus or Symantec or whoever have a market waiting for them ...
For the home market, I agree. The first consumer OEM to package a hardware appliance with no-cost updates and make it relatively plug-and-play will disrupt the market. It will require a vendor willing to subsidize their own licensing costs via hardware sales & upgrades. OEMs with their own production facilities are probably best-positioned to do this (cost control and economies of scale).

You can do "free" UTM with pfsense, untangle, astaro/sophos, etc. But you supply the hardware, and usually the feature set is restricted or otherwise different. Untangle's free version, for example, substitutes free/open source products (Clam AV) for paid-license products (Bitdefender AV as of today).

Here's a nice survey of a bunch of free software firewalls:
http://www.mondaiji.com/blog/other/...the-ultimate-free-open-source-firewall-distro

During my Dec 2014 UTM hunt, the cheapest annual renewal (AV, anti-spam, IPS/IDS) I was quoted was ~ $190 (highest: $345; mean: $284). That's a lot for a home consumer to swallow. Especially when client AV subscriptions are free (MS Security Essentials) or cheap (whatever Newegg has on sale). Anecdotally, I don't know anyone who purchases AV software for home use anymore. In light of this, I doubt I could convince them to spend $200+ on a gateway plus $190-345 / year for protection.
 
The security has to be free mindset is going to change. Exploits are getting more common and moving away from focus on keeping the compromised computer running so that it can be enslaved as a bot, toward ransomware that (for all intents and purposes) deletes all your files. Just like the old days.

A big chunk of the consumer market has shown it is willing to spend $200 - $300 on a router. Enough so that manufacturers are making more of them. So I don't think the one-time router cost is a significant problem.

Ongoing subscription cost is the nut to crack. Someone will figure out the right combination of price and services. Would you pay $100 a year to protect all the devices in your home without having to install AV on each of them?
 
I wouldn't want to pay $1 a year. The AV software model doesn't reward manufacturers of 100% safety, rather the opposite. They would hire and pay people to crack their latest and greatest security suite and show that as a reason to pay more.

Microsoft has the best model with Defender in Windows 8 and MSE in Vista and Windows 7. Sure, it isn't the safest or strongest AV defense, but I believe in their commitment to actually protect the users of their O/S.

Anyone else? Not so much.
 
What do you mean "if they figure out the product"? What is there to figure out? How to do UTM with no subscription fee?

How can Bitdefender "be in the lead" when they don't even have a product out?

Figure out the product - this has several dimensions with the two most important being technical proficiency and cost. Ease of use and ease of comprehension for mom and pop come in close.

Of course there will be ongoing costs just like there are with nearly all malware products. As always, manufacturers will have to balance proficiency with cost and the ability to sell to a target market.

Just today there is a story about Samsung smart TVs being able to spy on people in the living room because of the microphone. To me, this is a call to action for people in this market to develop a product that people can afford and is effective.

Bitdefender is in the lead because they are first to market, assuming they follow through with a release in a few weeks as promised. Under no circumstances will they own the market unless everyone who could compete chooses not to due to inept product development departments.

I'm not even using ac beyond writing about it. If AC-WARP came out tomorrow for $5, I still couldn't use it beyond writing about it. While many people enjoy faster ac responsiveness, many still have no concept of what to do with 5GHz in general. My wireless bridge is AC, but N600 in my circumstance would still work great.

Me - I plan to start as cheap as possible because that's my nature. If I were in product development for a major company, I would be segmenting markets, developing concepts, and tasking broad thinking subordinates to come up with a product people want and can afford that will actually keep Russian pervs from spying on my nursery webcam.

Long ago, I worked for an AS/400 consulting company that hated pcs and considered them competition to their market. Even IBM had told the midrange division to not even mention pcs under threat of termination (back in the S/36 days). The S/36 is an obscure footnote and the AS/400 barely exists. The home security gateway is the pc to the base router S/36.

Just noticed I'm 'very senior' now. Cool.
 
Last edited:
A big chunk of the consumer market has shown it is willing to spend $200 - $300 on a router. Enough so that manufacturers are making more of them. So I don't think the one-time router cost is a significant problem.
Tim you surely have oceans more data than I... Although the $200-300 router market is apparently large enough to keep manufacturers producing them, what % of deployments are they? I'm thinking of all my friends/family/neighbors who use whatever router/gateway their ISP provides them. People who wouldn't know how or care to set up their own hardware. Surely they outnumber the $200-300 router market?

(Disclosure: my home APs are still WRT-54Gs!)

It occurs to me that if ISPs were to integrate UTM security features into their residential gateways, such a subscriber base could have massive downward pressure on the AV/etc subscription prices.
 
L&LD: Pretty cynical view of AV market.

Microsoft took a very long time to understand that user protection was part of their product. Maybe they have religion now. I always disable Defender and Windows Firewall. The latter especially still doesn't reliably indicate when it has added a rule.

Security costs money. One way or another, users will pay for it.

Most people are reactive. They install an alarm system after being broken into.
 
Tim you surely have oceans more data than I... Although the $200-300 router market is apparently large enough to keep manufacturers producing them, what % of deployments are they? I'm thinking of all my friends/family/neighbors who use whatever router/gateway their ISP provides them. People who wouldn't know how or care to set up their own hardware. Surely they outnumber the $200-300 router market?
It's not unit volume, it's profitability. Even though fewer units are sold, profit margin is higher and the category makes more money than others.

It occurs to me that if ISPs were to integrate UTM security features into their residential gateways, such a subscriber base could have massive downward pressure on the AV/etc subscription prices.
That's a good point. Hell, my telco/ISP keeps sending me Smart Home pitches. I would be more receptive to an internet security offering (beyond an AV program bundle), provided they had the right partner.
 
L&LD: Pretty cynical view of AV market.

Microsoft took a very long time to understand that user protection was part of their product. Maybe they have religion now. I always disable Defender and Windows Firewall. The latter especially still doesn't reliably indicate when it has added a rule.

Security costs money. One way or another, users will pay for it.

Most people are reactive. They install an alarm system after being broken into.

Maybe cynical, but from my experience with customers AV tales, it does seem realistic.

The most infected PC's I have seen are the ones with paid for AV software installed.
 

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top