ZyXEL USG20-VPN VPN Firewall Reviewed

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

thiggins

Mr. Easy
Staff member
ZyXEL's USG20-VPN is a flexible VPN router that also supports content filtering and anti-spam.

Read on SmallNetBuilder
 

vnangia

Senior Member
Thanks for the review. Any chance of getting (informal) numbers on what the hit is on WAN-LAN throughput when the UTM features are enabled?
 

kvic

Part of the Furniture
Interestingly this device has a Cavium 7010. The tested VPN throughput seems lower than what the HW is capable of...
 

thiggins

Mr. Easy
Staff member
Thanks for the review. Any chance of getting (informal) numbers on what the hit is on WAN-LAN throughput when the UTM features are enabled?
Not likely. I am trying to catch up on the review backlog created while new test processes were being developed. Sorry.
 

dreid

Regular Contributor
Interestingly this device has a Cavium 7010. The tested VPN throughput seems lower than what the HW is capable of...

Thanks for your comment. Router manufacturers typically use a UDP based test to rate throughput on their devices. The TotuSoft test uses TCP. UDP has a lower overhead than TCP, so manufacture VPN ratings are typically higher than my measurements.
 

System Error Message

Part of the Furniture
1 core :O, as i keep complaining why is anyone using these cavium CPUs keep using old setups? What about their 32 or 48 core MIPS variants? Ubiquiti wont be able to compete with mikrotik in performance if they keep using dual cores. Other VPN router manufacturers also still need to consider using many core. Its not like the encryption engine is a per chip, its usually a per core thing.
In terms of UTM performance i would expect that chip to do around 100Mb/s or lower in throughput.
 

Kevlar3D

New Around Here
I am currently in the process of replacing 16 of these because ZyXEL doesn't keep current with patching their software. I had to disable external https access because ZyXEL still hasn't patched known vulnerabilities. From a reliability and throughput standpoint, these are great but ZyXEL needs to make security a priority before I will ever consider their products again.
 

sfx2000

Part of the Furniture
1 core :O, as i keep complaining why is anyone using these cavium CPUs keep using old setups? What about their 32 or 48 core MIPS variants? Ubiquiti wont be able to compete with mikrotik in performance if they keep using dual cores. Other VPN router manufacturers also still need to consider using many core. Its not like the encryption engine is a per chip, its usually a per core thing.
In terms of UTM performance i would expect that chip to do around 100Mb/s or lower in throughput.

It's actually a pretty decent chip - Cavium has done a good job with their functional blocks, and in an application like this, and at the pricepoint - it's a good enough solution... the core itself is generally in a supervisory role, much of the code runs on the FUB's..

Screen Shot 2016-06-26 at 1.25.23 PM.png
 

roundtree

New Around Here
UDP has a lower overhead than TCP, so manufacture VPN ratings are typically higher than my measurements.

One correction for the article. While the protocol overhead from TCP vs. UDP will see a drop in throughput, the drop won't be much. Instead, the dropoff is due to the throttling nature of TCP. UDP assumes that the application will responsibly monitor end-to-end data transmission. TCP connections will suffer from the "sawtooth" effect as source and destination continually negotiate connection parameters.
 

8bitbanger

New Around Here
Did Zyxel remove the ADP feature of the original USG20? Or has this somehow been rolled into the content filtering? Seems like a pretty important feature for a SOHO-targeted UTM.
 
Last edited:

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top