What's new

ZyXEL USG20-VPN VPN Firewall Reviewed

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

thiggins

Mr. Easy
Staff member
zyxel_usg20vpn_teaser.jpg
ZyXEL's USG20-VPN is a flexible VPN router that also supports content filtering and anti-spam.

Read on SmallNetBuilder
 
Thanks for the review. Any chance of getting (informal) numbers on what the hit is on WAN-LAN throughput when the UTM features are enabled?
 
Interestingly this device has a Cavium 7010. The tested VPN throughput seems lower than what the HW is capable of...
 
Thanks for the review. Any chance of getting (informal) numbers on what the hit is on WAN-LAN throughput when the UTM features are enabled?
Not likely. I am trying to catch up on the review backlog created while new test processes were being developed. Sorry.
 
Interestingly this device has a Cavium 7010. The tested VPN throughput seems lower than what the HW is capable of...

Thanks for your comment. Router manufacturers typically use a UDP based test to rate throughput on their devices. The TotuSoft test uses TCP. UDP has a lower overhead than TCP, so manufacture VPN ratings are typically higher than my measurements.
 
1 core :O, as i keep complaining why is anyone using these cavium CPUs keep using old setups? What about their 32 or 48 core MIPS variants? Ubiquiti wont be able to compete with mikrotik in performance if they keep using dual cores. Other VPN router manufacturers also still need to consider using many core. Its not like the encryption engine is a per chip, its usually a per core thing.
In terms of UTM performance i would expect that chip to do around 100Mb/s or lower in throughput.
 
I am currently in the process of replacing 16 of these because ZyXEL doesn't keep current with patching their software. I had to disable external https access because ZyXEL still hasn't patched known vulnerabilities. From a reliability and throughput standpoint, these are great but ZyXEL needs to make security a priority before I will ever consider their products again.
 
1 core :O, as i keep complaining why is anyone using these cavium CPUs keep using old setups? What about their 32 or 48 core MIPS variants? Ubiquiti wont be able to compete with mikrotik in performance if they keep using dual cores. Other VPN router manufacturers also still need to consider using many core. Its not like the encryption engine is a per chip, its usually a per core thing.
In terms of UTM performance i would expect that chip to do around 100Mb/s or lower in throughput.

It's actually a pretty decent chip - Cavium has done a good job with their functional blocks, and in an application like this, and at the pricepoint - it's a good enough solution... the core itself is generally in a supervisory role, much of the code runs on the FUB's..

Screen Shot 2016-06-26 at 1.25.23 PM.png
 
UDP has a lower overhead than TCP, so manufacture VPN ratings are typically higher than my measurements.

One correction for the article. While the protocol overhead from TCP vs. UDP will see a drop in throughput, the drop won't be much. Instead, the dropoff is due to the throttling nature of TCP. UDP assumes that the application will responsibly monitor end-to-end data transmission. TCP connections will suffer from the "sawtooth" effect as source and destination continually negotiate connection parameters.
 
Did Zyxel remove the ADP feature of the original USG20? Or has this somehow been rolled into the content filtering? Seems like a pretty important feature for a SOHO-targeted UTM.
 
Last edited:

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top