Firewall VPN

ZyXEL Communication's ZyWALL P1

ZyWALL P1
ZyXEL Communications

Price: Starts at $244

@exb

The ZyWALL P1 personal Internet security appliance is a lightweight, compact device that delivers a stateful packet inspection firewall and IPSec VPN in the palm of your hand.
@exe If you're concerned that privileged employees--from sysadmins to CFOs--connect to the corporate network via the Internet, ZyXEL's ZyWALL P1 personal Internet security appliance offers some peace of mind. The P1 is the first hardware-based personal security solution offering centrally managed enterprise-class protection for remote users.

The appliance is pricier than a personal firewall, but it works with just about any device or OS.

The P1 is armed with a stateful packet inspection firewall as powerful as many rack-mounted appliances, plus an IPSec VPN client. It delivers a throughput of 80 Mbps on the firewall and 30 Mbps on the VPN through onboard 10/100 Mbit/s WAN and LAN ports on a device the size of a PDA. And it's secure. Unlike software-based firewalls, the P1 can't be disabled by worms like magistr.b@mm that shut down security software.

The P1 is platform independent--truly plug-and-play. We effortlessly hooked the device to a Windows XP laptop, a Linux desktop and a Mac G5 Powerbook, and then configured the P1 through a browser-based GUI without using the documentation. The VPN client was almost as easy to set up. The option for adding VPN rules was one of the less intuitive features of the GUI. However once we reached the Gateway Policy edit screen, we were easily able to set up a tunnel specifying whether or not to traverse NAT, the address of the remote gateway, type of authentication key (preshared or certificate), authentication and the IKE proposal. Settings for IKE proposals included encryption algorithms (DES, 3DES and AES), authentication algorithm (MD5 and SHA-1), Security Associations (SA) Lifetime designation and Key Group (Diffie-Hillman 1 and 2). Other good features in the VPN setup are the Idle Timers for input and output, which automatically terminate inactive tunnels.

The 368-page PDF Users Guide explains in great detail the device's features and offers a wealth of supporting information about the technology.

Adding to the P1's portability is power through the included USB-to-mini-USB cable. Disappointingly, there is no support for a wireless connection. The P1's biggest shortcoming is that it supports a single onboard configuration. However, backing up and restoring configuration files from a storage device was easy.

Centralized management is available through a wide range of protocols, so security administrators can enforce firewall policies through HTTP, HTTPS, SSH, Telnet, FTP, SNMP and DNS.

Exec Summary
up Plug-and-play with multiple OSes
up Portable
up Secure
up No software to install
down Only supports one configuration
down Expensive
down Easy to lose or have stolen
down No support for wireless

The P1 is also strong on logging. More than a dozen different logging and alert parameters--and the ability of logged events to generate immediate alerts via e-mail--can be switched on and off through check boxes. Logs can be exported to a syslog server for further analysis.

True, ZyWALL P1 is yet another gadget for mobile users to carry around and possibly lose, and it's not cheap. However, when you consider the depth of protection it offers for the people who hold the keys to your corporate kingdom, it's quite a deal.

--SANDRA KAY MILLER

This was first published in October 2005
This Content Component encountered an error

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close