Information Security

Defending the digital infrastructure


Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Firewall VPN

ZyXEL Communication's ZyWALL P1

ZyXEL Communications

Price: Starts at $244


The ZyWALL P1 personal Internet security appliance is a lightweight, compact device that delivers a stateful packet inspection firewall and IPSec VPN in the palm of your hand.
@exe If you're concerned that privileged employees--from sysadmins to CFOs--connect to the corporate network via the Internet, ZyXEL's ZyWALL P1 personal Internet security appliance offers some peace of mind. The P1 is the first hardware-based personal security solution offering centrally managed enterprise-class protection for remote users.

The appliance is pricier than a personal firewall, but it works with just about any device or OS.

The P1 is armed with a stateful packet inspection firewall as powerful as many rack-mounted appliances, plus an IPSec VPN client. It delivers a throughput of 80 Mbps on the firewall and 30 Mbps on the VPN through onboard 10/100 Mbit/s WAN and LAN ports on a device the size of a PDA. And it's secure. Unlike software-based firewalls, the P1 can't be disabled by worms like magistr.b@mm that shut down security software.

The P1 is platform independent--truly plug-and-play. We effortlessly hooked the device to a Windows XP laptop, a Linux desktop and a Mac G5 Powerbook, and then configured the P1 through a browser-based GUI without using the documentation. The VPN client was almost as easy to set up. The option for adding VPN rules was one of the less intuitive features of the GUI. However once we reached the Gateway Policy edit screen, we were easily able to set up a tunnel specifying whether or not to traverse NAT, the address of the remote gateway, type of authentication key (preshared or certificate), authentication and the IKE proposal. Settings for IKE proposals included encryption algorithms (DES, 3DES and AES), authentication algorithm (MD5 and SHA-1), Security Associations (SA) Lifetime designation and Key Group (Diffie-Hillman 1 and 2). Other good features in the VPN setup are the Idle Timers for input and output, which automatically terminate inactive tunnels.

The 368-page PDF Users Guide explains in great detail the device's features and offers a wealth of supporting information about the technology.

Adding to the P1's portability is power through the included USB-to-mini-USB cable. Disappointingly, there is no support for a wireless connection. The P1's biggest shortcoming is that it supports a single onboard configuration. However, backing up and restoring configuration files from a storage device was easy.

Centralized management is available through a wide range of protocols, so security administrators can enforce firewall policies through HTTP, HTTPS, SSH, Telnet, FTP, SNMP and DNS.

Exec Summary
up Plug-and-play with multiple OSes
up Portable
up Secure
up No software to install
down Only supports one configuration
down Expensive
down Easy to lose or have stolen
down No support for wireless

The P1 is also strong on logging. More than a dozen different logging and alert parameters--and the ability of logged events to generate immediate alerts via e-mail--can be switched on and off through check boxes. Logs can be exported to a syslog server for further analysis.

True, ZyWALL P1 is yet another gadget for mobile users to carry around and possibly lose, and it's not cheap. However, when you consider the depth of protection it offers for the people who hold the keys to your corporate kingdom, it's quite a deal.


Article 11 of 15

Dig Deeper on Network device security: Appliances, firewalls and switches

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

Get More Information Security

Access to all of our back issues View All