WAN Without Wires: Using the 2WGBy Frank Ohlhorst | Print
Re-Imagining Linux Platforms to Meet the Needs of Cloud Service Providers
ZyXEL shows that the sum is worth more than the parts when you add wireless broadband to wireless LAN and sprinkle in a bit of security with ZyWALL 2WG Secure Wi-Fi Firewall/VPN Router.
Solution providers will find deploying the ZyWALL 2WG a straight-forward process, which consists of little more than powering up the unit, logging into the unit via a browser connection and running what amounts to little more than a simple setup wizard. In other words, basic connectivity is just a few keystrokes away. Beyond the Basic setup, installers will need to have a decent amount of networking knowledge to properly configure the product. That is not an indication of a poor design, but more of an indication of the high-end options offered by the unit.
The unit can be managed in a number of ways, solution providers can perform tasks via a direct connection using a console port, over a wireless connection, remotely (via the Web or a modem plugged into the AUX port) and via a traditional Ethernet connection to one of the unit’s LAN/DMZ ports.
However, in most cases, solution providers will set up and manage the unit via the "Web Configurator," a browser-based application that is accessed via Internet Explorer (or compatible browsers) over an IP connection.
By the default, the unit is set up as a router and in most cases, which will be the preferred configuration. As a router, the unit can provide VPN connectivity, perform NAT and DHCP. Installers will be able to configure both WAN 1 (wired connection) and WAN 2 (3G Wireless) quite easily. Those 2 WAN connections can be configured for fail over, load balancing or disabled individually. For the most part, the rest of the routing configuration is pretty much the same as a typical broadband router.
Installers also have the ability to set up the unit as a transparent firewall that proves to be the ideal configuration for sites that already have a broadband router and want to add security at the edge, along with DMZ capabilities. Each of the four wired ports can be configured for LAN or DMZ use, which allows installers to segment the internal and external legs of the LAN and support Web servers or other hosts that need access from the Web. It would be an added bonus if the four LAN ports supported gigabit Ethernet, especially if one will be plugging servers and NAS units into the device. Better yet, expanding the LAN/DMZ to 8 10/100/1000 ports could make the 2WG the central connectivity point for a small office.
For VPN connectivity, the unit can support incoming IPSEC VPN connections and direct VPN connections to remote routers. VPN setup proves to be quite easy, thanks to a VPN setup wizard, which does all of the heavy lifting of programming and configuration. Another security feature of interest is the unit’s content filtering capability, which offers code blocking features, keyword blocking, URL filtering and can be configured to work with third-party Web Content Filtering Services.
The integrated VPN server can support as many as five concurrent IPSec connections and offers DES/TripleDES/AES encryption, along with Manual Key, IKE and PKI(X.509). IPSec NAT traversal is also supported as well as Xauth User Authentication. The integrated firewall is preconfigured to protect against DoS and DDoS attacks and features SPI with full logging. Administrators can fine tune the firewall to meet their specific needs and have access to features such as port triggering and full port access control. The wireless portion of the device features all of the expected security features, ranging from WEP to WPA-PSK.
With a price of just $369, the ZyWALL offers quite a lot of bang for the buck and can serve most branch office and small business needs. The ability to switch over to 3G connectivity creates a new world of opportunity for solution providers looking to tap new markets or vertical markets that rate mobility above all else.