dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
9333
share rss forum feed


mozerd
Light Will Pierce The Darkness
Premium,MVM
join:2004-04-23
Nepean, ON
reply to lorennerol

Re: 2013 USG SHOULD ADD FUNCTIONALITY

said by lorennerol:

Still would like to see real-world tests. As we've seen with ZyXEL the published speeds are often best-case scenarios that don't reflect what happens on typical networks.

Check out the review that SmallNetBuilder did on the ISA500W -- note that its not the ISA570 but will give you some good idea

From my current experience the ISA570 screams PERFORMANCE.
--
David Mozer
IT-Expert on Call
Information Technology for Home and Business

Kirby Smith

join:2001-01-26
Derry, NH
Reviews:
·Fairpoint Commun..
reply to Anav
The ISA500 series spec sheet (.pdf), accessible from the Q&A link provided a few pages back, reveals that the specified full UTM bandwidth is two-way. (I don't understand how all UTM services apply to two-way traffic. What applicability would IDP have for outgoing messages? Maybe relevant to LAN to LAN traffic. There is a standard for this test so I imagine if I really want to understand it I'll have to read a copy.)

kirby

JPedroT

join:2005-02-18
kudos:1
said by Kirby Smith:

The ISA500 series spec sheet (.pdf), accessible from the Q&A link provided a few pages back, reveals that the specified full UTM bandwidth is two-way. (I don't understand how all UTM services apply to two-way traffic. What applicability would IDP have for outgoing messages? Maybe relevant to LAN to LAN traffic. There is a standard for this test so I imagine if I really want to understand it I'll have to read a copy.)

kirby

The standard is get as high value as possible.
--
"Perl is executable line noise, Python is executable pseudo-code."


Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:5
So basically divide their marketing numbers by 2?

JPedroT

join:2005-02-18
kudos:1
said by Anav:

So basically divide their marketing numbers by 2?

Depends on a lot of things, you need to look at how they benchmark.
For instance most throughput is benchmarked at L2 and not L3 for instance.
And do they turn on all services and use all services at the same time? Or just 1 and 1 service at the time.
--
"Perl is executable line noise, Python is executable pseudo-code."


superataru

join:2004-12-07
Kearny, NJ

1 recommendation

reply to Anav
Hi all.
I lost myself in these thousands of comments. My humble opinion is that ZyXEL has a nice performance/cost ratio. Some bugs or limits have (still) to be fized / overcome, but are very nice devices. At the moment, the max number of users connected to a device, for me has been 50 users/hosts and 25 concurrent VPN tunnels, and had not particular problems, if not due to some errors made by Application Patrol (i hope God fires ultrasurf check...) and low BW available from ISP (here, real 20Mbps are a nice dream ...).
Cisco devices are very nice, but too expensive, and to reach a way to buy them, you must go trough the Lord of the Rings' Hall ( ). I like very much switches, i used for CCNA security, but with the value of a switch 36XX i can buy ~ 2 USG300 and 4 ZyXEL 24p-giga. LOL
I am looking for Clavister too (»www.clavister.com/products/), that has so nice devices, and a very granular settings. ZyXEL---Clavister are fully compatible. Actually my home is behind an Clavister SG50.

Going back to things should be added to USGs .....

A larger mumber of customized trunks, as they are too few. If i got two BB connections, for example, i need (active - passive) AA, AP, PA and this for outbound, inbound, outbound+inbound: so, at least 9 different trunks. Not just 5.


mozerd
Light Will Pierce The Darkness
Premium,MVM
join:2004-04-23
Nepean, ON

1 recommendation

said by superataru:

Cisco devices are very nice, but too expensive, and to reach a way to buy them, you must go trough the Lord of the Rings' Hall ( )

In North America the Value Proposition in now in favour of the CISCO ISA570 big time--
plus the CISCO gear works out of the box for every service it offers ---IPv6 no problemo, SSL no problemo, VPN a piece of cake, wizards work really well much to my surprise. ZONES are a pleasure to work with, VLAN's much easier to configure and a UTM performance that is simply outstanding --- Only downside is I need to get my hands on another one to see if its got a CLI
--
David Mozer
IT-Expert on Call
Information Technology for Home and Business

Kirby Smith

join:2001-01-26
Derry, NH
Reviews:
·Fairpoint Commun..

1 recommendation

mozerd:

I would suggest spending time (which I haven't lately) at CISCO's help forum before declaring that everything works in the ISA570. I believe that everything worked for you that needed to work for you.

»supportforums.cisco.com/communit···/routers

While the ISA570 forum traffic, presently limited due to its recent introduction, may never reach the crescendo of RV042/082 traffic, I doubt that CISCO has produced in the ISA570 a router that will never need alteration. It may be fair to say that at its introduction it was more mature than the USG.

kirby


Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:5

1 recommendation

reply to Anav
What I want to know is if anyone has setup SSL VPN to work for a remote user to access resources behind the Router. It seems in various threads it only allows the admin to access the network which is breast useless.


idolclub

join:2003-12-24

1 recommendation

reply to Anav
Another choice: Fortinet FortiGate-60D Network Security Appliances

Product Name: FortiGate-60D
Firewall Throughput 1518 Bytes: 1.5 Gbps
Firewall Throughput 512 Bytes: 1.5 Gbps
Firewall Throughput 64 Bytes: 1.5 Gbps
Firewall Max Concurrent Session: 500 K
Firewall New Sessions per second: 3,200
IPS Throughput: 200 Mbps
SSL-VPN Throughput: 30 Mbps
IPSec VPN Throughput 512 Byte Packet: 1 Gbps
Antivirus Throughput (Proxy): 35 Mbps
Antivirus Throughput (Flow): 50 Mbps
Total Network Interfaces: 7 x 10/100/1000 RJ45 Internal Ports, 2 x 10/100/1000 RJ45 WAN Ports, 1 x 10/100/1000 RJ45 DMZ Port

Only $513 from Amazon
»www.amazon.com/Fortinet-FortiGat···gate+60d


superataru

join:2004-12-07
Kearny, NJ
said by idolclub:

Another choice: Fortinet FortiGate-60D Network Security Appliances

Product Name: FortiGate-60D
Firewall Throughput 1518 Bytes: 1.5 Gbps
Firewall Throughput 512 Bytes: 1.5 Gbps
Firewall Throughput 64 Bytes: 1.5 Gbps
Firewall Max Concurrent Session: 500 K
Firewall New Sessions per second: 3,200
IPS Throughput: 200 Mbps
SSL-VPN Throughput: 30 Mbps
IPSec VPN Throughput 512 Byte Packet: 1 Gbps
Antivirus Throughput (Proxy): 35 Mbps
Antivirus Throughput (Flow): 50 Mbps
Total Network Interfaces: 7 x 10/100/1000 RJ45 Internal Ports, 2 x 10/100/1000 RJ45 WAN Ports, 1 x 10/100/1000 RJ45 DMZ Port

Only $513 from Amazon
»www.amazon.com/Fortinet-FortiGat···gate+60d

Wow, a monster.
Did you test it?


Gork
Ou812ic

join:2001-10-06
Bountiful, UT
reply to Kirby Smith
said by Kirby Smith:

It may be fair to say that at its introduction it was more mature than the USG.

Do you think it might be fair to say that at its introduction it was more mature than the USG was even after a few firmware updates?


idolclub

join:2003-12-24
reply to superataru
Click for full size
Simple NAT throughput test for FortiWiFi-60D:

Traffic In + Traffic Out two-way NAT Performance : Over 1.4Gbps

»i69.photobucket.com/albums/i50/i···original


mozerd
Light Will Pierce The Darkness
Premium,MVM
join:2004-04-23
Nepean, ON

2 edits

1 recommendation

reply to Kirby Smith
Click for full size
UTM Performance
said by Kirby Smith:

I doubt that CISCO has produced in the ISA570 a router that will never need alteration. It may be fair to say that at its introduction it was more mature than the USG.

I'm sure that the ISA570 has flaws and I need some quality time plus a unit that I can experiment on to find those flaws My point was that all the services I mentioned including some that I did not mention work out of the box --- so yes a lot of stuff is mature and does not require a rocket science IOS background --- only time will expose stuff. BTW, the web based management interface is a real pleasure to work with -- a very dramatic change from the CISCO stuff I used to work with many moons ago --- and certainly MUCH easier that the Object Oriented GUI present in the USG appliances. But since I was using the ISA570 Wizards I did not spend a lot of time with the whole GUI. If you'd like an idea of what the ISA570 GUI feels like LOOK at the emulator

My key point was that the ISA570 has a very strong Value Proposition --- and when compared to the USG300 the ISA570 wins in every department. UTM performance is outstanding at 75Mbps and THAT is what counts. CISCO is normally very conservative with specs cause they have many gear-heads using their gear who are ready-willing-able to pronounce marketing BS.
--
David Mozer
IT-Expert on Call
Information Technology for Home and Business


mozerd
Light Will Pierce The Darkness
Premium,MVM
join:2004-04-23
Nepean, ON

1 recommendation

reply to Gork
said by Gork:

said by Kirby Smith:

It may be fair to say that at its introduction it was more mature than the USG.

Do you think it might be fair to say that at its introduction it was more mature than the USG was even after a few firmware updates?

Very unfortunate that ZyXEL QC is not what it should be --- IMO ZyXEL needs to have ALL its R&D done in the USA where all the software engineering brains are. A lot of the brains are now refusing to work in China and India and returning to the USA [Texas is the new land of opportunity due to its business friendly tax laws].
--
David Mozer
IT-Expert on Call
Information Technology for Home and Business

Kirby Smith

join:2001-01-26
Derry, NH
reply to Gork
My impression is that you are right, but I fear that we may not yet have enough data.

k

Kirby Smith

join:2001-01-26
Derry, NH
Reviews:
·Fairpoint Commun..

1 recommendation

reply to mozerd
I am not trying to defend ZyXEL against CISCO. I think the ISA570 has great specs. But I thought it possibly premature to use it as a cudgel against the USG.

Rave on, everyone. I look forward to technology improvements no matter where the source.

kirby

JPedroT

join:2005-02-18
kudos:1
reply to mozerd
said by mozerd:

said by Gork:

said by Kirby Smith:

It may be fair to say that at its introduction it was more mature than the USG.

Do you think it might be fair to say that at its introduction it was more mature than the USG was even after a few firmware updates?

Very unfortunate that ZyXEL QC is not what it should be --- IMO ZyXEL needs to have ALL its R&D done in the USA where all the software engineering brains are. A lot of the brains are now refusing to work in China and India and returning to the USA [Texas is the new land of opportunity due to its business friendly tax laws].

You might think USA is the brain capital, but its not. And for ZyXEL it has never been an important part either. USA R&D office was more into looking at where to go and pof. All the heavy lifting has been in Taiwan and to my knowledge still is, in its sort of funny old way
--
"Perl is executable line noise, Python is executable pseudo-code."


mozerd
Light Will Pierce The Darkness
Premium,MVM
join:2004-04-23
Nepean, ON
said by JPedroT:

You might think USA is the brain capital, but its not. And for ZyXEL it has never been an important part either.

I do not think --- I know the USA is the brain capital when it comes to networking, operating systems and computing at every level .. Insofar as ZyXEL I have no idea but they would benefit from excellent software engineering done in the USA.
--
David Mozer
IT-Expert on Call
Information Technology for Home and Business


Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:5
How much time do you spend in Europe, Russia etc... I think its a tad myopic to state NA and the US specifically is where the important 'original' work is done. Note I did not include other parts of the world where they 'invest' in other peoples work.

JPedroT

join:2005-02-18
kudos:1

1 recommendation

reply to mozerd
said by mozerd:

said by JPedroT:

You might think USA is the brain capital, but its not. And for ZyXEL it has never been an important part either.

I do not think --- I know the USA is the brain capital when it comes to networking, operating systems and computing at every level .. Insofar as ZyXEL I have no idea but they would benefit from excellent software engineering done in the USA.

I am sorry, but you should get out a bit more I'll put any of scandinavian countries up against the US any day, when it comes to quality and productivity

And on top of that, most of the brainy guys are imported from the rest of the world anyway

So historically the system in the US has pushed the boundaries of computing, but the smartest brains in the US are now looking at how to squeeze more out of the financial markets or get you to click on ads.

If you look at broadband in the USA today, its stone-age compared to leading countries, ie Korea, Japan, China etc in Asia, Nordic countries Norway, Sweden, Denmark, Finland.

The baltic states are way ahead most other countries.

UK is more like USA, in that regards, but if you look at Germany or Switzerland you notice you guys are lagging.

So moving anything to USA is not a silver bullet.

I have told US companies for almost 10 years now, look at the Nordics, thats where your market will be in about 2-3 years. Especially Finland/Sweden, those guys are beyond bleeding edge usually.
--
"Perl is executable line noise, Python is executable pseudo-code."


Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:5
reply to Anav
Forget IT, look at the crap cars coming out of NA for about 50 years. I would have loved to have driven european fords instead of th shit boxes they made here. Heck the ford 6 speed standard turbodiesel van would be in my driveway instead of an odyssey if it was available and I havent even discussed pure eurobrands LOL.

Wine is cheaper and better in europe as well. Coffee, nuff said. Case closed!!!!


mozerd
Light Will Pierce The Darkness
Premium,MVM
join:2004-04-23
Nepean, ON
reply to Anav
said by Anav:

How much time do you spend in Europe, Russia etc... I think its a tad myopic to state NA and the US specifically is where the important 'original' work is done. Note I did not include other parts of the world where they 'invest' in other peoples work.

I try very hard not to spend my time in countries that breed socialists pigs that love to suck and suck all the oxygen.

98% of the intellectual property has been stolen from the USA --- Canada plays a very insignificant role --- some good stuff but insignificant in the big picture. Once the Financial collapse takes effect [in the USA and subsequently the Dominoes will follow] big changes will occur in the software industry. Financial Collapse? One cannot print money [Monetize the Debt ] and get away with it for ever --- eventually the shit will hit the big wall and splatter everyone.
--
David Mozer
IT-Expert on Call
Information Technology for Home and Business

JPedroT

join:2005-02-18
kudos:1
said by mozerd:

I try very hard not to spend my time in countries that breed socialists pigs that love to suck and suck all the oxygen.

And there we have flying strykejern
--
"Perl is executable line noise, Python is executable pseudo-code."


Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:5
The women are also hot in Sweden and Finland but whose looking.

WTF.......
I thought the discussion here was about IT acumen not one dimensional political views.... Man, get the bee out of your bonnet or go sit in the corner of the blue or red room.

Bad day?
--
Ain't nuthin but the blues! "Albert Collins".
Leave your troubles at the door! "Pepe Peregil" De Sevilla. Just Don't Wifi without WPA, "Yul Brenner"

LlamaWorks Equipment

AndreSt

join:2013-02-05

1 recommendation

reply to Anav
ZyXEL has published new infos about three new professional ZyWALL devices: ZyWALL 110, ZyWALL 310, ZyWALL 1100

»ftp://ftp.zyxel.com/ZyWALL_110/datashe···10_1.pdf

A user's manual can also be found on their FTP-server.

Although compared with the USG model's performance, the new models don't seem to support UTM functionality.

I wonder if ZyXEL would ever announce a faster ZyWALL supporting UTM?


Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:5
Weird, I had heard about the USG100+, if you look at the spec sheet available at the US site. I know in the US they offered the VFG series for a year or so with higher throughput VPN only type of unit which was scrapped.


mozerd
Light Will Pierce The Darkness
Premium,MVM
join:2004-04-23
Nepean, ON
reply to AndreSt
said by AndreSt:

I wonder if ZyXEL would ever announce a faster ZyWALL supporting UTM?

The CISCO ISA570 is the one to get.

It works out of the box.


Gork
Ou812ic

join:2001-10-06
Bountiful, UT
ISA570... Just gotta' pay off the mortgage... Buy a new car... Contribute more to retirement... New water heater... New microwave... New a/c compressor for the house... New clutch and slave cylinder to tide me over 'til I can buy a new car...

Then I'll be ALL OVER IT!