SG79 join:2009-05-27 New York, NY
1 recommendation |
SG79
Member
2014-Jul-21 1:31 pm
Detailed review of the ZyWall 110 - 10 months in (warning: it's a long read)This is a long overdue review of the ZyXel ZyWall 110. I've posted a lot of these comments in various threads, but thought I'd consolidate in one massive review (I was bored while writing this). So here it goes:
------
I wanted to love this little router, I really did, but found a host of issues that have yet to be fixed. On paper, the router seems superb great specs, fast VPN, nice overall design (and look). But after using this router since September 2013, I can safely say that there is much to be desired. Let me start with the things I liked about the router:
POSITIVES:
1) Fairly quick initial setup I was able to plug the router in, and get up and running in 20 minutes or so. Well, almost. My first unit had a defective gigabit Ethernet port that would revert to 10/100 speeds after 3 hours of usage. This didnt impact initial connectivity, however, and a replacement unit fixed this issue (see negatives). The VPN setup is also a bit complicated (somewhat unnecessarily, IMHO 3 disparate screens just to get the VPN configured not including user management). But ZyXel tech support was very helpful and even remotely logged into my router and set the VPN up for me. Thanks! Which brings me to my next positive:
2) Free telephone tech support ZyXels support staff are based in the US, and their support engineers have been very helpful (to the extent they are able to help - especially given the router's limitations). However, the design engineers are all in Taiwan, while the telephone support staff is in the USA, so I'm not sure how often the two parties communicate.
3) GUI chock full of options You can configure most (all?) of the routers features using the GUI interface. This is particularly if youre not familiar with CLI configuration (not my case, but worth mentioning). There are a lot of options, and I mean a lot. Not for the faint of heart, but spend enough time and even novices would get used to it. While the interface has a lot of features, there definitely could be some more thought put into the layout. Ive often found myself having to click through various disconnected menu options to perform one simple task. But Im listing this as a positive, since the options are there, and you can call tech support if youre really stuck.
4) Good router performance at least when it works. Ive test the router using QOS, and it does a good job. Much better load balancing than my previous router. While I havent maxed out the routers throughput, it hasnt choked on my 75 megabit connection. SmallNetBuilder did test the router, however, and found the router throughput to be ~half the rated speed of 1 Gbps. I dont have that kind of connection yet, and by the time I do, hopefully the issue will be rectified by a firmware update.
5) Load balancing wan with fallback while I never tried this feature, it seems like a nice option to have. But honestly, I think the target demographic (SMBs, homes?) would rarely use this feature, if ever. Regardless, +1 for effort
6) Multiple configurable Ethernet ports for DMZ, VLANs, etc. Again, a feature Im not currently utilizing, but nice to have. But given that companies are moving their servers to the cloud, and layer 3 switches do a better job with VLANs and intra-office routing, Im not sure how beneficial these ports will ultimately be.
NEGATIVES:
1) Interface crashes Seriously. Three times in the past 7 months. The router interface froze on me, and locked me out of accessing the VPN, router configuration, or communicating directly with the router in any manner whatsoever. Oddly enough, internet access through the router wasnt impacted, just access to the router itself. I needed to physically reboot the router to restore access. This can be problematic if youre at a remote location (my situation). I had to buy a remote reboot switch that periodically pings the router to avoid this from happening. Totally unacceptable, IMHO.
2) Frequent VPN disconnections Ive found the router to frequently disconnect me from L2TP VPN connection. This is especially apparent during peak times. Ive read that these issues arent unique to ZyXel, but other router manufacturers have been able to mitigate these problems somehow. The disconnect issue is particularly bothersome as once youre disconnected, the previous state is locked for a few minutes and you cant log back in until the router drops the connection. This is incredibly frustrating, especially once it start happening more than two times in an hour.
3) No support for multiple remote IPSEC VPN clients behind a single public IP address. To be fair, this issue also isnt unique to ZyXel (something to do with the encrypted connection), but other manufacturers have been able to mitigate this limitation as well. In addition, if a remote user is logged into the VPN, another remote user with the same IP address as the VPN user is completely locked out from accessing the router services VPN, configuration, etc. This is especially frustrating if you need to remotely modify router settings, and another user from your local LAN (assuming youre sharing public IPs) is logged into the VPN. Heres what I mean:
•Imagine two remote users behind the same public IP address, and the ZyWall 110 at a different location, with both IPSec VPN and router configuration access enabled over the WAN side. One remote user decides to log into the ZyWall 110 using the IPSec VPN. All is good. Then, the second user, using a different computer, decides to access the ZyWall 110 configuration page through the public IP address (not VPN). Denied! Even though the web interface uses a different port (SSL - 443) than the IPSec VPN, the ZyWall cant differentiate the traffic. Same thing happens if two users behind the same IP address try to use the VPN simultaneously.
4) Proprietary 2-step verification - You'll need to use ZyXels silly offering no support for 3rd party tools such as Google Authenticator. Really? Come on ZyXel. Other router manufacturers are on top of this, why arent you? ZyXels solution is pricey (you need a dongle) and cumbersome, given that Googles app is free and runs on most smartphones. The free price range also probably best fits the target market of ZyXels customers SMBs with limited budgets. I mean, if I wanted faux-enterprise security with a silly little dongle, Id call Cisco and RSA (Or is that the NSA?).
5) No support for OpenVPN, GRE routing, multicast tunnel, etc. Its not as though the router and its fast processor couldnt handle these tasks. OpenVPN is great since its highly secure and you can specify a port (unlike IPSEC). Certain WiFi hotspots block most ports aside from 80 and a few others, and only OpenVPN allows for custom port numbers to sidestep this limitation. Multicast routing and GRE tunnels have been available on other ZyXel routers in the past, but not with the 110. Its a guessing game when (if?) these features will ever make it to the 110. Ubiquiti Edge Router is only $100, and seems to support these aforementioned features , why can't ZyXel?
6) Infrequent firmware updates I cant fathom this especially since the router has some serious bugs. The latest router firmware (as of this writing) was dated in June 2014. Prior to that, it was Sept. 2013. Seriously, almost a year between firmware updates? Come on! It may be because ZyXels design engineers are in Taiwan and they might not be reading the forums, or have infrequent communication with the tech support staff based in the USA. Whatever the case, one year is too long of a wait.
7) Weird IP address sorting scheme - IE if you click on Sort Ascending (or vice versa), you'll see x.x.x.1, x.x.x.101, x.x.x.2, etc. WTF? since when did 101 come before 2? So silly. Who came up with that logic?
8) No mounting holes underneath case - The manual indicates there are wall mounting holes (one of the reasons I initially bought the router), but that was a pipe dream. There are no mounting holes. At least for my unit (manufactured July 2013). Just a solid back. I guess somebody forgot to tell the factory. Silly factory.
9) Fan Noise - Okay it's not as loud as a laser printer, but its still loud. Mind you, I have the router in a fairly quiet bedroom where you can actually hear the noise. What I cant figure out is why the fan was needed in the first place: The unit runs fairly cool (at least for the apps I run), and given the ridiculously spacious housing (you could cut off the left 1/3 of the router its just air), Im sure lowering the fan speed, or ditching the fan altogether wouldnt be much of an issue.
10) Faulty Gigabit Ethernet port I bought my unit in September 2013, and several times my gigabit connection would drop to 10/100 speeds. I tried various cables to no avail. This may have been a manufacturing issue. I replaced my unit and the problem went away, but there are reports of other people having the same issue. Caveat emptor.
11) Power brick As I mentioned before - the router has a lot of empty space. So why ZyXel didnt incorporate the external power supply inside the unit is beyond me but it certainly wasnt for a lack of space. Now, I have to keep track of yet another power brick (especially frustrating when moving), and since my unit is rack mounted I now also need to find a place to mount the brick - the dinky 2.5mm connector wont support the bricks weight.
12) Abysmal Logs and Reporting Statistics A serious item of contention for me especially since other SMB router manufacturers (along with DD-WRT, Tomato, etc) have much better graphical offerings. I found ZyWalls traffic reports to be confusing, and mostly unusable. Let me elaborate:
• Limited traffic statistic visibility - You can only see a limited subset of current traffic going through the router (20 biggest, or last 20), yet there is a drop down menu that shows 50, 100, 200, as selectable options. I had to read through the fine print of the manual to realize that 20 is the limit. WTF? Why even present a drop down option then?
•Limited charts or statistics data looking for charts to identify biggest bandwidth users, sites most frequently visited, traffic by interface, period, etc? Ha! Good luck. The only solution I found was to upload the data to a syslog server and use that software to analyze your traffic.
• Limitations on DHCP IP address bindings Want to see what addresses have been assigned through DHCP, or which static IP addresses are active on the LAN side? Well, you can only do that if you enable IP address binding, which will block any devices with static IP addresses (unless you manually add them to the MAC table). Even then you wont see which devices are transmitting using static IPs on the LAN. Why this silly limitation? I have no clue. ZyXel, care to comment?
• Log File format While you can upload a plethora of data to a syslog server, but you need additional software to parse through the log(s), which only come in CIF or a proprietary VRPT format. These packages cost money, and most off the shelf CIF packages I encountered didnt support the ZyXel. ZyXel makes its own report analyzer, but thats another piece of software to buy just to get some basic summary data. Plus, its overkill for most users. Come on ZyXel!
CONCLUSION:
All in all, the router has good performance when it works, but given all these limitations, theres a lot to be desired. I paid $360 for this router, but considering its limitations and the issues I encountered, I feel its overpriced. This is especially true when you consider offerings from the competition, particularly Ubiquiti's Edge Router which sells for $100.
Granted, the Edge Router lacks the multiple Ethernet ports, load balancing capability, and the GUI configurability, but its CLI configuration gives it options and flexibility that the ZyWall 110 can't match. The Ubiquiti router seems to mitigate a bulk of my issues above, and it has better performance (firewall throughput, VPN) to boot (according to Small Net Builder)!
If there are any workarounds for the issues I mentioned above, I'd love to get any of your thoughts. I'm by no means an expert with the router and would love to hear other people's input on what I'm doing wrong.
I'll give an update once I spend a few months playing around with the Ubiquiti router. Hope you enjoyed the read. It's just my $0.02. For whatever it's worth.
Cheers! |