|
I just
got the BEFVP41. It is a good SOHO solution. It does logging to syslog of all
traffic inbound and outbound. It has some basic filtering. It does port and port
range forwarding as well as a single "DMZ" (Forward all) host. The VPN side is
pretty good. My biggest complaint is you can only use numbers and letters for
the pre-shared key, no punctuation or special characters (according to their
docs, I have not tested this yet). It supports all the IPSec standards as far as
I can tell, DES, 3DES, MD5, and SHA-1 (Or no encryption). In stress testing it
has handled quite well. I have a cable line and it performs as good as my Cisco
router (1600). We put it on a LAN segment and baraged it with every exploit
known to man and it didn't skip a bit. We tried Ping flooding from two seperate
Linux workstations and it didn't flinch. If you turn on the WAN filter it drops
most inbound ICMP. It is Not a suitable remote access VPN solution though. You
have to define access in the IPSec policy in Windows which has its limitations.
Primarily if the machine is in a domain the policy must be defiend in Active
Directory. If it is a stand alone machine it can be configured without too much
dificulty, but the configuration is not something I would want an end user to
do. Once a working policy is created it can easily be exported and imported
between machines or distributed through active directory. I was able to
establish a tunnel between a Cisco router and this device as well as between
Windows and this device. For the money it is a good buy, I paid $140. Compared
to the Cisco equivalent it is one tenth the cost, although you give up some
support options, IE TAC. Not being familiar with the Zyxel series I cannot make
an impartial recomendation, but it is my understanding Zyxel makes most of the
cable maodem routers for people like Netgear, Dlink, and Linksys. If they have a
similar offering it may be worth a look (depending on price).
HTH.
Ken Claussen MCSE CCNA CCA
|
- Zywall 10 Carlos Rosa
- Claussen, Ken
