Newsletter – December 2007
Industry Update
|
|
|
ZyXEL ZyWALL USG – Maximum Security, Maximum Connectivity
ZyXEL Communications, a leading provider of complete broadband access solutions, introduced a new ZyWALL series that supports broad and granular security and firewall protection as well as enhanced VPN features for customer connectivity. Firewalls have been important to small businesses and large corporations alike for several years. They provide hardened security above that of an average home router, can block malicious attacks that would otherwise deny users and customer access to Internet businesses, and provide secure remote connectivity for workers traveling abroad. ZyXEL firewalls have provided these features since the introduction of our ZyWALL series, but our new USG firewall series adds even more features in terms of security, connectivity, and redundancy. Why Would an Office Need a Newer Firewall? Newer firewalls not only offer the same features as previous models, but also have the hardware and power to handle advanced applications: Firewall Action Control Lists The mainstay of any firewall appliance is the ability to accurately and granularly control traffic between a local network and the Internet, as well as automatically detect and block Denial of Service (DOS) and other common attacks. The ZyWALL USG firewalls have the ability to block or allow traffic by using admin-configured Action Control Lists (ACLs), which can identify traffic going through the firewall based on IP, protocol, port, or even by users or groups. They can also be set to schedules, to be active or inactive during certain parts of the day or week. Unified Threat Management The firewall itself can act as a first line of defense between a business network and the Internet. ZyWALL USG firewalls deploy various protection features beyond basic firewall security, such as web Content Filtering to block undesired web traffic, gateway Anti-Virus, and gateway Intrusion Detection and Prevention (IDP) to block known attack patterns and identify new or unclassified threats. Application Patrol Programs such as instant messengers can be useful business tools, but might consume a lot of bandwidth or compromise company security, if features such as IM file transfer or video chat are used. ZyWALL USG firewalls, using the Application Patrol feature, can limit the amount of bandwidth used by applications (regardless of the protocol or port used). It can block certain features of programs (such as IM file transfer or video chat), but still allow other features of a program to be used (such as IM chat). IPSec VPN Virtual Private Networks (VPNs) are used to connect offices or users together securely over the Internet. IP Security (IPSec) is a very strong suite of VPN protocols that can be used to connect branch offices together through strict encryption and authentication. It can also be used by nomadic workers provided they have an IPSec client installed on their computer. L2TP over IPSec VPN Layer 2 Tunneling Protocol (L2TP) is a VPN type that simulates a dial-up connection and is utilized by many Operating Systems including MS Windows (unlike IPSec VPN, which almost always requires 3rd party software). ZyWALL USG firewalls are the first ZyXEL firewall to support this VPN type, using hybrid L2TP over IPSec tunneling to provide the best mix of authentication and security for nomadic worker VPN connectivity. SSL VPN When using IPSec or L2TP VPN, an administrator will usually need to make configurations on all of his/ her nomadic workers’ computers. This can be timely (and costly if 3rd party software is needed). However, the ZyWALL USG firewalls support SSL VPN for easy nomadic connectivity, utilizing nothing more than a nomadic worker’s web browser. The administrator simply sets up their login and access privileges on the firewall itself. When the authorized user logs in through their web browser (much like logging into secure online banking and the like), they will have access to remote network resources set up by their administrator. All ZyWALL USG firewalls come with basic SSL VPN functionality, and the amount of concurrent tunnels can be upgraded as the need arises. User-Based Action Control When combined with a local or remote authentication server, such as RADIUS, LDAP, or MS Active Directory, ZyWALL USG firewalls can support user-based actions, such as firewall rules, policy routing, web content filtering, and so forth. Even if no authentication server exists, the ZyWALL USG itself can be used as a user database. Configurable Ports and Zones Many legacy firewalls have a fixed use for physical ports (WAN, LAN, DMZ, etc.), and also security zones associated with those ports. On ZyWALL USG firewalls, ports and zones can be assigned by the administrator, allowing maximum flexibility in deployment and setup. In this manner, the administrator can assign ports and zones, groups physical ports together, and create custom zones and virtual ports (interfaces), based upon the needs of his/ her company or customer. VLAN Aware Many corporate networks use 802.11q VLAN to help segregate and direct traffic across a network. However, if the gateway does not recognize VLAN packets, it can add additional setup and frustration for network administrators. The ZyWALL USG firewall series, however, does recognize VLAN tags and directs traffic accordingly. VLANs can also be placed into different zones for additional security. Furthermore, the firewall can act as a DCHP server for each VLAN, reducing additional setup for the administrator. WAN High Availability Internet redundancy is key for many businesses, especially when loss of connectivity equals loss of revenue. ZyWALL USG firewalls can support many ISP connections. You can even terminate many Internet connections to one physical port on the firewall (provided there is a switch between the firewall and ISP connections). Combined with multiple, configurable WAN trunks and policy routes, it adds a level of robust connection redundancy to the ZyWALL series. Device High Availability Having Internet redundancy is vital, but if all connections terminate at one firewall, that firewall can become a single point of failure. ZyWALL USG firewalls provide Device High Availability to bypass this issue. When two or more devices are configured for High Availability, a backup firewall can instantly take control if the master firewall should fail. This gives the administrator ample time to troubleshoot or replace the faulty firewall, without worrying about network downtime and lost business. What is a ZyWALL USG?
You’ve read the words “ZyWALL USG firewall” a lot in this article. “ZyWALL” is the name given to ZyXEL’s hardware firewall series of products. The USG (Unified Security Gateway) series is the latest generation of the firewall series, which incorporates ZyXEL’s new ZLD hardware OS, to provide an unprecedented level of security and control. It supports all of the features listed in this article, and much more, and includes the ZyWALL USG 300 Internet Security Appliance. In addition, the USG series includes ZyXEL’s free firmware upgrades, free lifetime support, lower cost for add-on services (like UTM subscriptions and SSL VPN upgrades), and a 5-year parts & labor warranty. With the features supported by our new ZyWALL USG series, ZyXEL believes the cost to performance ratio provides a winning combination for many SMB and enterprise customers. For more information on the ZyWALL USG300 , please contact your GreenPages rep today. Copyright © 2007 GreenPages, Inc. All rights reserved. GreenPages is a trademark of GreenPages, Inc. All other brand or product names mentioned are the trademarks or registered trademarks owned by their respective companies or organizations. Privacy Policy.
To manage your subscriptions or unsubscribe click here. |
|
