• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

ZyXEL ZyWall family of appliances? (USG 50)

Started by snarked, March 12, 2014, 05:08:58 PM

Previous topic - Next topic

snarked

My software firewall (by itself) doesn't cut it anymore.  Therefore, I'm looking at hardware firewall devices.

Does anyone have any experience with the ZyXEL ZyWall family of appliances?  I'm considering the USG 50.  Their web site says they support IPv6, but I have found that "support varies" with other devices I have used.

I need 2 WAN ports and 3 LAN ports (the 4th is nice, but will be unused except for maintenance), so their model 20 is too little and the 100/200 is too much in connectivity.  The cost  for model 50 is also about what I can afford - less than $250 (on amazon.com).

broquea

Have you considered the Ubiquity EdgeRouter Lite? $99, but only gets you 3 GIGE ports that you can use as you like. IPv6 not exactly in the GUI but it runs a vyatta fork on top of Linux, so IPv6 support is there. They have a newer model with more ports too, for more money.

snarked

Thanks for the alternative suggestion, but it doesn't have 2 WAN ports.  If 1 WAN port would do, I could go with a USG 20.

broquea

It _could_ have 2 wan ports, its a linux box with 3 nics :) eth0/1/2. You can define the ports to be whatever you want, and toss a cheap switch off the 3rd.

snarked

#4
I need 5 ports.  (A 6th port is desired so I can plug in directly when needed.)  It only has 4.  Other suggestions?

cholzhauer

I'd suggest something like an ASA 5505, but if I'm reading your initial post correctly, it's more than you're looking to spend.

snarked

RE:  Cisco ASA 5505

OK, I looked at that; thanks for the suggestion.  There is one place that has the price down to $250 (www.allhdd.com).  However, it's a 10/100Mb device while the ZyXel USG50 is Gig-E.  I also don't need PoE.  Lastly, the literature (feature list) for the 5505 nowhere said that it supports IPv6 (the "ultimate fail").

broquea

for tunnels? ipv6 not that great support on an asa.
also the licensing for a $250 model is gonna be horrible, think, only 10 internal ips can connect to the outside world horrible.
otherwise basic native ipv6 stuff like static routes, interfaces, works fine even as far back as 8.4