ZyXEL firewall/routers

Additional operating system/hardware discussion (Windows, Linux, *BSD and others)
Forum rules
Any posts concerning pirated software or offering to buy/sell/trade commercial software are subject to removal.
User avatar
jan-jaap
Donor
Donor
Posts: 4969
Joined: Thu Jun 17, 2004 11:35 am
Location: Wijchen, The Netherlands
Contact:

Re: ZyXEL firewall/routers

Unread postby jan-jaap » Fri Dec 21, 2012 1:09 am

I was watching this thread hoping someone would come up with a good recommendation. So far I've only learned what not to buy. I had already disqualified the FVS318 myself after I read the reviews.

I'm looking for:
[1] Something I can trust.
[2] Reliability
[3] A router / firewall which can handle at least 500Mb/s WAN <-> LAN
[4] Wireless N on 2.5GHz and 5GHz bands
[5] Basic VPN capabilities
[6] A hardware DMZ and VLAN capabilities on the LAN side are a bonus
[7] A 'tap' for intrusion detection/ flight data recording purposes at Gb speeds

Doesn't have to be a single device (in fact I'm pretty sure it won't be). Large, loud, power hungry devices do not qualify because it has to be installed in my utility cabinet.

Right now I'm using an Engenius ESR9850 wireless router and a Netgear DS104 hub as a tap device.

The Engenius has proven reliable, but it's a closed device so I have problems trusting it. Trust is #1. So right now I'm using my Linux server as a secondary firewall and the actual LAN is 'behind' the Linux server. This effectively puts my wireless network in the untrusted zone which isn't practical in this age of laptops and gadgets. The DS104, being a genuine hub, is limited to 100Mb/s which is my current internet speed -- no future there either.

I'm considering something like this: http://www.dual-comm.com/gigabit_port-m ... switch.htm to replace the DS104 hub.

I want to replace the router with a DD-WRT based solution. Maybe that firmware will be maintained a little longer than the 6 month attention span of the original manufacturer. :? This effectively reduces my search to 'the best DD-WRT' solution. So far I've seen the Cisco / Linksys E4200 (v1) come up a lot, and the Buffalo WHR-G300N. I intend to go to the bottom of this before I make my choice because 'reliability' and 'alternate firmware' are not necessarily a good match. Also, DD-WRT &co seem to target mostly el-cheapo consumer devices so I have to find something there with decent hardware specs and build quality.
:PI: :Indigo: :Indigo: :Indy: :Indy: :Indy: :Indigo2: :Indigo2: :Indigo2IMP: :Octane: :Octane2: :O2: :O2+: Image :Fuel: :Tezro: :4D70G: :Skywriter: :PWRSeries: :Crimson: :ChallengeL: :Onyx: :O200: :Onyx2: :O3x02L:
To accentuate the special identity of the IRIS 4D/70, Silicon Graphics' designers selected a new color palette. The machine's coating blends dark grey, raspberry and beige colors into a pleasing harmony. (IRIS 4D/70 Superworkstation Technical Report)

User avatar
smj
Donor
Donor
Posts: 1678
Joined: Mon Nov 12, 2007 7:54 pm
Location: Berkeley, CA, USA, NA, Earth, Sol
Contact:

Re: ZyXEL firewall/routers

Unread postby smj » Fri Dec 21, 2012 3:22 am

I would like to get DD-WRT or OpenWRT on my Netgear WNDR3700 one of these days...

But here's what I did ~5 years ago. I got a pretty small (25cm x 15cm x 5cm, roughly?) box off eBay with a 600MHz Celeron, 4 x 100baseT ports, 2 Mini-PCI slots and a CF slot where I've put a 4GB Microdrive. The NORCO 7732 was obviously intended as some kind of wireless router, but I got it off eBay without any radios and generic docs for the bare board - I installed one but never spent the time to try and get it working, partly because the Linksys "just worked" and partly because I was searching for an 802.11n solution.

Pictures of the NORCO are on Flickr. I hung the Linksys off one port, wired network on another, WAN off a third, and later added the Netgear WNDR3700 off the fourth. It runs pfSense, which is based on FreeBSD, which I've found to be very solid. I use the OpenVPN support with TunnelBlick on the MacBook when I travel, and that works well.

I'm not sure what's out there in terms of current hardware for this approach, but I'm sure the Alix and Routerboard folks have something. There were usually a bunch of them in Linux Journal whenever I glance at a copy.
Then? :IRIS3130: ... Now? :O3x02L: :A3504L:- :A3502L: :1600SW:+MLA :Fuel: :Octane2: :Octane: :Indigo2IMP: :Indy: ... Other: DEC :BA213: :BA123: Sun, DG AViiON, NeXT :Cube:

User avatar
fu
Posts: 1119
Joined: Thu Sep 29, 2005 9:39 am
Location: constant traveler [nyc/london/berlin]
Contact:

Re: ZyXEL firewall/routers

Unread postby fu » Fri Dec 21, 2012 3:30 am

i guess that both jj and sky are looking for specialized firewall features but since jj mentions dd-wrt and reliability, here's a short nekochan story:

years ago i was looking for a solution to block ads & flashy unicorns at router-level and tillin pointed me to dd-wrt. reading high and low i ended up using tomato (1, 2) on a common wrt54gs. it did (and still does) all i need and then some, all via a browser-based gui that folks like me can setup in 5 minutes ( also sports a cli for folks who don't like guis). besides ad-blocking, i just need file transfers between each base. i used to use the built-in vpn features too, but i offloaded most of my vpn needs to witopia since i'm mostly on the road.

i eventually bought 3 of them and found peace. the same old wrt54gs ones in ny & london are still up running -no problemo- for 6-7 years now. i only had to reboot them for a firmware update. i managed to muck up the one in berlin so i'm looking for a replacement, till then the AEBS undertakes router duties.

i stopped worrying about whatever cheap plastic box each ISP hands out w/ every dsl loop when i found out that i can just set it up in bridge mode, plug it into the wan port of my router and go.

my needs are simple, not sure if this will take the weight of a bunch of vpn tunnels or other demanding requirements. smallnetbuilder reports throughput figures & dd-wrt/tomato compatibility for newish models.

User avatar
hamei
Posts: 10437
Joined: Tue Feb 24, 2004 4:10 pm
Location: over the rainbow

Re: ZyXEL firewall/routers

Unread postby hamei » Fri Dec 21, 2012 4:29 am

jan-jaap wrote:I was watching this thread hoping someone would come up with a good recommendation. So far I've only learned what not to buy.

In your case, a 3745. You won't go back.

User avatar
jan-jaap
Donor
Donor
Posts: 4969
Joined: Thu Jun 17, 2004 11:35 am
Location: Wijchen, The Netherlands
Contact:

Re: ZyXEL firewall/routers

Unread postby jan-jaap » Fri Dec 21, 2012 4:49 am

Oh, my needs are fairly straightforward. I don't even have large amounts of 'interesting' data on my intranet (to an outsider, that is). I just want to inspect a firewall before I will put my trust in it (*). After all, it is one of the things that keeps private data private.

I have FTTH (currently 100/100) and it would be a pity if I couldn't use part of what I'm paying for because of a crappy router.

The ASUS (shiver) RT-N66U appears to be a fairly powerful router and is said to run Tomato nicely too.
hamei wrote:In your case, a 3745. You won't go back.

This?
cisco3745.jpg
cisco3745.jpg (33.47 KiB) Viewed 872 times

jan-jaap wrote:Large, loud, power hungry devices do not qualify because it has to be installed in my utility cabinet.

'nuff said ...


(*) The question is not 'are you paranoid?', but 'are you paranoid enough?' :mrgreen:
Last edited by jan-jaap on Fri Dec 21, 2012 5:01 am, edited 1 time in total.
:PI: :Indigo: :Indigo: :Indy: :Indy: :Indy: :Indigo2: :Indigo2: :Indigo2IMP: :Octane: :Octane2: :O2: :O2+: Image :Fuel: :Tezro: :4D70G: :Skywriter: :PWRSeries: :Crimson: :ChallengeL: :Onyx: :O200: :Onyx2: :O3x02L:
To accentuate the special identity of the IRIS 4D/70, Silicon Graphics' designers selected a new color palette. The machine's coating blends dark grey, raspberry and beige colors into a pleasing harmony. (IRIS 4D/70 Superworkstation Technical Report)

User avatar
zmttoxics
Posts: 896
Joined: Mon Aug 31, 2009 9:11 am

Re: ZyXEL firewall/routers

Unread postby zmttoxics » Fri Dec 21, 2012 4:54 am

fu wrote:i guess that both jj and sky are looking for specialized firewall features but since jj mentions dd-wrt and reliability, here's a short nekochan story:

years ago i was looking for a solution to block ads & flashy unicorns at router-level and tillin pointed me to dd-wrt. reading high and low i ended up using tomato (1, 2) on a common wrt54gs. it did (and still does) all i need and then some, all via a browser-based gui that folks like me can setup in 5 minutes ( also sports a cli for folks who don't like guis). besides ad-blocking, i just need file transfers between each base. i used to use the built-in vpn features too, but i offloaded most of my vpn needs to witopia since i'm mostly on the road.

i eventually bought 3 of them and found peace. the same old wrt54gs ones in ny & london are still up running -no problemo- for 6-7 years now. i only had to reboot them for a firmware update. i managed to muck up the one in berlin so i'm looking for a replacement, till then the AEBS undertakes router duties.

i stopped worrying about whatever cheap plastic box each ISP hands out w/ every dsl loop when i found out that i can just set it up in bridge mode, plug it into the wan port of my router and go.

my needs are simple, not sure if this will take the weight of a bunch of vpn tunnels or other demanding requirements. smallnetbuilder reports throughput figures & dd-wrt/tomato compatibility for newish models.


I run Tomato on a Netgear WNDR3500L as my home firewall/router. Does OpenVPN, my DDNS, excellent traffic monitoring, etc etc. I hung a 4500 off it not too long ago (summer maybe) as an AP to beaf up my wireless wireless performance. The Router has been solid for 2 years now though, and it was only ~$40. :D
Stuff.

User avatar
hamei
Posts: 10437
Joined: Tue Feb 24, 2004 4:10 pm
Location: over the rainbow

Re: ZyXEL firewall/routers

Unread postby hamei » Fri Dec 21, 2012 5:06 am

jan-jaap wrote:Large, loud, power hungry devices do not qualify because it has to be installed in my utility cabinet ...

'nuff said ...

2U of rack space. You do have a rack or two, right ? Two fans. The one I have at home has no fans, thus silent, but you want the big ponies. Could probably replace the fans with quieter ones. I'm going to do that to the 3660 because it has six fans and is a touch noisy. Power draw depends on how many external devices you connect (PoE) ... you could go with a 3725 but if you like stuff, you'll want the extra slots later. They are not power-hungry.

Firewall, telephony (want intercom capability in the house ? built into the Cisco), almost any kind of interface, reliability ... did I mention [b]reliability[/n] ? plus capabilities you haven't even considered yet. Ain't no two ways about it, j-j. If you are a computer freak the Cisco is the only way to fly.

They are extremely nice. Honest.
Last edited by hamei on Fri Dec 21, 2012 5:11 am, edited 1 time in total.

User avatar
zmttoxics
Posts: 896
Joined: Mon Aug 31, 2009 9:11 am

Re: ZyXEL firewall/routers

Unread postby zmttoxics » Fri Dec 21, 2012 5:10 am

So nice you posted it twice? ;)

IOS is something I almost never want to play with at home. At home I just want to work. I have stacks of 3750s and all kinds of cisco stuff at work. Work should stay at work, home should be relaxing.
Stuff.

User avatar
hamei
Posts: 10437
Joined: Tue Feb 24, 2004 4:10 pm
Location: over the rainbow

Re: ZyXEL firewall/routers

Unread postby hamei » Fri Dec 21, 2012 5:16 am

zmttoxics wrote:So nice you posted it twice? ;)

Sorry, clicked the wrong button :oops: Those things are tiny !

IOS is something I almost never want to play with at home. At home I just want to work. I have stacks of 3750s and all kinds of cisco stuff at work. Work should stay at work, home should be relaxing.

Cisco is relaxing. You get it running then you forget it exists.

Code: Select all

3640# sh ver
Cisco Internetwork Operating System Software
IOS (tm) 3600 Software (C3640-JK9O3S-M), Version 12.2(15)T9,  RELEASE SOFTWARE (fc2)
TAC Support: http://www.cisco.com/tac
Copyright (c) 1986-2003 by cisco Systems, Inc.
Compiled Sat 01-Nov-03 02:47 by ccai
Image text-base: 0x60008950, data-base: 0x6203A000

ROM: System Bootstrap, Version 11.1(20)AA2, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)

3640 uptime is 1 year, 1 day, 7 hours, 11 minutes
System returned to ROM by power-on
System restarted at 10:03:28 Beijing Thu Mar 11 2010
System image file is "flash:c3640-jk9o3s-mz.122-15.T9.bin"

That was in 2011. It went another six months before I had to disconnect it to move it across the room.

Before I got carried away with the current phone project, I hadn't even touched the thing since then. Literally. Prior to that, during an equal amount of time we went through two Buffalos* and a Linksys. (It gets very hot here in summer.)

And oh yeah, the Zyxel that fried at home (belonged to China Telecom, who cares), replaced by a TPLink (never buy one of those, more cheap junk but easy to get on a Saturday morning) finally replaced by another Cisco.

Smartest thing I ever did network-wise was go to Cisco. (Not Linksys.) When I get a hair up my ass I can play with it. Otherwise it just runs.

I don't like shit that's a pain in the ass. The Cisco router is anything but.

I can see where a lot of people would rather have a nice small Buffalo or whatever. And they are a good choice for most people. But j-j has a miniature NORAD command center for a hobby. I think he can handle it.


*Once you get the hang of it, I find IOS more logical and easier to use than the graphical interface of dd-wrt.

----------

While you're here, toxics ... you're a Solaris guy, aren't you ? I started ntp running a few days ago on a V100 (Cisco router acting as ntp server, took a couple small entries

Code: Select all

ntp clock-period 17180462
ntp master
ntp server 216.218.192.202 prefer
ntp server 209.81.9.7
ntp server 128.2.1.22

in the config, ahem) - the ntp client in Solaris shows up as

Code: Select all

 online        21:47:48 svc:/network/cswntp:default

but the computer is still about fifteen minutes slow. I know it takes a while to catch up but how long should this take ?

User avatar
jan-jaap
Donor
Donor
Posts: 4969
Joined: Thu Jun 17, 2004 11:35 am
Location: Wijchen, The Netherlands
Contact:

Re: ZyXEL firewall/routers

Unread postby jan-jaap » Fri Dec 21, 2012 7:12 am

I think a Cisco RV180 VPN Router would be more realistic for a SOHO network. For the big hardware you need a support contract to access firmware updates. Oracle practices, bleh :(

I haven't forgiven them yet for yanking the firmware updates for the WS-C1100 and WS-C1400 FDDI concentrators from (public) FTP and restricting it to active support contracts. Anybody have a copy of ftp.cisco.com from the 2002 - 2007 era?

The RV180 doesn't have wireless, so I'd need an access point. Why oh why is a wireless N access point at least twice as expensive as a wireless router with similar (5GHz band, 300 or 450Mbit) capabilities :roll:
:PI: :Indigo: :Indigo: :Indy: :Indy: :Indy: :Indigo2: :Indigo2: :Indigo2IMP: :Octane: :Octane2: :O2: :O2+: Image :Fuel: :Tezro: :4D70G: :Skywriter: :PWRSeries: :Crimson: :ChallengeL: :Onyx: :O200: :Onyx2: :O3x02L:
To accentuate the special identity of the IRIS 4D/70, Silicon Graphics' designers selected a new color palette. The machine's coating blends dark grey, raspberry and beige colors into a pleasing harmony. (IRIS 4D/70 Superworkstation Technical Report)

SAQ
Posts: 5871
Joined: Wed Jul 19, 2006 8:37 am
Location: Renton, WA

Re: ZyXEL firewall/routers

Unread postby SAQ » Fri Dec 21, 2012 10:12 am

If you can afford it I second Cisco. I went from fighting "consumer-grade" stuff at work (resets once a month, odd bugs) to Cisco router/WAPs and haven't had to touch it since.

The downside is learning IOS and figuring out exactly how you want the thing set up. I wish Cisco would just cancel their GUI program and attached documentation. It doesn't work anyway (I've tried- you'll be going along and then either something will not be supported or it won't configure the device right), and the resources from the GUI group could be put into producing good "IOS CLI for people who haven't used it before" documentation.

Anyone here deployed Vyatta on a laptop? I've been considering that for home use.
"Brakes??? What Brakes???"

"I am O SH-- the Great and Powerful"

:Indigo: :Octane: :Indigo2: :Indigo2IMP: :Indy: :PI: :O3x0: :ChallengeL: :O2000R: (single-CM)

User avatar
hamei
Posts: 10437
Joined: Tue Feb 24, 2004 4:10 pm
Location: over the rainbow

Re: ZyXEL firewall/routers

Unread postby hamei » Fri Dec 21, 2012 7:06 pm

jan-jaap wrote:I think a Cisco RV180 VPN Router would be more realistic for a SOHO network. For the big hardware you need a support contract to access firmware updates. Oracle practices, bleh :(

To some extent I have to agree with you. As a company Cisco management is despicable.

However, several of their products are good. I can't say about the RV180 'cuz I don't have one. Maybe it does everything these older boxes do, too. But the 3640 was excellent. The 3745 is very similar but slightly updated and a three-times faster cpu. It's MIPS, too :D There are newer units but the cost zooms way up. The 3700 series seems to be a good point in the cost-vs-benefits curve. I went 3660 only because one became available here, importing is a pita. That and I have developed network module lust ...

Did a touch of research, with a single power supply and a couple network modules the power draw is ~ 60 watts. I was mistaken, the 3745 has four fans where the 3640 had two. But people have succesfully replaced the windtunnel models with quiet units. The six fans in the 3660 have to go :evil: I'm thinking two 140 mm units will move the same air but with a lot less noise.

The reason I think you'd be happier with a more industrial unit is that you really can do a lot of things with these older boxes for a low cost. With the network module system they are extremely versatile. Most used network modules are cheap .. you can have serial interfaces (built-in terminal server for all your antiques, accessible from anywhere with an internet connection), T1, ISDN, ADSL, SDSL, Ethernet, Fastethernet, Gigabyte Ethernet (that one is expensive), modems, frame relay, maybe FDDI, telephony, twisted pair, optical, you name it. In a small installation you don't need a separate firewall - everything a PIX will do, IOS will do in the router. Faxes to an smtp server so those little mass-marketing jerks can't use up all your ink and paper. Internal 80 gigabyte transparent proxy server. The slow-ethernet adapters have AUI connectors as well, so you could run FatWire to the Indigos. Token Ring (never can tell, maybe you'll find an IBM you like some day.) Four-port ethernet switch, 16 port fast-ethernet managed switch. Want intercoms throughout the house ? Grab a few 7900-series phones for $30 each and away you go, call anywhere in the house. Hit 82, "Help ! the baby shit his diapers ! You better come up here and change him !" Grab an FXO module and connect the phones to the outside phone company. Hardware IPsec VPN. NTP, DNS, DHCP, all in the router. PoE. Vlans, of course. QoS. IOS is straightforward once you get used to it. (Admittedly the getting used to part is a bit of a hurdle in the beginning.) ACL's are not simple but hey, that's true anywhere :(

Converged, man. Converged :D

I didn't come to this conclusion as a fanboy - "Oh Cisco is so kewl d00d ! they're like so high-tech that we don't need like farmers no more man, we'll all be Knowledge Workers !" I hate Cisco. Their management is despicable. They cheat on taxes, they cheat the stockholders and society by lying about their books to "increase profits quarter over quarter", John Chambers and all his buddies should be in prison taking the big ten inch up the ass hourly. Put it up on an Internet video-sharing rich user experience channel. They are scum.

I was forced into it by failing soho stuff. Cisco routers work.*

The RV180 doesn't have wireless, so I'd need an access point. Why oh why is a wireless N access point at least twice as expensive as a wireless router with similar (5GHz band, 300 or 450Mbit) capabilities :roll:

I get used 'junk'. Some of the 2800 series machines use network modules as well, I believe you can get them with wireless built-in and they aren't totally expensive on price ? But a few versions back is double-cheap. I have found that a little bit slower industrial-grade equipment is still faster than less-reliable soho stuff. But then again, our environmental situation is terrible (it is very hot and humid in summer, cold and dry and lots of static electricity in winter) so ymmv. But I will say that the Assistant is not averse to snivelling at slow network speeds. Complaints have been way down on the networking front since I went Cisco. And I get to surf for pr0n instead of rebooting the router :P



* This endorsement only applies to the ones I have bought. Mine are all kind of elderly, from back in the times when bad products meant the company failed. Due to "free market forces" and protection-racket legislation there are now two or three companies which control everything, zero choice and precious little quality control. Yippee.

User avatar
skywriter
Posts: 3300
Joined: Fri Mar 14, 2003 5:22 am
Location: Trump-proof bunker
Contact:

Re: ZyXEL firewall/routers

Unread postby skywriter » Sat Dec 22, 2012 5:56 am

what i meant by 'feedback' was worthless product bashing. because, you see, it doesn't help me at all. like most else here lately, it's a waste of my time to even read any of it.
:Skywriter:

DECUS Member 368596

User avatar
hamei
Posts: 10437
Joined: Tue Feb 24, 2004 4:10 pm
Location: over the rainbow

Re: ZyXEL firewall/routers

Unread postby hamei » Sun Dec 23, 2012 12:50 am

skywriter wrote:what i meant by 'feedback' was worthless product bashing. because, you see, it doesn't help me at all.

Hmm. Well, two people in this thread have owned ZyXEL products and would not recommend them in any way. Another person has the item you asked about and said it was okay but very slow. A fourth person whom I believe to be more electronically savvy than most of us discarded that device from consideration after checking out its reputation.

If that is worthless bashing, may I suggest that you look for a Circuit City flyer or a Ziff-Davis 'review' of the product in question ? That should be more helpful to you.

User avatar
skywriter
Posts: 3300
Joined: Fri Mar 14, 2003 5:22 am
Location: Trump-proof bunker
Contact:

Re: ZyXEL firewall/routers

Unread postby skywriter » Sun Dec 23, 2012 4:45 am

Hamei find different thread to practice your perverse form of communication will you? I'm not interested in dueling with you anymore.
:Skywriter:

DECUS Member 368596


Return to “Miscellaneous Operating Systems/Hardware”

Who is online

Users browsing this forum: No registered users and 1 guest