Zyxel USG Flex 700H review: Never having to choose between on-premises or cloud management

Cloud-managed networking is a valuable ally for most businesses as they can monitor and configure all their security, switching, and wireless services from a centralised cloud portal. A main drawback is that the majority of vendors lock out local device access when this is enabled, and as we've found on a number of occasions, some advanced features don't get ported over to the respective cloud portals.

Zyxel neatly overcomes these limitations as its USG Flex H series of UTM (unified threat management) appliances introduces the Smart Sync feature. You can manage these appliances from their local web console or Zyxel's Nebula Cloud Control (NCC) portal, and any configuration changes made in one will be automatically synced to the other.

We review the top-dog USG Flex 700H, which looks to offer an impressive security package at a competitive price. Zyxel declined to tell us what CPU it was using, but it must be fairly good as the 700H boasts a high raw SPI firewall throughput of 15Gbits/sec and a respectable 4Gbits/sec with the anti-malware and intrusion prevention services (IPS) enabled.

Zyxel USG Flex 700H review: Hardware and security features

The appliance offers plenty of port choices, with the first two 2.5GbE multi-Gig ports available for dual WAN services. Next up, you have two copper 10GbE multi-Gig ports presenting 802.3at PoE+ services, eight standard Gigabit LAN ports, and two 10GbE SFP+ fibre uplink ports.

Prices on Zyxel's store website start at £1,475 including VAT, with the base subscription bundling the appliance and a 1-year subscription to Zyxel's IP reputation filter and SecuReporter cloud reporting service. The appliance with 1-year Gold Security Pack subscription only costs £1,679 and enables everything Zyxel has to offer, including anti-malware, web content filtering, IPS, application patrol, and cloud sandboxing – further one-year Gold subscriptions cost £914.

There's more as the Gold pack includes an NCC Pro Pack upgrade which enables features such as email alerting, organisational audit logs, scheduled device firmware updates, configuration backup and restore, and a rolling one-year log retention service. You also get the Device Insight service on the appliance, which provides full visibility on all connected wired, wireless, plus BYOD devices, details such as their MAC address and detected OS, and options to block selected ones.

The Gold Pack enables the Secure WiFi feature, which allows remote and home workers using a Zyxel AP that supports Remote AP (RAP) mode to create a secure, encrypted tunnel to the appliance. There's one catch, though, as this feature won't be available until later this year.

Zyxel USG Flex 700H review: Deploy and configure

Deployment is a breeze as the appliance's local web console runs a wizard that requires an admin account password change, enables your selected WAN port, and then offers to create one subnet for the 10GbE PoE and the first two Gigabit ports, and another for the last four Gigabit ports each with their own DHCP server. It then asked us to register the appliance with our NCC account, while new users are offered the chance to create an account and define their first organisation and site.

You can easily configure the security services as they are all accessed from the relevant menu in the local console or from one page in the NCC portal. Most can be enabled with one click, and for the anti-malware service, you can request that specific file types, such as executables and ZIP archives, be checked against Zyxel's cloud threat intelligence database.

The web content filtering service offers 105 URL categories that can be blocked or allowed, while Zyxel's DNS threat filtering intercepts DNS queries and blocks known malicious domains. Profiles for the application control service can include any of the thousands of predefined signatures or you can choose from 26 categories to block all access to services such as social networking.

We found that most advanced security features are mirrored across both the local and NCC interfaces, and the Smart Sync service worked perfectly. We made numerous changes to various services and firewall policies from NCC, and each time, the local console flagged up an alert that changes had been made and automatically updated itself. Equally, any changes made in the local console appeared in the NCC portal.

Some features, such as Device Insight, can only be enabled and viewed from the local console, but Zyxel has this covered. Select the firewall from the NCC devices page, and you can use the remote configurator tool to open a secure session to the appliance's local console, which automatically closes after 30 minutes.

Zyxel USG Flex 700H review: Monitoring and SecuReporter

The appliance's local console provides two dashboard views, with one presenting an appliance hardware status overview and port traffic statistics. The Security dashboard provides charts and graphs of all security services, the top apps, detected threats, plus sandbox activity, and you can use the security statistics section to drill down into individual services for more detail.

The NCC dashboard can be customised with a range of widgets for all Zyxel cloud-manageable devices. The lion's share of widgets is for wireless network monitoring, but ones are provided for the firewall and show the top ten network applications, CPU utilization, and security alerts.

One click on the security alerts widget takes you straight to the SecuReporter cloud portal, which opens with a detailed dashboard showing the status of every security service, a global threat map, and details of all detected attacks. The Analysis pages provide deeper insights into security issues with options to generate and email regular reports, while the AI-powered SecuPilot offers views of the most severe threats and remediation advice.

Zyxel USG Flex 700H review: Is it worth it?

Most definitely. Zyxel's security appliances have always offered SMBs great network protection features at affordable prices, and the USG Flex 700H continues this tradition with a price tag that'll give the competition nightmares.

It offers an impressive choice of network ports, and although the appliance's PoE power budget of 30W is on the low side, it should be enough to drive a couple of Wi-Fi 6/7 wireless access points. The Gold Security Pack delivers an impressive set of security measures, but the standout feature has to be Zyxel's Smart Sync, as it doesn't force you to choose between local and cloud management.

Zyxel USG Flex 700H specifications