IT Pro Verdict
Includes load-balancing features
Wide range of security controls
Nebula Security Pack license required for advanced features
Zyxel’s security appliances divide into two families: the USG models are designed for local administration, while the NSG range can be managed from anywhere in the world using Zyxel’s Nebula Control Center (NCC) cloud platform.
The model we tested this month is the NSG200, which is aimed at small offices, and the price shown includes your first year’s subscription to Zyxel’s Nebula Security Pack. This enables IDP, application control, content filtering and antivirus security services on the appliance, and also upgrades your access to the NCC console. The basic free service has limited features, including a logging limit of just seven days, but your Security Pack licence enables Nebula Professional, which gives you a full year’s worth of logging and adds other worthwhile features such as email alerts and auditing.
The web portal is easy to use, although you might find yourself wishing the main dashboard were more customisable; it provides an overview of your security and network status, but also dedicates space to details of Nebula-enabled wireless APs and switches – even if you don’t have any. Still, the new NCC console is already in beta, and this will let you choose which widgets you want to display on the dashboard, while also ditching the dark look in favour of a brighter colour scheme.
One big benefit of the NSG200’s cloud-based design is that it enables zero-touch deployment. Before you even unbox the appliance you can set up a top-level organisation in NCC, add sites below it and configure a security profile to be pushed to the device as soon as it’s added to a site. This can include antivirus and IDP services, and settings for the application control service – which Zyxel cutely calls “application patrol” – to manage access to over 3,000 apps, including Facebook and Twitter. There’s a web-content filtering service too, which lets you block access to any of 64 site categories.
All of this makes the NSG200 ideal for businesses with remote offices, as it means you can simply send the appliance to the desired location and it will automatically pick up all the appropriate settings as soon as it’s plugged in. The self-configuration process takes around five minutes, and once it’s up and running the NSG200 will also regularly check for firmware updates, and apply them either in the background or at nominated times.
In fact, the most inconvenient part of setting up the NSG200 might be registering the appliance, as the web portal asks you to manually type in the unit’s MAC address and serial number. There’s an easier option, though: we simply used Zyxel’s iOS app to scan the QR code printed on the NSG200’s box. This captured the MAC address and all other required details, enabling us to add the appliance to an active site with a single tap.
As well as setting up security services, the NCC portal lets you configure the appliance’s two Gigabit WAN and five Gigabit LAN ports. If you have two internet connections, you can have both WAN ports active at the same time, and apply load balancing across them; the LAN sockets, meanwhile, can be divided into two groups, each with its own IP address and DHCP settings, and optional bandwidth limits applied to client IP address ranges and destinations.
Custom firewall rules can be set too, including sources, destinations, protocols, actions and a time schedule, and captive portals can be presented to guest users, complete with custom logos and AUPs.
In short, the Nebula console offers all the management options you’re likely to need, and the NSG200 itself is temptingly priced. It works best when partnered with Zyxel’s Nebula-enabled wireless APs and switches, but even on its own it provides a fine spread of security features for SMBs seeking a cloud-based gateway security solution.
Zyxel NSG200 specifications
|7 x Gigabit Ethernet (2 x WAN, 5 x LAN)
|2 x USB 2, serial port
|Nebula Cloud management
|300 x 178 x 44mm
Dave is an IT consultant and freelance journalist specialising in hands-on reviews of computer networking products covering all market sectors from small businesses to enterprises. Founder of Binary Testing Ltd – the UK’s premier independent network testing laboratory - Dave has over 45 years of experience in the IT industry.
Dave has produced many thousands of in-depth business networking product reviews from his lab which have been reproduced globally. Writing for ITPro and its sister title, PC Pro, he covers all areas of business IT infrastructure, including servers, storage, network security, data protection, cloud, infrastructure and services.