Please recommend a firewall/VPN router to replace a ZyXEL ZyWALL 35


Our current setup uses a ZyXEL ZyWALL 35 with two Netgear DG834G ADSL routers connected to the two WAN ports on the ZyWALL. Our office is in a fairly remote location so ADSL is our only viable method of providing an internet connection. This setup has worked quite well for the last couple of years but recently we have had the following concerns with continuing to use the ZyWALL:

- We are getting more remote users using Windows Vista and the ZyXEL VPN client doesn't work under Vista. ZyXEL won't give an ETA on when a Vista-compatible version will be out, but suggest it could be next year.

- The VPN has also not been the most reliable with Windows XP users - often it works but there have been random connection problems - sometimes it just doesn't work, despite ZyXEL confirming that our setup is correct.

- We would like to have more than two ADSL links in the near future (possibly up to four) and then use one for servers (Exchange server, etc.) and the other three to be load-balanced to provide web access to our users' workstations. Our current ZyWALL 35 only has 2 WAN ports.

We have now had more problems with our ZyWALL 35 unit and are looking to replace it immediately. Can anyone recommend a replacement unit that ticks the following boxes:

- is a hardware firewall

- has full IPsec VPN

- VPN client is Windows-Vista compatible - a must!

- has up to 4 WAN ports and allows load-balancing across some of the WAN ports (but not forced to load-balance ALL of the ports - want to use one for servers only, so some kind of static routing required) so we can connect multiple ADSL connections.

- will provide NAT so we can forward ports (eg. 21 to our FTP server, 25 to our Exchange server, etc.)

Cost is less of a concern over having a reliable unit that comes from an established manufacturer and ease of use (easy VPN client installation/use, good GUI interface to router, etc.). We are now a company with over 150 users, so are more than happy to invest heavily in a unit if it gives us what we want.

So, can anyone point me in the right direction?

Many thanks, Robert Stokes

Reply to
Robert Stokes
Loading thread data ...

formatting link
- call their sales line, explain your situation and goals, their devices are top of the line.

You may be able to build a solution that does not require any VPN software installed anywhere - you might be able to use a SSL based solution.

Reply to

Thanks Leythos ... I was just looking at the WatchGuard products actually! So a recommendation that they are good products is fantastic. I will definitely call them and explain the situation, but the Firebox X Core X1250e (upgraded to the Firebox Pro OS) looks like the unit for us. The price is also around what I was budgeting for.

formatting link
I also found an article on TechRepublic that suggested that a Vista-compatible upgrade to WatchGuard's VPN client software will be released in late 3rd quarter 2007, so not too long to wait if we go that route.

formatting link
Thanks again for the recommendation!

Reply to
Robert Stokes

I have a x1250e and a Firebox III/1000 and a Firebox II sitting here in my home, they are great units. I've installed about 80 of them in the last few years and always found they were easy to make work with about any other device and their own.

formatting link

We don't implement their VPN client software, we use a number of methods, even the old PPTP and then we setup restrictions on what the VPN user can access (IP and Ports) - so it's not an open all access VPN connection. In most cases we limit a VPN connectio to the IP of the terminal server by port 3389 - this eliminates most issues that others experience with a VPN.

Reply to
Leythos Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.