Zyxel ZyWALL ATP500 review: Tough and affordable gateway security

Zyxel's ZyWALL ATP, advanced threat protection, appliances are aimed at SMBs that want much more than a firewall can offer. The ATP500 takes the standard UTM features from Zyxel's USG Flex family and adds advanced security measures such as cloud-based threat intelligence using machine learning, sandboxing to protect against unknown threats, and deep analytics.

The ATP500 sits in the middle of this family of six appliances and claims a decent 2.5Gbits/sec raw firewall throughput and 0.9Gbits/sec with all UTM services enabled. This desktop unit presents seven copper gigabit ports that can each be configured for WAN, LAN, or DMZ duties, plus an SFP fibre gigabit port for longer connections.

The price we've shown will appeal to smaller businesses as it includes a one-year Gold Security license, with one- and two-year renewals costing £381 and £660 respectively. This enables every security service and is the only license Zyxel offers.

It's an impressive list since it includes all the advanced protection features along with hybrid anti-malware, email security, web content filtering, application controls, IPS, all threat filters, and Zyxel's SecuReporter cloud-hosted reporting and analytics service. Another smart feature is Zyxel's collaborative detection and response (CDR), which allows you to set thresholds on the number of times client devices can trigger the malware, IDP, or web threat services before they are automatically quarantined.

Zyxel ZyWALL ATP500 review: Performance

The ATP500 can be easily managed in standalone mode, where a wizard enables internet access, upgrades the firmware, and activates all security services with a default firewall policy applied. You can keep a close eye on all the action through the console's ATP dashboard, which provides a detailed seven-day view with charts and graphs of all security services, reputation filters, the top apps, threat statistics, and sandbox activity.

Most businesses will prefer the Nebula Control Center (NCC) platform, although it's annoying that the email security component is still only supported in standalone mode. The benefits outweigh this, though, as NCC provides cloud management services for all ATP appliances along with Zyxel's wireless APs, switches, and mobile routers.

Registering the ATP500 to our cloud account was simple: We used the Nebula iOS app on an iPad to scan its QR code and add it to our site. The appliance then appeared online, disabled its local web console, and took all settings from our cloud portal. We found it easier to use than standalone mode as a single site policy applies firewall rules, web content filtering, applications controls, and the anomaly detection and prevention service. From the security services section, you can create as many web and application filters as you want and choose which ones to use in the policy.

Zyxel's application patrol service presents over 3,700 business app signatures, including plenty for social networking activities. You can choose from 103 predefined categories for web filtering controls and add custom URLs to the blocking list as well.

Anti-malware services are global and the hybrid mode activates Zyxel's cloud threat intelligence, which teams up a local signature database with cloud queries to check whether it's safe to allow downloaded files to pass. It's the same with the sandbox service, which is enabled with one click, runs unknown files safely in the cloud, and destroys them if they are deemed to be malicious.

The ZyWALL ATP500 is a great choice for SMBs and remote offices that want tough and affordable gateway security. Zyxel needs to get its email security integrated with the Nebula cloud portal, but apart from that, this desktop appliance delivers sophisticated protection against zero-day threats, is easily managed, and has remarkably good value.

Zyxel ZyWALL ATP500 specification