ZyXEL's ZyWall 35 shows that, while small in dimensions, it is not small on features. The front panel of the appliance houses two WAN and four LAN Fast Ethernet ports, while the rear of the device has out-of-band management through it is console port and a PC Card slot, so you can add 802.11g WiFi (see company website for supported cards).
They have also thoughtfully provided a modem port, which can be used to allow an emergency dial-up connection in the event that the WAN fails.
In addition to acting as a firewall the ZyWALL has some more general traffic control rules. Included in these are WAN failover, load balancing and, via a separate registration process, web content filtering.
The management interface also lets you choose how you want to configure the DMZ. Any of the four LAN Fast Ethernet ports can be switched to the DMZ, depending on how many machines you require.
The firewall comes set with a basic policy that allows all traffic from the LAN to WAN, so you'll need to lock this down.
It is also set to allow assymetrical routes, which turns off firewall checks for packets staying within the same firewall zone. It is important that you turn this off if you want to use the ZyWALL 35 to segment your network.
On top of the default policy it is simple to create service-specific rules for the stateful inspection engine. The ZyWALL is supplied with an extensive default list of services, but it is easy enough to add a custom service.
Finally, the firewall has a VPN server on it, which will accept up to 35 connections.
While this appliance is the least powerful firewall in the group test, it is still an excellent product. Additional features, such as its support for two WAN connections are usually only found on firewall products at the higher-end of the group range.
Suitable for either branch offices or a cheap way to segment an internal network, the ZyWall 35 scores highly.
However, it is a shame that there is no option on the appliance to configure antivirus.