Don’t buy ZyXEL equipment
I’ve had my share of experiences with ZyXEL equipment, like the ZyWALL vs. Exchange post i did a few years ago.
But today i experienced the most grave issue with their equipment that critically impacted a customers business.
The customer has two sites – an HQ with an SBS 2008 and a branch office with two Lenovo SFF machines running Windows Vista Business. Both sites are using 20/2 VDSL lines from Swisscom, with ZyXEL P-2802HWL routers.
There is an IPsec VPN configured between these two sites. This has been working fine since January.
Now, about a month ago a telecom service company installed VoIP telephones in the branch office, and enabled QoS on both ZyXEL routers.
Since then, Outlook was unable to synchronize correctly with the SBS server. Unfortunately, the customers personnel isn’t that technically savy, so they weren’t able to tell that they had a problem – because smaller e-mails were able to successfully synchronize, but larger ones failed. This led to very inconsistent states of the OST files, with some mails there and some mails not there.
When i arrived at the branch office i didn’t have a single clue what the issue was or may be. At first i suspected an Outlook problem, so i deleted the OST file. But from there on, nothing happened – Outlook wasn’t able to download anything.
Next, i tried to copy a 50kbyte Excel file from a share to the local computer. This worked. So i tried a 2 megabyte Word file. This failed about halfway through, with Explorer just hanging there and doing nothing. From that point on, i suspected a network issue, but the fact that copying a 50kbyte file worked and a 2 megabyte file didn’t was very odd.
Using Outlook with Outlook Anywhere also worked (when the VPN tunnel was downed).
Whenever i’m confronted with strange network problems, i suspect MTU issues (which was my first “real” network problem i solved back on my first ADSL line – took me weeks for a simple fix). ping -l 5000 CUSTSBS01 worked. ping -l 15000 CUSTSBS01 worked, too. So thought it wasn’t an MTU issue.
Disabling QoS on the ZyXEL router fixed the issue, but made the phones unusuable while Outlook was filling it’s OST files.
So i ran through the usual check points – tcp checksum offloading, chimney, receive window autotuning, reboots, etc. Nothing helped. At the end i was just changing network settings at will. But nothing helped.
Out of any reasonable ideas, i changed the MTU to 1300. That fixed it – with QoS enabled and the NIC MTU of the two machines, everything was working as it should. File transfers worked, Outlook worked, Phones worked.
Don’t buy ZyXEL.
Chris:
In my experience ZyXEL makes decent equipment, never had a problem.
15. May, 2009, 04:28Paul:
worse than is that Studerus (Swiss retailer of Zyxel) does employ at least some very uneducated or unmotivated technicians.
15. May, 2009, 10:54Even after I fully documented a UI bug that made the web interface not to display (i.e. only Pro’s could configure the device on the command line) they were not able to “reproduce” the bug and sent back the device 2 times claiming to have repaired it (whereas I honestly doubt they did anything at all).
Since that day I never sold Zyxel again.
Lukas Beeler:
Paul,
Yeah. I remember a story when a customer wanted to buy a new UTM ZyWALL (USG 100), shortly after it was released. The ZyWALL 5 he had until then choked on the new VDSL line.
I offered him a SonicWALL NSA2400 (which is roughly two times as expensive), and cited earlier issues with the ZyWALL 5 and the new USG models. He didn’t listen, and bought the USG 100 somewhere else.
After three months of several support cases (Client-based VPN connections to a manufacturer crashed randomly, routing didn’t work as expected) with Studerus, there was still no solution. We then installed redundant SonicWALL NSA2400.
The SonicWALL devices may not be perfect either, but in the two support cases i’ve had so far i’ve always received a hotfix well within two days.
15. May, 2009, 14:00Tejas Parab:
Hi Lukas,
I have had many similar experiences with Zyxel equipment in the firm that I work in but have not managed to find any fixes. While doing searches on google, I managed to find your web blog. I followed what you have written and it solved my problem as well, so just wanted to say thank you for writing this up.
Also, I think Zyxel needs better Technical support, not that I would not buy Zyxel again but will need to think twice.
Regards,
25. May, 2009, 08:16Tejas
pronse:
I’d have to agree with not buying ZyXTEL! I am just using their wireless adaptor AG-225H and it cuasing Outlook and MS Words to really go crazy!
Moving messages from Inbox to Archive in Outlook for example, would delete them!! Opening a Word document would take forever then come back with an error!
Emailing MS WOrd docs to others would not allow them to open!!
All of this would work thu once I connect using different methods or even disconnect in MS Word case.
Conclusion…they do have some problems!
21. August, 2009, 20:16Lukas Beeler:
prose,
I doubt your issues are caused by an USB wireless adapter.
21. August, 2009, 20:26Paul:
I’ve got a new one:
Zyxel USG 100 has a firmware bug which does not allow you to set the netmask for IPSec VPN clients.
i.e. if you have a network 10.1.0.0/16 inhouse (or /24) the IPSec client /always/ gets a 10.0.0.0/8 address.
You simply cannot use the USG 100 if you have a 10.x network (and any of your customers has another 10.x, even when these do NOT overlap).
The Studerus technician did not even know what I was talking about! One should not be too hard with Studerus about that. The ‘firewall “specialist”‘ of Intus Data Design AG (Switzerland, they sold this product and are maintaining it) knew even less :(
What a crappy company. Choose which one I might mean.
Paul
23. August, 2009, 08:52