Following the recommendations of "best practice", network devices of various purposes, such as IoT, work computers, smartphones, guest devices, should always be located in different subnets, and ideally terminated through a common security gateway, however, in some cases, for example, when the gateway does not cope with the flow of traffic, distribution by subnets it can be assigned to a network switch to separate different devices by VLANs, thus separating access to different networks already at a reliable and fast L2 level. Here the question arises, how to cope with a large fleet of devices, so as not to prescribe rules for each individually, and to abandon insecure authorization by MAC address?

Zyxel USG Flex 100AX is an entry–level security gateway that is designed for installation in small offices and branches, in cases where the company has strict security requirements or there is a complex multi-rank network in which it would be nice to restrict employee access to various social networks and unnecessary resources and have an additional line of protection of the network perimeter.

We have a rather interesting class of L3 switches in front of us: multi-gigabit PoE models with a relatively small number of ports, an average PoE budget by modern standards, but 10-gigabit uplinks. They are interesting because the manufacturer has placed 2.5G PoE + 10G in a compact 9-inch rack housing with a silent fan, and such a switch can be installed at home, in a 1-room office, under a false ceiling or in narrow telecommunication cabinets.

A typical IoT attack looks like this: the device connects to a malicious Internet resource directly or through its own VPN, downloads and installs malicious code on itself, after which it begins to be either part of a large bot farm for attacks on third-party resources and use as a resident proxy, or simply spies on your network, trying to intercept anythat data, pull information from open resources or harm in any other way. It is not difficult to protect your network from possible IoT attacks.

Let's talk about the advantages of IPv6-based segment routing technology, which displaces LDP tag allocation and network resource reservation protocols, RSVP on the example of a 10-gigabit router for small businesses and consider how FlexE technology helps to maintain a guaranteed bandwidth level for customers.


This is a 28-port switch, in which 4 ports are gigabit optics for Uplink, and the remaining 24 ports are 1-gigabit RJ45 PoE with a total power budget of 370 watts, and each of these ports can work both in 802.3af mode (up to 15.4 watts) and and in the mode (up to 30 watts). When integrating into the project, some features of this switch should be taken into account.

Not so long ago, Human Security revealed an entire shadow network associated with infected devices and malicious applications. Infected were not only Android TV set-top boxes, but also tablet PCs, wearable devices and even cars. Some IoT devices may even be infected with viruses or Trojans already at the stage of their production or sale, and since it is impossible to imagine a modern company without IoT today, it is important to properly protect your network.

Switch stacking technology allows you to combine several physical switches into one virtual switch, combining their switching matrices and simplifying port management from a single stack web interface. One of the most popular functions of the stack is to combine ports from different switches into common lagging groups to get a fault-tolerant network that can withstand the breakdown of N-(N-1) switches. I want to draw attention to the fact that modern Zyxel combines support the connection of up to 8 servings per package. So if 7 out of 8 switches can appear in your network - but well, the network continues to work.

Choosing the right solution for building a firewall becomes key for businesses and individuals who want to protect their networks from security threats, configure more complex network settings and effectively manage traffic. In this post, we will compare pfSense with OPNsense, including their functions and differences, to help you make an informed choice to protect your network.