Hi all,
I've some experience with the ZyXel firewall specially the USG-60W, USG-40W and USG-20W.

I was wondering if there are RouterBoards that can replace them in terms of performance/functionalities.

For example if I have three sites with 5 / 10 / 25 users what are the right Mikrotik models I need to choose?

Thank you.

I have played with these for a bit in an ISP setting using several different models.
I have found that in general:
<100Mbps with normal packets = RB750 (Small Office)
100Mbps to 1Gbps with normal packets = RB1100 (Apartment Community)
500Mbps to 10Gbps - any packet size = CCR1016 -CCR1036 or ROS on your hardware for larger businesses or BGP links.
Firewall rules can be tricky until you play with them for a while but you soon will realize that this firewall can do ... anything from block hackers to cooking breakfast.

Some specific situations require more specific models for PoE, Wireless, etc. ...

Again this is generally speaking and based on what we currently use.

Good Luck,
T

depend config.
some setups - can easily screw/overhelm even 72-core CCR's.
how bout 850gx2 or upcoming rb3011 ?
if aren't short on money then in terms of investments, CCR1009-PC(passively-cooled) may be nice choice(for future, with horsepower reserver for tomorrow needs), cuz its "only" 2.5x more expensive, but SIGNIFICANTLY more powerful.
60g for example - advertised as 1000Mbps throughput(with 1518 packets) with SPI. which is about 1.5x more than rb2011 did, for example.so even 850gx2 would be faster.

So long as you're routing less than 100Mbps of traffic, the 2011 family is great.
That's what I have at my house, and what we used as the standard CPE router at an ISP where I worked.
It could handle a complex firewall rule set, QoS, traffic shaping, WiFi, and NAT - at 80Mbps with no voice quality issues, and a good user experience during my bench testing.

its didn't had (slow/compromise-tuned)anti-virus and some other feats, like zuxel(or D-L DFL and DSR boxes)devices had.
about 100Mbps over rb2011 - depend traffic and config.
with minimalistic firewall, moderately fragmented traffic with normal pps - may be. otherwise 45-60Mbps would be more realistic figure(with 75Mbps subscription was about 95% CPU on one of my friends RB2011).

its didn't had (slow/compromise-tuned)anti-virus and some other feats, like zuxel(or D-L DFL and DSR boxes)devices had.
about 100Mbps over rb2011 - depend traffic and config.
with minimalistic firewall, moderately fragmented traffic with normal pps - may be. otherwise 45-60Mbps would be more realistic figure(with 75Mbps subscription was about 95% CPU on one of my friends RB2011).

He must have a complex setup with a lot of queues and filtering then. I use my RB2011 with my 200/20 Mbit subscription. No problem, 200Mbit is about 80% CPU because of NAT.

different consumers - different feats/performance balance/priority.
which is(flexibility) is key ROS advantage.
one of my rb751's i handed/gifted to charity project/installation - runs 65/12 subscription without complaints(basic browsing load dominate), despite Huge amount of users. but most home users do stress their CPE way harder nowadays.

different consumers - different feats/performance balance/priority.
which is(flexibility) is key ROS advantage.
one of my rb751's i handed/gifted to charity project/installation - runs 65/12 subscription without complaints(basic browsing load dominate), despite Huge amount of users. but most home users do stress their CPE way harder nowadays.

Complaints? I'm sure you have some form of monitoring in place to actually measure usage and load? Otherwise that might not be a good way of deciding if the product is a good fit or not.

No complaints is always a good thing though. But I like to scale my setups to never go above 75% CPU usage so I know that it can handle the config with ease.

Thank you guys I have a more precisely understand of the routerboards hardware.

When you say 100/1000/... Mbps of traffic is intended as the total in and out traffic plus the internal (switched) traffic?

The ZyXel USG 60W has fetures like:

- Wlan Controller: it's possible to manage and configure up to 10 Access Points
- UTM: it's possible to have App Patrol, AV, IDP, ADP, CF, AS
- VPN server: I can configure 20 IPSec links and 12 SSL links

Can I have this features on (some of) the routerboards?

there aren't any IPS/IDS(except basic port-scan protection feats, unused in default config) nor AV in ROS or any kind of L4 filtering.
communication-wise ROS more powerful than Zyxell. SERIOUSLY more. both talking bout VPN, routing,wireless and other sfuff. but remain seriously limited by onboard processor performance and sometimes(rare in SOHO, but do happen in medium companies)amount of onboard RAM or lack of (easy acess to)optional/external storage.