Virtual Servers and Port Mapping

NOTE: Opening holes in your firewall can compromise your LAN's security if done incorrectly.

I suspect a lot of the excitement about this router is its "Popular Applications" feature, which has "Triggered Map" capability.   You can specify four sets of port ranges (each set can have multiple port ranges and single ports within it), and specify a single outbound port that the router watches. (Go here for an explanation of how "Triggered Maps" work.)  Although there are a number of other routers (UMAX, Nexland, Kingston) that now also support triggered maps, the Friendly is the only one so far that allows you to have multiple port ranges and multiple single ports specified in the same mapping!  Asante does include port info for some popular applications and lets you click on a button and automatically copy the ports to a map set.  

The Friendly also includes a "Virtual Server" feature that lets you statically map single ports to 10 IP addresses, and a "DMZ" feature that lets you place one IP address completely outside the Friendly's firewall.

Access Control and Other "Advanced" Features

Access control for the Friendly is port based only. There's a Default group, which includes all IPs not included in the other groups, and three other groups.  You can enter a list of individual and multiple port ranges for each group and set the group to either block or allow access on the listed ports.  You can't block access by MAC address.  The Friendly doesn't announce its blocking action with a special message or anything.  All that happens is that the blocked user's browser hangs while trying to access the net, for example.  

I touched on the Friendly's Log feature earlier in the setup section.   The log shows mostly admin-related activity, logging Admin page logins and dialup and PPPoE session connects.  Asante says that it also logs "unrecognized access from WAN side", but doesn't provide any examples or documentation.   It does not log traffic, URLs, or anything else related to traffic that passes through the router.  You also can't save or print the log, or have the log be sent to a file on a LAN machine.

The Friendly has neither a Static routing table nor support for RIP.

VPN

The Friendly supports multi-session PPTP for both WAN and LAN sides. If the PPTP server is located on WAN side, you don't need to forward ports or configure anything other than your PPTP software.  If the server is located on LAN side, you should configure a Virtual Server to redirect port 1723 to the server's IP address.

Update 12/13/00 IPsec passthru for up to 8 simultaneous sessions now supported with 1.89 firmware.

Burnin' up the Test Track

The Friendly checked out to be among the faster routers in the routers I've tested, and should have no problem keeping up with most any broadband connection.

All numbers are in Mbits per second (Mbps).
(Details of the measurement method can be found here.)

Dialing Up

I attached my trusty Zoom 56K modem to the Friendly's COM port, entered my dialup account information on the TCP/IP screen (after changing the connection type to "Dial-Up Network"), and Mr. Friendly successfully connected the first time it detected an Internet bound request from a LAN machine.  Note that the COM port can't be used for Dial Up Networking Serving, i.e. you can't dial into your broadband connected network and use its Internet connection.  This feature also doesn't support auto-failover, so it won't connect to a backup Dial-Up account should your broadband connection fail.

Serving your (Windows) Printer.

The Friendly's built-in print server checkout was a little less smooth. The printserver requires you to install a Windows client program (versions are supplied for Win95/98/NT/2000) on each computer that needs to access the print server.  The install went fine and I was able to print a Windows test page with no problems. But when I tried to update this review in my FrontPage editor, my local webserver (MS PWS) had disappeared!  I tried this on a second machine, with similar results.  Fortunately, uninstalling the Print Server client restored my webserver, but on one machine, the PWS System Tray icon never did come back!  So a mixed grade for this feature if you're also running MS PWS on your system.

If your printer requires a Bi-Directional parallel port, it may not work with the printserver, which doesn't support bi-directional printing.  See this page for more info.

Summary

I was hoping that Asante was going to shake up the market a little with this product, but after running the Friendly through its paces, I think it may be awhile before the ground moves.  The router has some nice features, but the competition has stolen a little thunder from its triggered map capability (although the Friendly's capability is more flexible), and its logging and Access controls are now behind competing products.  In addition, the firmware needs a good shaking down (too bad everyone makes their customers help them with this).

On the other hand, if you have a dialup connection today and will be eventually moving to a broadband connection, the FriendlyNET may be just the ticket!