SOHOware BroadGuard Secure Cable/DSL Router - PracticallyNetworked.com Earthweb.com Practically Networked Home Earthweb developer.com HardwareCentral earthwebdeveloper CrossNodes Datamation
Welcome to PractiallyNetworked
Product Reviews

 • Routers
 • Hubs/Switches
 • Wireless Gateway
 • Wireless AP
 • Wireless NIC
 • Network Storage
 • Print Servers
 • Bluetooth Adapters
Troubleshooting
& Tutorials

 • Networking
 • Internet Sharing
 • Security
 • Backgrounders
 • Troubleshooting
    Guides

 • PracNet How To's
User Opinions
Practicallynetworked Glossary

 Find a Network Term  
 
Forums
About
Jobs
Home

  Most Popular Tutorials

• Microsoft Vista Home Networking Setup and Options
The most daunting part of upgrading to Windows Vista may be trying to figure out where in the layers of menus the networking and file-sharing options are hidden.

• Do It Yourself: Roll Your Own Network Cables
It may not be something you do everyday, but having the supplies and know-how to whip up a network cable on the spot can be very handy.

• Tips for Securing Your Home Router
Seemingly minor and easily overlooked settings can still have profound security implications. Here are some steps you can take to make sure your wired or wireless home router — and by extension, your network — is as secure as possible.

  Most Popular Reviews

• Microsoft Windows Home Server
If you have a home network, you'll welcome the easy file sharing, remote access and the image-based backup features of Windows Home Server.

• Iomega StorCenter Network Hard Drive
Iomega's fourth generation StorCenter Network Hard Drive brings many of the features found in higher-end storage devices down to an attractive price.

• MikroTik's The Dude
This free tool delivers many of the same capabilities that you'd find in pricey network monitoring tools. As long as you don't mind tinkering, The Dude is a decent network utility that should be worth the download.


 SOHOware BroadGuard Secure Cable/DSL Router

 Author: Tim Higgins
 Review Date: 2/3/2001


Models: NBG800

Pros: - Stateful inspection firewall for under $200!
- Works with any OS.
 
Cons: - Limited feature set
 

 


Updates

4/18/01 V47s firmware update adds port forwarding, allows base IP address change and more. Go here for Release Notes, here for download.



The Basics

Indicators
  • Power

  • Link/Activity, for each of four LAN ports

  • Link/Activity  for the WAN port

  • Status

Connectors
  • One RJ45 10BaseT for the WAN

  • Four RJ45 auto sensing 10/100BaseT switched LAN

  • Power

Comes with
  • printed User guide

  • printed Quick Install guide

  • 100-120V power adapter

  • one normal UTP cable

  • one crossover UTP cable

Other 
  • Hardware Reset switch

  • NO Uplink or Normal / Crossover switch for LAN Ports (see this page if this concerns you!)

 

Introduction

I was pretty excited when I heard about the BroadGuard (BG)... a stateful inspection router with a built-in 4port 10/100 switch for $180 (list)!  The realization, however, was not as great as the expectation, and you may want to wait for a few firmware revisions before you give this box a try.

 

Setup

Setup was done via a set of web-based administration screens (see screenshots below), with the BG having a default address of 192.168.1.1.

You'd better like the BG IP addressing scheme, because you can't change it, and therefore you can't change the LAN subnet that is created by the BG.   All the clients attached to the BG will need to be on a 192.168.1.X  network. This limitation shouldn't be a problem for most users, however, but could prevent its use in larger networks with other routers.   (SOHOware says this limitation is on the priority list for change in an upcoming firmware release.)[NOTE: Corrected in v47s firmware.]

SOHOware BroadGuard- Cable Broadband Connection Screen

I suggest you use IE5 rather than Netscape 4.X to set up the BG.  Neither Netscape 4.5 or 4.75 would properly display either the DHCP settings or Globally Disallowed Web site list pages. 

You need to enter both a User Name and Password to access the admin screens.  You can change the Password (be sure to set a strong one), but you can't change the User Name.  Once you login, you can access the admin screens as long as you don't quit your web browser... there's no admin access timeout.  There's no checking for multiple Admin logins either, so it's possible to be logged into the router from two clients at the same time.

The Admin screens cannot be accessed from the WAN side of the BG, for remote administration.  But curiously, you can reach the screens by also entering the BG's WAN IP address into your Browser. [NOTE: Corrected in v47s firmware.]

Once you're logged in, you should be able to connect the BG to most any BSP (Broadband Service Provider).  It comes set as a DHCP client on the WAN port and with its DHCP LAN server enabled, easing the setup for many users.  You can also set the WAN IP information manually and enter IP Address, Subnet Mask, Gateway, and two DNS Server information

MAC address cloning is supported for AT&T Broadband, MediaOne/RR and other providers who use MAC address authentication.  You can set both Host Name and DNS info for @Home setup, too.  PPPoE connection management is provided for DSL users, where you can enter your User Name, Password, and Service Name.  The only method not supported is the RoadRunner TAS protocol, which is in declining use.

 

Features

 

The BG has Access Controls and a limited form of Content control.  You can control access to a fixed set of applications (Email, FTP, News(NNTP), Bulletin Board Service(?), and Web) for up to 10 IP addresses.  If these applications aren't what you want, you're out of luck, since you can't enter the port numbers for any other services.  (This limitation is also on SOHOware's "To Do" list.)

SOHOware BroadGuard- Access Control Screen

Content control is provided via a "Globally Disallowed Website/Keyword List".  This list lets you enter up to 10 full URLs (web addresses) or words that will have their web access blocked for all users.   Neither the Access or Content controls can be set by time of day.

The big show-stopper for many potential buyers, however, is the lack of port forwarding/mapping capability.  This is a big omission, and again, on SOHOware's Top Priority list for fixing via firmware update.  The only thing you can do is place one LAN client in DMZ, i.e. outside the BG's firewall and fully exposed to the Internet. [NOTE: Corrected in v47s firmware.]

On a positive note, SOHOware says the BG will support multiple PPTP and IPsec client pass-through sessions for VPN users.  They also say that the multiple sessions can be established to one VPN server, instead of the one session-per-server multi-passthru capability of other manufacturers' products.

 

Logging and Alerts

I found the BG to be lacking on these features.  You can't really view any logs via the admin interface.  And although the real-time Access Monitor can show you what kind of traffic the BG is currently handling, you can't get any historical or cumulative view, either via the Admin interface or via Syslog or SNMP logging.  There's no logging of admin access, startup, shutdown,or other similar events either.

SOHOware BroadGuard- Access Monitor Screen
SOHOware BroadGuard Sample Hacker Alert message

Port scans and any other attacks stopped by the BG's stateful inspection firewall are viewable via the "Hacker Alert" email alert system only.  I wasn't able to get this to work, even when I used the "Hacker Alert Test" feature (the sample screenshot is courtesy of SOHOware).  Maybe this is because I couldn't define the SMTP server for the BG to use... it tries to send mail using a SOHOware SMTP server.  SOHOware says they'll be changing this in production units to allow users to specify an SMTP server, with a SOHOware server provided as a default entry.

So since I couldn't see how the firewall was reacting to my port scans, I couldn't really check it out.  The only thing I can say is that a port scan of common TCP ports showed the BroadGuard locked down tightly. 

 

Speed testing

I ran the BG through the Qcheck test suite with the following results:

(Tests run with 5.13.0043s firmware)

Test Description

Transfer Rate (Mbps)

[1Mbyte data size]

Response Time (msec)
[10 iterations 100byte data size]

UDP stream 
[10S@500Kbps]

(Actual throughput- kbps)

(Lost data- %)

WAN-LAN

2.5

8 (avg.)
22 (max.)

Inconclusive

 

LAN-WAN

2.2

8 (avg.)
14 (max.)

Inconclusive

 

(Details of how we tested can be found here.) 

The speed numbers are slower than current crop of inexpensive non stateful packet inspection (SPI) firewalls, but fast enough for most broadband connections.  Response Time (latency) was about twice the norm for most routers in this class, probably a by-product of the SPI firewall. 

Another suspected by-product of the SPI firewall was the BG's behavior with the UDP streaming test.  I was able to complete some LAN to WAN tests at 50Kbps, with 50Kbps throughput and 0% data loss, but when I cranked the streaming rate to my normal 500Kbps, or ran WAN to LAN tests, the BG wouldn't complete the test.  However, I found that I could still web-browse and receive email normally without having to reboot the BG.   My suspicion is that the test is throwing data at the BG faster than it can handle it, or that there's something about the data that it doesn't like.  I had no problems using RealPlayer to listen to a 16kbps audio stream through the BG, however.

 

Summary

The BroadGuard makes a nice first impression.  The box's graphics are attractive and informative, the product itself is well made (probably the best RF shielding I've seen in a product in this class), and the documentation is decent and supplied in printed form.

Unfortunately, the product doesn't deliver the goods in its present form, unless your Internet sharing needs are very simple.  My advice is to wait until SOHOware has delivered a firmware update (or two) to add the features that users have come to expect even in an inexpensive router, SPI firewall or not!


 Add YOUR Opinion  

 Opinion Summary:     55.6%   |   44.4%  |   out of 27 reviews  
 Read Reviews by Users  

Print this Page 



Earthwebnews.com Earthweb developer.com HardwareCentral earthwebdeveloper CrossNodes Datamation


Home | Networking | Backgrounders | Internet Sharing | Security | HowTo | Troubleshooting | Reviews | News | About | Jobs | Tools | Forums