SnapGear PRO Internet Security Appliance - PracticallyNetworked.com Earthweb.com Practically Networked Home Earthweb developer.com HardwareCentral earthwebdeveloper CrossNodes Datamation
Welcome to PractiallyNetworked
Product Reviews

 • Routers
 • Hubs/Switches
 • Wireless Gateway
 • Wireless AP
 • Wireless NIC
 • Network Storage
 • Print Servers
 • Bluetooth Adapters
Troubleshooting
& Tutorials

 • Networking
 • Internet Sharing
 • Security
 • Backgrounders
 • Troubleshooting
    Guides

 • PracNet How To's
User Opinions
Practicallynetworked Glossary

 Find a Network Term  
 
Forums
About
Jobs
Home

  Most Popular Tutorials

• Microsoft Vista Home Networking Setup and Options
The most daunting part of upgrading to Windows Vista may be trying to figure out where in the layers of menus the networking and file-sharing options are hidden.

• Do It Yourself: Roll Your Own Network Cables
It may not be something you do everyday, but having the supplies and know-how to whip up a network cable on the spot can be very handy.

• Tips for Securing Your Home Router
Seemingly minor and easily overlooked settings can still have profound security implications. Here are some steps you can take to make sure your wired or wireless home router and by extension, your network is as secure as possible.

  Most Popular Reviews

• Microsoft Windows Home Server
If you have a home network, you'll welcome the easy file sharing, remote access and the image-based backup features of Windows Home Server.

• Iomega StorCenter Network Hard Drive
Iomega's fourth generation StorCenter Network Hard Drive brings many of the features found in higher-end storage devices down to an attractive price.

• MikroTik's The Dude
This free tool delivers many of the same capabilities that you'd find in pricey network monitoring tools. As long as you don't mind tinkering, The Dude is a decent network utility that should be worth the download.


 SnapGear PRO Internet Security Appliance

Page 2 

 Author: Tim Higgins
 Review Date: 8/15/2001


VPN


SNAPgear's big feature is its powerful VPN capabilities.  While most other routers provide only pass-thru capabilities for connecting VPN clients, the entire SNAPgear product line provides PPTP and IPsec endpoint capabilities.  What this basically means is that the SNAPgear boxes set up and manage the VPN "tunnels" instead of having to use VPN software at each client.

If you want to set up your own VPN between two office locations, for example, you just need two SNAPgears... no extra licenses or options to buy.  And if that doesn't get your attention, maybe the fact that there are no per client or connection licenses to buy will!

Although all members of the SNAPgear family have the built-in endpoint capability, there are differences among the products, summarized in the table below, which I've borrowed from the SNAPgear Web site:

  Model
Feature LITE LITE+ SOHO+ PRO
VPN - PPTP (client & server) yes yes yes yes
PPTP Tunnels 4 5 20 40
VPN - IPSec (server and client) yes yes yes yes
IPSec Tunnels 10 12 35 70
RAS (dial in)     yes yes
Telnet     yes yes
RADIUS/TACACS+     yes yes
SNMP     yes yes
Hardware Cryptographic Acceleration       yes
RAM (Mb) 4 4 16 16
Price $249 $299 $399 $549

Note that although there is a limit to the number of tunnels that each product will support, SNAPgear says that there's no limit to the number of users per tunnel.

NOTE: The IPsec implementation uses the open source package called FreeS/WANThis page describes interoperability with other IPsec products. SNAPgear says that they currently do not support ISAKMP (or IKE) Aggressive mode, since they believe it to be less secure.

To check things out, I set up the SNAPgear as a PPTP server, and used the standard Microsoft VPN client to connect via the Ethernet WAN connection. I had no problems either setting up the server or the PPTP connection itself.  But once I connected, I wasn't able to browse the remote network via Network Neighborhood, even though I could ping clients on it.  A call to SNAPgear revealed that neither their PPTP or IPsec implementation presently supports MS Network browsing.  They know this is a problem, however, and are at work on a solution other than using LMHOSTS tables, which is their current suggested workaround.

I was a little surprised at the performance of the PPTP connection (more below), which was slower that I expected it to be.  SNAPgear told me that even though the PRO has a security co-processor, it's used only for IPsec, so that may help explain what I measured.

I didn't try out the IPsec capability because I didn't have an IPsec client and SNAPgear doesn't provide one as part of their package.  This wouldn't be a problem if you were a telecommuter connecting into your corporate network, since your company would be providing the other end of the VPN connection.  But if you had a SNAPgear on your home LAN and wanted to use an IPsec connection to connect via the dial-in RAS, you'd have to buy an IPsec client. I'd like to see SNAPgear at least suggest a client, or offer some sort of a discount deal on one.  Right now, your only option for the scenario above would be to fall back to using PPTP, since Windows includes a client in each copy of the OS.

 

Routing Performance


I ran the Qcheck suite to test routing performance. I ran my normal WAN-LAN and LAN-WAN tests, but also ran tests using a PPTP connection between the same two computers.  Results are shown in the tables below:

Normal Operation

Firmware Version:

1.3.2

Test Description

Qcheck Transfer Rate (Mbps)

[1Mbyte data size]

Qcheck Response Time (msec)
[10 iterations 100byte data size]

Qcheck UDP stream 
[10S@500Kbps]

(Actual throughput- kbps)

(Lost data- %)

WAN-LAN

6.6

 2 (avg)
3 (max)

499

 0%

LAN-WAN

6.8

 2 (avg)
3 (max)

499

 0%

 

PPTP Operation

Firmware Version:

1.3.2

Test Description

Qcheck Transfer Rate (Mbps)

[1Mbyte data size]

Qcheck Response Time (msec)
[10 iterations 100byte data size]

Qcheck UDP stream 
[5S@30Kbps]

(Actual throughput- kbps)

(Lost data- %)

Remote - Local

0.68

 15 (avg)
44 (max)

35

 0%

Local - Remote

1.3

 13 (avg)
21 (max)

27

 10%

["Local" is the computer on the SNAPgear's LAN. "Remote" is on the WAN side of the router.]

(Details of how we tested can be found here.)

Comment: Routing performance without using VPN is among the best we've tested and the PRO will have no trouble keeping up with most any broadband connection you can throw at it.

PPTP performance is another story.  Since this is the first test I've done of a PPTP connection, I have nothing to compare it with.  I have no way to tell whether the lower performance is due to the SNAPgear, MS PPTP client, or both!  UDP performance seemed the most fragile, but it was my Win98SE machine that needed to be rebooted if I tried to set a UDP stream rate of around 35Kbps or higher!

I tried to test IPsec performance but couldn't get the Cisco VPN5000 client that I was using to establish a connection. From what I could tell from the SNAPgear's logs, it looked like the SNAPgear's lack of ISAKMP Aggressive mode support was my problem.

 

Summary


I was a little reluctant to spend the time evaluating yet another SOHO router, especially from a startup whose distribution strategy is a work in progress.  But after putting the SNAPgear PRO through its paces, I'm glad I did!  Although the low-cost router field is pretty crowded, SNAPgear appears to be alone in their focus on a low cost, endpoint based solution.

Folks who know their way around Linux will feel right at home, given the ability to directly edit many config files from the web admin pages.  They can even Telnet into the two top-end models and get a shell prompt!

As nice as these goodies are, SNAPgear's got their work cut out for them.  You presently can buy their products only direct, or through small distributors, and no retail distribution is on the horizon.  There's also work to do on the product itself, streamlining the install process, adding features, and getting MS network browsing working over VPN.

But, all things considered, it may be worth giving the SNAPgear a shot.  I mean, where else can you go to set up a LAN to LAN IPsec tunnel, with no per user licensing, for as little as $250 per LAN?

  • Page 1

  •  Add YOUR Opinion  

     Opinion Summary:     100.0%   |   0.0%  |   out of 5 reviews  
     Read Reviews by Users  

    Print this Page 



    Earthwebnews.com Earthweb developer.com HardwareCentral earthwebdeveloper CrossNodes Datamation


    Home | Networking | Backgrounders | Internet Sharing | Security | HowTo | Troubleshooting | Reviews | News | About | Jobs | Tools | Forums