| Nexland Pro400 Internet Security Appliance Page 2 Author: Tim Higgins
Review Date: 4/3/2001 Add Your Review
Read 12 Reviews by Users
|
One of the PRO400's key claims to fame, and the reason why you may
want to pay a premium over similarly featured products, is its VPN
capability. Although it doesn't function as a VPN
endpoint, it excels at properly passing both PPTP and IPsec
VPN packets through its firewall... in both directions. Nexland
says that the PRO400 supports unlimited PPTP and IPsec tunnels
through it, and both PPTP and IPsec servers can be supported
simultaneously with VPN client sessions. (Note that Nexland has
a Patent Pending on its Multi-Session Pass-Thru technology.) It
even supports one L2TP client pass through session!
Nexland also bundles a 10 client license for Symantec's
RaptorMobile Personal Firewall and VPN client,
in case you don't already have an IPsec client for your LAN machines.
Tip:
The only catch to all this magic is that if you use IPsec,
you must use standard ESP mode, and your clients must authenticate
using IKE/ISAKMP protocol. (See the VPN
help page for more info.)
By the way, the only settings you need to futz with
to get VPN running are enabling Virtual servers for either PPTP
or IPsec servers if you're using them. If you're just running
VPN clients on your LAN, everything is handled for you... at least
that's what Nexland says!
|
|
As fully featured as the PRO400 is, I wouldn't be doing my job
if I didn't find something to complain about. So here's
the (short) list of what you won't find in the PRO400:
-
Content Filters - There's no way to control
the Web sites that your LAN clients can visit
-
Logging - Although you will find dialup
and PPPoE session logs on their respective web pages, you
won't find a traffic logging page in the PRO400. Although
SNMPv1 is supported for monitoring, Nexland neither
suggests nor supplies a client that you can use. (The
simple SNMP trap loggers
that I tried didn't pick up anything.)
-
Browser based upgrade/backup -
Many products now allow you to use your browser to upload
a new firmware file, or back up your router's settings.
The ISB requires you to flip digiswitches and use a TFTP client
to upload firmware, and different one to backup your PRO400
configuration. (The manual does say that you can use any TFTP
client to perform these duties. Nexland supplies only
Windows versions of the two utilities.)
If you're looking for a built-in print server, you
won't find one, either!
|
|
The Qcheck test suite revealed the following about the PRO400's
performance:
[Tests run with V1 Rel 17 firmware]
|
Test
Description
|
Qcheck
Transfer Rate (Mbps)
[1Mbyte data size]
|
Qcheck
Response Time (msec)
[10 iterations 100byte data size]
|
Qcheck
UDP stream
[10S@500Kbps]
|
|
(Actual
throughput- kbps)
|
(Lost
data- %)
|
|
WAN-LAN
|
4.0
|
3 avg.
4 max.
|
493
|
2%
|
|
LAN-WAN
|
3.6
|
3 avg.
8 max.
|
498
|
0%
|
(Details of how we tested can be found here.)
Comments: Transfer rate is average for
present generation routers, but plenty fast for most broadband
connections. UDP streaming performance was solid, with
no lockups. Also saw no speed difference with or without
DMZ enabled.
|
|
Nexland's new ISB line corrects the deficiencies of their old
ISB platform and brings them in line with present generation routers
with the inclusion of a 4 port 10/100 switch, competitive routing
performance, and (finally!) built-in help pages.
But why would you want to pay $259 for a
4 port 10/100 switched router, when you can get a number of similarly-featured
products for about half that much? The answer is you probably
wouldn't, unless you need the flexible VPN, auto-backup-connection,
or LAN based server capabilities that the PRO400 offers.
You might instead opt for Nexland's SOHO
model, which for $159 has all the PRO400's features, minus:
-
Symantec RaptorMobile Personal Firewall and
VPN client (10-user)
-
Multi-session (Unlimited Tunnels) VPN (SOHO
is Single Session VPN)
-
IPsec Server behind NAPT support
-
Serial port for Automatic Analog Backup +
Console for Pre-Configure
-
Full SNMPv1 Monitoring
Note that I didn't test any of the PRO400's VPN
capabilities, so can't personally vouch for their claims.
However, you can always take advantage of their 30 day Money
Back guarantee to test out the product for yourself!
|
|
