Author: Ronald Pacchiano
Review Date: 3/31/2003
Model Number: FR1004 ($99.99)
Pros:
- Highly customizable
- Support for Dynamic DNS
- Low Price
- Auto-sensing ports
Cons:
- Configuration options can be confusing
- No content filtering
- Log could be more detailed
- Minimal Documentation
Introduction
Nothing annoys me more than finding a person using a broadband Internet connection without a firewall. It just drives me nuts! In this day of virus attacks, stolen passwords, identity theft, and computer hacking, it continues to amaze me just how many people still don’t get it. So listen up everyone – a broadband Internet connection is not a toy. It is gateway to the outside world — a door into your PC, one that if not guarded could allow anyone to destroy your data and violate your privacy.
Now you would think that the main reason for this is a simple a lack of understanding, but in most cases it isn’t. For the majority of the people I talk to, the biggest reason they don’t use a router/firewall is price. Many just don’t want to spend an extra $100-$150 on top of the $50 bucks a month they’re paying for Internet access. If you or someone you know falls into this category, then I’d like to suggest you take a look at the FriendlyNet FR1004 Internet Router with Firewall from Asanté Technologies, Inc. Not only is the FriendlyNet packed with advanced features usually associated with high-end routers, but it’s also one of the least expensive routers on the market today. With a street price of about $68.00, it’s an incredible value.
Basic Features
As the name suggests, the FriendlyNet FR1004 is a Cable/DSL Internet router with built-in firewall capabilities. The FriendlyNet is packed with a number of features that will impress even the most demanding tech-heads. For starters, it supports a variety of different cable and DSL connection types, including support for dynamic and static IP addressing, DSL (always on), cable (Hostname-based), and the increasingly popular PPP over Ethernet (PPPoE).
It features hardware-based Broadcast Storm prevention and uses Network Address Translation (NAT) to cloak LAN traffic. Secure Packet Inspection (SPI) technology further protects your network by continuously filtering both incoming WAN and outbound LAN traffic, based on source and destination IP addresses and port numbers. Further control over LAN access can be implemented using MAC address filtering, which allows you to limit LAN traffic only to registered computers.
For those users who would like to host their own website or mail server, the FriendlyNet’s Distributed Server mapping capabilities can be configured to redirect incoming WAN traffic to a server that resides behind the firewall. This is done by mapping a service port (HTTP:80 or FTP:21, for example) to a specific IP address. This router also supports Dynamic DNS, allowing users saddled with dynamic IP addresses to still register and host their own domain names.
Firewall Features
Firewalls aren’t without their problems, and trying to get certain applications to work from behind one can be a real challenge. Ports need to be opened to allow traffic from these applications to pass freely, but it could be difficult trying to isolate which ports they are. To make this process easier, the FriendlyNet employs two potential solutions – triggers and Demilitarized Zones.
Triggering works by having the router watch the outgoing data for a specific port number. When the router sees a match, it remembers the IP address of the computer that sent the matching data. When the requested data wants to come back in through the firewall, the router uses the port mapping rules that are linked to the trigger and the IP address of the computer that “pulled” the trigger to get the data back to the proper computer. A trigger event can only come from a computer behind the firewall. So data coming from outside the network will be denied. Correctly configuring a trigger, however, often takes a bit of trail and error, sometimes to the point of frustration.
The second solution is a Demilitarized Zone (DMZ). A computer in the DMZ is logically placed outside of the firewall, allowing for completely unrestricted two-way communications. A DMZ is rare for a router in this price range.
Like most routers, the FriendlyNet has built-in DHCP capabilities to handle client IP assignments. A 4-port 10/100 Mbps Fast Ethernet switch is integrated into the FR1004, making it easy to get a small group of users up and running quickly. When you need to add more users to your network, all you have to do is connect another 10/100 switch or hub to any available LAN port. And thanks to Asanté’s new Auto-Uplink feature, you won’t have to worry about uplink ports or cross-over cables.
Each of the FriendlyNet’s operations and security settings is configured using a web-based management system. While this management interface is simple to navigate, it can be somewhat overwhelming at first glance. The options are broken down in sections, which is simple enough, but some of the menus, particularly those for the Inbound and Outbound Packet Filter and the Distributed Servers Setup, can be downright scary if you don’t know what you’re doing.
The integrated help menus are far better than those found in most routers but still aren’t novice-friendly enough to overcome the intimidation routers can sometimes instill. This makes the FriendlyNet hard to recommend to someone with little or no network experience. The FriendlyNet also has Remote Administration support, which allows it to be managed from offsite locations. It’s a nice feature but seems to be out of place on this class of router.
Installing the FriendlyNet FR1004 was very straightforward and required nothing more than plugging it in and connecting the appropriate LAN and WAN ports. Our Road Runner cable modem automatically assigned the router our ISP information, and since DHCP is enabled by default, our workstations were up and running almost immediately. We tested the FriendlyNet’s firewall performance using the GRC.com Shields Up test and the port scanner at Hackyourself.com. As expected, the unit performed splendidly.
The Bottom Line
In spite of all of the FriendlyNet’s cool and useful features, I feel that it is much better suited for the home office user or telecommuter rather then a small business. One of the most disappointing things about this router is its logging capabilities. While it does keep an activity log of all network logins as well as possible intrusion attempts, it just doesn’t offer network administrators a whole lot of detail.
It would have been nice if it could tell you which IP addresses visited what websites and at what times. In addition, it doesn’t offer any type of content filtering. While advanced filtering techniques like the blocking of category types (e.g. sex, violence, drugs, etc.) or keywords would have been an added bonus, they could have at least given the administrator the ability to block specific domain names and IP addresses.
So if you’re in the market for a secure internet solution and don’t want to spend and arm and a leg to get it, you might want to give the Asanté FriendlyNet FR1004 Router a try. While it does have some shortcomings, it’s still an incredible value, and for only $68.00, you could do a whole lot worse.