Author: Tim Higgins
Review Date: 9/8/2001
|– Built-in IPsec endpoint|
– Security reports & Email alerts
– Built-in 4 port 10/100 switch
|– No DMZ|
– No port range forwarding
– No port filtering
9/17/01 Clarified VPN capability (Summary section). WAN MAC change being added in upcoming firmware release.
Startup Crossport Systems’ Pivio is a Network Security System aimed at small businesses. It provides IPsec VPN, network and Web site monitoring, Intrusion detection / logging, and AntiVirus capabilities on a paid subscription basis. I found that it worked well, but lacked some important features…
Background & Basic Features
The Pivio comes in two models, a single port model (the 2000) for $399 and the Plus (2500) priced at $479, which contains a 4 port 10/100 switch and is what they sent me for review. Crossport is in the process of expanding their distribution, but you can buy products either from their Web site, or through TigerDirect.
When I first saw the Pivio, I thought it was a SNAPgear clone, since both companies use a hardware platform OEM’d from Lineo. But although there may be the same engine under the hood, the products are quite different!
Where SNAPgear touts its Linux underpinnings, Crossport has hidden all that away, with a very streamlined interface that’s intended to allow virtually anyone to set up and use it, and in many cases set itself up.
Crossport is targeting businesses with 5 to 25 users who want their Internet connection secured, have access to easily configured and managed IPsec based Virtual Private Networking, and automatically updated anti-virus protection for network clients. They’re using a subscription based business model, with a flat $150 per year fee (the first year’s fee is bundled into the cost of the Pivio) for everything except the anti-virus capability, which is priced at $36 per client per year (with volume discounts for more than 5 clients). Although this may seem steep, Crossport says their pricing is significantly lower than comparable capability from Sonicwall or Watchguard.
Setup was a non-event. My test network has a DHCP server and my test client is set to obtain its IP address automatically. When I opened my browser, it automatically went to a page telling me that Pivio was set up and connected to the internet! Clicking on my browser’s Home icon confirmed this. Note that I didn’t even need to know the IP address of Pivio’s built-in Admin server, since you access it at config.pivio.com, which auto-redirects your browser as needed.
If I’d had to get my hands dirty with the LAN setup, Pivio provides pages that let me input PPPoE login info, static IP info, as well as set the system name for @Home. I didn’t see the ability to change the WAN MAC address or enter Domain info for the LAN DHCP server to hand out, however. So ATT Broadband users may have setup problems and @Home users will have to enter the Domain info into their LAN clients manually.
Speaking of the LAN DHCP server, you can change its base address and IP range, reserve IPs (but not by MAC address), and control Lease time. The server also has the ability to pass along WINS information, either obtained from your BSP or entered manually.
Features – Standalone
The Pivio has two classes of features – those that don’t depend on communication with the Crossport security system “mother ship”, and those that do. If you want to dig into the details, I suggest you download some of the documentation that Crossport has available on line. I’ll cover the standalone features first.
Features – Subscription
Signing up for the Pivio Services packages ($150/year for unlimited clients, first year of service included in the Pivio price) adds access to number of other services:
Features – Missing
No product is perfect, and the Pivio has its share of missing features. Given the nature of the product and its target market, I found some of the omissions to be a little curious:
I ran the Qcheck suite to test routing performance. I ran my normal WAN-LAN and LAN-WAN tests with results are shown in the tables below:
(Details of how we tested can be found here.)
Although the Pivio worked well, there was nothing that wowed me in its feature set. On the contrary, I think it’s missing some key business-oriented features such as port/service filtering and Web site traffic logging. I also suspect that the IPsec setup parameters may be too limited to work with the wide array of IPsec authentication methods that are commonly used, and it’s not clear that two Pivios can be used to set up an IPsec VPN between them.
Crossport hopes to win business away from Watchguard and Sonicwall on the basis of being less expensive while providing comparable features. But if they’re really going to have a shot at getting some traction in the current business climate, I think they’re going to have to sweeten the pot a little more.