Despite being a well-established Taiwanese manufacturer of networking products for a number of years, Billion has a relatively low profile on the UK small business radar. The BiGuard family of appliances could change all that as these aim to provide SSL-VPN services but at a price that makes them highly suited to smaller businesses.
IPSec VPNs are the more prevalent method of providing secure remote access to the business network - they may be cheap and cheerful but they can be hideously complex to deploy and configure. This makes them a better choice for fixed site-to-site secure tunnels but less appealing for mobile clients. SSL VPNs are far easier to implement for mobile users as all they need is a standard web browser to securely access the company resources over HTTPS. However, SSL-VPN appliances have traditionally been a far more expensive option with price tags generally in the four figure range so the low cost of the BiGuard appliances makes them look particularly interesting.
On review here is the S10 which has enough power to support up to 10 concurrent sessions. The majority of SSL-VPN appliances sit behind an existing firewall but the BiGuard S10 differs as it combines SSL-VPN encryption with an SPI firewall and routing so it can front the local network and manage the Internet connection. However, if you already have a firewall, the S10 can sit behind it on a DMZ. The appliance provides four switched Fast Ethernet ports for the LAN and a fifth for the WAN while for Internet access you can choose between PPPoE, dynamic IP addressing or a static IP address.
The simple web management interface kicks off with a wizard to help set up the WAN port and a default SSL-VPN group. You can then add extra groups which are used to collect different types of LAN resources together and make them available to users dependent on their log in credentials. For authentication you have plenty of choices as you can use the appliance’s local user database but it also supports AD, LDAP, NT domains and RADIUS servers.
When a remote user points their browser at the appliance’s WAN port they are directed to a login portal page and after successful authentication are presented with a customisable page displaying available resources. The portal offers three different types of resources with the Network Extender loading an ActiveX plug-in on the client’s system. This creates an encrypted connection to the LAN allowing users to have secure access to all IP-based resources on the business network. The plug-in creates a virtual PPP network adapter which takes its IP address from a pool maintained on the appliance.