Out of the box the appliance is locked down tight as it blocks all inbound and outbound traffic. To get you going you can create a simple firewall policy that allows Internet access to all users on the LAN and blocks all unsolicited inbound traffic. For general Internet access this will be quite sufficient but you can go much further by creating your own firewall policies for both traffic directions. By comparison these are actually surprisingly easy to setup and you start by creating lists of IP addresses on the LAN and WAN that you want the policies to be applied to. You can also specify MAC addresses on the LAN and the Clone option can automatically find this information once you’ve provided the client’s IP address.
Blocking external HTTP access for a specific client or group, for example, is a cinch as you create an address list followed by a policy that denies access to this service. Make sure it’s higher up the list than the rule that allows all external access. Any client on that list will now be stopped from browsing the Internet. A comprehensive list of services is already provided but you can add your custom services as well and use different schedules to determine when policies are to be active. QoS (quality of service) can be applied to policies by specifying guaranteed and maximum bandwidth in kb/sec and using one of three priorities. You can also create lists of users and passwords and stipulate that policies require authentication before a service can be accessed.
When it comes to web content filtering OvisLink plays the same game as many other vendors at this level by actually offering nothing more than URL and IP address blocking lists. Unlike managed services such as those offered by the myGuard 7500GL, Watchguard Firebox X15w and SonicWALL TZ150 Wireless - all you can do with the RS-1000 is manually create a list of up to 300 websites that you want to block. OvisLink claims you can implement AUPs (acceptable use policies) but this is going to involve a lot of manual labour. There’s also an option to block pop-ups, ActiveX and Java content, as well as cookies although this is an all or nothing approach that can’t be customised for individual users.
There’s no denying that the SG-1000 is one of the easiest to configure security appliances we’ve yet seen. The process of using addresses, QoS profiles, services, authentication lists and schedules and applying them to inbound and outbound policies as required is remarkably easy to set up and use. Content filtering isn’t anything special and be warned that PPPoA is still not supported by OvisLink, but if you can get round this as we did, then you’ll find this appliance offers a lot of Internet access controls well suited to small businesses.