Billion is making quite a name for itself in the SSL VPN appliance market. It started the ball rolling nearly a year ago when it launched the BiGuard S10, which it claimed as the world's first affordable small business gateway solution to incorporate a firewall. Now we review the BiGuard S20 which has sufficient grunt to handle twenty simultaneous SSL VPN tunnels but also offers dual WAN ports supporting failover and load balancing.
We'll also be taking an early look at Billion's optional OTP (one-time password) solution, which aims to make the S20 even more versatile. This combines a RADIUS server with password tokens to provide a two-factor authentication system. Users have their own four digit PIN number and use their token to generate a one-time six digit pass-code, which they combine to create a unique password. Essentially, this system requires something the user knows and something they have making for a strong authentication solution. This gives Billion an edge over the competition as it is effectively the first to deliver this option to small businesses. When we reviewed ZyXEL's SSL 10 appliance it advised us it had an OTP solution in the wings but six months down the line and it's still just talk.
The S20 appliance offers an octet of Fast Ethernet ports plus a Gigabit uplink port. The two WAN ports are the Fast Ethernet variety and can be combined in a team to provide either failover or load balancing. We liked the fact that the S20 is fanless so it's completely silent in operation. The simple web interface helps get the WAN ports configured and then you can move on to SSL VPN creation. For user authentication you have a good choice of methods as along with a local database the appliance supports AD, LDAP, NT domain and RADIUS servers.
Remote workers point their web browser at the appliance's WAN port where they are presented with a login portal page and after successful authentication are transported to a customisable page displaying available resources. The Network Extender option loads an ActiveX plug-in to create an encrypted connection to the LAN providing users with secure access to all local IP-based resources. The Transport Extender enables you to restrict access by declaring specific protocols and ports, while the Network Places can be used to browse the network for shares.
To provide access to specific resources you use application proxies and these range from FTP, RDP and HTTPS to VNC, CIFS and Citrix. All you do is pick a proxy and provide the IP address or domain name of the system providing the service. For each user account you decide if each one can access the Network Place and Extender services but proxy access is determined at the group level. Groups are also linked to domains, which determine the type of authentication that will be applied.