- Review Price: £258.46
Despite being a well-established Taiwanese manufacturer of networking products for a number of years, Billion has a relatively low profile on the UK small business radar. The BiGuard family of appliances could change all that as these aim to provide SSL-VPN services but at a price that makes them highly suited to smaller businesses.
IPSec VPNs are the more prevalent method of providing secure remote access to the business network – they may be cheap and cheerful but they can be hideously complex to deploy and configure. This makes them a better choice for fixed site-to-site secure tunnels but less appealing for mobile clients. SSL VPNs are far easier to implement for mobile users as all they need is a standard web browser to securely access the company resources over HTTPS. However, SSL-VPN appliances have traditionally been a far more expensive option with price tags generally in the four figure range so the low cost of the BiGuard appliances makes them look particularly interesting.
On review here is the S10 which has enough power to support up to 10 concurrent sessions. The majority of SSL-VPN appliances sit behind an existing firewall but the BiGuard S10 differs as it combines SSL-VPN encryption with an SPI firewall and routing so it can front the local network and manage the Internet connection. However, if you already have a firewall, the S10 can sit behind it on a DMZ. The appliance provides four switched Fast Ethernet ports for the LAN and a fifth for the WAN while for Internet access you can choose between PPPoE, dynamic IP addressing or a static IP address.
The simple web management interface kicks off with a wizard to help set up the WAN port and a default SSL-VPN group. You can then add extra groups which are used to collect different types of LAN resources together and make them available to users dependent on their log in credentials. For authentication you have plenty of choices as you can use the appliance’s local user database but it also supports AD, LDAP, NT domains and RADIUS servers.
When a remote user points their browser at the appliance’s WAN port they are directed to a login portal page and after successful authentication are presented with a customisable page displaying available resources. The portal offers three different types of resources with the Network Extender loading an ActiveX plug-in on the client’s system. This creates an encrypted connection to the LAN allowing users to have secure access to all IP-based resources on the business network. The plug-in creates a virtual PPP network adapter which takes its IP address from a pool maintained on the appliance.
If you don’t want to grant full network access use the Transport Extender which allows you to fine tune access to selected LAN resources by declaring specific protocols and ports. Shared resources on the LAN can be advertised using the Network Place option which loads a simple Windows Explorer style interface listing all systems in the same domain or workgroup. You can browse network shares, select files and folders on the remote systems and download them to your system. You can also browse local files and upload these to permitted destinations on the LAN.
During testing we found the S10 easy enough to get to grips with and opted to give the WAN port a static address and connect it to a switch with a bunch of XP PCs hanging of it and acting as mobile clients. On the LAN side we had a Windows Storage Server 2003 NAS appliance providing web and FTP services which we used to test the three SSL VPN functions. Using the Network Extender allowed us to access all systems on the LAN and to test the Transport Extender we defined FTP, HTTP, HTTPS and remote management over RDP for the NAS appliance which were duly advertised in the client portal page. Access can be finely controlled for each user as you can decide which of the three services are advertised, assign fixed or dynamic IP addressing for the Network Extender and activate the web cache cleaner which automatically tidies the client up after a remote session has disconnected.
If you’re using the S10 as your Internet router you can take advantage of its access controls and bandwidth management tools. The firewall can be customised with packet filtering rules, virtual servers can be declared and activated to a schedule and MAC address filtering can be employed. Content filtering in reality is nothing more than URL filtering but you can create policies that combine URL keywords and domains along with restrictions on downloading Java applets, ActiveX controls and cookies. For the price, QoS (quality of service) features are definitely a cut above the rest as you can create multiple profiles which contain a packet flow direction and a selected service plus source and destination IP addresses. Guaranteed, maximum and minimum bandwidth in Kbps can be specified along with DiffServ (differentiated services) which uses gold, silver and bronze traffic classifications.
For too long small businesses have had to struggle with complex IPSec VPNs and the management overheads they generate. Well, not any longer as Billion delivers a well featured SSL-VPN appliance which is far easier to install and manage and a highly affordable choice for small businesses.
The simple web management interface provides a quick start wizard.
OK – it’s not perfect but the user portal can be customised with your own logo.
Using the Transport Extender we were able to define WAN access only to one IP address on the LAN.
The Network Extender creates a virtual adapter at the client and takes its address from a pool on the appliance.
Considering the low price, the S10 offers remarkably good QoS facilities including DiffServ.
Score in detail