Well, I think the next screen shot is self explanatory. This screen will expose ALL ports of a given computer- VERY RISKY. So be very sure that the exposed server has all the patches and is nailed down good and proper, because this is just what a hacker is looking for. In fact I would consider employing a software firewall on the exposed server to try and restrict port access. Before using this feature I would try “Virtual Servers” and “Special Applications” to see if it could be done there before I would enable this option.
I think an area for improvement for Nexland, would be to add an additional feature to “Exposed Host”, such as being able to segment a LAN port completely, this could isolate an Exposed host from the rest of the LAN- security is only as strong as it’s weakest link.
Once again a screen we do not have to fill in J A note on the ISB SOHO and IPSEC. At first we thought the unit was able to terminate IPSEC tunnels, but upon closer examination we find that it will pass IPSEC packets (typically port 500) transparently. This transparency is useful should you be running a piece of VPN software, as VPN IPSEC is notoriously tricky to set-up. We were unable to test this feature (I left my Raptor in my other jacket), but the selection of IPSEC options gives us every confidence that it would work.
Also this screen allows you turn on Dynamic RIP2 routing, which is easier than using the static routing options within the “Routing” section, but once again you should know what you are doing before configuring this option. As I mentioned earlier, the ISB is sensible and any network address not of it’s LAN is assumed to be somewhere out the WAN port.
How fast does it go mister?
Well on the LAN side, the 100M ran at 91% capacity, which is within acceptable limits of Ethernet (it’s impossible to get the full 100M). I think for all intents and purposes it does what it says on the box J
The WAN side tested as 517.3K, obviously we could not test the full 8M of the WAN port, but such is life. Ping times showed an additional millisecond or two difference with the ISB SOHO in situ, so I think we can safely say that the latency introduced is negligible for day-to-day purposes.
I only do work part of the day, what about some fun?
Well, just in the interests of science we cranked up the old Unreal Tournament and pointed it at the Internet, the picture below shows me getting slaughtered (again). So from a purely scientific point of view, it plays games no problemo.
So, does it protect me?
Well no Firewall is 100%, but I ran a TCP and UDP port scan against the ISB SOHO and it passed with flying colours. It did find the ports I had specifically left open, but if you never expose any ports to Internet, they will most likely never find you J as their ports scans will come up blank as mine did below.
What’s on the CD? Nothing much, you have pdf manual, Internet Explorer 5.5 (should you have been living on Mars for the last 12 months), a small tftp program which allows you to backrestore or update the firmware within the ISB SOHO.
I had a look at the Raptor software, but the be honest it’s somewhat meaningless without a Raptor VPN server to terminate your session on.
Some minor observations- I couldn’t work out why the unit had a 253 device limited, so I assume this is related to the units memory, and therefore the host table (MAC address’s) can only handle 253 entries. Still, it is unlikely that a SOHO site would exceed this limit, so it isn’t a real restraint.
Show me the number, show me the numbers!
Small footprint size
Good Firewall protection
Slightly out of date hardcopy manual
Good NAT PAT custom protocol facilities
No notification of hackers attacking- simple event logging faculties only
Fast WAN and LAN speeds
Worked straight out of the box sensible default settings
Difficulty in setting up installation = 10 (it couldn’t be any simpler)
Documentation supplied = 8 (brief but technically it covers everything)
Features or extras included = 9 (all the features you could wish for, almost)
Performance under load = 9 (all you could expect within reason)
Customer support forum support download facilities = 9 (it had it all except an online chat)
VFM when priced against nearest competitor = 3 (the Linksys is half the price)
Goosh!™ factor = 9 (woah! invite Granny round to take a look)
Overall average score = 8.14
scoring key 1= avoid, 2= terrible, 3= bad, 4= disappointing, 5= average, 6= an improvement, 7= good, 8= very good,9= excellent, 10= the best
A great device, that had some surprisingly advanced features presented in a simple way (but always read the manual first). Technically it’s hard to fault, with only very minor quibbles. I had some professional firewall people look the device over, and they were both surprised and delighted at the features they found. The set-up was so simple that the only improvement I could see was if the ISB SOHO unpacked itself and jump onto the table.
So would I use this device to protect my little LAN from the big bad hackers- absolutely! Would I buy this device, yes, if it was around $100.
Our thanks to Nexland for supplying the review unit. Special thanks to Mr P. Nesfield for his kind assistance in supplying Broadband access.
DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware.
KEITHLEE2zdeconfigurator/configs/INFUSIONSOFT_OVERLAY.phpzdeconfigurator/configs/ OFFLOADING INFUSIONSOFTLOADING INFUSIONSOFT 1debug:overlay status: OFF overlay not displayed overlay cookie defined: TI_CAMPAIGN_1012_D OVERLAY COOKIE set: status off