BRAVO TECHNOLOGY CENTER

Perimeter Routers by Sam C. Chan
 
Roles:  NAT Gateway, Firewall, VPN, Web Proxy, IM proxy, IDS, IPS, DNS, DDNS, DHCP Server, NTP

Last update: Feb 15, 2016

A router is a multi-homed host. There is no such thing as a so-called hardware- or software-router. They are always both. The topology (host-based vs at-perimeter) determines what it can do: Pro & cons (neither is superior). Both are mandatory. Just a TCP/IP tool. Nothing mythical/nubilous. It has no magical power to render you invincible. It is also not resposible for 99% of your software not working (as oft-blamed).

Bravo Officially Supported Routers

Year Product O.S. Platform Device
1995 Sygate Win95 OSR2 used PC see Bravo PMS history
1997 Kerio WinRoute Pro Win95 OSR2.5 used PC
1998 O.S. native NAT router & firewall features Win98 SE used PC
1999 Microsoft Proxy Server (aka ISA/Forefront) NT4 Server purpose-built additional Server
2000 Dlink Residential Firewall Proprietory appliance
2001 Linksys BESFR11 Proprietory appliance
2003 Dlink DIR-624 Proprietory appliance
2003 Smoothwall Express 2.0 Linux (Debian) used PC
2004 Monowall 1.2 (SSD via CF-to-IDE) FreeBSD  purpose-built embedded PC
2004 Dlink DIR-655 rev. A Proprietory appliance
2006 Linksys WRT54GL in-house exp. not deployed in the field DD-WRT mod appliance
2007 Smoothwall Express 3.0 Linux (Debian) purpose-built PC
2008 Dlink DIR-655 rev. B Proprietory appliance
2010 Linksys e2500 Proprietory appliance
2014 Dlink DIR-860L AC1200 Proprietory appliance
2014 Smoothwall Express 3.1 Linux (Debian) purpose-built PC
2016 Smoothwall Express 3.1 SSD IPS Linux (Debian) purpose-built embedded PC
2016 pfsense SSD  FreeBSD purpose-built embedded PC

Options in Corporate-grade Perimeter Firewall
  • Consumer home router $60~$150 typical, $300+ in extreme cases
  • Traditional "real" corporate router, e.g. Cisco, Sonicwall: $2500~5000 + annual license fee + support contract
  • Smoothwall (commerical): 1250 (approx. $2000) + annual license + initial installation fee + annual support contract + cost of a suitable PC
  • Smoothwall Express (GPL): $270 Linux install, config & test + PC with 2x NIC ($150~$300)

SEE ALSO


 

The following is somewhat outdated...
(but still useful)

Last Updated: December 12, 2005

1. D-Link 624 $80 Consumer-grade Gateway Router, 4-port, Wireless AP
 
2. Smoothwall Express 2.0 Linux-based Router Commerical grade Firewall & Router, optional VPN
Smoothwall-certified refurbished PC 75 300MHz 64M 4G HD, 2x NIC Red + Green (minimum specs) 90-day warranty.
Refurbish your qualifying PC 40 Must meet above minimum specs. Subject to EEE surcharge.
Each Additional NIC (Red, Blue, Orange) 25 Includes part & labor.
Smoothwall standard install, test 160  
PPTP VPN mod 50 Needed if you want to use SBS 2003 VPN Server
OpenSwan VPN 120 Add build-in SSL VPN gateway function to Smoothwall box
 
3. Monowall OpenBSD-based Router   Commerical grade Firewall & Router, optional embedded form factor
     
Monowall-certified refurbished Solid-State PC 100 150MHz 128M 64M CF, 2x NIC Red + Green (minimum specs) 90-day warranty.
Refurbish and upgrade your qualifying PC 65 Must meet above minimum specs. Subject to EEE surcharge.
Each Additional NIC (Red, Blue, Orange) 25 Includes part & labor.
Soekris Embedded PC 380  
Monowall standard install, test 125  
 
4. Clarkconnect Branch Office Integrated Server  
Standard Install 200 Out-of-Box: Samba SMB, NAT, DHCP, smtp Server.
Clarkconnect-certified purpose-built server 550  
Clarkconnect-certified refurbished PC 115 500MHz 128M 40G 2x NIC (Red + Green) 90-day warranty.
Refurbish your qualifying PC 40 Must meet above minimum specs. Subject to EEE surcharge.
Each Additional NIC (Red, Blue, Orange) 25 Includes part & labor.
     

GATEWAY ROUTER for Small Businesses: "MUST" HAVE FEATURES

BASIC OPERATIONS:
LAN DHCP on/off
LAN DHCP Scope
LAN DHCP Leases settings
LAN DHCP Leases list
LAN DHCP Reserved IP
LAN DHCP MAC capture
LAN DHCP DNS/WINS settings
LAN IP default
LAN IP customize
WAN Status (IP/gateway/dns/DHCP)
WAN IP static/dynamic
WAN DHCP Release/Renew
WAN DDNS
WAN MAC clone
DNS forward/proxy
DDNS client

Change admin Password
SSL Remote Admin (CLI & SCP)
Reboot
"Firmware" upgrade
Save Settings to NVM
Save Settings to file
Load saved settings
Restore factory defaults
Hardware Reset to Factory Defaults
 
PORT FORWARD NAT/PAT edit/add/remove
PORT FORWARD NAT/PAT full tabular list
LAN filter by IP/mac
WAN filter by IP/domain
batch update of rules (CLI?)
time-based rules
VPN pass-thru PPTP/IPsec

log access
log management
failover NIC
failover dialup

DIAG/MGMT FEATURES:
IP Diag: ping, trace, dns lookup
SSH CLI
Cable test
SNMP

 
FUNCTIONS:
routing gateway
NAT
perimeter firewall
ids
http proxy
DNS proxy/forwarder
VPN gateway
DHCP server
av


Linux/FreeBSD GW Benefits over GW appliance:
unlimited entries
unlimited sessions
multi-segment dmz
flexibility
more security options
scalable performance
ssl remote admin
ssh cli access
ids/ips
better logging
traffic graphs
QoS
more VPN options
more reliable hardware

Down side:
complexity!
more power consumption (and heat)
slightly slower boot
fan noise
bulky
specific deficiencies
 

Copyright @2005-2006   Bravo Technology Center  *  Bravo:GO  *  Contact Us