Roles: NAT
Gateway, Firewall, VPN, Web Proxy, IM proxy, IDS, IPS, DNS, DDNS, DHCP
Server, NTP
First
Published: Aug 19, 2005
Last updated: May
15, 2017
A router is a multi-homed
host. There is no such thing as a
so-called hardware- or software-router. They are
always both. The topology (host-based
vs at-perimeter, and layers) determines what it can do: Pro
& cons (neither is superior). Both are mandatory. Just a OSI layer 3 TCP/IP
tool for specific purposes. It has no magical power to render you
invincible. It is also not resposible for 99% of
your software not working (as oft-blamed).
Bravo
Officially Supported Routers
Year |
Product |
O.S. Platform |
Device |
1995 |
Sygate |
Win95 OSR2 |
used PC see Bravo PMS history |
1997 |
Kerio WinRoute Pro |
Win95 OSR2.5 |
used PC |
1998 |
O.S. native NAT router & firewall
features |
Win98 SE |
used PC |
1999 |
Microsoft Proxy Server (aka
ISA/Forefront) |
NT4 Server |
purpose-built additional
Server |
2000 |
D-link Residential Firewall |
Proprietory |
appliance |
2001 |
Linksys BESFR11 |
Proprietory |
appliance |
2003 |
D-link DIR-624 |
Proprietory |
appliance |
2003 |
Smoothwall Express 2.0 |
Linux (Debian) |
used PC |
2004 |
Monowall
1.2 (SSD via CF-to-IDE) |
FreeBSD |
purpose-built embedded PC |
2004 |
D-link
DIR-655 rev. A |
Proprietory |
appliance |
2006 |
Linksys
WRT54GL in-house exp. not deployed in the field |
DD-WRT mod |
appliance |
2007 |
Smoothwall Express 3.0 |
Linux (Debian) |
purpose-built PC |
2008 |
D-link
DIR-655 rev. B |
Proprietory |
appliance |
2010 |
Linksys
e2500 |
Proprietory |
appliance |
2014 |
D-link
DIR-860L AC1200 |
Proprietory |
appliance |
2014 |
Smoothwall
Express 3.1 |
Linux (Debian) |
purpose-built PC |
2015 |
D-link DSR
150/250/500 |
|
|
2016 |
*Smoothwall
Express 3.1 SSD IPS |
Linux (Debian) |
purpose-built SoC PC |
2016 |
pfsense
SSD + opt. HDD (or external logs) |
FreeBSD |
purpose-built SoC PC |
2017 |
Ubiquiti
EdgeRouter series |
VyOS |
appliance (metal chassis) |
Bold type indicates product
is/was designated as Official Recommendation
Highlights: Currently
Supported (recommended), and EOL
Pending / for non-critical
deployment *For existing SWX sites only, not new deployment
Options
in Corporate-grade Perimeter Firewall
- Consumer home
router $60~$150 typical, $300+ in extreme cases
- Traditional "real" corporate router, e.g. Cisco, Sonicwall:
$2500~5000 + annual license fee + support contract
- Smoothwall
(commerical): £1250 (approx. $2000) + annual license + initial
installation fee + annual support contract + cost of a suitable PC
- Smoothwall
Express (GPL): $120 Linux install, config & test +
PC with 2× NIC ($150~$300)
- PFsense: up to $120 BSD install, config & test + SoC PC 5× NIC ($150~$300)
SEE
ALSO
END OF CURRENT SECTION
The following section is outdated...
but still insightful, just not accurate in specifics |
Last
Updated: December 12, 2005
|
|
1. D-Link 624 |
$80 |
Consumer-grade Gateway Router, 4-port, Wireless
AP |
|
|
2. Smoothwall Express 2.0
Linux-based Router |
Commerical grade Firewall & Router,
optional VPN |
Smoothwall-certified
refurbished PC |
75 |
300MHz 64M 4G HD, 2x NIC Red + Green (minimum
specs) 90-day warranty. |
Refurbish your qualifying PC |
40 |
Must meet above minimum specs. Subject to EEE
surcharge. |
Each Additional NIC (Red,
Blue, Orange) |
25 |
Includes part & labor. |
Smoothwall standard install,
test |
160 |
|
PPTP VPN mod |
50 |
Needed if you want to use SBS 2003 VPN Server |
OpenSwan VPN |
120 |
Add build-in SSL VPN gateway function to
Smoothwall box |
|
|
3. Monowall OpenBSD-based
Router |
|
Commerical grade Firewall & Router,
optional embedded form factor |
|
|
|
Monowall-certified
refurbished Solid-State PC |
100 |
150MHz 128M 64M CF, 2x NIC Red + Green (minimum
specs) 90-day warranty. |
Refurbish and upgrade your
qualifying PC |
65 |
Must meet above minimum specs. Subject to EEE
surcharge. |
Each Additional NIC (Red,
Blue, Orange) |
25 |
Includes part & labor. |
Soekris Embedded PC |
380 |
|
Monowall standard install,
test |
125 |
|
|
|
4. Clarkconnect Branch
Office Integrated Server |
|
Standard Install |
200 |
Out-of-Box: Samba SMB, NAT, DHCP, smtp Server. |
Clarkconnect-certified
purpose-built server |
550 |
|
Clarkconnect-certified
refurbished PC |
115 |
500MHz 128M 40G 2x NIC (Red + Green) 90-day
warranty. |
Refurbish your qualifying PC |
40 |
Must meet above minimum specs. Subject to EEE
surcharge. |
Each Additional NIC (Red,
Blue, Orange) |
25 |
Includes part & labor. |
|
|
|
|
|
GATEWAY
ROUTER for Small Businesses: "MUST" HAVE FEATURES
|
BASIC OPERATIONS:
LAN DHCP on/off
LAN DHCP Scope
LAN DHCP Leases settings
LAN DHCP Leases list
LAN DHCP Reserved IP
LAN DHCP MAC capture
LAN DHCP DNS/WINS settings
LAN IP default
LAN IP customize
WAN Status (IP/gateway/dns/DHCP)
WAN IP static/dynamic
WAN DHCP Release/Renew
WAN DDNS
WAN MAC clone
DNS forward/proxy
DDNS client
Change admin Password
SSL Remote Admin (CLI & SCP)
Reboot
"Firmware" upgrade
Save Settings to NVM
Save Settings to file
Load saved settings
Restore factory defaults
Hardware Reset to Factory Defaults
|
PORT FORWARD NAT/PAT edit/add/remove
PORT FORWARD NAT/PAT full tabular list
LAN filter by IP/mac
WAN filter by IP/domain
batch update of rules (CLI?)
time-based rules
VPN pass-thru PPTP/IPsec
log access
log management
failover NIC
failover dialup
DIAG/MGMT FEATURES:
IP Diag: ping, trace, dns lookup
SSH CLI
Cable test
SNMP
|
FUNCTIONS:
routing gateway
NAT
perimeter firewall
ids
http proxy
DNS proxy/forwarder
VPN gateway
DHCP server
av |
Linux/FreeBSD GW Benefits over GW appliance:
unlimited entries
unlimited sessions
multi-segment dmz
flexibility
more security options
scalable performance
ssl remote admin
ssh cli access
ids/ips
better logging
traffic graphs
QoS
more VPN options
more reliable hardware
Down side:
complexity!
more power consumption (and heat)
slightly slower boot
fan noise
bulky
specific deficiencies
|