BRAVO TECHNOLOGY CENTER

Perimeter Routers by Sam C. Chan
 
Roles:  NAT Gateway, Firewall, VPN, Web Proxy, IM proxy, IDS, IPS, DNS, DDNS, DHCP Server, NTP

First Published: Aug 19, 2005
Last updated: May 15, 2017

A router is a multi-homed host. There is no such thing as a so-called hardware- or software-router. They are always both. The topology (host-based vs at-perimeter, and layers) determines what it can do: Pro & cons (neither is superior). Both are mandatory. Just a OSI layer 3 TCP/IP tool for specific purposes. It has no magical power to render you invincible. It is also not resposible for 99% of your software not working (as oft-blamed).

Bravo Officially Supported Routers

Year Product O.S. Platform Device
1995 Sygate Win95 OSR2 used PC see Bravo PMS history
1997 Kerio WinRoute Pro Win95 OSR2.5 used PC
1998 O.S. native NAT router & firewall features Win98 SE used PC
1999 Microsoft Proxy Server (aka ISA/Forefront) NT4 Server purpose-built additional Server
2000 D-link Residential Firewall Proprietory appliance
2001 Linksys BESFR11 Proprietory appliance
2003 D-link DIR-624 Proprietory appliance
2003 Smoothwall Express 2.0 Linux (Debian) used PC
2004 Monowall 1.2 (SSD via CF-to-IDE) FreeBSD  purpose-built embedded PC
2004 D-link DIR-655 rev. A Proprietory appliance
2006 Linksys WRT54GL in-house exp. not deployed in the field DD-WRT mod appliance
2007 Smoothwall Express 3.0 Linux (Debian) purpose-built PC
2008 D-link DIR-655 rev. B Proprietory appliance
2010 Linksys e2500 Proprietory appliance
2014 D-link DIR-860L AC1200 Proprietory appliance
2014 Smoothwall Express 3.1 Linux (Debian) purpose-built PC
2015 D-link DSR 150/250/500
2016 *Smoothwall Express 3.1 SSD IPS Linux (Debian) purpose-built SoC PC
2016 pfsense SSD + opt. HDD (or external logs) FreeBSD purpose-built SoC PC
2017 Ubiquiti EdgeRouter series VyOS appliance (metal chassis)

Bold type  indicates product is/was designated as Official Recommendation
Highlights: Currently Supported (recommended), and  EOL Pending  / for  non-critical deployment *For existing SWX sites only, not new deployment
Options in Corporate-grade Perimeter Firewall
  • Consumer home router $60~$150 typical, $300+ in extreme cases
  • Traditional "real" corporate router, e.g. Cisco, Sonicwall: $2500~5000 + annual license fee + support contract
  • Smoothwall (commerical): £1250 (approx. $2000) + annual license + initial installation fee + annual support contract + cost of a suitable PC
  • Smoothwall Express (GPL): $120 Linux install, config & test + PC with 2× NIC ($150~$300)
  • PFsense: up to $120 BSD install, config & test + SoC PC 5× NIC ($150~$300)

SEE ALSO


 END OF CURRENT SECTION

The following section is outdated... but still insightful, just not accurate in specifics

Last Updated: December 12, 2005

1. D-Link 624 $80 Consumer-grade Gateway Router, 4-port, Wireless AP
 
2. Smoothwall Express 2.0 Linux-based Router Commerical grade Firewall & Router, optional VPN
Smoothwall-certified refurbished PC 75 300MHz 64M 4G HD, 2x NIC Red + Green (minimum specs) 90-day warranty.
Refurbish your qualifying PC 40 Must meet above minimum specs. Subject to EEE surcharge.
Each Additional NIC (Red, Blue, Orange) 25 Includes part & labor.
Smoothwall standard install, test 160  
PPTP VPN mod 50 Needed if you want to use SBS 2003 VPN Server
OpenSwan VPN 120 Add build-in SSL VPN gateway function to Smoothwall box
 
3. Monowall OpenBSD-based Router   Commerical grade Firewall & Router, optional embedded form factor
     
Monowall-certified refurbished Solid-State PC 100 150MHz 128M 64M CF, 2x NIC Red + Green (minimum specs) 90-day warranty.
Refurbish and upgrade your qualifying PC 65 Must meet above minimum specs. Subject to EEE surcharge.
Each Additional NIC (Red, Blue, Orange) 25 Includes part & labor.
Soekris Embedded PC 380  
Monowall standard install, test 125  
 
4. Clarkconnect Branch Office Integrated Server  
Standard Install 200 Out-of-Box: Samba SMB, NAT, DHCP, smtp Server.
Clarkconnect-certified purpose-built server 550  
Clarkconnect-certified refurbished PC 115 500MHz 128M 40G 2x NIC (Red + Green) 90-day warranty.
Refurbish your qualifying PC 40 Must meet above minimum specs. Subject to EEE surcharge.
Each Additional NIC (Red, Blue, Orange) 25 Includes part & labor.
     

GATEWAY ROUTER for Small Businesses: "MUST" HAVE FEATURES

BASIC OPERATIONS:
LAN DHCP on/off
LAN DHCP Scope
LAN DHCP Leases settings
LAN DHCP Leases list
LAN DHCP Reserved IP
LAN DHCP MAC capture
LAN DHCP DNS/WINS settings
LAN IP default
LAN IP customize
WAN Status (IP/gateway/dns/DHCP)
WAN IP static/dynamic
WAN DHCP Release/Renew
WAN DDNS
WAN MAC clone
DNS forward/proxy
DDNS client

Change admin Password
SSL Remote Admin (CLI & SCP)
Reboot
"Firmware" upgrade
Save Settings to NVM
Save Settings to file
Load saved settings
Restore factory defaults
Hardware Reset to Factory Defaults  
PORT FORWARD NAT/PAT edit/add/remove
PORT FORWARD NAT/PAT full tabular list
LAN filter by IP/mac
WAN filter by IP/domain
batch update of rules (CLI?)
time-based rules
VPN pass-thru PPTP/IPsec

log access
log management
failover NIC
failover dialup

DIAG/MGMT FEATURES:
IP Diag: ping, trace, dns lookup
SSH CLI
Cable test
SNMP  
FUNCTIONS:
routing gateway
NAT
perimeter firewall
ids
http proxy
DNS proxy/forwarder
VPN gateway
DHCP server
av

Linux/FreeBSD GW Benefits over GW appliance:
unlimited entries
unlimited sessions
multi-segment dmz
flexibility
more security options
scalable performance
ssl remote admin
ssh cli access
ids/ips
better logging
traffic graphs
QoS
more VPN options
more reliable hardware

Down side:
complexity!
more power consumption (and heat)
slightly slower boot
fan noise
bulky
specific deficiencies  

Copyright @2005-2006   Bravo Technology Center  *  Bravo:GO  *  Contact Us