Search /
Docfinder:
Advanced search  |  Help  |  Site map
RESEARCH CENTERS
SITE RESOURCES
Click for Layer 8! No, really, click NOW!
Networking for Small Business
TODAY'S NEWS
SP2 beta for Windows Server 2008, Vista available
Nokia's new N97 vs. the iPhone: Latest smartphone showdown
Wanted: A long-term data center strategy
FastSoft technology speeds downloads for Getty Images
Open source developers set out software road map for 2020
VMware expands desktop virtualization capabilities
FBI warns of holiday cyber scams
Cisco renews call for national broadband strategy
Apple antivirus advice 'big to-do about nothing'
U.S. Open used Web filtering to prevent online gambling
Google Earth used by terrorists in India attacks
Verizon trounces competition in wireless quality survey
Mumbai terrorist attacks don't deter technology companies
Google layoffs: 10,000 jobs being cut, report claims
Experts to Feds: Sign the DNS root ASAP


/
Send to a friend Feedback

Residential Gateways

SMC's Barricade comes out on top in our showdown.

Related linksToday's breaking news
Send to a friendFeedback

By Paul Ferrill
NET.WORKER, 10/22/01

We recently tested seven residential gateway devices to see which products offer the best overall solution for the task. Products tested included the Cayman WE-H-W; D-Link DI-713P; Linksys BEFW11S4; Netgear MR314; SMC SMC7004ABR Barricade; MaxGate UGate-3200P; and Macsense Xrouter Aero. Four of the products we tested (D-Link DI-713P, Linksys BEFW11S4, Netgear MR314 and Macsense Xrouter Aero) also offer wireless network access points, although we did not specifically test those features.

Calling a clear winner out of the seven contenders was not an easy task. All products offer a basic set of features and provide reasonably comparable performance. The SMC7004ABR Barricade barely edged out the Netgear MR314, winning out Blue Ribbon Award. Both products offer a number of features that the others don't, including extra firewall protection, e-mail notification of events and extra management capabilities. The SMC7004ABR Barricade looks even more attractive when you see its price is between half to a quarter of the competition.

Performance

We looked at performance from two perspectives. We first wanted to see how each product handled the situation in which one workstation was transferring a large file and another workstation attempted to access a Web site. We also looked at the transfer rate between two workstations connected to the gateway and between a workstation and a server on another network. For the server transfer speed tests we connected the WAN port on each gateway to another switch that had a single Windows 2000 server on it.

In the first case, all the products were essentially even in handling the data transfer and Web site access problem. For the second case we timed how long it took to transfer files between two workstations connected to the router/switch and to a server connected through the WAN port to another 10/100 switch. While the workstation-to-workstation numbers were relatively even, the workstation-to-server numbers varied. The Cayman and Macsense products were neck and neck in this test, while the D-Link and SMC boxes were a little behind, tying for second. The MaxGate box was the slowest of the bunch in this test.

How we did it
Fixed wireless fills a niche
Scorecard and Net Results
Subscribe to the Net.Worker newsletter

These gateways serve two communications functions, one that connects your local network to the Internet, the other that connects devices in your local network to one another. We tested the speed of the gateways two ways. First we connected a Compaq ProLiant 5500 server running Windows 2000 Server through a Linksys 10/100 Ethernet switch on the Internet side of the device, and one of our PCs on the local side, and measured the speed of transferring a large file using FTP from a DOS window. We used a local computer to perform this test so we wouldn't have to deal with the constantly varying performance of the Internet. Our other test used two Compaq iPaq computers on the local side of the gateway to perform the same file transfer. We measured the throughput both ways.

Because the speed to the Internet is limited by your DSL or cable modem, we gave any score of 1.5M bit/sec or more a full 100% score. On the local side, we looked at relative performance. We gave the fastest device full points, and the rest a relative score based on their comparative speeds. We combined the two scores with a weighting of 60% for the Internet test and 40% for the local test. We ran all the tests twice and found the results to be consistent between tests. Still, there were some surprises. The Cayman box did well in the Internet server test, but poorly in the local peer-to-peer test. On the other hand, the MaxGate box did well in the local peer-to-peer test, but poorly in the Internet server test. All devices did well enough, but the higher scoring gateways give you a bit of room for growth, which will be nice if the broadband standards are enhanced.

The use of URL filtering at the gateway will also affect performance. The more entries you have in a URL search list, the longer it will take.

Management

Determining what policies you use for the gateway in terms of monitoring and/or filtering content must be decided before you purchase a product. This upfront work will help you choose the product that has the features most suited to your tasks. All the products we tested offer some basic level of filtering, letting you turn on or off specific IP ports. With this capability, you can block features like FTP, e-mail and Instant Messaging.

Most of the products support the concept of a virtual server or port mapping services. For example, all incoming HTTP or Web traffic that was sent to you could normally go to the IP address of the the gateway, and then be redirected to a specific machine on your network. To the Internet it would look like you were accessing a Web server at the IP address of the gateway while it actually gets forwarded to the designated machine. Each type of traffic for which you wish to set up a virtual server must be specifically configured using the Web-based administration function.

Another feature that all of the products support is the ability to designate one computer on the LAN to be exposed to all users on the Internet for unrestricted access. The primary use for the demilitarized zone (DMZ) feature is to support applications, such as Internet gaming, that won't run properly behind a firewall. Once you turn the DMZ feature on and specify a workstation as a DMZ host, you have effectively turned off all security features for that system.

One of the advantages of installing a gateway device between your computer and the Internet is the inherent protection they provide. All the products we tested offer network address translation (NAT) services. With NAT your computer's IP address is never exposed to the Internet. Only the gateway is connected directly to the Internet, and it handles all the address translation between the internal network addresses and the Internet.

We liked how the SMC Barricade provided some additional firewall capabilities to block common hacker attacks. Some of the attack techniques it handles includes IP spoofing, Land Attack, Ping of Death, IP with zero length, Smurf Attack, user datagram protocol port loopback, Snork Attack, TCP null scan and TCP SYN flooding. While we couldn't directly test these features, the company claims that enabling the firewall does not significantly affect system performance.

Several of the products offer a logging capability. The Netgear MR314 keeps a log of up to 128 entries listing Web sites that were accessed or blocked from access. You can even configure it to send a copy of the log to a specific e-mail address periodically or when the log becomes full. The UGate-3200P also offers logging of outgoing and incoming traffic. If you have configured a machine on your network using the DMZ or virtual server features, you can log all traffic into those machines. The only drawback is that there is no provision for saving any of these logs on the UGate-3200P.

Dynamic Domain Name Service (DDNS) is a newer concept that addresses the need of mapping a dynamic IP address to a fixed name for a Web or mail server. Two of the products we tested, the Netgear MR314 and the MaxGate UGate-3200P, come with built-in support for DDNS. The UGate-3200P uses TZO.com for their DDNS provider and offers one year of free service with the purchase of the product. Netgear directs users to dyndns.org to establish their dynamic name service.

Several of the gateway products let you back up and restore the current settings. This may not sound useful, but if you've configured even a fraction of the settings that these devices let you change, you'll appreciate the chance to save them. The Netgear MR314 provides the restore and backup to/from a file and also lets you erase the configuration to set it back to the original factory settings. The D-Link DI-713P has the same back-up setting capability, although you must use the firmware upgrade option to restore the settings. It also has a Restore Defaults button to return the box to the factory settings. The SMC Barricade lets you save and restore the configuration settings to and from a file on your PC.

Controlling access out of the gateway to the Internet is an area of particular interest if you don't want a teleworker's children to use the computer in harmful ways. Several products let you define groups with specific access rights and designate group membership for each workstation. The MaxGate UGate-3200P provides a URL filter capability that lets you specify full or partial Web addresses that you want blocked. The manual cautions you to be careful in how you pick your partial addresses because you could essentially block a large number of sites with a nonspecific address.

The SMC Barricade lets you filter Internet access for local clients based on IP address, application type or time of day. You can also combine these filters to do things such as block FTP traffic every day between 7 and 10 a.m. You could also permanently restrict access to a specific protocol for all workstations.

The D-Link DI-713P and the SMC Barricade let you specify the IP address of a remote administrator host to enable access to the Web configuration interface remotely. The default address is set to 0.0.0.0 and will let any computer connect to the administration interface if you enable remote administration. The Macsense Xrouter Aero allows external administration, but it must come to the address of the router and use the standard username/password authentication process. If you choose to enable remote management for your gateway, be sure to change the default administrator name and password to prevent any unauthorized access to your system.

All products support DHCP in both client and server mode. On the client side, all the boxes will query and use an IP address as assigned by a host DHCP server at your ISP. As a server the gateway will provide IP addresses to all client machines on your network. The actual addresses are specified using the Web-based management tools. Several products provide a release/renew button that let you manually reset the address assigned by your ISP. This procedure can sometimes become necessary if your DSL or cable modem has a power cycle, or if your ISP experiences network problems.

Another nice feature that almost all of the products provide is a status page. This gives you information about the current status of the gateway including data transmission statistics and the current state of the client machines. We found the Cayman WE-H-W offered the most amount of status information about the internal workings of the gateway and the external systems that it was connected to.

Features

All products we tested have a relatively common set of features. The Cayman WE-H-W has eight ports, the most of any gateway we tested, although it only supports 10M-bit/sec connections. The MaxGate UGate-3200P was next with seven and fully supports 10M- or 100M-bit/sec connections. The rest of the products have four ports, with the exception of the D-Link box with three.

There's something about blinking lights that give a quick positive feedback that things are working. All the tested boxes have LED indicators on the front to show the status of each network port, the WAN port, and to indicate that the power is on. None of the gateways we tested had a power switch. Once you plug the power adapter in, you're powered on. On the practical side, no switch means one less thing to worry about that could take your gateway down.

In terms of size, the SMC Barricade was the smallest of the products we tested. We weren't sure we liked the arrangement of connectors on the front, but it is essentially the same configuration you'd expect on a higher-end hub or switch. Depending on where you place your unit, having the connectors on the rear of the box may be more convenient. The Cayman WE-H-W also has its RJ-45 connectors on the front of the box. The rest of the gateways have their connectors on the rear of the box. The largest box we tested was the MaxGate UGate-3200P, although it wasn't large enough to cause any placement problems.

The SMC Barricade and the D-Link DI-713P were the only two products we tested that offer a back-up connectivity option using a COM port and an external modem to connect to the Internet. Each product's manual describes how to set up the COM port using the Web-based management tool. We couldn't find a way to run a script file on the Barricade or the DI-713P, which is required by many larger ISPs to connect to their network. Without that capability the feature is somewhat limited.

Three of the products we tested (D-Link DI-713P, MaxGate UGate-3200P, and SMC Barricade) come equipped with a printer port that lets the box also function as a print server. Installing the software for the D-Link box was straightforward, and it worked without a problem. As with the other products, you must load a port driver that watches the printer port and then redirects the output to the IP address of the gateway box.

The SMC Barricade essentially uses the same technique as the D-Link box. The software installation gave us some trouble and required the longest time to get it to work. We finally got it to work after installing the latest version of firmware from the SMC Web site.

The MaxGate UGate-3200P product also comes with a printer port, and printing to it worked the first time. MaxGate supports a peer-to-peer model where each printer spools its own print jobs or a central print spooler if you have a Windows NT 4.0 machine on the network. The peer-to-peer model requires that a driver be loaded on each machine. For the NT-based printing, each machine must have Microsoft TCP/IP printing installed.

Several gateways provide features to support VPN. The SMC7004ABR Barricade provides VPN support using Point-to-Point Tunneling Protocol (PPTP), Layer 2 Tunneling Protocol or IP Security (IPSec) pass-through. The Linksys BEFW11S4 and Xrouter Aero also support PPTP and IPSec. When you enable PPTP on the gateway, you essentially pass this encrypted traffic through the firewall without making any attempt to decode it. All the VPN encryption and decryption functions take place on the client machine.

While the focus of this review was not wireless access, we received a number of units with built-in 802.11 wireless access: the Cayman 2E-H-W, D-Link DI-713P, Linksys BEFW11S4, Netgear MR314 and Macsense Xrouter. We verified that the wireless capabilities worked but did not attempt to do any performance measurements.

Documentation

All the products we tested offer electronic copies of their documentation. All manufacturers provide their manuals on CD-ROM in PDF format. We found the UGate-3200P manual to have good graphics, including color images. The company also includes instructions for using the device with Macintosh computers.

We really liked the fact that D-Link has included a video-based installation CD-ROM with complete "how-to" instructions in a series of AVI files. You'll need Windows Media Player and some speakers to view the video. There's also an HTML version of the Quick Start Guide to get you up and running in a hurry.

Installation and configuration

Every product we tested was a breeze to install. We used the default settings in every case, and these worked fine. As long as you have your workstations configured to use DHCP to obtain their IP address, you shouldn't have any problems.

We found the Macsense Xrouter Aero to have the best configuration interface of the group. It uses a "One Page Setup" screen containing all the pertinent information needed to get the box up and running.

Choosing the right gateway device may eventually come down to price. All products we tested will get the job done with some variation in features. If you really want the extended firewall protection capabilities then you'll want to go with the SMC Barricade. If you need extra ports for connecting additional computers then you'll want to look at the MaxGate UGate-3200P or another version of the SMC Barricade that includes eight ports.

Back to the Technology Insider index page

Related Links

Ferrill is an electrical engineer and freelance writer in Lancaster, Calif. He has been using and writing about network management software for more than 10 years. He can be reached at paul.ferrill@verizon.net.

How we did it
Details on how we tested the residential gateway devices.

Scorecard and Net Results

Residential gateways blend work, fun
Security and ease of use top remote manager's list of concerns.
Net.Worker, 01/15/01.

Efficient releases low-priced starter home gateway
Efficient Networks Inc. released on Wednesday a US $149 residential gateway to make it easy for users to share broadband at home
Net.Worker, 02/09/01.

Fixed wireless fills a niche
When you think broadband, the first things that come to mind are probably DSL and cable modem. But fixed wireless is becoming an option for broadband Internet connectivity.

Apply for your free subscription to Network World. Click here. Or get Network World delivered in PDF each week.

Get Copyright Clearance
Request a reprint or permission to use this article.

To top

NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.
* HOME    * RESEARCH CENTERS     * NEWS     * EVENTS

Contact us | Terms of Service/Privacy | How to Advertise
Reprints and links | Partnerships | Subscribe to NW
About Network World, Inc.

Copyright, 1994-2006 Network World, Inc. All rights reserved.