Billion BiGuard S3000 review
Along with offering a wide range of routing and firewall products, Billion has focused on affordable SSL VPN appliances for SMBs. The BiGuard S3000 is one of a pair of new appliances that still keeps a close eye on value but targets businesses that have more than twenty mobile and remote workers and also want dual redundant WAN links.
The S3000 offers high speed network ports all round as the eight LAN and two WAN ports are all the Gigabit variety and the latter support load balancing and link failover. Out of the box the S3000 supports ten simultaneous SSL VPN tunnels but this can be upgraded to a maximum of fifty. You can also use the S3000 as a firewall but if you don’t need this it can be dropped into a DMZ.
The well designed web interface makes installation a simple enough process and for testing we gave the WAN port a static IP address and placed the appliance between our LAN resources and test client systems. There’s a good range of user authentication options as the S3000 offers an internal database or it can integrate with AD, LDAP, NT domain and RADIUS servers. Each authentication method is defined as a different domain and groups keep users organised into the appropriate domain.
The S3000 offers three client access methods with the Network Extender using a client-based ActiveX plug-in to provide an encrypted connection to all resources on the LAN. You may not want to grant this level of access and the Transport Extender allows you to advertise specific protocols and ports to clients. The Network Place provides remote users with access to shared LAN resources and selecting this option from the portal page brings up a new window showing available domains, workgroups and advertised shares allowing users to upload and download files.
Billion also offers a smart token-based OTP (one time password) option which looks very good value. The package comes complete with the Authenex ASAS RADIUS server software which we would recommend installing on a clean, dedicated machine. Once loaded you give the IP address of the S3000 to the RADIUS server, provide a shared secret and create users.
The OTP package you receive has the Authenex software preconfigured to function with the supplied tokens and their serial numbers are automatically added to the server’s management interface. You need to declare the RADIUS server in a new authentication domain on the S3000 and manually add users so you can decide what network resources they can access. Minimal training is required as remote users select the RADIUS domain in the login portal, provide their user name and enter their PIN plus the number displayed by the token as their password.
The S3000 offers a number of other useful features including custom packet and MAC address filters, bandwidth management, QoS for selected services and basic URL filtering. End point security can also be enforced by checking on the remote system for specific OSes, patches, browsers, registry keys and anti-virus software.
There’s little to touch the S3000 as it offers an excellent range of features at a very affordable price. It’s easy enough to configure and deploy and the OTP option adds another level of security that looks well worth the extra outlay.