OvisLink SG-1000 Security Gateway review
We’ve seen some interesting SME broadband products from OvisLink recently. Its Security Gateway range continues this tradition by offering a useful selection of security features, which include bandwidth-management tools for inbound and outbound traffic.
The SG-1000 is a simple desktop box with four switched Fast Ethernet ports and a single WAN port. Installation is a swift affair, but bear in mind that you’ll need to provide your own ADSL modem and the unit doesn’t support PPPoA. As we were testing over BT Broadband, we had to come up with an alternative solution, which requires selecting the Cable User setting for the WAN port. This involved using an Actiontec intelligent modem that dealt with the PPPoA ISP connection and dished out DHCP and DNS information to the router via its own Ethernet port.
The web interface is well designed and your first task is to decide on transparent or NAT routing. We opted for the latter, as it’s the easier of the two to use. Next up is firewall configuration, as the appliance defaults to blocking traffic in both directions. The manual helps set up your first policy, which allows outbound Internet access for the LAN and blocks all unsolicited inbound traffic. Creating custom policies for restricting access is a lot easier than with many other SME appliances we’ve reviewed. First, you create lists of IP or MAC addresses in the LAN or WAN that you want policies to be applied to. Next, you select a service from the extensive predefined list or create your own custom service and port associations. For simple service blocking, that’s all you need to do, as you just select from your list of addresses, pick the service from the drop-down list and choose to block it. Services can be placed in user-defined groups, so one policy could be used to control access to multiple services.
You can go a lot further by assigning QoS (quality of service) parameters to inbound and outbound traffic, expressed in Kb/sec. With this in place, you could allow access to a service but limit the amount of available bandwidth in both directions. Authentication can also be applied by creating a list of usernames and passwords. Including this in a policy means any user on the address list will have to provide valid credentials before using the specified service. Multiple schedules can be created and included in a policy, so it’s active only during certain times of the day and week. Logging may be activated for each policy and a traffic threshold set that will send out alerts if the policy exceeds them.
The content-filtering feature doesn’t add much value, as it’s merely a tool for blocking access to a list of up to 300 URLs and not a managed service. A setting is also provided for blocking pop-ups, ActiveX and Java content and cookies. Along with support for multiple virtual servers, the appliance offers a useful logging facility and bandwidth-utilisation graphs.
At this price, it’s a shame there’s no wireless access. Even so, the SG-1000 offers a good range of bandwidth-management capabilities and extensive service access policies, which are simple to configure.