Billion BiGuard S20 with OTP review
Billion was one of the first to offer small businesses an affordable SSL VPN appliance solution, and its BiGuard S10 (web ID: 100213) impressed us sufficiently to earn it a coveted Recommended award. We now turn to its bigger brother, the BiGuard S20, and also take a closer look at Billion’s optional OTP (one time password) solution that’s designed to deliver simple, two-factor authentication.
The S20 delivers the same features as the S10, but supports up to 20 simultaneous SSL VPN tunnels and comes with eight switched Fast Ethernet ports plus a high-speed gigabit uplink port. You also get a pair of WAN ports for link failover and load balancing. And the S20 offers an SPI firewall.
Installation is simple and the OTP functions are handled by the bundled Authenex RADIUS server software. For testing, we installed this on a Windows Server 2003 R2 system. Configuration won’t take long since you hand the RADIUS server the IP address of the S20, enter a shared secret and create your users. When you purchase the OTP package, the Authenex software comes preconfigured to function only with the tokens supplied with it. Their serial numbers appear in the management interface, where you assign them to users and add a unique PIN for each one.
From the appliance’s browser interface, you create a RADIUS domain, provide the IP address and shared secret of the RADIUS server, and also manually declare its users. You don’t need to enter a password, but it’s required if the appliance is to determine what network resources are allowed for each account. Remote users won’t need much training to use the OTP logins, as they point their web browser at the appliance’s WAN port and select the RADIUS domain. After entering their username, they press the button on the token and enter their own PIN plus the number displayed.
You’ll find dishing out network resources very easy. Three access options are provided, where the Network Extender uses an ActiveX plug-in at the client to provide an encrypted connection to the LAN. This is the most basic SSL VPN, which allows users secure access to all IP-based resources on the main network. The Transport Extender is used to fine-tune access levels, since this option allows specific protocols and ports to be advertised to clients.
The Network Place allows users to access shared LAN resources. Selecting this option brings up a new window that displays available domains, workgroups and advertised shares, allowing users to upload and download files. You can also create custom packet and MAC address filters, bring in bandwidth management and apply QoS parameters for ensuring bandwidth to selected services.
With its OTP solution, Billion jumps ahead of the competition, since most have yet to offer this option. And even if you don’t want it, you’ll still find the S20 offers some of the best SSL VPN features at this price point.