Funkwerk bintec X2250 WLAN review
While many small-business security appliances offer a good range of features, their approach to wireless encryption is all or nothing. In general, if you want WEP or WPA encryption enabled then all your clients will have to use it. A key feature of the X2250 is support for multiple SSIDs (service set identifiers), allowing administrators to dish out different security policies and encryption levels to their clients dependent on the SSID they connect to.
But there’s much more to this little box of tricks, as it has an internal ISDN terminal adaptor for providing a failover Internet connection. True, thanks to BT’s pricing policies, ISDN demand is drying up in the UK, but that doesn’t phase the X2250 as its serial management port also accepts a standard V.90 modem, which can act an a secondary dial-up link instead. The WAN ports work with ADSL or cable modems, and we tested with a basic ActionTec intelligent ADSL modem. Installation got off to a good start, as Funkwerk’s management interface offers plenty of wizard-based help, but Internet access wasn’t so easy. By default, the router’s NAT/SPI firewall is switched on and rules are applied to both Ethernet ports to block all traffic – even DHCP requests – so this needs to be modified on the WAN port before proceeding further.
General configuration could be made a lot easier. Although Funkwerk has finally implemented a browser interface, apart from the wizards this merely mirrors the CLI interface that hasn’t changed for many years. Small businesses with limited IT expertise may find it complicated and difficult to navigate. But if you’re prepared to get down and dirty, you’ll find the X2250 is one powerful appliance.
The wireless settings are the most interesting. You can create multiple WLAN interfaces, allow up to 48 clients to connect and choose from a range of encryption and authentication methods for each SSID. Each interface can have individual allow and deny MAC address lists, along with its own firewall filtering rule sets. In routing mode, you can also assign different DHCP services to each WLAN interface, so clients can be placed in different IP subnets depending on the SSID they associate with. AP-to-AP links can also be created for increased range, and support for WPA2 is expected by the end of the year.
These wireless features are impressive, but Microsoft itself is a small fly in Funkwerk’s ointment. The Windows XP zero-configuration wireless client gets upset when multiple SSIDs are being broadcast on the same wireless channel. So to get round this, you must manually enter the SSID you want to connect to.
The X2250 offers web-content filtering using a hosted service provided by Internet Security Systems (ISS). About 24 suspect content categories are provided and custom profiles can be applied to different interfaces and activated according to time schedules. QoS can be applied to VoIP traffic, although only the H.323 protocol is currently supported, with SIP coming later this year. The X2250 even supports router redundancy using primary and secondary units.
Funkwerk really needs to work on how it presents these myriad features as the CLI and browser interfaces aren’t intuitive and the documentation isn’t helpful at all. Nevertheless, we found the X2250 a powerful security router with some very interesting wireless options.