Best Bang for the Buck in Routers
Written: Jun 11 '03 (Updated Nov 30 '07)
|
Product Rating:
|
|
| Ease of Installation: |
 |
|
| Ease of Use: |
 |
|
|
Pros: Stability, Compatibility, Security, Speed, Cost.
Cons: Lack of a built-in switch, no printed manual.
The Bottom Line: A stable and secure Linux-based IP router with great VPN and firewall features for less than $500. Why pay three times that for a proprietary box?
|
|
|
| caseybarker's Full Review: Secure Computing SnapGear SME 550 (990065) Firewal... |
I purchased the SnapGear SME550 in March 2003 as a firewall and VPN router for my home network. I paid $390 at Tech Depot. I use a cable modem uplink at home and occasionally have a need to connect to my home network from work and vice-versa. My office has a Win2K-based PPTP VPN connection, so I needed at least VPN tunneling capabilities. However, I also occasionally connect my network to my friends' and family's networks for gaming and videoconferencing, so I needed router-to-router tunneling, too.
The SME550 replaced an aging Debian Linux box I had set up as my router/firewall. I actually never thought I'd have a need for a special-purpose box like this and had sworn them off for years because I could configure my Linux router to do whatever I needed, particularly NAT and VPN connections, and do it for free. However, in researching routers for my brother (who had no desire to run a separate Linux box) I came across routers offering "VPN" support. I was quickly disappointed to see that all the cheap (under $500) routers offered only minimal VPN support, at best. Some claiming "VPN support" really only supported pass-through for a limited number of sessions. Others offered minimal (and slow) IPSEC support, but none offered PPTP client/server support. On the high-end side, Cisco, Symantec, SonicWall, and WatchGuard all offered routers that, properly optioned out, could meet my needs. However, they all either cost a fortune or charged extra licensing fees per-node or per-feature. No thanks. I guess that pricing structure is common on high-end business gear, but we're talking about a home network here... An advanced one, yes, but I just couldn't see paying more than $800 to replace an ancient but serviceable PC.
For what it's worth, I recommended a $50 SMC Barricade for my brother -- exactly what he needed. I, on the other hand, was content to keep my Linux router. And I was until I came across a mention of "SnapGear" in a review. I'd never heard of them before, so I dug into their web site. The SME series looked like it had everything I'd ever need. Now, $390 is still a lot of money to pay for a home network, so I read reviews and pestered my IT friends for a month before I decided to buy it.
What really caught my attention was that I could get a simple firmware-based Linux device that would never crash a hard drive, suffer from a gummed-up fan, or need a replacement power supply, and yet still offered the configurability of Linux via a slick web interface, or by brute-force telnet if I ever needed it. I was already running a Linux-based router, so I knew the routing, NAT, and VPN services would meet my needs. If I needed to shut down the network or suffered a long power failure, I wouldn't have to worry about whether it'd come back up needing fsck. I could even talk my wife through setting it up if I had to.
As of this review (6/2003) SnapGear SME lineup includes the SME530 and the SME550. Best I can tell, the SME550 is identical to the SME530, but has more flash space and a hardware encryption engine. The extra flash space seems to allow a few more software features on the SME550, like HTTPS and SSH. They both run on SuperH cores, and seem to be newer than the rest of the SnapGear lineup (Lite, SOHO, Pro), which I understand run on ColdFire cores. From reading the press releases on the SnapGear site, I gather that they're probably migrating their new products towards the SuperH, so I made the choice to go with the SME line, assuming that they'll probably be better supported in the future. But that's just my take on what I've read -- I've not seen any indication that the other lines lack support from SnapGear.
Setup:
Now, I'm an embedded software engineer for a mobile wireless networking company, so I'm probably not the best judge of "ease of use" or the clarity of the instructions for first-time users. However, I suspect the majority of people needing the feature set of the SME550 are likewise well versed in the finer points of IP routing. That's not to say that this was a complicated device to set up -- it wasn't -- but I was able to plug it in and go without referring to the manual, and I expect most people in this market could, too.
Out of the box, it came with a power supply, a straight Cat5, and a crossover Cat5. It's got rubber feet, but also has slots in the base for screw mounting to a rack or vertical surface. It also came with a printed "Quick Install Guide," but the real manual is on a CD in PDF format. I guess if I'm going to have to look up something in a manual, I'd prefer to have a printed one, but that's a minor nitpick. Thankfully, all the stuff on the CD is also available online, including updated manuals and firmware.
Setup was a matter of plugging it into my existing network, checking which address my DHCP server had assigned it, and logging into the web page. I've read some reviews that moaned about this part -- you need a DHCP server on the network, as the SME550 comes with no default address assignment. They include a Windows program that (I assume -- I didn't use it) somehow assigns it a temporary address in case you don't have a DHCP server on the network. I can understand why some people find this inconvenient. I liked being able to plug it into my existing network and not having to worry about it colliding with some other device on the network, but I suspect that the address assignment is probably the most difficult part of the setup for most people. Perhaps some sort of "hold a switch to boot from DHCP" feature would have made this a bit easier for those circumstances. Either way, this should only pose a problem once. After it's got an accessible address, it's easy to set the permanent address through the web interface.
I guess I'm probably not a good judge of web interfaces either, having generally just set up my routes at the command line, but for what it's worth, the web interface is concise and well-organized, and at least as nice as the few other routers I've played with.
Usage:
In short, The SME550 does what it says it can do. I've not tried every VPN feature yet, and I don't have any use for the content filtering feature (which is a paid subscription service from a third party, anyhow). I also use a separate DHCP server, so I've not tried the built-in dhcpd. But every feature I've tried has worked as expected. I've used it for both sides of PPTP sessions and hosted an IPSEC tunnel. It synchronizes to a public NTP service and, in turn, serves NTP time to my LAN. I've not tried to hack into it from outside, so my only evidence that the firewall and intrusion detection are working is the occasional syslog entry showing an entry for a host that ran a port scan on me and got blacklisted. I ran a few free internet port scan tests on it (like from www.dslreports.com) and it passed with no warnings. I like that: easy-to-configure security with no surprises.
I guess I've only had this thing running for 3 months now, and I'd certainly expect even longer uptimes than that, but I've never suffered a crash or disconnect with it. I did take it down once to update the firmware (nothing critical, just like to keep up to date), but it's been running ever since.
Shortcomings:
I think the only thing that could make this product better would be a small switch for the LAN side, perhaps with a DMZ option. SnapGear offers a switch on one of their Lite routers, but not the SME line. I don't really need that yet, but it would be a nice-to-have for DMZ'ing a wireless LAN access point or other insecure link. Again, printed manuals would be nice, but I ended up just downloading the latest PDF for reference, anyhow. I was going to ding www.SnapGear.Com for their somewhat confusing web site layout, but I just visited it again and I see they're in the process of revamping it, so I'll withhold my judgment there.
Bottom line:
This is an excellent piece of gear for the price. I splurged and got the SME550 when the SME530 would probably have been more than ample for my needs, but it still came in far cheaper than the equivalent hardware from Cisco, SonicWall, or anywhere else I found. I've been very happy with my purchase and have recommended SnapGear products to other people needing similar solutions.
UPDATE (11/30/07):
Wow -- I've had this router for almost 5 years now, and it's still chugging along fine. It has never crashed, and I've had virtually no issues with the features I use.
At one point, I had updated this review with a caveat because SnapGear had removed the firmware updates from their web site. They have since rectified that problem for registered users. They still provide firmware updates every few months, even for my ancient SG550. Some of these updates have even included new features, like VLAN support, which solved my desire to DMZ some nodes.
The company itself seems to have been acquired and reacquired since I first purchased the router (CyberGuard, then Secure Computing). Since they resumed offering firmware updates, I have not had any support issues, so I'm not sure how this might have impacted them.
Recommended:
Yes
Amount Paid (US$): 390
Driver Availability: Other
|
|
|
|
Epinions.com ID:
caseybarker
|
|
Location: Orlando, FL
Reviews written: 2
Trusted by: 1 member
|
|
|
- Add to My Yahoo!: 
- Add to Google Homepage: 
© 1999-2009 Shopping.com, Inc.