Up and Running

I breezed through the Web-based installation of the BCG700; the only option in the basic setup not typically found in other gateways is the time zone option. The BCG700 has built-in stateful packet inspection and an anti-DoS (denial of service) firewall. An anti-attack algorithm in the gateway sends an e-mail each time it detects attacks, such as port scans, IP spoofing or WinNuke.

The access-control feature lets the administrator restrict Internet access to specific machines on the network. From here, particular Web sites, FTP and telnet access, e-mail, HTTPS, and Microsoft and America Online messaging can be blocked all or in part. I blocked chat services in the lab and had my colleagues wondering what hit them.

Vendor Information Broadband Commercial Gateway, Model BCG700, $299. Available: Now. SOHOware, (800) 632-1118, (408) 565-9888; fax (408) 565-9889. www.sohoware.com

The port-forwarding allows for two options. I set up a Web server running on Port 80 and an FTP server on Port 21, and the external Web and FTP requests on a single public IP address were transferred to the appropriate servers on the internal LAN. You also can have multiple public IP addressing with port forwarding. With this method, you can purchase multiple IP addresses from an ISP and use the BCG700 to map them to multiple servers (even similar application servers). To test this, I set up two Web servers on the same port and an FTP server, and assigned these servers different external public IP addresses using the BCG700 configuration Web page. It worked as expected.

The BCG700 also allows PPTP (Point-to-Point Tunneling Protocol) and IPsec passthrough with eight simultaneous VPN sessions and no configuration required. I tested this using a Cisco Systems 3000 Series VPN Concentrator and four wireless stations. I used Microsoft's VPN connection for the PPTP passthrough test and Cisco's VPN client for IPsec. I accessed a server on the private network through the concentrator and the BCG700 from the wireless stations by establishing multiple tunnels.

I tested the range of the BCG700 by placing the gateway above the ceiling in the lab and using the SOHOware NetBlaster II PC Card and a Cisco Aironet 350 Series wireless adapter. I pinged the BCG700 and noted the packet loss at different locations in the hallway next to the lab -- through walls, glass and steel doors. Up to about 100 feet, none of the cards showed any packet loss. At about 120 feet, the Cisco card faced 43 percent loss, while the NetBlaster II card showed a packet loss of 22 percent. Both cards stopped responding at about 140 feet. The BCG700 falls behind other wireless gateways in this respect. Agere Systems RG1000, Colubris Networks CN100 wireless router, Linksys Group's wireless router and SMC Networks Barricade all have ranges of around 175 feet.

For the throughput test, I used NetIQ Corp.'s Chariot 4.1 software with performance endpoints on five Dell Computer Corp. Latitude laptops with cards from Agere, Cisco, SOHOware, Symbol Technologies and 3Com Corp. I ran 100 iterations of 1-Mb TCP-based unidirectional file transfers using the built-in filercvl and filesendl scripts to and from a server. The average throughput when receiving files was 4.898 Mbps, almost the same as Agere's RG1000, Nexland's WaveBase and SMC's Barricade. The throughput while sending was 5.28 Mbps, much better than that of the competition.

Security Problems: No-Go for Encrypted Data

To my dismay, the BCG700 simply could not handle encrypted data. The product's WEP (Wired Equivalent Privacy) security feature lets you enter the keys manually, or you can let the gateway generate the keys based on a passphrase entered on the BCG700 and the wireless clients. After entering the keys on the BCG700 and the clients, the clients continued to be associated to the BCG700, but the moment I tried to access any Web page or run a performance test, the product stopped functioning. Even a firmware upgrade did not help.

I contacted the company and was promised a new unit, but it never arrived. (SOHOware took three weeks to inform me that I wouldn't be receiving the unit, and it blamed this delay on the Chinese new year.) Additionally, the logs are supposed to report information related to the attacks, but no information was logged during any of the tests. Also disappointing, SOHOware's choice of orange-brown as the color for the BCG700's front-panel plastic cover made it hard for me to read the orange and yellow LEDs.

If these problems are resolved, the product will be a good solution for small businesses, which can expand their online activity by exposing multiple servers using the BCG700's public IP addressing feature.