Administration

The Pro800turbo is administered via a web interface. Simply type in the LAN IP address of the ISB into your browser to pull it up. The main menu options are:

 

Maneuvering the admin web interface is pretty easy. It is a little bit cluttered, though. I prefer the clean, intuitive, and appealing interface of the SonicWALL devices.

Unless you have plenty of experience with configuring ISBs, the manual is a must-have. The manual is well done, professional, with plenty of screenshots and clear explanation. It could be a little less crammed, and an index would be nice, too.

On the back of the unit are the power plug, power switch, and reset button. Here you’ll also find dip switches and a serial port. The dip switches are needed for various admin functions such as uploading firmware, backing up/restoring settings, etc.

 

The serial port allows administration of the Pro800turbo via a console interface such as hyperterminal by connecting a PC or laptop via the supplied null modem cable to a Com port. The administration menu is extremely limited though and only for initial basic configuration.

 

Security

To test the firewall portion of the ISB, I subjected it to several online security tests, including Sygate, Steve Gibson/GRC, Symantec, PCFlank, AuditMyPC, Ken Kalish, etc. The firewall passed with flying colors, all tests reported ports in stealth mode. Of course these tests all checked only against intrusion attempts from the outside. The firewall in the Pro800turbo does not stop malicious traffic from a PC on the LAN going to the Internet, this requires a good software firewall such as Zone Alarm or Kerio.

Performance

During my testing the ISB was subjected to some heavy traffic loads on various ports and protocols, all of which it handled without a hiccup. Speed and bandwidth tests, while not administered scientifically, demonstrated consistently fast performance. All tested features worked as expected, no surprises there either.

Cons

There are a few points that could use some improvement. I already mentioned the somewhat cluttered interface and manual earlier. The access filters were rather limited and didn’t provide me with the flexibility I have seen in other software or hardware firewalls. When I want to define a rule or filter, I expect to be able to specify port, protocol, source, target, direction, etc.

I was surprised by the absence of a true log file that documented simple events such as any intrusion attempts or attacks, admin logins, restarts, etc. Any firewall should have a comprehensive log. This omission could be the reason that the device is not yet ICSA certified. Certification is expected to happen in early 2003, though.

Another surprising missing feature is any alert functionality. There does not seem to be an option to alert the admin of intrusion attempts via e-mail or page. This combined with the missing log makes any firewall activity invisible to the admin.

Somewhat odd was also the use of the dip switches required to back up or restore the configuration, upload firmware, or hook up a console. Forgetting to reset the dip switches after such an operation can render the device unusable. Other Internet security appliances seem to work just fine without dip switches.

Conclusion

By now you probably get the point. The Nexland ISB is a high-quality Internet security appliance with many professional-level features, positioning it for use in a home office or remote office scenario. Its abundance of features and deployability in professional environments make it a first-class device that’s well worth the money.

Submitted by: Alex “crazygerman” Byron

Leave a Comment: