SnapGear SME550

Date: July 1st, 2003

URL: http://www.snapgear.com/sme550.html

Check Prices On This Product

E-mail this article to a friend

Rating: Needs some work

Review:

A friend of mine who does IT consulting mentioned during one of our tech chats the SnapGear brand of firewall appliances to me. I paid a visit to the SnapGear website and was impressed by the number of features and affordability of their units. I contacted SnapGear and they were nice enough to send me the SME550 for closer inspection and review.

Setup

The first impression was good. The box contained everything needed for the setup, including cables and quickstart guide. Hardware setup was simple enough: connect the WAN interface to the DSL modem and the LAN interface to a test computer, plug in the power.

The next step was configuration. And that’s where the trouble started. Every gateway device I have worked with in the past came with an IP already assigned to the LAN interface. All you had to do was type in that IP in the browser window to access the admin interface. Not here. For some unexplained reason, SnapGear assumes that the network the unit will be connected to already has a DHCP server and preconfigured the LAN interface to get an IP address via DHCP instead. This device is geared towards the small business market, but none of the small businesses where I set up devices like this have their own DHCP server, they instead use the DHCP server built into the gateway device, just like the one built into the SME550.

In order to access the admin interface and configure the device, a program that is included on the CD (both Windows and Linux version are included) has to be run to detect the unit and assign it an IP address. If you do not have the software, you’re out of luck.

In the process of attempting to access the admin interface I ran the setup wizard from the CD but repeatedly ended up with a cryptic error message, preventing me from assigning the IP address. Downloading and running the setup software from the SnapGear website seemed to get me past that problem.

Once I was able to successfully log into the admin interface via my browser, configuration was pretty straight forward. The interface is pretty clean and easy to navigate, and contains short general explanations. A more extensive online help system would be nice though to help with specifics.

Browsing through the admin interface and configuring the unit revealed a number of advanced features such as:

  • remote dial-in via optional modem
  • DNS proxy
  • traffic shaping to give priority to certain network services
  • intrusion detection
  • content filtering by URL and content type
  • PPTP VPN client to establish PPTP connections to remote networks
  • PPTP server to allow remote users to connect via PPTP
  • IPSec for secure VPN connections to remote networks

This feature list makes this device pretty powerful, providing a lot of functionality for the money.

Browsing through some of the screens reveals the Linux core that the device is based on.

One of the features is a firewall rules screen where you can set up specific rules to allow or deny traffic from or to networks or hosts based on ports and protocols – an important and essential feature of every firewall. However, in order to use the feature with this device, the user has to be an expert with firewall rules and Linux IP tables as the manual states “Only experts on firewalls and iptables rules will be able to add effective custom firewall rules.”. If you are not familiar with IP tables and not in the mood to go through a huge learning curve, then you will not be able to use one of the essential features of the device.

Similar expertise is required for troubleshooting any problems. The system log file, while detailed, can be extremely cryptic and is not for the faint of heart or anybody not equipped with expert Linux and networking knowledge.

The Good

The SnapGear SME550 is a solid unit loaded with features for an affordable price, and very useful for small businesses to protect and manage their network and provide remote access capabilities.

The Bad

Setup was very confusing and frustrating. Instead of the usual 10 minutes it took me more than an hour to get around all the quirks and understand how it’s supposed to work. Not having expert Linux knowledge of IP tables leaves you stranded when it comes to setting up firewall rules. According to SnapGear, a new firmware that improves the setup and firewall rules configuration experience for the user and adds new features was set for release in late February. However, 5 months later is still in beta stage. Another concern is how fast SnapGear will issue patches and firmware updates in response to security vulnerabilities considering that other vendors offer updates on a more frequent basis and sometimes even have integrated automatic update mechanisms.

My friend ended up purchasing a SnapGear for a customer but ran into the exact same setup problems I had and was not able access the admin interface. He contacted SnapGear tech support for assistance, but his inquiry was never acknowledged or answered, resulting in return of the unit.

Conclusion

Between the quirky setup, the expert Linux requirement, and the lack of support I am hesitant to recommend it at this point. However, the potential is there. Hopefully SnapGear can address some of these issues to make their appliances more attractive.

If you are a Linux expert it would probably make more sense to install Slackware or BSD on an old PC and configure it as a firewall yourself. If you are not an expert and need something powerful but user friendly, I’d recommend to look at SonicWALL or Astaro Security Linux instead.

Submitted by: Alex “crazygerman” Byron

Leave a Comment: