- Capable hardware platform
- Good value for money
- Quick start wizards for fast initial configuration
- Complicated administrative interface
- ActiveX used to provide some services
The Billion Electric BiGuard S20 is a VPN appliance aimed at small to medium-sized enterprises (SMEs), allowing remote access to applications on an office network, while also working as the firewall and internet gateway for the same network. It's a very capable unit, with many features you wouldn't necessarily expect to find on a lower-end unit, but it's let down by a difficult administrative interface and the use of ActiveX to provide some features.
The BiGuard S20 supports both IPSec and SSL access to local services. This means you should be able to have remote access from any machine or operating system, even if it means installing some client software manually. This contrasts with some SSL-only VPN appliances, where if the client applet used doesn't support your configuration, you're out of luck.
We reviewed the smaller and less capable BiGuard S10 last year, and were generally impressed with what you got for your money, but found the hardware limited, particularly where the appliance is being used as both the internet gateway for the LAN and the VPN router.
The S20 has a more capable hardware specification, supporting more users, two WAN ports and eight LAN ports, plus one Gigabit Ethernet port. Other than that the facilities offered by the S20 are very similar to the S10.
The BiGuard S20 supports 20 concurrent users, which should be enough for most medium-sized businesses. Its two WAN interfaces can be used simultaneously, or you can have one used as a standby in case the primary connection fails. Both interfaces are Ethernet, so you'll need the appropriate modems if you're using broadband internet connections. You can also configure the available upstream and downstream bandwidth for each connection separately, so when they're used in load balancing mode the appliance doesn't overwhelm a slower connection by sending it the same amount of traffic as a faster one.
In use, the BiGuard S20 is pretty much like any other SSL VPN appliance: point your browser at the URL of the appliance, and you're presented with a login page, which leads through to a portal. If you haven't installed your own X.509 certificate in the appliance, then end users will be presented with a series of warnings before they get that far.
Depending on what you configure for particular users when you set up the S20, you can see a list of intranet sites, or you can set up proxies for some specific network protocols, such as FTP, RDP or CIFS, the protocol used for Windows network file shares.
The SSL interface to the BiGuard S20 uses ActiveX and Java applets to provide the general network proxy needed to access the network services it doesn't have proxies for. You can use Internet Explorer or Firefox to access the Network Extender features of the appliance, but the Transport Extender — which enables specific users or groups to access preconfigured network services — only uses ActiveX. Not only does this exclude non-Windows users, but also those Windows users who have chosen (or are mandated) to use Firefox or another browser. This isn't as much of a handicap as it could be, since you can still use the IPSec VPN in the S20 to access the network, but it doesn't present you with the same portal and easy access to preconfigured applications.
The administrative interface for the BiGuard S20, like that of the S10, leaves a lot to be desired. Some regularly performed tasks can be done quite easily by using a Quick Start wizard, such as adding a user account and giving it access to services, but even then you have to remember to select the 'SSL VPN' wizard, since that's what you need to use.
Once you need to move outside what the Quick Start wizards are capable of, you have to wade into the S20's extensive menu structure. The complicated interface is exacerbated by a lack of built-in help; you either have to have the printed manual or the CD-ROM available if you get lost.
We've sometimes found that SSL VPN appliances that try to be all-in-one devices, acting as outgoing router as well as providing the VPN tunnel, don't have many of the features you'd expect to find on a standard internet gateway. That's not the case with the BiGuard S20. There's a built-in DHCP server, DMZ capability for hosting publicly accessible services, and support for Dynamic DNS services.
The BiGuard S20 would suit medium-sized companies very well, providing you put in the time to configure the appliance properly. You get quite a lot for your money compared with some similar appliances we've reviewed, and the hardware is capable enough to handle a growing company, or one that's starting to make more use of teleworking. It will take a reasonable amount of networking knowledge to install and configure, but in that respect it's little different to most other SSL VPN units we've reviewed. However, the expanded hardware specification makes the S20 good value for money in what's rapidly becoming an over-served market.