So what/who holds this integral job? Routers - whether software or hardware. Hardware routers generally allow higher throughput than most software solutions, doesn't require a host computer and is consequently more reliable. Today we take a look at the Pro100, one of several internet security appliances from Nexland. A relatively new player in the field, Nexland's products have been adopted by quite a few large enterprises including Motorola, Bell Canada, Symantec and even Cisco. Nexland's claim to fame is their patent pending ability of allowing encrypted VPN packets over NAT, multi-session IPSec and PPTP. Here's a brief technical overview of the Pro100 :

Nexland Pro100 ISB
LAN Port/s		10/100BaseT RJ45 (1)
WAN Port/s		10BaseT RJ45 (1)
LEDs	Top	LAN TX/RX (1) WAN TX/RX PPPoE Active WAN Connected Failover Active
	Rear	LAN 100 LAN 10 LAN Duplex/Collision WAN Link
Dynamic DNS		Yes
Cable/xDSL Sharing		Yes
NAT		Yes
10/100 Hub/Switch		No
VPN		Yes
IPSec		Yes (Multi-session)
PPTP		Yes (Multi-session)
L2TP		Yes (Single session)
PPPoE		Yes
DHCP Server		Yes (253 clients)
DHCP Client		Yes
Virtual Server		Yes
DMZ (Exposed Host)		Yes (1)
Auto Connection Failover		Yes (Serial dialup/ISDN)
Load Balancing		No
Administration	Web	Yes
	Telnet	No
	Console	No
	Remote	Yes
Access Control		Yes
Software-upgradeable Firmware		Yes

The Pro100 comes packaged with a Quick Start guide, detailed manual, RS-232 cable, DC power adapter, cross-over cable and a straight Cat5 patch cable. The bundled CD contains the manual, browser and utilities. The quick start guide does an excellent job of getting even relatively inexperienced users up and running in no time, with all the necessary procedures for setting up the router with either PPPoE, DHCP or static accounts well illustrated. The more detailed manual covers all of the router's setup screens, and just about any other issues, such as obtaining your NIC's MAC address. Nexland's confidence in their product documentation clearly shows; "If this sounds like Greek to you, don't worry". The router itself sports a purple paintjob, with WAN and LAN LEDs on top and at the back for quick diagnostics at a glance. The RS-232 port is placed at the front of the unit for easy access.

The Pro100 uses a browser-based administration interface, with the server located by default at 192.168.0.1. The internal DHCP server comes enabled, so in most cases, all that is required is to attach your PC to the Pro100 (either directly or via a hub/switch), set it be a DHCP client (ie. "Obtain IP address automatically"), perform a reboot or release/renew, enter the IP address into your web browser, and voila.

Most end-users will only have to deal with the Main Setup page to get the good times rolling. By default, the Pro100 is configured for DHCP connections. Depending on your service provider (@Home for example), a Host and Domain name and WAN MAC address may be required. In our particular case, these parameters are needed for the ISU campus network. If your service provider assigns a static IP, you just have to enter an additional screen of information.

The Status screen gives a reasonably detailed overview of the Pro100's network configuration. As shown in the screenshot, there is also a small log screen at the bottom.

The Pro100 has a quite a few features not found in competing products. There are a plethora of ways to achieve port forwarding through its firewall; static port, port range and triggered port range mapping are all supported.

A nice feature is the ability to identify machines by MAC address and reserve IP addresses in the LAN DHCP table. This eliminates some potential work in configuring the client machines, and allows the machine to be assigned to an access filter (ie. port filter) group as well as being binded to a specific PPPoE session in a multi-session scenario.

A full range of access, or port filters is provided, allowing you to control who has access to what services on the LAN. There are 12 pre-made filters that cover most popular services (eg. News, Real Audio, Telnet), with the ability to roll your own custom TCP and/or UDP packet filters. In a more corporate setting this is an integral feature when coupled with access filter groups, preventing frivolous use of network resources (or indeed blocking WAN access entirely), and yet granting others unrestricted access at the same time.

One of the more intriguing features is the serial port. Using the provided null modem serial cable, it is used to access the serial configuration console of the Pro100, although the functionality is fairly limited compared to its web-based interface. Another use of the port is for the connection failover feature of the Pro100. If the Ethernet-based WAN connection crashes and burns, a PPP session via an attached modem or ISDN device will be triggered. It will drop back to the Ethernet connection once it comes online again. This will provide at least the necessary bandwidth for essential services such as e-mail in an emergency. We had a USRobotics Sportster installed, and in a simulated Ethernet WAN failure, this arrangement worked beautifully.

The main selling point of the Pro100, and the reason for the $50 or so premium over competing products is its VPN capabilities. The main buzzwords in VPN are L2TP (Layer 2 Tunneling Protocol), IPSec and PPTP (Point-to-Point Tunneling Protocol). Nexland's product line support unlimited PPTP and IPSec tunnels through it, with both PPTP and IPSec servers being simultaneously supported with VPN client sessions. All this through a firewall - small wonder that Nexland holds a patent on its Multi-session Pass-Thru technology. A single L2TP pass-through session is even supported. A 10 client license for Symantec's RaptorMobile personal firewall and VPN client is bundled.

To top it off, the Pro100 sports a built-in dynamic DNS client and support for both the RIP2 dynamic routing protocol and static routing.

Platform Information (A)
CPU/s	AMD AthlonXP 2000+
Motherboard	AOpen AK77 Plus
Memory	1 x 256MB DDR333 CAS 2 DDR (Kingmax)
Hard Drive	Seagate Barracuda ATA IV 80GB 7200rpm U-ATA 100
Optical Drive	AOpen 16x DVD-ROM
Network	D-Link DFE-530TX
Operating System	WindowsXP Professional
Benchmarks	Netperf NetIQ Qcheck

Platform Information (B)
CPU/s	AMD AthlonXP 1600+
Motherboard	AOpen AK77 Pro
Memory	1 x 256MB DDR266 CAS 2 DDR (Apacer)
Hard Drive	Seagate Barracuda ATA IV 40GB 7200rpm U-ATA 100
Optical Drive	AOpen 16x DVD-ROM
Network	D-Link DFE-530TX
Operating System	WindowsXP Professional
Benchmarks	Netperf NetIQ Qcheck

Router	Network Path	TCP		UDP
Router	Network Path	Stream	Request/ Response	Stream	Request/ Response
Nexland Pro100 ISB
	LAN - WAN	3.64	856.10	1005.06	848.30
	WAN - LAN	4.36	850.00	9.35	841.50

Router	Network Path	Transfer Rate (Mbps)	Response Time (ms)		UDP Stream (1Mbps)
Router	Network Path	Transfer Rate (Mbps)	Avg	Max	Throughput (kbps)	Lost Data
Nexland Pro100 ISB
	LAN - WAN	3.92	1	2	857	14.1%
	WAN - LAN	4.61	1	2	899	10%

The Pro100 is a mature product, rich in features and providing solid performance. A few more features would have made this a better product; content filters, telnet administration and browser-based firmware upgrade/backup. A model with a built-in print server might be appealing as well.

While the $209 price tag might give a minor case of sticker shock compared to competing routers, you do get what you pay for, namely superb VPN capabilities, auto failover connection, excellent performance and depending on personal tastes, snazzy looks. SOHO users looking for a more economical solution might want to opt instead for Nexland's SOHO model, which for $159 has a built-in 4-port 10/100 switch but without some of the Pro100's strengths; the RaptorMobile personal firewall and VPN client, multi-session / unlimited tunnels VPN, full SNMPv1 monitoring and IPSec server behind NAPT support.

With its purple paintjob and unique capabilities, the Pro100 certainly stands out from the small/medium business router crowd. While this article certainly does not aim to be a cheesy TV informercial, Nexland provides a 30-day money back guarantee on the Pro100 as well, but this "feature" will rarely have to be utilized. That said, if Jimi Hendrix had a modem, it would be a purple Hayes. If he had a router, it would probably be a Nexland.

Very Highly Recommended!