Like every other website on the planet, SmallNetBuilder uses cookies. Our cookies track login status, but we only allow admins to log in anyway, so those don't apply to you. Any other cookies you pick up during your visit come from advertisers, which we don't control.
If you continue to use the site, you agree to tolerate our use of cookies. Thank you!

Wi-Fi Router Charts

Click for Wi-Fi Router Charts

Mesh System Charts

Click for Wi-Fi Mesh System Charts

Firewall Features

Given the premium price that ioGEAR and Tritton are asking for their products, I was surprised to find the products' firewalls both missing important capabilities and buggy in the features they did have. But in the interest of trying to stay positive, I'll cover the better stuff first.

The ASAP / BOSS has two capabilities not typically included in consumer routers - Multiple NAT and IP Alias. Multiple NAT allows users that have multiple public IP address from their ISP to assign specific LAN clients to share a particular public IP address. This is mostly useful for business users and most useful for distributing server load.

The IP Alias feature - a first for me - lets you have LAN clients in up to three IP address ranges in addition to the 172.16.1.X or 192.168.2.X supported by the ASAP and BOSS' default settings. This could be handy for larger networks, or those with statically assigned IP addresses.

You also get to control some of the Stateful Packet Inspection (SPI) aspects of the firewall via the Denial of Service page (Figure 5).

BOSS Denial of Service settings

Figure 5: BOSS Denial of Service settings

Access to Internet services is controlled by the IP Filter capability, which provides five sets of IP address ranges that can each have four single ports and one port range blocked (Figure 6). But since the IP Filter Group must be specified in "slash" notation (example 172.16.1.0 / 24), you're pretty much limited to having the filters apply to all clients on your LAN - not very helpful.

BOSS IP filter settings

Figure 6: BOSS IP filter settings

From these high points, however, the firewall feature set heads steadily downhill. First, you can forward only ten, single, static IP addresses via the Virtual Server feature, and neither port ranges, nor triggered mapping nor "loopback" is supported. You currently can't even make up for the miserly number of forwarded ports by using DMZ, since it's not available either. When I asked about these missing features, ioGEAR said they will be added in a future firmware release, while Tritton would say only that they'll "look into" adding the features.

Next, though you get ten URL filters, they aren't very robust. You can't enter keywords and instead must enter URLs with a .com, .net, etc. (i.e. "yahoo.com" not just "yahoo"). I found that sub-domains (i.e. mail.yahoo.com) are not automatically handled and you can't enter a sub-domain wildcard (i.e. *.yahoo.com) either. By the way, note that the URL filters, IP filters and Virtual Servers aren't schedulable, a feature found on routers costing far less.

The worst "feature", however, is the major security hole opened as soon as you enable the ASAP / BOSS' file sharing features. I'll describe that later in the File Sharing section, but for now, let's move on to the VPN features and performance.

Support Us!

If you like what we do and want to thank us, just buy something on Amazon. We'll get a small commission on anything you buy. Thanks!

Don't Miss These

  • 1
  • 2