The LRT's firewall has an easy to configure firewall with three sets of controls. The first set of firewall controls are simple check boxes to enable/disable the Firewall, Stateful Packet Inspection (SPI), DoS Prevention, Block WAN Requests, Remote Management, HTTPS, Multicast Passthrough, and UPnP. You can also block Java, Cookies, Active X, and Access to Proxy Servers, as shown below.
The second set of firewall controls are Access Rules. Up to 50 Access Rules can be created to allow or deny traffic based on traffic type (as described previously in my discussion on bandwidth rate controls), source interface, source and destination IP address(es), and a schedule based on hours and days.
The screenshot below shows an access rule I created to block iperf traffic leaving the LAN interface. Prior to implementing the rule, I could establish an iperf connection from the LAN to a PC on the WAN. With my rule in place, I could not establish an iperf connection, validating the effectiveness of the rule.
Access Rule Example
The third set of firewall controls on the LRT214 is basic manual content filtering. The LRT214's content filtering allows for blocking web traffic based on domain name and keywords and can be applied by a schedule based on hours and days. As a test, I created a rule to block web traffic to smallnetbuilder.com and got the message "This URLs or Page has been blocked."
In my opinion, manual content filtering has limited effectiveness, because it is only as good as the administrator who enters the domains and keywords. There is also usally a low ceiling on the number of domains and keyword that can be entered. On the other hand, there is no subscription fee for manual content filtering. If more content filtering is desired, there is always the option of using OpenDNS.
We initially tested the LRT214 with firmware v1.0.1.01, using our standard test method. Our maximum simultaneous connections test, which reflects how many concurrent sessions a router can handle, indicated the LRT214's limit was 345, a surprisingly low number. Linksys found the low result was due to the router interpreting our connection test tool's traffic as an attack, which it blocked.
|WAN - LAN (Mbps)||697||609||887||798|
|LAN - WAN (Mbps)||733||492||746.3||811|
|Total Simultaneous (Mbps)||752||739||832||1,192|
|Maximum Simultaneous Connections||32,120||24,061||32,249
Table 3: Routing Throughput performance
The new firmware brought the maximum simultaneous connections test result up to 32,120, which is where the test ran into in-use Windows ports, ending the test.
Unidirectional router throughput, shown below, remained about the same from firmware .01 to .02. We measured 697 Mbps for download and 733 Mbps for upload with firmware .02.
Bidirectional router throughput showed a definite prioritization of downlink over uplink traffic when the router is running as hard as it can. This behavior was also seen in the .01 firmware.
Table 4 summarizes performance and pricing for both LRT routers, as well as several Cisco VPN routers we have reviewed. Note the LRT224, RV320, and RV042 are all dual WAN routers, while the LRT214 and RV180 are single WAN routers. Pricing information is from Pricegrabber.com.
Table 4: Comparison summary
* RV042G was tested using IxChariot
From a price perspective, the LRT214 is $60 more expensive than the RV180 for single WAN routers and the LRT224 is $27 more expensive than the RV320 for dual WAN routers. The Linksys LRT and Cisco RV series routers all include limited lifetime warranties.
The LRT's WAN-LAN and LAN-WAN throughput is clearly a step up from the RV042 but comparable to the Cisco RV320, RV180 and RV042G. Moreover, the LRT has the highest IPsec throughput measured among these devices.
I like how Linksys has configured the LRT to work with freely-available VPN software such as Shrew Soft, Lobotomo, and OpenVPN. I especially think OpenVPN is a good idea for SSL VPNs. As mentioned, I've been using OpenVPN for years and have had a positive experience with it. In my tests, Linksys's OpenVPN solution is superior to the RV320's SSL solution, as I found the Cisco virtual passage SSL driver problematic. Note, the RV180 does not support SSL VPNs.
In conclusion, the LRT214 was stable and never hung or crashed in my tests. Performance wise, the LRT214, RV180 and RV320 are relatively close. The differentiator is SSL VPN capability. For remote PC connectivity, I think SSL VPNs are a better solution than IPsec and PPTP. With a few updates to the firmware and support documentation, I think Belkin has a pretty solid VPN router with the Linksys LRT214.