Given the premium price that ioGEAR and Tritton are asking for their products, I was surprised to find the products' firewalls both missing important capabilities and buggy in the features they did have. But in the interest of trying to stay positive, I'll cover the better stuff first.
The ASAP / BOSS has two capabilities not typically included in consumer routers - Multiple NAT and IP Alias. Multiple NAT allows users that have multiple public IP address from their ISP to assign specific LAN clients to share a particular public IP address. This is mostly useful for business users and most useful for distributing server load.
The IP Alias feature - a first for me - lets you have LAN clients in up to three IP address ranges in addition to the 172.16.1.X or 192.168.2.X supported by the ASAP and BOSS' default settings. This could be handy for larger networks, or those with statically assigned IP addresses.
You also get to control some of the Stateful Packet Inspection (SPI) aspects of the firewall via the Denial of Service page (Figure 5).
Figure 5: BOSS Denial of Service settings
Access to Internet services is controlled by the IP Filter capability, which provides five sets of IP address ranges that can each have four single ports and one port range blocked (Figure 6). But since the IP Filter Group must be specified in "slash" notation (example 172.16.1.0 / 24), you're pretty much limited to having the filters apply to all clients on your LAN - not very helpful.
Figure 6: BOSS IP filter settings
From these high points, however, the firewall feature set heads steadily downhill. First, you can forward only ten, single, static IP addresses via the Virtual Server feature, and neither port ranges, nor triggered mapping nor "loopback" is supported. You currently can't even make up for the miserly number of forwarded ports by using DMZ, since it's not available either. When I asked about these missing features, ioGEAR said they will be added in a future firmware release, while Tritton would say only that they'll "look into" adding the features.
Next, though you get ten URL filters, they aren't very robust. You can't enter keywords and instead must enter URLs with a .com, .net, etc. (i.e. "yahoo.com" not just "yahoo"). I found that sub-domains (i.e. mail.yahoo.com) are not automatically handled and you can't enter a sub-domain wildcard (i.e. *.yahoo.com) either. By the way, note that the URL filters, IP filters and Virtual Servers aren't schedulable, a feature found on routers costing far less.
The worst "feature", however, is the major security hole opened as soon as you enable the ASAP / BOSS' file sharing features. I'll describe that later in the File Sharing section, but for now, let's move on to the VPN features and performance.