In addition to these Multigigabit ports, we also have one RJ-45 console portin the box we have a RS232 cable to RJ-45 connector for local team management. We also have one USB 3.0 port That will allow us connect a 4G/5G modem via USB and have a third Internet WAN, with the aim that the company never runs out of Internet connection. Thanks to this WWAN port we have an additional WAN as a failover of the main WAN or of the main WANs if we have WAN1 and WAN2 configured.
Regarding the performance that this security gateway is capable of achieving, we can achieve a VPN throughput of up to 970Mbps with up to 200 concurrent VPN connections configured. We are going to be able to have up to a million TCP sessions up, and we can configure a maximum of 96 VLANs in this team. This model incorporates a powerful SPI firewall, which will provide us with very high performance and we can configure the rules of this firewall in detail, to adapt to the security needs of any company.
What options do we have in EnGenius Cloud?
EnGenius Cloud is the manufacturer’s professional managed switch and access point cloud management platform. Now we can also add these security gateways to centrally manage the entire network, from the router to the WiFi access point, going through the switches that we have in the professional network. This cloud management platform is really complete, and we have both a completely free version and also a “PRO” version that is under subscription. In the case of this security gateway, and all subsequent models, we will have the same features and options at the Cloud level, because everything is centrally managed from the cloud.
Firewall and VPN
The firewall incorporated in all the ESG510 are of type SPI (Stateful Packet Inspection), we are going to be able to add different rules to filter the traffic, both at the IP level and at the TCP/UDP port level, being a professional team, logically we have quite advanced configuration options. Generally, all routers NAT the Internet connection, in this case we can also open ports with “Port forwarding» and we even have the possibility of defining 1:1 NAT rules among other basic options for this type of equipment.
As for VPNs, we have the possibility of configuring a mesh vpn network where all the EnGenius ESGs interconnect with each other, although we can also configure a hub-and-spoke architecture with these teams. At the VPN protocol level, right now we have the IPsec protocol, both in the IKEv1 and IKEv2 IPsec versions. When choosing the encryption, we have the possibility to configure 256-bit AES and use SHA256 as hash, in addition, we can establish Site-to-Site tunnels and also VPN client type (Roadwarrior or remote VPN access).
The EnGenius software allows us to configure VPN-based policies, make a VPN connection with other ESGs easily or do it “manually” if we want to connect with a non-ESG team. We anticipate that the OpenVPN protocol will be available in the first quarter of 2022 for this ESG510 and the rest of the models, in addition, they are also considering introducing WireGuard, a very secure, fast and efficient VPN, although we do not have information on when they will incorporate it.
WAN Options
Regarding the Internet WAN, we have the possibility of configure up to 3 Internet WANs (2 WAN with 2.5G ports and an additional WAN with USB WWAN port). The software allows us configure VLAN ID on the WAN To be compatible with the main fiber optic operators, we can configure a load balancing of all the WANs and even configure the failover of the connection.
We can also configure a bandwidth limiter per interface and even per client, of course, we can configure static routes to reach other networks, configure various dynamic DNS services and many more options. EnGenius allows two modes of WAN configuration: router or passthrough. Depending on whether we already have a router or not, we have to configure one mode or another.
LAN Settings
On the LAN side, EnGenius allows us to create different subnets with a specific VLAN IDOf course, we can define the subnet we want as well as the DHCP server associated with the subnet. In the menu we can see at all times how many clients there are in each subnet that we have, a very important detail is that each LAN port can only have one untagged VLAN (without tag) and several tagged VLANs (tagged), something completely normal and which always happens.
In the firewall section we will be able to configure if we want the different VLANs communicate with each otheror if we want to have them totally isolated so that they only go out to the Internet, this is configurable.
Once you have already seen the main options and possibilities of this security gateway, we are going to see the unboxing and first impressions.
Unboxing and first impressions
This EnGenius ESG510 has a small footprint, something to be appreciated to place it on a table, on the wall or in a rack tray. An important aspect is that this model is not rackable, we do not have the necessary holes to put the typical supports for the rack, so you must take this into account. This kit is finished in a metal casing to dissipate heat perfectly, what it does incorporate are small holes to properly cool the router components. This team has the external power supplythat is, we feed it with direct current through a current transformer.
If you want to see what this new team is like and everything it is capable of doing, in the following video you have the unboxing, first impressions and we tell you about some configurations that we can do through EnGenius Cloud.
Soon in RedesZone we are going to offer you a complete analysis where you can see all the technical characteristics in detail, as well as the real performance of this equipment and also all the configuration options that we have available in EnGenius Cloud.