MAKO ADSL FIREWALL APPLIANCE
YellowTuna Networks, distributed by Renaissance
Price: $2100 includes GST and two years' service; some bundling deals available
Pros: Secure, trivial to install, easy remote administration, ideal for creating virtual private networks between offices
Cons: Lack of direct access will be limiting for some; doesn't offer PPTP tunnelling protocol
Traditionally, IT departments have had the choice of looking after their own routers, usually through a cryptic command-line interface or an inflexible web service, or paying a premium for a managed service. A recent arrival from Auckland developer YellowTuna Networks takes a different approach.
The Mako appliance — a Linux system with integrated firewall and ADSL connection software — is managed by YellowTuna, but customers can administer it themselves through YellowTuna’s website. Changes made on the website are automatically picked up by the appliance, which regularly “phones home” to report on traffic and network status and check on software and configuration updates. In many ways it's the best of both worlds.
When a Mako is first ordered the customer’s ADSL account details are set up and matched with the appliance’s hardware address. This means that the Mako is a genuine no-configuration appliance; plug it in, and it’s ready for service.
The Mako comes in a trim, black case about the size of a small VCR recorder. The sparse front panel offers only a single power button and companion LED, while the rear panel is a gadget freak's dream, equipped with a welter of AV and I/O ports. We spent a few moments trying to decide whether the Mako was destined for the stereo rack or the computer desk.
In fact, only the ethernet and phone jacks are used; the others may be used for future improvements. The Mako is designed as an easy-to-use, secure ADSL router and firewall, so it doesn't include a hard disk and can't be administered directly.
Installation couldn't be easier: plug in the power cord and a phone line and switch the Mako on. The unit connects to the Mako servers, autoconfigures itself and downloads the latest version of the software. It's accomplished without any user intervention at all; we were up and surfing within a couple of minutes of unpacking the box.
The default settings will be sufficient for many offices. The Mako is equipped with a DHCP server, so most desktop systems will configure their network settings automatically. All incoming traffic is blocked at the firewall, but outgoing traffic is let through without hindrance, so users will be able to conduct their normal Internet activities such as emailing and web browsing. The default settings won't however allow use of specialised applications such as P2P or instant messaging software, and it won't allow potential attackers to access the network.
Logging into the administration website allows a view of traffic across the router, which can be broken down by port and by client machine. Traffic is broken up by time periods, and can be matched to an ISP’s billing cycle. Notification options allow warnings if a traffic limit is being approached. That’s a useful option with New Zealand’s anaemic ADSL traffic caps, and could avoid a serious bandwidth bill.
At the end of the billing cycle, a usage report arrives by email — a nice touch.
Allowing outside access to specific services (such as email or web) is a straightforward task, although there’s no option to add a custom port which some users might wish for. Users are encouraged to contact their reseller when a configuration option is needed; a change was made within a few minutes when we requested it.
A key strength of YellowTuna’s system is the ease of creating virtual private networks. Creating a virtual private network between several Mako appliances is a simple, three-click operation; each Mako is configured with its own IP subnet so as to avoid address clashes.
Remote VPN users can also be created. This process isn’t quite as straightforward; a remote user needs to log in to the website before starting a VPN session. That’s a sensible security precaution, although perhaps not quite as straightforward as some road warriors might like.
Because remote VPN connections use the IPSec protocol, Windows users will need to purchase a VPN client to connect to a Mako (YellowTuna gives setup instructions for SSH Sentinel and SoftRemoteLT). An alternative would be to connect to a PPTP server on the internal network.
The Mako will be of particular interest to IT departments who have to support a number of offices. The no-configuration, remote-administration model means that a number of branch offices can be run from a single location. The ease of setting up a shared VPN is a real bonus.
Once installed, a Mako is near-invisible to both the internal and external networks — only the internal DHCP and DNS services, and external VPN, answer to queries. Some IT managers would prefer to administer their routers directly; the Mako probably isn’t for them. For those who want a “just-works” solution, it’s well worth investigating.