Review: Cisco RV220W Wireless-N Network Security Firewall - Page 2
April 26, 2011
RV220W VLAN Capabilities
The virtual access points aren't the only virtualization elements on the RV220W. There is also support for up to 16 VLANs which can be really helpful if you need to categorize different network elements or workgroups. VLANs can sometimes be difficult to setup and route between, which isn't the case with the RV220W, thanks to inter-VLAN routing support. The inter-VLAN routing is enabled as a checkbox item, so it's easy to control and and lock-down VLANs as required.
VLANs are also helpful on the RV220W for taking full advantage of the QoS capabilities of the device. The RV220W has the ability to setup bandwidth profiles for different types of traffic, enabling admins to set policy based on priority (high/low/medium) or a specific minimum or maximum bandwidth rate. In our test case, we created a separate VLAN for VoIP phones in order to isolate that traffic, which could then be easily selected within the bandwidth profile screen to label the traffic as high priority.
QoS on the RV220W also benefits from 802.1p support as well, though having the extra layer with the VLAN based profiles, provides even more granular control and management.
RV220W VPN Capabilities
One of the biggest differentiating features of the RV220W over RV120W is the addition of an SSL VPN in addition to an IPsec VPN. The IPsec VPN is identical in configuration and usage to the RV120W, enabling remote access to the router and the underlying network with a VPN client. SSL VPNs aren't new in the corporate world, but are not often seen at this price point from Cisco or other big networking vendors. Instead of requiring remote users to have a pre-installed VPN client to tunnel into the network, an SSL VPN just needs a web browser.
Now on the admin side, there is still some configuration work that needs to be done and the RV220W has a whole lot of options. Unfortunately there isn't a wizard that guides administrators through the SSL VPN process either, which is somewhat ironic given that there is VPN Wizard item in the admin interface, though it's a wizard for IPsec only.
SSL VPN configuration options include the ability to ensure that the login portal page and other SSL VPN info is not cached by the user's browser, which is a really key security feature. By not enabling the remote user to cache data, it limits that risk that an attacker could just steal the user's cookie information to gain access to what should be a secure network. The RV220W also enables a full tunnel as well as split tunnel support. With the split tunnel only policy defined traffic goes over the VPN tunnel instead of all traffic. The split tunnel is complemented by configuration options for port forwarding which lets remote users only access pre-defined network assets. Setting policy for the SSL VPN isn't difficult at all, Cisco provides a simple screen where admins just need to identify the resource or IP of the permitted (or blocked) element on per user, group or global level.
The other big difference in the SSL VPN vs. the IPsec VPN is the support for the number of remote tunnels. The RV220W only has support for up to 5 SSL VPN tunnels in contrast to IPsec, where you can have up to 25 tunnels.
The Cisco RV220W's SSL VPN portal screen