SOHO 6 delivers wireless security

Wireless access points and DSL connections are essential elements of the telecommuter's dream. But that dream could easily turn into a nightmare without the proper security measures. Although there are a number of companies -- such as Linksys, a division of Cisco Systems Inc., and Netgear Inc. -- that offer low-cost wireless access points, few have the top-notch security features found in WatchGuard Technologies Inc.'s Firebox SOHO 6 Wireless firewall and virtual private network.

Firebox SOHO 6 Wireless conforms to a number of security standards. The firewall has an stateful inspection packet filter approved by the International Computer Security Association and IPSec 3DES 168-bit encryption. Although the default wireless configuration does not enable any security features, you can configure the device to require wireless clients to connect using the multiuser VPN software. You can log security events to a WatchGuard Security Event Processor or a syslog host, which makes it possible to remotely monitor the device for potential problems.

The WatchGuard LiveSecurity Service delivers security alerts about news, information and events that could affect the company's products, but you have to pay for the service after the first 90 days.

The optional WebBlocker service blocks access to certain Web sites. A list of potentially objectionable sites is organized into categories and maintained by a company called SurfControl. A one-year subscription for the service costs between $29 and $39 per machine, depending on how many licenses you buy.

I really liked the Web-based interface for the SOHO 6. Configuration options are easily accessible from the various administration Web pages. A View Configuration File option lets you see the contents of the file in a text page for easy printing. The only thing missing is the ability to save the file for backup purposes.

Administrators employing the Firebox SOHO 6 Wireless for small, remote offices will appreciate the fact that WatchGuard sells separate VPN Manager software for remotely managing SOHO 6 via a VPN connection from their Firebox II or III box.

Physical connections to the box include a four-port 10/100 Ethernet hub, a single Ethernet port for connecting to the external network or the Internet, and two 5dBi antennas. Other features include an external reset switch and power connector. On the front are LED indicators for power, port and wide-area network activity. A status indicator lights up when a management connection is in use, and an alert indicator blinks to signal an unauthorized connection to the SOHO 6's wireless port.

The firewall's default settings block all incoming services and disable the DMZ pass-through feature. System security is also disabled by default, meaning any computer on the trusted network can access the configuration Web pages. Enabling system security requires an administrator user name and password for future access.

The rest of the configuration options are fairly standard, including the ability to designate a range of IP addresses that will be assigned by the built-in Dynamic Host Configuration Protocol server, static IP addresses for designated computers and external network information such as details on the Point-to-Point Protocol over Ethernet connection. You also have the ability to disable traffic between the trusted network and the wireless network if you wish to keep them separated.

We found upgrading the firmware to be a simple process. WatchGuard distributes the upgrade as an executable file or a smaller flash memory file that must be installed manually. We were able to run the executable file and upgrade the firmware in a matter of minutes.

The latest firmware update (Version 6.3) from WatchGuard adds the ability to bridge the wireless local-area network with the four-port switch and assign IP addresses in the same subnetwork if needed. It also includes a client mode for linking two SOHO 6 devices without enabling other wireless clients to connect.

Overall, Firebox SOHO 6 really shines when it comes to security features. However, those security features come at a price significantly higher than some of the low-cost options on the market. Although you won't be able to take advantage of the faster 802.11g wireless cards with this product, you will be able to sleep better at night knowing that your wireless network has been secured by the strongest security practices available for this type of network.

Ferrill, based in Lancaster, Calif., has been writing about software for 15 years. He can be reached at


Firebox SOHO 6 Wireless

WatchGuard Technologies Inc.

(800) 734-9905

Pricing and availability: SOHO 6, $649; VPN, $799 for VPN and 10 client licenses.

Remarks: Firebox SOHO 6 Wireless provides some security features found only on dedicated firewalls and security devices. Local and remote administration takes place via a simple Web-based interface. External LED indicators show when a management connection has been activated and if any unauthorized wireless activity has occurred. The only thing missing from the administration functions is the ability to save the configuration for backup purposes.

Test bed: Hewlett-Packard Development Co. LP Compaq Evo with a 1.7 GHz processor, 1G of memory and Microsoft Corp. Windows XP to connect to the 10/100 Ethernet switch, and a Compaq Evo N1000V with built-in 802.11b wireless connection and a DSL connection to the Internet.


  • Congress
    U.S. Capitol (Photo by M DOGAN / Shutterstock)

    Funding bill clears Congress, heads for president's desk

    The $1.3 trillion spending package passed the House of Representatives on March 22 and the Senate in the early hours of March 23. President Trump is expected to sign the bill, securing government funding for the remainder of fiscal year 2018.

  • 2018 Fed 100

    The 2018 Federal 100

    This year's Fed 100 winners show just how much committed and talented individuals can accomplish in federal IT. Read their profiles to learn more!

  • Census
    How tech can save money for 2020 census

    Trump campaign taps census question as a fund-raising tool

    A fundraising email for the Trump-Pence reelection campaign is trying to get supporters behind a controversial change to the census -- asking respondents whether or not they are U.S. citizens.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.