Review: Cisco RV220W Wireless-N Network Security Firewall

Tuesday Apr 26th 2011 by Sean Michael Kerner

Addressing the shortcomings of the RV120W, the Cisco RV220W adds Gigabit Ethernet, better antennas and more robust security features, but falls a little short when it comes to dual-band 802.11n support.

Price: $279.99



Cisco RV220W Wireless-N Network Security Firewall

The Cisco RV220W is one of the newest routers from Cisco and was officially announced earlier this year. The RV220W is a step-up in terms of features, performance and price over the Cisco's entry level small business wireless firewall, the RV120W.

With the RV220W, Cisco is delivering a device for small businesses that need more control and power for LAN, WLAN and VPN users.

RV220W Specifications

Measuring 8.66 inches wide x 1.54 inches high x 6.69 inches deep, The RV220W is a larger device than its entry level peer, the RV120W. The router includes one WAN port and a built-in four port 10/100/1000 Mbps auto-sensing switch. The Gigabit Ethernet ports are an improvement from the Fast Ethernet (100 Mbps) that the RV120W offers. Part of the height of the device enables three rows of indicators lights to visually identify the 10/100/1000 connection speed. There are also indicator lights for a DMZ and DIAG (Diagnostic light that blinks when firmware is being updated), which are new to the RV220W.

All configuration of the RV220W is done via a robust browser based interface that includes really helpful menu-specific help menus throughout. Once again, Cisco is relying on Linux as the underlying operating system for this device. The RV220W leverages a Linux 2.6.21 kernel.

System status screen
The Cisco RV220W's system status screen

RV220W WLAN Capabilities

The Wi-Fi capabilities of the RV220W are also greater than the RV120W. Instead of being limited to just two antennas, the RV220W has two, 2 dBi gain, omni-directional external antennas and one 6.6 dBi gain, directional internal antenna. The total wireless bandwidth for 802.11n is rated at 270 Mbps on either the 2.4 Ghz or 5 GHz bands.

This router is a dual-band device supporting both 2.4 GHz and 5 GHz bands, though not at the same time: This is a selectable dual-band device, not a continuous dual-band device. That means that users need to choose one band or the other and cannot run both 2.4 GHz and 5 GHz at the same time. Yes, this is a shortcoming for this device as it likely limits the usability of having the 5 GHz band. Forcing all Wi-Fi users to be on one band for all use cases isn't always possible, for any number of reasons.

That said, the RV220W does support up to four virtual access points (just like the RV120W). Each of the virtual APs, can have their own security settings including WPA2, WPA, WEP (or no settings, if you configure an open network), as well as unique SSIDs, AP isolation and scheduling availability options. As was the case with the RV120W, the scheduling is limited to one 24 hour period and does not enable multi-day scheduling.

Each virtual AP also can have its own WMM (Wi-Fi Multimedia) settings which are intended to help prioritize multimedia content delivery. There is also support for WDS (Wireless Distribution System) which is a form of repeater mode that enables the wireless interconnection of access points.

The Cisco RV220W's AP profiles screen

RV220W VLAN Capabilities

The virtual access points aren't the only virtualization elements on the RV220W. There is also support for up to 16 VLANs which can be really helpful if you need to categorize different network elements or workgroups. VLANs can sometimes be difficult to setup and route between, which isn't the case with the RV220W, thanks to inter-VLAN routing support. The inter-VLAN routing is enabled as a checkbox item, so it's easy to control and and lock-down VLANs as required.

VLANs are also helpful on the RV220W for taking full advantage of the QoS capabilities of the device. The RV220W has the ability to setup bandwidth profiles for different types of traffic, enabling admins to set policy based on priority (high/low/medium) or a specific minimum or maximum bandwidth rate. In our test case, we created a separate VLAN for VoIP phones in order to isolate that traffic, which could then be easily selected within the bandwidth profile screen to label the traffic as high priority.

QoS on the RV220W also benefits from 802.1p support as well, though having the extra layer with the VLAN based profiles, provides even more granular control and management.

RV220W VPN Capabilities

One of the biggest differentiating features of the RV220W over RV120W is the addition of an SSL VPN in addition to an IPsec VPN. The IPsec VPN is identical in configuration and usage to the RV120W, enabling remote access to the router and the underlying network with a VPN client. SSL VPNs aren't new in the corporate world, but are not often seen at this price point from Cisco or other big networking vendors. Instead of requiring remote users to have a pre-installed VPN client to tunnel into the network, an SSL VPN just needs a web browser.

Now on the admin side, there is still some configuration work that needs to be done and the RV220W has a whole lot of options. Unfortunately there isn't a wizard that guides administrators through the SSL VPN process either, which is somewhat ironic given that there is VPN Wizard item in the admin interface, though it's a wizard for IPsec only.

SSL VPN configuration options include the ability to ensure that the login portal page and other SSL VPN info is not cached by the user's browser, which is a really key security feature. By not enabling the remote user to cache data, it limits that risk that an attacker could just steal the user's cookie information to gain access to what should be a secure network. The RV220W also enables a full tunnel as well as split tunnel support. With the split tunnel only policy defined traffic goes over the VPN tunnel instead of all traffic. The split tunnel is complemented by configuration options for port forwarding which lets remote users only access pre-defined network assets. Setting policy for the SSL VPN isn't difficult at all, Cisco provides a simple screen where admins just need to identify the resource or IP of the permitted (or blocked) element on per user, group or global level.

The other big difference in the SSL VPN vs. the IPsec VPN is the support for the number of remote tunnels. The RV220W only has support for up to 5 SSL VPN tunnels in contrast to IPsec, where you can have up to 25 tunnels.

The Cisco RV220W's SSL VPN portal screen

RV220W Security Capabilities

Security also gets a boost in the RV220W by way the inclusion of Cisco's ProtectLink Web subscription based security service, using Trend Micro technology. What it provides is access to Trend Micro's web reputation service that checks web requests and ensures that users are only going to reputable, (i.e. trustworthy) websites. The service also provides URL filtering capabilities to block out different classes of website content, with time of day and week scheduling options for when the filtering policies should be enforced. One of the interesting categories that ProtectLink has is one called Computer/Harmful which filters out sites with potentially malicious software as well as proxy avoidance sites.

You don't necessarily have to pay for the ProtectLink service to block URLs. There is also an integrated (non-subscription) feature on the RV220W for users to specify their own blocked URL list (though it's not going to be as complete or up-to-date as the dynamic one from Trend Micro and does not include scheduling options).

The Cisco RV220W's URL Filtering with ProtectLink

RV220W IPv6 Capabilities

As is the case with the RV120W, the RV220W has support for both IPv4 and IPv6, including the ability to tunnel IPv6 over IPv4. The router has the ability to support two different types of DHCPv6 settings, including both stateless and stateful address auto configuration.

The Cisco RV220W's IPv6 configuration screen

The Bottom Line

The Cisco RV220W will likely appeal to small business users that need more power than what Cisco's RV120W provides. The step-up to Gigabit Ethernet and the more powerful radio antennas are nice additions. That said, the fact that is device isn't simultaneous dual-band Wi-Fi router could be a deal breaker for those who need the flexibility of both bands.

The Cisco ProtectLink Web service is an interesting addition on the security side, but it's not a full IPS (Intrusion Prevention System) which is what would push the RV220W into more of a Unified Threat Management (UTM) category for security protection.

That said, the SSL VPN on the RV220W could be reason enough to consider this device. IPsec VPNs aren't that difficult to use, though the need to have the IPsec client installed and configured does add time and complexity. The SSL VPN provides additional flexibility and control for remote network connectivity. With the SSL VPN, the network, or any part of it can be opened up to remote worker or even a business partner, rapidly.

Though not without its quirks, overall, the RV220W is another solid router offering in the small business space from Cisco.

Mobile Site | Full Site
Copyright 2018 © QuinStreet Inc. All Rights Reserved