The WG-5000 sits at the top of BlueSocket's range of wireless gateway devices (we reviewed its little sister the WG-2100 a year ago). The unit is a very noisy 2U appliance based on a 2.8GHz Intel Xeon processor, with the underlying software running on a Linux platform. You can plug in a monitor if you wish, but the LCD panel on the front of the unit tells you pretty much all you need to know.

Gateway or switch?
The name "wireless gateway" is, as we mentioned when we looked at the WG-2100, a bit of a misnomer. There are devices that incorporate wireless devices and cable-connected infrastructure boxes, from companies such as Airespace (read Airespace review), Symbol ( read Symbol review), Aruba ( read Aruba review), and Trapeze (read Trapeze review).

By contrast, the WG-5000 is most definitely a wired network box – that is, you get a pair of Ethernet outlets, one of which connects to the "trusted" network, and the other of which plugs into the "untrusted" world (including the wireless access points). In many respects, then, it's very much like a normal firewall – except that when you start to dig around in the options you start to find wireless-specific parameters that you wouldn't find in a normal firewall, such as 802.1x authentication and EAP/PEAP.

Because it's a security device, you configure the unit so it lets through only the traffic you want it to. Whereas a traditional firewall works on source and destination addresses for its policy rules, the WG-5000 is based much more on user authentication than on machine authentication. You define user IDs (either in the internal database or, more likely, in an external directory service that the WG-5000 can talk to via LDAP) and place them in "roles" (the BlueSocket term for user groups). You then define security policies on a per-role basis – dictating what services are and aren't allowed, whether a VPN connection is required or whether a direct connection is OK, what bandwidth limitation you want to apply, which VLAN on the cabled LAN the user should live in, and so on. Although you can, by judicious use of the "guest" role, implement a traditional firewall policy based on source and destination IP, if you want to do this, why not go and buy a standard firewall?

Sensible user interface
The user interface is sensibly implemented. You can configure stuff in any order you wish, because the designers have catered for you doing things illogically – so if, for example, you get halfway down the "new user" details page and realise that you've forgotten to create the "role" this user will live in, it's no problem because you can simply select "Create…" and you're dumped into the role creation screen. Although this sort of stuff seems trivial, we often find GUIs that don't do it properly – something which can make an otherwise excellent product unusable.

As well as authenticating users via the usual selection of internal and external (LDAP, RADIUS, etc) mechanisms and permitting access based on policies, the WG-5000 provides wireless roaming capabilities via BlueSocket's proprietary SecureMobility technology.

Proprietary roaming technology
Whereas the likes of Cisco have decided to adopt the standards-based roaming approach with MobileIP (read our explanation of Cisco's SWAN), BlueSocket has taken the Trapeze-like option and has designed a system of its own (Roaming the Hard Way discusses this decision). The result is something that will inevitably be more efficient than MobileIP for the average WLAN (MobileIP is a generic technology that's not optimised for any particular type of installation, after all) but which ties you into a specific vendor (in this case, BlueSocket) for the roaming infrastructure.

The final thing to mention is failover: in addition to the pair of Ethernet ports that the LAN connections plug into, there's a third port labelled "Fail Over". WG-5000s can be arranged in pairs, with the failover ports linked in order that the devices can share connection and configuration information; in the event that one unit turns up its toes, the second can take over the workload.

The WG-5000 sits at the top of a comprehensive range of security devices aimed at organisations with significant amounts of wireless connectivity. The features list is sensible, the devices are straightforward to manage, and although the company has chosen a proprietary roaming technology, this isn't necessarily a bad thing (the decision to be non-standard will bring inevitable performance boosts). All in all, a satisfactory, if slightly expensive, product.

OUR VERDICT

Look at competitor products from the likes of Airespace, Cisco, Extreme and Trapeze, because in the majority of cases, you're going to have to stick with a single vendor if you want a collection of wireless gateways in different parts of your network.