Enterasys has traditionally offered an impressive range of security routers that cover the complete spectrum from the small office right up to the enterprise. The XSR series is specifically designed to provide a distributed security system that can easily be deployed to remote office but still be centrally managed.
The 3250 on review here is aimed at large central offices and branches and along with firewall duties, it offers full IP routing capabilities, extensive QoS features and support for site-to-site plus remote client VPNs.
One of its key functions is to aggregate high-speed WAN links and to this end it supports a diverse range of communications interfaces. The 1.5U chassis provides six NIM (network interface module) slots allowing it to support up to six T3/E3 or twenty-four T1/E1 links. There are plenty of other options which include single port POTS and ADSL, single and dual-port ISDN PRI or BRI and 2Mbps serial WAN modules.
The main controller board is easily removable and provides a good specification centred round a 600MHz, 64-bit Broadcom dual-core processor module. This is teamed up with 256MB of PC2100 SDRAM memory and 8MB of Flash Memory and a PC Card slot is provided for additional memory cards. Theres much more as the board also incorporates an embedded 350Mb/sec VPN accelerator and provides no less that three triple-speed Gigabit Ethernet ports for local LAN, WAN and DMZ network connections. One of the copper ports also shares a connection with an SFP (small form-factor pluggable) port for long distance fibre connections.
Although the 3250 aims to be easily deployed we werent overly impressed with the basic management options as the primary means of communications is via the CLI (command line interface). True, you can access the unit remotely via Telnet and also encrypt the link with SSH but these types of interfaces are never very friendly or intuitive. Remote browser access is supported but its almost a waste of time activating the internal web server as no management access is provided. What you do get is a complete rundown on all internal components including processors and memory and you can see what NIMs have been fitted. Usefully, it provides environmental details on temperatures for the chassis housing and processor and the home page has links to Enterasys support site but otherwise you cant interact with the appliance or modify any parameters at all.
The 3250 uses a standard stateful packet inspection firewall and the lack of browser access means all configuration must be run from the CLI. Commendably, the default setting is to block all traffic so youll need to open up access by creating new firewall rules. The documentation does make a valiant effort at describing the procedures and also provides plenty of examples but it is still a tedious process that needs to be made more accessible. Most features are switched off by default so youll also need to configure RIP and OSPF routing and even SNMP management access needs to be activated. The latter feature is impressive as Enterasys implemented support for the more secure SNMP v3 in all its products some time ago.
With a price tag of £697, we would recommend purchasing the optional Remote Services Manager (RSM) software as it provides far better management access to the router. However, during testing we found that it didnt support Windows Server 2003 and failed during installation. As a component of Enterasys NetSight Atlas suite, RSM is designed to remotely manage multiple XSR devices and provides a tidy interface from where you can gather together and access all your routers. A simple tree style menu to one side allows you to group together all XSR routers along with any Matrix E1 and N-Series devices. It provides good wizard based assistance for creating ACLs (access control lists) and firewall policies and filters and allows you to create and remotely deploy policies to multiple devices.
Although the management options initially look a little muddled we were impressed with the XSR-3250. It provides a wealth of routing and security functions highly suited to the enterprise and its extensive range of add-in boards means it can cover just about any communications scenario.
If you want all your security eggs in one basket then the XSR routers offer an ideal solution that amalgamates routing, firewall, VPN and traffic management features into a single box. However, management using the CLI is always going to be tiresome and we would recommend factoring in the cost of the additional NetSight software.