The UK's largest independent broadband news and information site
The SAR-715 is a combined ADSL modem/router with a 10/100Mbps 4 port switch, built in firewall and UPnP support that is compatible with both the BT Wholesale and Karoo ranges of ADSL products. The modem is suitable for users on the single IP address (dynamic & static) services and those wanting to use blocks of static IP addresses, supporting both NAT and NON-NAT modes. The device has been available for a few months now, but has undergone a large transformation in that time, with multiple firmware upgrades, and new features appearing almost every month. The review is based around the current firmware, whish is version 3.D2.0.89, and has proved to be more stable than earlier versions. All the advertised features are not yet available on the router but it is hoped over time that the manufacturer will add more of the advanced options - the actual hardware itself appears more than capable of supporting the feature list. At the beginning of September 2002 the SAR-705 was released which is cheaper than the SAR-715, essentially it is the same router just housed in a different case and with a single 10/100 Mbps Ethernet port.
What you get for your money
For just £123 (August 2002) you get a lot for your money. Over a year ago, a router with these basic features set you back well over £200. The delivered package includes the SAR-715, a 9 pin to 9 pin RS232 lead, 2m RJ-11 to RJ-11 plug lead, a 2m Ethernet patch cable and a software CD containing the basic configuration software - though the latest software and firmware is downloadable from http://www.solwisefiles.co.uk should you lose the CD. The casing is a sturdy metal casing with a plethora of ventilation holes and a nice functional look with square lines; dimensions are 204mm (width) x 186mm (depth) x 35mm (height), and a fairly heavy 850g. One problem that concerns people when leaving ADSL hardware on permanently is the temperature of devices, I am pleased to report the router itself barely gets above warm and the power brick is no hotter than a warm dinner plate. For those who like boxes with plenty of LEDs this will please, on the front you have:
- Power green LED - on as soon as device is switched on
- DSL-LINK green LED lit when the modem is synced to the exchange, this should light up straight out of the box
- DSL-ACT green LED on when their is activity on the DSL line
- LAN/LINK ACT four LEDs, green for a 100Mbps connection and red for a 10Mbps LAN connection. If you plug the something into both the L4 and Uplink sockets, the L4 LED will blink.
Moving around to the rear of the router it has an ON/OFF toggle switch, 9V 1 Amp DC power connector, RS232 female 9 pin console port connector, UPLINK socket shared with port 4 of the switch, the remaining 3 switch ports and finally an RJ-11 DSL socket. The switch means that if you have a mixture of 10Mbps and 100Mbps machines on your LAN they can all run at their maximum speed, which helps to keep performance of the local LAN at its optimum. The inclusion of the UPLINK port means that if you have more than four computers it is easy to uplink to another switch or hub without the need for a crossover cable.
With a modem that has so many features it is hard to cover everything in a single review. The configuration discussed covers a basic single IP service where NAT is used to provide an Internet connection to a small LAN of 4 computers and a wireless access point. The SAR-715 has several ways of configuring it
- Configuration software for MS Windows, a very basic software suite, not unlike the older and smaller SAR-703.
- Web server interface, a web server runs at the routers default IP address of http://192.168.7.1
- Telnet configuration via the Ethernet interface, a basic command line interface.
- Terminal RS232 interface, ideal for times when Ethernet connectivity is lost and automated configuration software exists.
The configuration software is adequate if you just want to get the router running, and requires you to connect to the modem via its RS232 port. Beyond putting the basic parameters of the username and password in or being used for firmware upgrades, the software is something that most people do not use. The telnet configuration is not for most people, I wouldn't recommend configuring the router out of the box with this unless you have a deep love of command line interfaces. The terminal RS232 interface is like trying to use the telnet interface but has been made more interesting as enterprising users have developed a script that will ask you a sequence of questions and configure the router accordingly. This proves to work quite well for people who are happy to leave the router at its default IP address of 192.168.7.1. The script and notes on using it are on the Solwise Forum. For the majority of people, the method of choice for configuring the router is via its web interface. The web server in the router is not the fastest thing out there or the most pleasing to the eye, but it is functional and works well if you follow the basic manual that comes with the router and check your settings against others online.
The router has a default username and password of 'admin', so once you've got the router working it is advisable to change the password to something else. This avoids inquisitive users on your LAN making unauthorised configuration changes. In addition, by changing the default password it protects your router from Remote Access (if enabled). Setting up the router via the web interface comprises of several basic steps:
- Accessing the configuration wizard and deleting any existing interfaces.
- Setting up the WAN interface which is the ADSL side of the router. For BT users this means the VPI/VCI of 0/38 and selecting RFC 2364 (PPPoA) routed mode with CHAP authentication.
- For the BT configuration it is important to remember to set LLC header mode to OFF. Some people often miss this in the configuration wizard.
- For single IP address users, Enable NAT.
- Once this is done, then the Advanced configuration is next. Choose the ADSL mode, for some exchanges MULTI mode is fine, but others may work better with G.DMT.
- The router allows you to specify a second IP for it to be visible on. In the screenshots you notice the router is at http://192.168.7..1/ but I have some machines which access it on 192.168.0.1 also.
- If you want to use the DHCP server on the router to allocate IP addresses to computers on your LAN, now is the time to configure it. Out of the box it is set to serve addresses in the range 192.168.7.2 to 192.168.7.21
- Once you have configured everything, as with all routers ensure you save the settings, via the SYSTEM and SAVE CONFIG menu options.
With the SAR-715 it is advisable to do a SYSTEM RESTART after major configuration changes, otherwise it is likely to not connect properly.
The restart time for the router has improved with the various firmware versions. Prior to version 3.D2.0.89 a restart took two to three minutes, now it is usually well under a minute. One nice feature of the web interface when restarting the router is that you can monitor the sequence of events as the ADSL connects and logs in via the Status page, and the WAN status detailed information link, on the web interface. The screenshot below shows a connected and running ADSL link (for people with 3.D2.0.89 firmware, the status of the ADSL link is displayed via the ppp-0 link under WAN Status).
For most ADSL modem/routers this is where the configuration ends. There may be a short section on configuring port forwarding to allow server type applications to work, but the SAR-715 has much more to offer.
Security (NAT/Firewall) Configuration
What are these extras that the SAR-715 has then? Well, four parts really, basic NAT with port forwarding, basic security with triggers, a configurable firewall, and finally intrusion detection. I will try to cover them all to some extent.
The NAT port forwarding works on the PPP-0 to Internal interface, i.e. from the outside world onto your LAN, and in the basic setup, the NAT is set to drop any unsolicited incoming connections. The port forwarding allows you to punch holes in this protection to allow things like IRC ident, mail and webservers to work. The SAR-715 allows only single ports to be forwarded, i.e. no port ranges, which may make some applications difficult to setup behind the NAT. What it does allow is more than 25 of these rules to be created, and the actual range of protocols allowed is very large, comprising of ICMP, IGMP, IP, TCP, EGP, UDP, RSVP, GRE, OSPF and IPIP. As the router is capable of multi NAT it allows you to specify which global IP address you are forwarding the port for. With a single IP service, leave this set to 0.0.0.0 and make sure to specify the static IP of the computer that you are forwarding the data too.
The Firewall Trigger configuration screen allows to add special support for applications e.g. FTP and Netmeeting that require unusual setups. This extra application support is often called the ALG. If you are using XP or another UPnP enabled Operating System some applications will require none of this configuration, as the SAR-715 supports UPnP. Whilst the router supports UPnP it would appear that the actual level of visible support seems to vary from user to user, how much of this is down to XP misbehaving or the router not implementing UPnP very well is hard to tell. I have been able to get XP messenger running video sessions which is almost unheard of for a NAT router. The observant readers will have noticed two odd TCP and UDP port maps to the computer 192.168.7.2 in the screenshot above. These are dynamic port maps added by XP Messenger via the UPnP interface, when Messenger is actually connected to a user you will see extra ports added as you use the applications features.
Having a firewall is perhaps the most exciting part of a router at this price point and is potentially the area where people are going to get the most confused. For most users using the SAR-715 in the NAT configuration, the NAT provides a reasonable level of security by dropping unsolicited incoming connections. The advantages if you turn the firewall on are that you can control what applications on your LAN can actually get to the outside world, e.g. if it is an office LAN, block the common peer to peer ports, or for users running services like a web server you can block or allow certain IP addresses. There are two parts to the firewall rules on the external to internal interface - port filters which allow you to control which ports/protocols are allowed both in/out of the network, and host validators which allow you to control what IP addresses can get access both in and out of your network. To give people a head start the router has four basic sets of rules predefined for you:
- none - there are no rules defined, everything is blocked, this means you must create all the rules yourself. Also allows you control whether Host Validators block or allow traffic through.
- high - a minimal amount of traffic is let through, SMTP, DNS, POP3, HTTP, ICMP and only outbound.
- medium - a larger set of outbound traffic is allowed.
- low - a mixture of both inbound and outbound traffic is allowed.
Default firewall rules for High Security Filter
Rules can be added at will to any of these states, and each rule lets you allow/deny access for either UDP, TCP, or raw IP traffic across a single or range of ports. The web interface is fairly simple to use, but if you are creating lots of rules the telnet interface with the ability to repeat commands by recalling previous lines is preferable. The earlier firmware had some bugs (which appear to be fixed) in that if you set different sets of rules for low/medium/high, if you switched around the rule sets, then each one was reset to factory defaults. One bug that still exists in the 3.D2.0.89 firmware is that if you delete a firewall rule and then try to add it back via the web interface you cannot add the rule, since the router believes that the rule is still in use. The workaround for this is to add the new rule back for a slightly different port range, e.g. rather than just port 25, create the rule for ports 24 & 25. Ports that are blocked by the SAR-715 firewall show up as stealth to people on the outside world. The moral of firewalls though is they are only as good as the rules you use, and remember if one day some new software does not run check, that you are not blocking it via the firewall, one that people often forget is HTTPS the secure sockets protocol on TCP port 443.
The remaining part is the Intrusion Detection. This appears to be a system that allows you to actually log intrusion attempts against your firewall. In theory, this means you can see who is trying to gain entry to your network and is actively blocked by the firewall. The detection system is configurable so that it doesn't log simple one off events but only extended attacks. It is at this point really that the documentation for the device falls apart. I have not managed to view the logs that are produced - the documentation from Solwise covers getting the modem running but fails to cover many of the advanced features, and the draft CLI manual weighs in at 600 pages of very dry text that leaves you trying to figure out what it all means.
Universal Plug and Play (UPnP)
UPnP is supposed to be the great white enabler within Windows XP - the software that means mortals don't have to worry about things like port forwarding and to allow applications that just don't like NAT to work again. The SAR-715 has with version 88 of its firmware at last got working UPnP support and also is one of the first ADSL modem/routers to the UK market with working support. The screenshot below shows the visual side of the UPnP system with the Internet Gateway showing - clicking this takes you directly to the routers web configuration interface. Oddly this item does not always show up under XP even though UPnP is running (time for Service Pack 1 perhaps).
The whole arena of UPnP is still a bit flaky - a combination of Windows XP instability and router software writers not interpreting specifications the same way as Microsoft. The theory is that XP Messenger will transparently open up ports in the router as and when it needs to use them, thus allowing people with a single IP address to sit their computers behind a NAT router for security, but retain the flexibility of an old fashioned dialup interface.
How does the SAR-715 do it? Initially, I was unable to get the router to play ball with XP, but in the course of doing the review, I reset it to the factory defaults and configured the router again. Surprisingly XP reported a device called Virtata IGD (Internet Gateway Device) in the My Network Places window (it also appeared as an Internet Connection under Network connections). The other difference to my previous configuration was that I let the XP machine get its IP address automatically. Under the settings of the Internet connection you can see what Services are configured on the router - this means what ports are forwarded to which computers on your LAN, as well as listing the dynamic ports from the XP machine. Interestingly you can use the Services tab to actually add port forwards for other machines on the network and the contents of this tab tie up precisely with the contents of the Advanced NAT configuration screen in the routers config.
It is all very well having a sturdy case and firewall rules that would not let a gnat through, but if the device can not provide the goods in use then it isn't much use. Fortunately once you have the SAR-715 configured how you want, it seems to work very well. The latency to my first hop in Kingston upon Thames is the lowest I've had at 12ms for any ADSL device using the [email protected]_domain login. The router displays the usual ADSL performance parameters but these are only accessible via the telnet interface as shown. The downstream attenuation agrees to within 1dB of the BT woosh test on the line used for the review, so should provide a useful guide over time to any changes in your lines quality.
In day to day use I've found the router to be very stable and in over 2 months of use have not had to reset it (other than when changing its configuration). It could be faster at reconnecting to the ISP when you switch it on initially, but some of this seems to be down to a general slowing down of the ISP login process (when using the [email protected]_domain login it is nice and fast). Some users of the SAR-715 have reported instability and lock ups in the web configuration interface when using XP - seems I'm lucky. Certainly the early firmware was very unstable, and would not maintain a link to the exchange for more than two minutes. The later firmware has fixed this though. Whilst the web interface can be slow and clunky, downloads and uploads via the modem are certainly not, the modem allows you to use your ADSL line to its full potential.
The router seems to survive most of what I can throw at it. The one failure point was the in-game server listing in Counter-strike. A full server list update ran slowly (20,000 servers) and seemed to flood the NAT as web pages refused to refresh; stopping Counter-strike and the router recovered. This is a common problem with routers and the solution is to use an application like The All Seeing Eye to browse the game servers and to start the game.
The four port switch works very well, going back to an old 10Mbps Ethernet hub was a shock. On the old hub it took forever to do back ups across a LAN and the ability of other computers to use the hub was limited. The SAR-715 effectively segregates the traffic between the different machines allowing much greater utilisation of the network even when it is a mixture of 10Mbps and 100Mbps machines.
UPnP works surprisingly well - the Holy Grail of Microsoft Messenger, in other words video conferencing was achieved, even when both users were behind a NAT router (both SAR-715 routers and XP machines). In addition XP Remote Assistance appears to work. In another test of what is perhaps a more real world situation, between a dial up user running MS Messenger with Windows 2000, it was possible to get a voice conversation running (started in XP) and to receive a file on the XP machine. Initiating a Netmeeting call on the dialup machine appears to work well as once I accepted the call under XP the video played fine and both the Whiteboard and Netmeeting file send/receive worked perfectly.
I must add one crucial warning at this point, when the router is saving system settings do not under any circumstances close the browser window or switch the router off. I did this once by mistake and the router managed to wipe its firmware, meaning no connectivity. Fortunately, the SAR-715 is blessed with serial port access which works even without any type of Ethernet connection. After some fiddling and worrying I was able to install the 3.D2.0.87 firmware, and upgrade to the latest 3.D2.0.89 firmware via the web interface (it should be mentioned that the web firmware upgrade is unusually slow at around 30 minutes). Most routers display a similar warning during critical operations but the SAR-715 is a bit slower than most at saving its configuration so extra care needs to be taken.
The sequence for anyone who ends up in this position is as follows:
- Create a HyperTerminal session to the SAR-715. The RS232 runs at 9600 baud, 8 data bits, no parity, 1 stop bit and no flow control
- Switch on the SAR-715 whilst holding the space bar down on the PC. This will drop the router into its ] prompt.
- Type XMODEM within the terminal session, then from the HyperTerminal menus select the Transfer menu, followed by the Send option. The file to send at this stage is the bootcode.bin file from the 87 version firmware.
- Type QUIT once the upload finishes (it is slow and takes around 15 minutes).
- Type flashfs
- Type rewrite boot.bin
- Type update
- Switch off the SAR-715 again, then when switching back on hold down the space bar again
- Type XMODEM followed by the HyperTerminal Transfer Send menu. The file to send in this case is ea705-3d2087-tbc.bin, which is the flash file from the firmware.
- Type QUIT once this send has finished (this larger file takes around 30 minutes to send).
- You should now arrive back at the login prompt
- Use the default username and password of admin to login
- Type console enable
- Type flashfs update
- The flash code should now save and update and you have your router back alive and ready for access via its Ethernet ports.
There are other methods of breathing life back into the router using BOOTP and TFTP software, but this console method is the one that should work easiest for people even though it does take a while.
I have found this router to be very reliable in use and has become my main ADSL modem. The web interface and firewall side are perhaps a bit overpowering for total novices but for people upgrading from the more basic devices this router should be on your short list - a lot of the configuration problems from earlier firmware releases are gone now and whilst the documentation is not amazing it has improved and a sizeable user base exists to provide help and example setups, which often prove more useful than coldly written manuals.
In its current firmware release the firewall is useable but perhaps a bit confusing. The firewall does its job though and compared to other routers where the firewall is only accessible via the CLI it is a leap forward. The later firmware was perhaps a step backwards in the aesthetics of the user interface but then you tend to use the configuration interface for a short while and once it is setup not touch it for a few months. One of the items high up my wish list for this router would be exposing the various security logs via the web interface and improving the information displayed in the WAN status area e.g. uptime, line attenuation figures and the number of errors over the ADSL link.
For its price the SAR-715 is a tough beast to beat and should prove popular as an upgrade router for people who have outgrown the simpler NAT routers, or users looking for a NAT router that still lets MS Messenger work.
£72.00 – Solwise SAR-715
£60.00 – Solwise SAR-705 (single port version)
Prices listed above are excluding postage and VAT.
Where to Buy:
||See our DSL Hardware FAQ|
The contents of this review should not be relied upon in making a purchasing decision—You should always discuss your requirements with your service provider and hardware supplier.