SMC SMC7004VBR Barricade Cable/DSL Router with 4-Port 10/100Mbps Switch

Other products by SMC

Product Details

Product Manual [1.19mb PDF]

• Product Dimensions: 6 x 4 x 2 inches ; 2.8 pounds
• Shipping Weight: 2 pounds (View shipping rates and policies)
• Shipping: Currently, item can be shipped only within the U.S.
• ASIN: B00006BA2C
• Item model number: SMC7004VBR
• Average Customer Review: 4.0 out of 5 stars  See all reviews (25 customer reviews)
• Date first available at Amazon.com: May 19, 2006

Product Description

From the Manufacturer

The Barricade Cable/DSL Broadband Router (SMC7004VBR) is the ideal networking solution for home and business users that are looking for a complete networking solution. This platform independent multi-function router combines a 4-port 10/100 Mbps dual speed switch, full-featured SPI firewall, and network management system into one convenient device. The Barricade supports various network protocols, such as TCP/IP and NetBeui, while also providing support for VPN connections with PPTP, L2TP, and IPSec pass-through.

The Barricade Broadband Router is the first router in its class to offer an integrated Stateful Packet Inspection (SPI) firewall. This firewall provides protection against hacker invasions, such as Denial of Service (DoS) attacks by analyzing individual data packets, as they pass through the Barricade, to ensure that only authorized packets are allowed access to the network. To control network access, parents or business owners can block certain web sites by entering either a URL address or just a keyword of the web site. In addition to these incredible features, this latest addition to the Barricade family provides hacker prevention and logging functionalities. For example, when a hacker attempts to access your network, the Barricade can alert you via email so you can take appropriate action.

The Barricade Router supports Network Address Translation (NAT) to provide connectivity simultaneous Internet access for up to 253 PC's using a single purchased IP address. To manage these connections, the Barricade has a built-in DHCP server to auto-assign IP addresses to devices on your network. To install this device, simply plug this router into your broadband connection using the integrated 10/100 Mbps RJ-45 WAN port - configure your static, dynamic, or PPPoE connection through the web-based interface - and in minutes you will be surfing the web. By using the web-based management system you can configure this router to handle IP routing and port forwarding through the Virtual Server option. For added management, this router also has a full- featured Access Control option. The integrated feature allows you to filter traffic through your network based on IP and MAC address.

The Barricade Cable/DSL Router is a comprehensive networking solution for PC, Mac, or Linux users, and is backed by a limited lifetime warranty. Combine the features, functionality, and affordability with SMC's award-winning technical support and service and you have the perfect network device for any situation.

Product Description

The Barricade™ Cable/DSL Broadband Router (SMC7004VBR) is the ideal networking solution for home and business users that are looking for a complete networking solution. This platform independent multi-function router combines a 4-port 10/100 Mbps dual speed switch, full-featured SPI firewall, and network management system into one convenient device. The Barricade supports various network protocols, such as TCP/IP and NetBeui, while also providing support for VPN connections with PPTP, L2TP, and IPSec pass-through.

Customer Reviews

Most Helpful Customer Reviews

52 of 53 people found the following review helpful:

5.0 out of 5 stars SMC7004VBR four port router, February 2, 2003

By	"walds" (FL, USA) - See all my reviews

Before I bought this particular router I gave a fair consideration to equivalent products from other manufacturers. My objectives were as follows: a 4-port router with flexible parental controls and reliable firewall at a reasonable price. SMC7004VBR turned out to be a clear winner. Setup can be done in manual (advanced) or assisted (wizard) mode, via a browser interface. I used the advanced option but also verified the wizard afterwards, for completeness of this review. Worth noting is that the router reboots almost every time you click the "apply" button. This results in a temporary loss of communication (~30 sec) between the router and the computer, which may look a little disturbing. Additional note: if you decide to change the router's LAN address, it will reboot with the new IP so the browser needs to follow. All settings are fairly standard except for one: SMC decided to set firewall to OFF by default. So remember to go to the firewall settings and turn it ON manually (and click "apply"). A somewhat debatable approach, especially that there is no word about it in the User Guide. The parental controls are very good. This router is capable of blocking up to 30 user-defined web sites based either on the URL or a phrase included in the URL. A very important tool if you have young children at home. When one of them attempts to connect to a banned URL the router just hangs with no other indication so it looks like the remote site is simply not responding. Other routers that I am familiar with send a message back stating that the URL was blocked. I prefer SMC's gentle implementation. There are also settings for defining the Internet access time and day per computer. Other setting like port triggering, forwarding, DMZ etc are there. These are standard on all routers these days. The security features make this router really stand out. Unlike other models in this class, SMC7004VBR can identify several types of hacker attacks and send alerts to a predefined email address. SMC did an excellent job implementing full POP3 account settings. Other vendors provide only basic configuration (i.e. only SMTP server name, no password), which may cause alerts to get lost under certain circumstances (dynamic IP). I was a little disappointed to see that SMC does not give options for other email alerts (i.e. triggered by the URL filter) but hopefully they will consider it in future firmware releases. Software upgrade functionality works flowlessly. I upgraded my router after visiting SMC web site and realizing there was a newer version available. The support via their web site is sufficient, I really did not have any reasons to call them on the phone. In my configuration, this product functions not only as a firewall but it provides high-speed network connectivity between my home computers. A remote (near the ceiling) Wireless Access Point is connected to one of the ports. The bottom line: two thumbs up!

18 of 20 people found the following review helpful:

4.0 out of 5 stars Price quality ratio is very high but specs on how SPI is implemented are needed, August 16, 2005

By	BookReader333 - See all my reviews

I bought this router in August 2004 and I felt really protected for one year. I got this feeling because of the evidence from the router's log (the logging feature is great; not all routers have it). The log showed lots of rejection of unsollicited connections. This logged information me to verify on my own what many articles have stated over the last 2 years: that remaining connected to the Internet exposes your machines to very frequent break-in attempts every single hour. Because of the router (with SPI feature turned on), the software firewall in my computer did not have to face those incoming challenges. Hence my computer's CPU cycles (and good functioning) remained protected from outside interference. This is extremely important, because the more the CPU is sollicited, the more unstable the machine can become.

It's important to go through the advanced manual mode of installation of this SMC router in order to set the security features where they should be. For instance, the stateful packet inspection (SPI) feature is turned off by default! So I turned it on. This is the singlemost important feature to me. It's the one that has been rejecting all those unsollicited connection attempts mentioned above. Another important feature is the ability to turn off remote access to the router. If you allow remote access, then you better have a very strong password on the router. And SMC should then make sure to add a feature where, after, let's say, 3 attempts to provide the correct password, the router rejects all remote-access attempts for a user-settable duration.
Another feature: the router log can be emailed to you or to anyone you choose. Great feature, except that the number of rejected connections per hour is so large that a new log is restarted very often and you end up getting too many logs e-mailed from the router. So I learned very fast to turn off this feature. There are many other features covered at www.smc.com and in other reviews below (for instance site blocking with time spans, port blocking). The router leaves port 113 unstealthed by default.

SPI, however, is such an important feature that it deserves several comments here. SPI is an umbrella word that often remains poorly explained. The main feature of SPI is that a log of user-initiated connections is kept by a firewall (upscale routers specify the maximum number of IPs that the database can hold; not so here). Armed with this database, the firewall can then reject any incoming connection whose IP is not registered in the database. This means the connection was not sollicited by the user and is probably unfriendly. This interrogation is the primary feature of an SPI firewall and distinguishes it from the so-called "NAT firewall". NAT is network address tranlation. You'll see NAT hyped as a firewall. Any barebone, ordinary Internet router must have NAT since it is necessary to routing. NAT allows the router to present to the world an external IP address (for example, a.b.c.d, each letter representing numbers from 0 to 255). This is the external IP of your network presented for all on the Internet to see. The Internet is often called a wide area network (WAN), hence the router's external address is the WAN address. The router allocates internal "private" IP addresses (typically starting with 192.168.xxx.yyy) to each machine connected to the router in your house/office local area network (LAN). The router hides from the world those private LAN IPs. That's any DSL/cable router's magic: you subscribe for one (WAN) IP address at any time during your subcription from your ISP, and all machines on your LAN can share that single WAN IP while they each have an individual private LAN IP. Therefore, NAT will block hackers who are ONLY looking for WAN IP addresses. This is because, in addition to the WAN address, reaching a computer behind the router also requires the LAN IP address of that computer. Therefore, compared to the simple modem-to-computer configuration often found in homes or small offices, NAT looks like a firewall because it hides your machine. In the former, your WAN IP is your computer's IP and any unsollicited connection will have to be rejected by the software firewall in your computer; in the latter, the unsollicted connection cannot reach your computer and its firewall is resting. However, if the hacker's scanner is programmed to probe beyond the external/public address, trying different private IPs one after the other, it will eventually come up with the private IP of a computer on your LAN. At this point, NAT receives the right pair of information and it will simply allow the unsollicited connection in--no question asked. In practice, the hacker may not even have to scan much in order to score. Popular routers tend to have known rules to assign LAN IPs by default. So the hacker just has to scan the default LAN IPs to score. For instance, 192.168.1.100 will typically find the first computer connected to a well-known brand of routers. You have to expect that any hacker worth his salt knows the default LAN IPs of all popular routers. He can therefore score after only one attempt at providing a pair of WAN-LAN IPs. Conclusion: NAT is just not enough nowadays, especially since hackers scan with scanning programs rather than manually.

So, what first distinguishes SPI from NAT is that SPI asks a question that NAT doesn't: aside from the correct combination of WAN-LAN IPs, SPI wants to know whether the user previously initiated a connection with the hacker's IP? Most likely, the answer is no, and the hacker will be stopped. It seems that this SMC unit performs this very basic SPI function very well (but remember to turn it on in the advanced settings).

Some manufacturers who implement this essential SPI feature seem to feel that it's enough to label their firewalls as SPI capable. Yet SPI can also be more complex. A more sophisticated SPI router may also add to its IP database (of user-initiated connections) the time at which each connection was initiatied. Then the router would allow a certain amount of user-settable time to elapse in order to get a legitimate response from the site to which the user connected. After this time elapses, even that user-contacted site would be rejected if it wants to contact the user. This SMC router, I think, does not ask this 2nd SPI question: several hours after Windows XP Pro contacted a site for automatic updates, that site initiated a contact and was allowed through by the SMC router. My computer's software firewall stopped the connection, labelling it clearly as an SPI block (because, as a fuller implementation of SPI, it tracks connection times). This software firewall had to have its SPI feature turned on manually in advanced mode, too (perhaps because SPI slows throughput a little bit). So I had to take additional measures for this incident not to happen with Windows updates. The simplest of these measures is to stop automatic updating. Other measures are to create additional rules in the software firewall (too complicated for this review) and not all software firewalls are that sophisticated.

A third feature related to SPI is that the router should have a fast enough processor to handle fast attacks without getting knocked out. Should it approach K.O. status, it should know how to freeze traffic, alert you, and still autorize valid traffic. This implies sophisticated logic that has to be imbedded in the router's chips. Besides the IP and time information attached to a packet, the content of the packet may be inspected for different criteria. The more questions asked, the more sophisticated a filter the router becomes... and the more expensive it will be. But I expect that, once the public demands those features, mass marketing will lower prices, and differences of hundreds of dollars today would then become differences in the tens.

A few weeks ago, I discovered that the SMC's SPI feature was cracked by a different game. In 24 hours, 5 several Chinese IPs got through the SMC. Only the computer's firewall caught them, categorizing them as SPI blocks. I don't know how these Chinese guys did it. But, in fairness, the SMC log also showed hundreds of other attempts by Chinese IPs which it managed to reject in that same 24-hour period.

These last incidents again proved to me that both a great hardware firewall and a great software firewall are needed to protect from the Internet. And you, the user, have to know how to set these firewalls to make them that effective. You should also have other intrusion prevention systems/software (IPS), at least because the 2 firewall layers can crack one day.

This is where my comments on the SMC Web site come in. I hope that SMC will offer a detailed description of its SPI features (its competitors that I know of do not provide this sort of details either). Secondly, the firmware upgrades don't provide any detail about which problems they solve. I'm not going to risk getting into potential upgrading bugs for a new firmware that I don't know anything about. Maybe the new firmware adds improvements I don't need, such as an improved DMZ or VPN. Finally, technical support (as most other tech supports elsewhere) does not impress me. Granted it's a tiny bit better than average, but I sense that these people don't have a solid grasp of the technology.

Conclusion. This is a great router for the price. I will perhaps stay with SMC but it will have to make clearly *SPELLED OUT* improvements in the SPI area, because I now know that its SPI feature can be cracked (and so may those of other routers of its class or a higher class). The router is 5 stars for its price. One star is taken off because both the manual and the Web site lack details o

13 of 15 people found the following review helpful:

4.0 out of 5 stars Great Router, but Don't be fooled by Warranty, November 30, 2003

By	SoundGuy (SILVER SPRING, MD USA) - See all my reviews

I have an older SMC router which was really great, and had great support, for several years. Then it "became inactive" and now they will do nothing for me. So, the "limited lifetime warranty" is for the lifetime of the product, which was less than 3 years in my case.

Here is the qoute from the web site:
The Limited Lifetime warranty covers a product during the Life of that Product, which is defined as the period of time during which the product is an 'Active' SMC product. A product is considered to be `Active' while it is listed on the current SMC price list. As new technologies emerge, older technologies become obsolete and SMC will, at its discretion, replace an older product in its product line with one that incorporates these newer technologies. At that point, the obsolete product is discontinued and is no longer an 'Active' SMC product.