TP-Link SafeStream TL-ER6120 review
A high IPsec VPN count for the price, plenty of WAN failover features and good remote-access performance
Small businesses that demand secure access for their remote workforce may well find that TP-Link's SafeStream TL-ER6120 is just what they need. For a very modest price, it supports up to 100 IPsec VPNs and provides dual Gigabit WAN links for essential internet redundancy.
However, there's more to this 1U rack unit. Security features include service blocking, application controls and website filtering. You get three Gigabit LAN ports, with the third functioning as a DMZ for protecting public servers. It even has integral 4kV surge protection so it won't get fried by a lightning strike.
Installation took us five minutes, with the tidy web console providing easy access to all the features. WAN redundancy and failover featuresare abundant and creating a backup link took only two clicks, with which we designated the primary and backup ports.
Failover mode only swaps to the backup link if the primary one goes down, but a timing mode can use a daily schedule to switch between them. Bandwidth policies can be used to control traffic in a specific direction and can enforce guaranteed minimum upstream and downstream bandwidths.
Application-optimised routing ensures all packets with the same source and destinationIP addresses are sent through the same WAN port. Once we had set our bandwidth limits for each WAN port, we could go on to employ balancing based purely on traffic loads.
TP-Link doesn't include any IPsec VPN client utilities and only provides a 30-day trial of the TheGreenBow client software. Single licences costs around 41, while a five-user pack will set you back about 194.
TP-Link provides detailed tutorials showing how to set the appliance up to use TheGreenBow. It's a tedious process that's easy to get wrong, but after a couple of attempts we had a working IPsec VPN between a remote Windows 10 desktop and the router.
We were unable to achieve the claimed throughput of 16.25MB/sec for 3DES IPsec VPNs in our tests, but the router performed much better than others in this price bracket. With a mapped share from a Windows Server 2012 R2 host on the LAN, we could copy a 700MB file to a Windows 10 desktop at an average speed of 10.9MB/sec, even with the router's web interface showing 100% CPU utilisation during the test.
We also tested PPTP VPNs and, although TP-Link's tutorial is dated, we were able to get one working on Windows 10 without any problems. Performance was noticeably lower, with the same copy operation now averaging 4MB/sec and the router's web console failing to respond at all until it had finished.
General security measures are good and the router's firewall protects against common flood attacks suchas DoS. You can set thresholds for each type in packets per secondand prevent the WAN ports from being scanned. You can also decide which LAN users are allowed to have internet access by applying MAC address filtering lists, although these must be created manually.
The firewall's URL- filtering feature is no different to that offeredby most consumer routers, and it's of limited value as it only uses simple lists of URL addresses and keywords. Access rules are more versatile-- you can block or allow specific services and each policy can be run to a daily schedule.
You can also use policies and schedules to block or permit peer-to- peer and messaging apps - the list of supported applications is short. Options are only provided for 25 common clients, including Skype, BitTorrent, Facebook and Twitter. However, you can't add customapps yourself.
URL-filtering and app-control policies can also be applied to groups of users. This feature is only practical for a small userbase, though, since they can only be defined to the router by their system IP address.
TP-Link's TL-ER6120 may support 100 IPsec VPNs, but we wouldn't recommend using them all at once - the hardware will struggle. That said, it delivers superior performance to other small-business VPN routers and offers an extensive range of WAN failover features.
This review originally appeared in PC Pro issue 258.
TP-Link’s TL-ER6120 may support 100 IPsec VPNs, but we wouldn’t recommend using them all at once – the hardware will struggle. That said, it delivers superior performance to other small-business VPN routers and offers an extensive range of WAN failover features.
1U rack chassis
5 x Gigabit Ethernet (2 x LAN, 1 x LAN/DMZ, 2 x WAN)
Supports 100 IPsec VPNs
Internal surge-protected power supply
1yr RTB warranty
Options: five-user licence for TheGreenBow IPsec VPN client, £194 exc VAT
Preparing for AI-enabled cyber attacks
MIT technology review insightsDownload now
Cloud storage performance analysis
Storage performance and value of the IONOS cloud Compute EngineDownload now
The Forrester Wave: Top security analytics platforms
The 11 providers that matter most and how they stack upDownload now
Harness data to reinvent your organisation
Build a data strategy for the next wave of cloud innovationDownload now