NitroWare.net

Please standby while the website is under maintenance. All existing content is still available to access.

Design and Features

3G9WT exterior

 

Aesthetically, the Gateway is enclosed in NetComm's standard broadband casing as applied to their other models but re coloured blue and logos applied to suit their customer, Telstra to which this specific model is exclusive to.

Vertical orientation of the unit on its end s not possible as the design of the casing, as well as placement of the Wi-Fi and Cellular antenna prevent the unit from being stood up in a vertical position.

3G9WT rear view

The unit can be operated with the antenna parallel to the cabinet however there are no wall hooks or bracket available for the unit. In Lieu of the vertical orientation of this we would have liked to see large wall hooks included on the base of the unit as is the case with broadband product from ASUS or Siemens or the Wall bracket accessory for Linksys units.. This design aspect can also increase the clearance height of the base and encourage better cooling to the base of the unit, which is somewhat needed as the Wi-Fi module is located in the underside of the unit and it can get quite warm after extended operation.

3G9WT base

It should be noted that this unit should not be placed on surfaces which may be affected by heat sources. The Gateway does feature a temperature sensor in the 3G Module and the user is able monitor its temperature through the Gateway's Web Interface. We observed this temperature reading to range between 50 degrees and 70 degrees Centigrade. It is worth noting that this is not an industrial or weather proof unit and is intended for indoors use under normal operating conditions.

 

The front panel of the gateway comprises of generic status LEDS which only indicate in a single colour, unlike other makes which feature bi or tri colour LED to indicate different states. NetComm have used different flash LED flash codes to signify status and this worked satisfactory. The way status is displayed is more of personal preference where some users prefer different colours others flashing sequences.

What we did take notice to was that the captions for each status led were not illuminated and could have been made larger. The single sequential row of status LED's can make diagnosis tricky especially over indirect means of communication. This is not solely a fault of NetComm's as products of other manufacturers also suffer from this design trait through the industry.

3G9WT front panel LED

The start up sequence consists of a status check of all LED and then progressively each of the modules become ready. As with other broadband or ADSL Gateways the ethernet and Wi-Fi features can be used regardless if the 3G is offline or no SIM is inserted.

The read me card in the package claims 45 seconds start up time. We measured around 60 seconds from power on to the Internet LED being activated, indicating that a successful 3G internet session has been established. Either way this is very swift and painless and is in fact quicker than the time it takes some ADSL links to synchronise. The Wi-Fi Access point is ready soon after as soon as its LED is activated during boot. Resetting the device takes around two minutes.

Software

The gateway does not need any software to be installed but the manufacturer and supplier recommend the user use the provided setup wizard to configure the gateway and enable wired or wireless connectivity. While other vendors such as D-Link and Netgear do include desktop-based setup wizards, the wizard including with this unit was fair easier to use both logically and in regards to UI design. This particular model uses a USB key therefore if Wi-Fi is selected the user only needs to enter their WPA security key once and it saved on the USB stick for future use if the wizard needs to be re-run at a later date.

This feature only works with the included wizard and not the 'Windows Connect Now' feature including in Windows XP and above, however the user can still use WCN if they wish but we do not recommend it.

A basic utility showing 2G/3G mode, signal strength , SIM status, IP addresses and connection status is included. This program contains features designed for other mobile broadband products in the Telstra lineup which are not functional for this gateway or the included data plan/SIM.

The utility is easy to read and understand for novices. Advanced users will want to install this utility anyway since it reports the WAN IP Address , Signal Strength and cellular mode.

3G9WT Telstra Connection Manager

We found the utility bundled with Vodafone's 3G USB modem less obtrusive on the desktop and more featured packed, Eg. that software supports automatic fail-over between Wi-Fi and 3G, although that device is a USB modem and not a standalone gateway.

We were satisfied with the Telstra/NetComm utility though.An update to version 1.1 did not deliver any significant or noticeable features to the utility however the included read me did mention the updated was necessary if the device firmware was updated. Both v1.0 and v1.1 seemed to work fine either way.

The 250MB USB key contains 30MB of files for Windows 32 and 64bit, Mac OSX 10.4.11 and higher, 8MB colour illustrated user guide in PDF as well as Flash and Windows installer updates.

3G9WT USB drive contents

Security

This device uses the less secure WPA(1) encryption standard for best compatibility with different operating systems such as Windows XP which defaults to WPA1, older Wi-Fi adapters and other Wi-Fi Access points, ease of configuration and use. However the default WPA encryption key for the unit is printed on the base of the unit and in plain text on the USB key. The default user name and password to access the gateway web interface are also printed on the unit.

Since this product is designed to be mobile and would likely be in a user accessible location, if these authentication methods are not changed, third parties can easily access the unit. Not printing the key on the unit would be enough of a step. The USB key which would contain the WPA key in plain text would likely be kept in more secure location and not as much a problem.

As with other broadband routers which use Broadcom's platform, full WPA2-AES and RADIUS authentication is provided for the Wi-Fi Network.

The Gateway has a stateful inspection (SPI) firewall but no fine customisable settings are provided for it.

The GSM cellular system typically has good security, incorporating encryption and PIN codes. However this particular product has a caveat when it comes to security for the SIM card. PIN codes are supported in a different way to a traditional GSM/3G Cell phone.

On a cell phone the user has three tries to enter their SIM, once extinguished the SIM is temporarily blocked until the service provider unblocks it. Cell phones can operate with a SIM that has security enabled or disabled, by requesting the user to enter their PIN.

On this device, the PIN function is simply there to unlock SIM cards which have e PIN code security enabled, rather than to protect the device when it is used !

The SIM must be first unlocked using the PIN feature and SIM security changed to disabled inn the gateway before it can be used. IE, the gateway only supports operation with SIM cards which have SIM security disabled. Since this security is now permanently disabled, it needs to be re-enabled manually through the gateway if the SIM is to have security reactivated before removal.

Once the now security disabled SIM is in the gateway, a hostile user can steal the the SIM from the rear slot without any tools. It may be some time before the theft is discovered however at least that SIM can be blocked from further use by the service provider.

This procedure is not much different to opening a door with a key and leaving the key hanging on the door knob.

Since this device does not require any authentication by default to access the internet or to operate it (at least on the Wired Ethernet side, Wi-Fi requires the WPA security key), the device can be a easy target for thieves who only need to unplug the power and now posses an unlimited, portable way to access the internet, temporarily at least.While the wireless is secured, that doesn't stop the security being disabled, the reset button will reset the device to the default settings which are printed on the unit. ! Meaning the only thing stopping the device from being used by a thief is physical security.

A security loop in the device would make theft much more difficult, something which this product lacks. By preventing physical access to the device (or other broadband devices) many security flaws are made void.

As mentioned, the service provider can block the SIM and since there is no personal data stored in the device the theft would be limited to the cost of the gateway itself.

UPnP (Universal Plug and Play)

In a nutshell, UPnP is an automated process that allows various consumer networked devices to discover each other over a local area network or over the internet without the need for the user to manually configure their broadband or network access device.

While the technology has its flaws (which not will be covered in the scope of this article), it does work and delivers the goal of it is supposed to. However with the 3G9WT unit we were unable to get UPnP to fully work as expected.

UPnP aware applications, such as Windows Live Messenger from Microsoft and the official BitTorrent client, uTorrent, were able to function but failed to completely configure the gateway to correctly expose these applications to the internet.

3G9WT UPnP XP Status3G9WT uTorrent Log3G9WT Live Messenger Status

We suspected that this was due to the way Telstra and NetComm have configured the device to deliver status updates to a desktop utility. A newer release of this desktop utility did not improve the situation neither did a firmware update to the device. Third Party tools confirmed that the UPnP issue was not an operating system issue or glitch.

UPnP DiagnosticUPnP Diagnostic

We later discovered that manually configuring the device's firewall to allow incoming traffic, such as hosting a mail, web, FTP or Terminal server behind the gateway did not work either. These services which had firewall rules configured for them to forward incoming traffic to them were not responding when connected to the 3G Gateway. We knew that these services were not faulty as we could port-foward these services through our broadband services.. If the UPnP feature had issues, at least the firewall rules should have worked.

It turned out that the issue was not due to the Gateway, but the SIM card and Data plan supplied as part of the review kit and the same kit was supplied to other Australian media.

Since the supplied SIM did not support a fixed WAN IP address or incoming traffic we could not independently verify that the port forwarding worked, or if the UPnP issue would have been solved if incoming traffic on the wireless service was enabled.

It is possible that some customers may receive SIM/Data plans in the same configuration as there are many combinations or variations of data plans .

This was an oversight that should have been noticed by both vendors during their planning processes earlier - supply/sell a device with a firewall/NAT feature to a user but not let them actually use the port forwarding feature is just not acceptable.

We should have caught this earlier too, by the time we did it was too late to update our findings. The majority of consumer broadband routers ship in a configuration where by default all outgoing traffic (Eg., the user requests a web page) is allowed and all incoming traffic (Eg., an external user tries to connect to a web server behind the users internet connection) is denied, and this was the case with the 3G9WT as well.

Due to this security aspect the issue of why we couldn't connect to port forwarded services comprised of two layers. The first being to configure the port forwarding rules to allow incoming traffic and to see if and why they are working or not working and secondary determine why they were not working once properly setup and diagnosed.

UPnP aware applications such as Live Messenger and uTorrent DID WORK, at good speeds too regardless of the connectivity problem, as previous described only manually forwarded services did not work.

The Gateway passed Microsoft's Internet Gateway Device online test

Windows Gateway Diagnostic