EnGenius has made available its first series of multi-WAN gateways and the EnGenius ESG510 is currently the most affordable model, but don’t be fooled, this device is not your average entry-level gateway. No, EnGenius wanted to turn heads and made all the Ethernet ports 2.5GbE, including both LAN and WAN.
| EnGenius ESG510 | |
|---|---|
| EnGeniusTech.com | Check Product |
And it makes sense considering that their new line of access points is WiFi 6 and there is an expected move towards either WiFi 6E or 7 which can easily support a throughput above Gigabit. And I know that the idea is to use a PoE Ethernet switch to create a larger network with multiple APs, but the EnGenius ESG510 does offer a PoE LAN port as well in case you want to power up an additional access point.
The gateway does support dual-WAN connections (failover and load balancing) via the Ethernet ports, but you do get the possibility to use a 3G/4G/5G dongle for additional cellular failover.
I really liked the new direction that EnGenius took with its more security-focused ECW access points (ECW230S and ECW220S), so I was curious about what the ESG510 can add to what seems an already robust ecosystem.
Well, the EnGenius ESG510 does offer a high-throughput stateful firewall and the developers also promise fast site-to-site VPN which is easy to configure. Additionally, there’s what EnGenius calls the self-healing (or Auto Mesh) VPN which essentially ensures that multiple gateways under the same organization will communicate, relaying VPN info between each other in case of a WAN IP (or power forwarding) change. There are other interesting feature that we can explore under the Cloud management platform, so let’s put the EnGenius ESG510 to the test and see how well it performs.
Design and Build Quality
Most gateways have a rectangular metallic case designed to sit on a desk and the EnGenius ESG510 follows these same guidelines. And it means that we’re dealing with a fairly compact fully metallic case covered by a gray matte finish and, considering that it measures 8.27 x 7.07 x 1.38 inches (21.0 x 17.9 x 3.5cm), it’s not really suitable for mounting in a rack.
And this is confirmed by the four rubber feet that you need to attach to the bottom of the case to allow it to sit on a desk. Obviously, you can use a tray, but there are no mounting ears on the sides. The good news is that there are two areas that allow you to mount the gateway on the wall (better than the TL-ER7206 in this regard). That being said, EnGenius has perforated the left and right side of the case to allow the air to pass through to maintain a good internal temperature.
But, considering that the EnGenius ESG510 is fairly powerful and has a PoE-out port, is the passive heating system enough to keep the temperature in check? I did connect the EnGenius ECW230S AP to the PoE+ port and made sure some data was flowing towards client devices, and, as you can see from the photo, the ESG510 does heat up a bit all around the case. Even so, I did not see any signs that it may overheat, but I suppose some more demanding apps (such as possibly future IDS/IPS) may heat it up a bit more.
Then again, even the DrayTek Vigor2926 got a bit warm and so did the Zyxel USG Flex 100 which means that this is just the nature of these devices. EnGenius has put all ports and LEDs on the front of the gateway, so, from the left, there are four LEDs, one lighting up as soon as the ESG510 is powered up, followed by the WWAN LED (lights up if you connect a dongle to the USB port), a Test LED and the PoE LED (in case you connect a PoE device to the dedicated port).
The Test LED seems to have replaced the original Diag LED which could be seen in the early ESG510 photos but it retains essentially the same role as on the Netgear gateways. The LED will flash when the device is initializing and it will stay on if either the system is not ready or it has encountered an error while starting up. Next to the block of LEDs, there’s the recessed Reset button (to return the device to factory default settings), the Console port, the USB-A WWAN port (for 3G/4G/5G dongles) and then, there’s the block of four Ethernet ports, all supporting multi-Gigabit connections (2.5GbE). The first is just a WAN port, while the second can either be WAN or LAN.
The third port (P2) is a regular LAN port for connecting Ethernet switches or any other client device, while the P3 port is LAN and supports PoE+ (802.3af/at). This way, you can power up an extra WiFi access point, in case there are not enough ports left on your switch. Turning the switch around revealed that there is a single connector there, the Power port.
Internal Hardware (EnGenius ESG510 Teardown)
To open up the case of the EnGenius ESG510, all you need to do is remove the two screws on the left and the two on the right side of the device. And then just slide the the metallic top towards the rear to expose the PCB with its main components. There are no warranty seals or any other dumb deterrent like that from fixing your own stuff. A quick glance over the PCB revealed that there is a single heatsink which protrudes up to touching the top metallic panel (that we removed) and underneath it, there’s the quad-core Intel ATOM E3940 X236F668 chipset clocked at 1.6GHz.
I rarely see Intel processors on networking devices and they don’t really have that great of a track record, so I was curious whether EnGenius did the right thing when choosing the Intel platform. It seems that the chip is very power efficient and most importantly, it’s very often used for pfSense builds, so it seems to be a good choice for a gateway. Next to the chipset, I could see that EnGenius has added 8GB of eMMC storage memory SEC 231 8041 KLM8G1GETF, 4GB of RAM from Samsung (2x SEC 219 K4FGE3S4HMMGCJ) and there are four Intel S2353L34 controller chips, one for each port.
As you can see, there are no WiFi chips, so the EnGenius ESG510 does not have any built-in wireless capabilities and you will have to rely on WiFi access points to connect to your wireless clients. The ESG510 is very well equipped and I am curious to see what the upcoming ESG610 and ESG620 will bring to the table as well.
| EnGenius ESG510 | TP-Link TL-ER7206 | Draytek Vigor2926 | Zyxel USG Flex 100 | |
| CPU | quad-core 1.6GHz Intel ATOM E3940 X236F668 | dual-core 880MHz CPU (probably Mediatek) | dual-core 720MHz CPU (?) | dual-core 1.2GHz Cavium Octeon III CN7020 |
| RAM | 4GB Samsung (2x SEC 219 K4FGE3S4HMMGCJ) | 512MB Samsung SEC 204 K4B2G16 | 128MB WINBOND W971GG6SB | 2GB Nanya 1922 NT5CC512M8EN |
| Storage | 8GB SEC 231 8041 KLM8G1GETF | 128MB ESMT F59L1G81MB | 128MB Toshiba TC58NVG0S3ETA00 | 8GB Kingston EMMCC08G-M325 |
| Switch | 4x Intel S2353L34 | Realtek RTL8367S | Qualcomm Atheros AR8035 | Qualcomm QCA8337 |
The Standalone Mode
The EnGenius ESG510 is a Cloud-managed gateway, so it does have a standalone mode, but it’s very basic and offers almost none of the most important security features. I still decided to check it and to access it, I identified the network and entered the IP address into the URL bar of a browser. The default username and password are admin/admin and after that I got to see the familiar interface (I saw it with all other Cloud-based access points).
The interface offers two main sections, one is the Device Status and the other is the Local Setting. The former shows some status info of the Cloud, gateway and the network, while under Local Setting, it is possible to change the Connection Type, to set the role of the two WAN ports, as well as set up the Web Proxy Settings and upgrade the firmware (from a downloaded file). This are mere bare bones, so let’s adopt the EnGenius ESG510 to the Cloud.
The EnGenius Cloud Management Platform
The adoption process is the same as with all other EnGenius devices: I used the browser based interface, so I registered the EnGenius ESG510 by manually inserting the Serial Number (it’s also possible to use the OQ code via the mobile app) and then I paired it to a Network (under an Organization). It’s best to then upgrade the firmware and afterwards, I checked what’s new. And, as expected, there are some gateway stats on the Dashboard (Throughput) and then, checking the Manage section, I could see some dedicated status information.
The Diagnostic Tools tab is present here, but it still feels in its early stages. You get to see the live Activity of the CPU, Memory and Throughput, as well as continuously Ping specific websites (three, by default) and there’s also the Traceroute tool for checking the path of how you connect to a specific server. I do have the basic license, so it’s possible to use the Diag tool for a limited amount of time (a few seconds at a time).
Now let’s go to the Configure section. Here, there are four main sections, the first being the Interfaces, followed by Site to Site VPN, Client VPN and Firewall. Under Interfaces, we get to see one of the highlighted features of the EnGenius ESG510, the Pass-through mode. By default, it’s set to Routed, but you do get the possibility to use the Passthrough mode when there’s an existing router or gateway between the ESG510 and the modem, and you want to rely on its security features, while also keeping the settings from router (or gateway) unaltered.
The Routed Operating Mode will give the possibility to configure a dual-WAN system, of which we’ll talk in more detail in the dedicated section. It’s worth mentioning the option to set Static Routes and the feature-rich LAN section. To be more specific, you can either run a DHCP server or relay it to other subnet servers. Additionally, there is the option to set up a Captive Portal and a Splash Page (RADIUS or click-through).
The Site-to-Site VPN section is where you can set up the Mesh VPN feature and you get the option to either set the current EnGenius ESG510 as the Hub (the main unit which dictates the VPN settings and rules) or as a Spoke unit.
EnGenius ESG510
-
Pros
- 4x 2.5GbE ports (WAN and LAN)
- One PoE+ LAN port
- Support for Dual-WAN (failover and load balancing)
- Mesh VPN
- Passthrough Mode
Cons
- We need more VPN features
- No IDS and IPS