Why you can trust TechRadar We spend hours testing every product or service we review, so you can be sure you’re buying the best. Find out more about how we test.

This review first appeared in issue 352 of PC Pro.

The AT-AR4050S-5G from Allied Telesis targets SMBs and remote offices seeking a single solution that combines tough network perimeter security with total WAN redundancy. This desktop firewall appliance sports dual 5G SIM slots and offers WAN failover services for businesses that cannot tolerate any internet downtime.

You can add two 5G SIMs, which are automatically configured as primary and backup mobile network connections, and the appliance supports cards from different carriers. You can also use one of the appliance’s wired WAN ports as the primary internet link and back it up with a 5G connection.

The appliance teams up its dual gigabit WAN ports with an eight-port gigabit network switch for LAN systems. It has plenty of power on tap, with its quad-core 1.5GHz CPU claiming a maximum raw firewall throughput of 1.9Gbits/sec, dropping to 750Mbits/sec with the intrusion prevention service (IPS) enabled.

You may like

The appliance’s base license enables an SPI firewall with deep packet inspection and includes IPS, web filtering, built-in application controls, bandwidth management and support for IPsec and SSL VPNs. Free central management of five Allied Telesis TQ series of wireless access points is included, with a feature license extending this to 25.

Two optional security licenses are available, but you can only choose one as they can’t be run together. An advanced firewall option activates more extensive application and web controls, while the advanced threat protection version adds tougher IPS and IP reputation services, with each costing £521 per year.

Full view of the Allied Telesis AT-AR4050S-5G — **The appliance has two gigabit WAN ports and an eight-port gigabit network switch** (Image credit: Future)

Our system came with a Vodafone 5G SIM and we used this as the backup connection with the first gigabit WAN port providing the primary connection. Deployment is simple: the appliance’s browser interface provides a quick-start wizard that runs through choosing the primary WAN connection and assigning a DHCP server to the default LAN subnet.

In dual 5G SIM deployments, you set a failover interval in seconds for the primary SIM and, if it fails, the appliance automatically swaps over to the backup SIM. To test wired WAN redundancy, we removed the network cable but found the backup SIM would only step in after the appliance was rebooted, although we did note that after reconnecting the network cable it reverted back to this without any intervention.

The web console’s widget-based dashboard shows a graphic of the appliance along with tables and graphs for traffic activity, appliance hardware utilization, security service activity and the top applications. A minor complaint is that the graphic only shows active LAN ports and doesn’t highlight which Ethernet WAN ports and SIM slots are active.

Desktop screenshot of the widget-based dashboard — **The web console provides a traffic activity overview** (Image credit: Future)

The appliance uses entities to define a logical map of the network, which can be zones, networks and clients. Top-level zones describe boundaries such as the WAN, LAN and DMZ, with each containing networks of IP subnets and addresses while clients are individual systems.

These come into play when you create firewall rules as they comprise a source and destination entity and an action that blocks or permits traffic between them. You can also add rules to manage bandwidth usage for specific applications and assign them to entities.

The advanced threat protection license enables IP reputation lists and stronger IPS courtesy of ProofPoint’s ET-Pro ruleset. The web console has options for anti-malware and antivirus, but we were advised that these Kaspersky-managed services are no longer available.

The built-in application library contains around 200 signatures, and the advanced firewall license activates the Procera app visibility library, which increases the signature count to nearly 2,000. Likewise with URL filtering, as the integral OpenText list can be upgraded to the Digital Arts service which offers around 100 web categories.

The AT-AR4050S-5G neatly integrates advanced network perimeter security with redundant 5G mobile connections. Failover for wired WAN connections isn’t perfect and some security features are no longer available, but this appliance will appeal to businesses and remote offices in rural areas with limited broadband services, and it’s offered at a very competitive price.

We've also ranked the best business computers.

Probably the most respected tester of IT equipment in the UK, if you’ve bought a piece of kit for the office - whether printer, server or rack appliance - then you’ve probably read Dave’s verdict at some point along the way.

What is a hands on review?

Hands on reviews' are a journalist's first impressions of a piece of kit based on spending some time with it. It may be just a few moments, or a few hours. The important thing is we have been able to play with it ourselves and can give you some sense of what it's like to use, even if it's only an embryonic view. For more information, see TechRadar's Reviews Guarantee.