EnGenius ESG510 Cloud SD WAN Gateway Review Feature

Any links to online stores should be assumed to be affiliates. The company or PR agency provides all or most review samples. They have no control over my content, and I provide my honest opinion.

EnGenius has launched its first range of SD-WAN gateways allowing buyers to have a completely cloud-managed network with EnGenius.

The ESG510 is the most affordable option currently available that is ideal for small businesses.

This SD-WAN Security Gateway is powered by a Quad-Core 1.6GHz Intel ATOM E3940 process, and it is equipped with dual-WAN 2.5GbE, dual-LAN 2.5GbE (one being POE), cellular failover, stateful firewall, and site-to-site and client VPN delivers more simplicity and security to businesses by providing the IT team with effortless setup, enterprise-level security, and an end-to-end network solution.

Two models sit above this, one with a more powerful processor that can handle more users/connections and one above that which is rack-mounted and has  8x 2.5G ports and 2x 10G SFP+ ports.

Specification

EnGenius ESG510
Processor1.6GHz Quad-Core CPU, 4GB RAM, 8GB Flash
Port Configuration 2x 2.5GBASE-T WAN/LAN
1x 2.5GBASE-T LAN
1x 1x 2.5GBBASE-T PoE+ LAN
Console Port1
Max Internet Speed2.5Gbps
Dual-WANYes
(load-balancing or failover)
USB Port1x WWAN cellular backup
Routing FeaturesWAN load balancing with WRR
Networking Features
Static Route
Multiple WANs
USB Cellular
User Authentication
PPPoE
VLAN Tagging
Captive Portal
Custom Splash Page
Dynamic Routing
Bandwidth Limit
Traffic Load Balancing
DHCP client/server/relay
Dynamic DNS support
Firewall FeautresStateful Packet Inspection
Policy Rules
Port Forwarding
1:1 NAT
Allow Inbound Services
VPN FeaturesSite-to-Site VPN - Mesh VPN/Hub-and-Spoke
Client VPN
Policy-based VPN
IPsec NAT traversal (NAT-T)
Dead Peer Detection (DPD)
Auto-VPN Connection
Auto NAT traversal
Firewall (SPI throughput)4G
VPN Throughput970M
Max. TCP Concurrent Sessions1,000,000
Max. Concurrent VPN Tunnels200
Max. Concurrent VPN Users250
Operating Temperature0°C to 40°C
Power Input110 – 240 V / 54V/1.2A
Power Consumption52w max
Local Web Interface Basic
Cloud Management Engenius Cloud
RRP$599.99
£778 including VAT

Setup

Setup wasn’t quite as simple as adding a new EnGenius access point or switch, but this was more user error than anything. While I love the cloud interface, where some of the settings are located isn’t quite as obvious as a consumer router.

The switch has a local interface, but it is designed to be used with EnGenius Cloud, and the initial setup is the same as all other EnGenius Cloud products. I used the Cloud To-Go app to scan the QR code, added it to my network, and that was technically all I had to do.

Like many routers, it took a while to establish a connection. Once you do the initial setup, it is best to restart the ISP router manually, as this will allow it to assign the correct IP to the gateway.

For me, as I have a relatively complex (messy) home/office network, I needed the gateway to have a specific IP and changing this was not immediately obvious (compared to consumer routers).

To alter the IP, under the configure menu and within the gateway section,  go to interfaces, then LAN. Click on the LAN (under Name) and change the IP address. In hindsight, this should have been easy to figure out, but it took me a bit longer than I’d like to admit. Under that section, you can also configure the 2nd WAN port to be a LAN port, if you wish.

Also, under the DHCP tab, there is a fixed IP list which is a feature I often use as an alternative to setting a static IP.

Under the WAN settings, I didn’t have to configure anything, as the Virgin router provided the connection via DHCP. But you can set a static IP or PPPoE. You can then set up your second WAN, cellular backup, and DDNS.

Port Configuration and POE

EnGenius ESG510 Cloud SD WAN Gateway Review Product Shots multi gig ports

The ports are worth talking about as this is a big selling point for me. Everything is 2.5GbE, so most of my network is now multi-gig.

The 2nd WAN port can be configured either as WAN/LAN, and then the 4th port is POE.

The POE port is incredibly handy as it allowed me to attach the ECW336 WiFi 6E access point directly to it, whereas previously, I had a separate POE switch in that room running it. I have seen many small businesses and prosumers with an access point sitting on top of a switch in a rack, so I would imagine that quite a lot of users would take advantage of this. Furthermore, 2.5GbE POE switches cost a lot of money, so this would allow you to get the best performance possible out of an AP like the EnGenius ECW336 without the expense of a switch like the EnGenius ECS2512FP.

Engenius Cloud

Engenius Cloud Dashboard
Engenius Cloud Dashboad Access Points

Like all my other EnGenius reviews recently, this gateway is designed to be used with EnGenius Cloud. This is the main reason to get this gateway; I now have a unified interface for my gateway, switches and access points.

From the dashboard, I can see statistics for my network and identify any problems.

Within the device-specific section for the gateway, I can load up the diagnostic and see the CPU, memory and throughput usage. There is a speed test and ping function. Then the third screen has a traceroute.

Oddly the speed test function showed a much lower throughput than the result I got from speedtest.net. I expect it may have been the server that the gateway chose to do the test.

Within the details section, I can view the latency and throughput of both WAN interfaces. Then with the DHCP lease tab, I can see all the devices using DHCP. It would be good if there was then an option from this page to add devices to the fixed IP list.

Engenius Cloud Pro Licence Prices

Similar to Zyxel Nebula, the Engenius Cloud system is free to use and should be more than enough for enthusiast users and SOHO/small businesses. However, they wall off some functionality under a pro licence which incurs a fee per device.

Pricing is reasonable, with the access point and switch licence costing $120 for three years. The gateway licence is priced higher at $240.

For the gateway, the licence adds:

  • Auto VPN NAT Traversal
  • VPN Topology
  • Backup & Restore
  • Network Clone

For my home/SOHO network, it would get a bit spendy at $960 for all my devices every three years, but this isn’t a lot of money for a proper office with a lot of staff.

EnGenius ESG510 Features

IPSec VPN

EnGenius ESG510 IPSec VPN

The ESG510 has a client VPN service that uses IPsec VPN technology and can support VPN clients running on Windows 10/11, macOS, iOS devices, and Android devices.

However, it is worth noting that the gateway only supports IKEv1, so if you use Android 13 or a later version, you will not be able to use the client VPN because Android 13 only supports IKEv2.

I had hoped to test this on my Pixel 6, but it was not possible. I, therefore, tested it with Windows and followed the guide from the Cloud User Manual, which recommends the VPN Access Manager application from Shrew.net.

Firewall

This is a security gateway, so a firewall is to be expected.

You have options for:

  • Outbound rules
  • Port forwarding
  • 1:1 NAT
  • Allowed Services (which are allowed to access ESG), including ICMP and Web.

The security features are perhaps a little limited to competing products, including IDS/IPS or unified threat management (UTM). Things like UTM firewalls tend to cost a lot of money, incur subscription fees and have reduced throughput due to the processing needed to run the various security features.

It is also worth noting that Engenius have some security focussed access points, including the ECW230S and ECW220S. These feature AirGuard, which includes wireless intrusion detection system (WIDS) for threat detection and wireless intrusion protection system (WIPS) for attack remediation. To use AirGuard, you will need a Pro licence.

WAN Throughput

I recently upgraded to Virgin Gig1 fibre broadband. For routers with gigabit LAN ports; the speed you get would normally be sub-gig at around 940 Mbps due to various interface bottlenecks.

For me, I found that with my ageing FRITZ!Box 7590, my speeds were limited to sub 800Mbps.

Switching to the FRITZ!Box 4060 I still found that my speeds were limited even though the transmission rate for the “WAN” port to an expected rate of about 2.25 Gbit/s to 2.4 Gbit/s.

Switching to the EnGenius ESG510, which has 2.5GbE for all WAN and LAN ports, I immediately achieved speeds consistently in excess of 1000Mbps. Sadly, there are no faster Internet options where I live, so I am unable to test any higher than that.

Dual WAN

I was able to test the dual WAN functionality by using the AVM FRITZ!Box 6890 LTE router. This has a Category 6 LTE modem (FDD) with up to 300 Mbit/s.

For testing, I used a cheap Smarty SIM card. Connecting to this router directly, I achieved speeds of about 40Mbps down.

As that speed is far lower than my Virgin line, I configured the gateway to use the 2nd WAN as a failover. Then while browsing and running a ping test, I unplugged WAN1 to see how long the connection would go down for. There was a small noticeable disconnection, but as far as web browsing goes, you probably wouldn’t notice. Reconnecting WAN1, there was no noticeable drop in connection, but when running a speed test, it had an error initially. Then redoing it, I achieved my full gigabit speeds.

It is also possible to run this as a load balancer which will divide the two connections up, but this wasn’t practical with my set-up.

4G USB Dongle

For improved redundancy, there is a USB port which can accept a 4G dongle. The 4G dongle options are quite poor, I bought the Huawei E3372-325 LTE/4G dongle from Amazon, which only cost £40, and it claims to be capable of 150 Mbps, which seems to be the limitation of all USB 4G dongles.

Unfortunately, this dongle doesn’t seem to work with the EnGenius ESG510. It creates a connection as if it was a router, which works well on my PC, but I assume the gateway is expecting it to work like a modem.

If/when I get a replacement dongle, I will retest this, as this would be the preferable backup connection method for my network.

LAN Throughput and WiFi performance with EnGenius ECW336

With this having 2.5GbE for all ports, I have finally upgraded my hodgepodge home network to 2.5GbE for all the important devices, and I am slowly upgrading to 10GbE.

For LAN throughput, testing with iPerf connected to my TerraMaster F2-423 running Unraid, I was able to achieve 2.49 Gbits/sec for all the ports I tested.

Testing the EnGenius ECW336 running on the POE port, I was able to achieve 1.49 Gbits/sec, which is the same as when I tested it with the ECS2512FP 2.5GbE POE switch.

Price and Alternative Options

The EnGenius ESG510 has an RRP of $599 in the US. In the UK, it works out more expensive at £649.00 Ex VAT(£778.80Inc VAT), with it currently only being available from Cable Management Warehouse.

EnGenius then have two models that sit about this. The ESG610 and the ESG620, both upgrade the processing power, which allows them to achieve a higher throughput for the VPN and more concurrent users. The ESG610 has the same ports as the ESG510, but the ESG620 is a rackmount with 8 x 2.5GbE (two are POE) and 2 x SFP+ ports. These models don’t appear to be available to buy yet.

Looking at other vendors, there isn’t really anything like for like.

The Ubiquiti Dream Machine Special Edition is perhaps the closest and priced a bit more reasonably at €549.60 VAT Inc (£480 or £545 from BroadBandBuyer). It has 1x  10G SFP+ for WAN and LAN + one 2.5 GbE RJ45 WAN port, then 8x GbE POE ports. It is much larger, being a rackmount device, and it has more features, including being a network video recorder (NVR). It then has additional secrurity features, including IDS/IPS scanning, Internal Threat Scanner and Internal Honeypot. For VPN, there are numerous reports that this can only achieve up to 500Mbps with IPsec.

The DrayTek Vigor 2962 is £420. This is a dual WAN router with VigorACS EssCloud Service. It has 1x 2.5GbE, 1xSFP and 2x Gigabit Ethernet. VPN throughput is 900 Mb/s with IPsec.

TP-Link Omada has the ER8411 priced at £356.99, which has 2× 10GE SFP+ Ports (1 WAN, 1 WAN/LAN), then 8xGigabit WAN/LAN.

Zyxel has the USG FLEX 100 or FLEX 200, which are limited to gigabit and have a much lower VPN throughput, but these have Unified threat management (UTM) with some advanced security features.

Overall

For me personally, I love the EnGenius ESG510. I am biased, though, as I currently run EnGenius for the main parts of my network, so this integrates perfectly within my existing system.

For existing EnGenius users, this is a no-brainer. It can handle a significant number of concurrent VPN users and has a good VPN throughput, so this gateway would be suitable for a wide range of SMBs. For larger businesses needing up to 500 concurrent users, there is the ESG610.

I think EnGenius has really nailed the hardware side of things here. With 2.5GbE on all ports, POE on a single port, dual WAN and USB data backup, this ticks all the boxes.

There is some room for improvement, though. In particular, the client VPN functionality could do with improvement as it is a little restrictive at the moment. Also, competing devices often have more advanced security features, such as IDS/IPS scanning and various forms of threat management. Though, all these advanced features can have an impact on the throughput.

EnGenius ESG510 Cloud Managed Dual SD-WAN Gateway Review [Gateway5 4mG]

Summary

For existing EnGenius users, this is a no-brainer. EnGenius has nailed the hardware side of things here. With 2.5GbE on all ports, POE on a single port, dual WAN and USB 4G data backup, this ticks all the boxes. There is room for improvement, but it is a superb first gateway from EnGenius.

Overall
90%
90%
  • Overall - 90%
    90%

Pros

  • Multi-gig networking with dual-WAN 2.5GbE, dual-LAN 2.5GbE
  • POE on one LAN port.
  • Dual WAn with cellular failover

Cons

  • VPN & Firewall could do with some additional features

Similar Posts

3 Comments

  1. I like the idea of the ESG510, and I really REALLY want to love it. But I’m having some issues configuring it and chat support is not helping. Anyone have an idea how to get someone from Engenius to help? In there webinars they keep saying how very important it is to them to provide help but that has definitely not been my experience.

    1. I will pass on your enquiry to my PR contact

      I assume you also commented on reddit? When you say “creating additional LAN interface and assign it to one of the 3 LAN ports” do you mean you will effectively have two LAN IP address ranges, so 192.168.0.X and 192.168.1.X?

      I will try it on my own network today and see if I have the same issues.

    2. I have not managed to test this myself yet, but my Engenius PR contact replied with an answer that I hope that helps

      I managed to get an answer for you 🙂

      When creating additional LANs and assigning them to the 3 LAN ports make sure the native LAN (the default “LAN”) is assigned to all 3 ports.

      This is necessary as the native LAN carries the management VLAN used to communicate with all 3 LAN ports.

      That said, all 3 ports can be assigned as separate LAN networks with their own individual IP address ranges.

      If you still struggle, he said he could get someone from Engenius to call either me or yourself.

Leave a Reply

Your email address will not be published. Required fields are marked *