TalkTalk Business router HG635

Can anyone explain why a 'business hub' can't cope with firewall rules to an internal IP address instead of a MAC address?

I have two external fixed IP addresses, yet have no idea on this router how to configure these and map them to internal servers, all there seems to be is port forwarding from a single external address.

Other issues are no DHCP relay, which is fine if you use the router for DHCP, but as a business user it's not exactly unheard of having DHCP on say a Windows server... Result is I had to turn off the router WiFi and use a separate access point.

No sign of SNMP either! All of which are what I would consider as basic requirements for a Business class router.

None of these things TalkTalk Business customer support would help with, basically they say it's not supported beyond the basic connection.

In reply to a post by ncudmore:

Other issues are no DHCP relay, which is fine if you use the router for DHCP, but as a business user it's not exactly unheard of having DHCP on say a Windows server... Result is I had to turn off the router WiFi and use a separate access point.

Isn't a DHCP relay only needed between subnets? Surely in a business environment you would have a proxy server or two to get through before the accessing the internet, and DHCP would he handled by you Windows AD servers (or similar).

Depends.

Over the years, I've seen very few 'small businesses' use proxy servers, a decent firewall would normally come first, but proxy servers are not that common in SMB places.

The 'lack' of DHCP relay, in this case is meaning that WiFi connections will often get the 'this network is not connected to the internet' or such like because it takes longer to pick up a DHCP address.

As a rule when setting up a small office SMB's I might make a /23 network and then give a whole 254 to DHCP and the others for fixed IP addresses - routers, switches, printers etc. or if there is a requirement for guest WiFi then that will have it's own range and own vlan, phones on their own vlan, printers on their own - so many ways of doing this, depending on size etc.

The other option might be say the HG635 providing the 'Guest WiFi' then a firewall then the 'inside private' network. But then the firewall is seen as a 'DMZ' device to the HG635, and you still have to setup port forwarding to the firewall from the outside, and you still don't have the ability to use more than one external IP address, yet TalkTalk will provide more than one.

And don't even get me started on the lack of VPN and vlan support....

The point I was trying to make was it's not exactly 'flexible enough', even for some home offices. They don't support it fully and they don't offer a 'better' option should you need it. I'm getting 'D�j� vu' here with the issues I had with another ISP, after BE was sold. There is a fine line between going down the cheaper ISP router as here or the overpriced BT Business option, and even then BT support is poor.

Yes you always have the option of putting 3rd party kit in, I am thinking of reverting to the old BT FTTC VDSL modem then Cisco ASA firewall, but I know the first time I have an issue then TalkTalk will point the finger at 'unsupported 3rd party hardware'.