Whilst Lightspeed itself was born in 1998, many long nights and weekends would take place and it wasn’t until 2000 that our first edge gateway – picoNet would become the first broadband router/firewall in the world. Over time, we would cede the broader small corporate market to router appliance manufacturers like Alcatel, and subsequently, Linksys and Asus and their ilk – as we moved on to solving the problems of large enterprises and Internet Service Providers (ISPs).
So, it is with great delight that we have produced a 25th Anniversary Edition to mark our return to the small corporate market. This is because the pandemic has reshaped the workplace, and the simple job of keeping the “bad guys” out of a single door (your office Internet connection) has been replaced by allowing only the few “good guys” to access your corporate data assets.
Our hardware is made to order – Just-in-Time manufacturing using industry leading Intel CPUs and NICs, and our software is 100% OpenSource ( Linux, nftables, iptables, squid, WireGuard etc for those of you in the business) for the best-of-breed security that can only come about when you have many pairs of eyes on the code, as compared to the Proprietary Source that is beloved of nearly all security manufacturers as they attempt for “Security by Obscurity”, which has never worked to begin with but is now painfully obvious with zero-day exploits of nearly all firewall manufacturers.
Feature Set
The key features you need to know about in EdgeONE/picoNet are as follows
1. Malware protection
Because post-pandemic workers are more often than not BYOD (Bring Your Own Device), the “workplace” LAN does not have the ability to enforce at the endpoint-device level what equipment, configurations, protection may be in play. As such, a single misconfigured endpoint can easily launch an attack against all other endpoints within the same network – all the problems of working in a public Wi-Fi like Starbucks remains true in all offices and co-working spaces.
picoNet includes advanced Malware Protection that blocks malicious domains comes from 19 threat feeds including (amongst others) IBM’s X-Force, Abuse.ch, Anti-Phishing Working Group (APWG), Cisco, F-Secure, Proofpoint, RiskIQ, and ThreatSTOP. This results in the best-in-class performance in terms of threat confidence (minimal false -ve or +ve). We block 97% of confirmed malware sites correctly before they reach the endpoint, which compares favorably to Cisco Umbrella which catches less than 3%, or Cloudflare Enterprise which blocks just 56%. Whilst this does not mean that solutions like Kaspersky Endpoint Protection Cloud (EPSC) are not needed (some things can only be detected at a per download level), it certainly makes your workplace LAN a lot more secure than a Starbucks or co-working space.
2. Highest quality, lowest cost
By using industry-standard parts, Lightspeed is able to partner with white box manufacturers – to produce the hardware at scale, and achieve economies of scale not possible even by the largest networking manufacturers in the world. For network expansion, we also curate the best-of-breed NICs from Intel (as opposed to cheaper, less stable chipsets from Broadcom/Realtek/Marvell, which are normally used in firewalls. The enterprise quality chips from Intel include hardware offloading and other tweaks allow full wire-speed, compared to other chipsets that deliver only a fraction of the rated throughput in real-life testing. If the other platform you are considering does not specify the NIC chipset, then it’s definitely not Intel.
3. Edge Virtualization Server, not just a firewall
Because Lightspeed uses only industry-leading server platforms, the box on the edge of your LAN is more than just a simple “router” – full virtualization support allows you to run and scale container workloads (most commonly PBX, and other network controllers like LDAP/Radius/DHCP/DNS). Intel and AMD server-class CPUs make gateways from Lightspeed around 100x faster than most retail firewalls.
4. UniFi Compatible Reporting
For all of you on the UniFi Wi-Fi controller, you’ll be happy to know that picoNet now generates XML reporting that conforms to UniFi controller standards. This means you can visualize your entire network from endpoints to access points to switches to the gateway on a single pane of glass without compromising on gateway performance. Our gateways can emulate anything in Unifi’s gateway range – from USG3 to XG-8, but with the performance starting at higher than an XG-8. For port configurations exceeding 8 ports (9 thru 16) – you can use native reporting instead to the monitoring system of your choice (Cacti etc).

5. Service Provider Validated Solutions
Unlike many SMB and Enterprise vendors, we originate our solutions in the Service Provider space. Our systems power ISPs throughout the ASEAN region, including but not limited to ViewQwest and Starhub in Singapore, Digitel (now part of PLDT) in the Philippines, and Cambodia Data Communication (CDC) in Cambodia (obviously). What you get are systems that are “battle-tested” in an unrelenting, unforgiving high-volume real-world environment, not stuff that only looks good in lab testing.
13. Full ISO27001 Support
From a governance standpoint, no other firewall has full support for version management of the actual configuration files – picoNet has full support for RCS, SCCS or even GitHub private repositories to be the single source of truth for your security configurations, plus have the proper multi-step process to propose, accept, validate, and then apply firewall rules so that a single entry-level firewall engineer can no longer accidentally (or purposely) bring the entire enterprise to a halt.
Special Co-Working Edition
In addition, we have a Co-Working edition that has the following additional features:
1. Virtual firewall per public IP
With picoNet, we virtualize the firewalls on a per publicly-addressable device. This is possible using techniques such as SNAT, DNAT, IP Aliasing, which combine to provide a virtual firewall per tenant IP (can also be applied to entire dedicated office when this is extended to include InterVLAN firewalls). Member devices can be configured directly with the public IP, eliminating the need for (and significant overhead associated with) one-to-one NAT (as is practiced by current Peplink and nearly all enterprise firewalls).
2. Bandwidth control per public IP
Because each location is likely to have n x 1Gbps (minimum of n=2), it is advantageous to adopt ISP style bandwidth selling.
Currently, we are able to subdivide into 10/100/1000 Mbps on the switch level, provided that the member equipment that is connected supports those options (most equipment newer than 2015 only supports 1Gbps). As such, we sell “reserved bandwidth” but have no way to actually provide, measure, or prove that the member gets the purchased bandwidth.
3. Rental of virtual firewalls
Because of picoNet’s virtualization architecture, we can support firewall “rental” for tenants who have their own ISP, wish to have a proper Enterprise-grade protection (don’t trust consumer-grade router/firewall combos) but due to short lease terms prevalent in co-working, prefer not to commit to paying $10,000+ for a “real” firewall,
5. InterVLAN firewall and VPN access
A common request amongst co-working tenants is the ability to access NAS and Printer in their own office securely. Currently, Intervlan routing is all or nothing. What can address the business need is to allow members on the co-working campus wifi and working from home to connect simply and securely to their in-office resources. PicoNet supports all popular VPN standards including IPSEC, OpenVPN and most recently Wireguard
Conclusion
Lightspeed produced the world’s first broadband corporate gateway in 1999 and has quietly revolutionized the Internet landscape in Singapore and the region by driving standards adoption across some of Asia’s most highly valued companies. With this 25th Anniversary Edition, we hope to bring the benefits of the Cloud to your office thru the use of Edge Virtualization.