Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
The ASG 425 is at the top end of Astaro’s 1U appliance range, with several smaller versions and two larger options available. The unit offers eight ports, but just one is active by default and is used for the internal segment (and web management). The rest must be specifically enabled and configured, which is our preferred default configuration: everything blocked by default.
Connecting to the internal port, the web GUI got us up and running without any hitches. The GUI works fine, and the dummy SSL certificate installed in the box is easy to change. Doing so caused a bit of confusion in the interface, with the existing admin session becoming stale and reconnection then requiring the stale session to be terminated as only one active login per user is allowed. This sometimes caused some problems with page refreshes, too.
Every page in the interface provides context help, and the appliance provides an electronic version of the manual with search capabilities and a PDF version.
Documentation is very good, with a well-written explanation of deployment scenarios, likely uses and other useful pointers, rather than the walkthrough of the interface most vendors provide.
The unit’s services all worked flawlessly. Kaspersky and ClamAV anti-virus engines are provided, with Sensory Networks hardware acceleration technology. Failover is easy to configure, and we liked the ability to password-protect configuration backups.
IDP (Snort) is included, and new rules can be added easily. Rate limiting and portscan detection all worked well: clients conducting scans can be automatically blacklisted.
The vast majority of protective features are all off by default, which surprised us a little.
Setting up internal servers was a precise, but clunky process of adding host definitions, NAT rules and filter rules. More of this could be automated, but the end result worked exactly as expected.
A set of canned reports offers detailed data on the running status of the unit and an executive summary of main events. These can be retrieved in the GUI or regularly mailed out, but more detailed log browsing is limited.
Multiple appliances can be managed through the Astaro Command Center software, which is a free download.
This is a nicely integrated box with all the features we expected, plus some surprises, like support for UPS notification via USB. This is a good firewall package.
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.