Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
We were pleased to see that this unit’s web GUI was one of the few being tested that defaults to a secure HTTPS connection. There is also a fully featured console available through serial connection, although it has a blank default password. That can be set, but a lot of users might forget, leaving their systems vulnerable.
The documentation was good, but hard to find. Instead of PDF manuals, we received a CD with documentation for a whole range of products, tied together through an HTML page. Almost inevitably we found errors in this, and had to trawl through the CD looking for the correct file.
The interface is elegant and does a good job of grouping items together, although we would have liked a little more linking between related tasks. Flashing red icons highlight items needing attention.
A set-up wizard started off, setting up a new admin password and configuring external interfaces and firewall rules for internal servers providing common services (SMTP, web, FTP, POP3), and a choice of security levels. We would have liked more information at this stage, rather than having to go digging in the documentation for what exactly "High" or "Medium" security might entail, but the basics are all clearly explained.
The unit does the standard tasks of traffic filtering and IPsec VPN, and has ICSA certification for both of these as well as its built-in anti-virus.
It also does content filtering, traffic shaping for bandwidth limiting and IPS, complete with creating custom signatures.
Some of the content filtering is offloaded on to a custom ASIC to speed up performance, although we did not stress the box enough to see a difference.
The filters include a lot of options to detect "grayware," including adware, Browser Helper Objects (BHOs) and more. These are disabled by default, and there is no whitelist facility to allow objects on a granular basis for, say, known good domains. But it is a useful addition that other units being tested did not provide.
High availability is an option, and the unit features redundant power supplies. We would like to see hot swappable RAID storage to complete the HA picture.
This is a fully-featured UTM offering that doesn’t skimp on the firewall and filtering features to do other, more glamorous tasks. It is pitched at the right price, with the right features to be attractive to many organizations.
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.