Astaro Security Gateway 220
Strengths: Reporting and logging as good as we’ve seen. Very intuitive.
Weaknesses: Scalability could be better.
Verdict: Great option for perimeter security in organizations of most sizes.
Having just reviewed the Astaro Security Gateway 220 for an SME-focused group test (where it won Best Buy), we were a little surprised to see the box resubmitted for this enterprise test, but we are told the higher capacity boxes sport the same set of features: only throughput varies. The ASG 425, for example, supports 1 Gbps and 700,000 concurrent connections.
Load balancing is available, so traffic can be split between two servers sitting behind the device, but it wasn’t clear whether several devices could be linked together to scale up to enterprise needs.
The usual security measures are packed into the unit – a stateful inspection firewall, proxy server, VPN and intrusion detection – with AV, anti-spam, anti-spyware and content filtering extra options.
Astaro’s High Availability system could prove crucial for enterprise needs, as hardware failure is a common cause of security breach.
The firewall was simple to set up, with the console allowing you to establish as many rules as you wish. There are no default rules, they must all be created manually.
VPN configuration gives complete control over policies, keys and certificates and there are no limits on the number of connections or policies.
Authentication can be handled by several different standards and technologies, including Radius, Active Directory, Novell eDirectory LDAP, or SAM (Windows NT).
As for its reporting capabilities, Astaro has clearly spent a lot of time making sure this is as flexible and intuitive as possible.
Astaro does not eclipse these competitors in the same way the smaller unit stood out in the SME test, but the ASG products are an excellent range, with the much more powerful 425 well-suited to an enterprise environment.