Astaro Security Gateway v8
Strengths: Great features for small remote office secure configurations with a certificate manager on the appliance.
Weaknesses: The user interface was a bit hard to get through. VPN reporting was lacking.
Verdict: This is a nice overall product. It provides all the options needed for delivering IPsec VPN.
SummaryAstaro Security Gateway v8 provides a full unified threat management perimeter solution on the platform of one's choice. The available offerings include a hardware appliance, software or as a virtual appliance. All deployment methods feature the same functionality and management interface and they can be deployed in multiple/mixed configurations.
We tested the hardware appliance and the Astaro Secure Client to build a tunnel between the Astaro gateway and our test systems. The IPsec VPN connections on this security system always use the tunnel mode. Since this appliance acts as a gateway, we did not find this to be a limitation. Support for both MD5 and SHA-1 hashing is supported. 3DES and AES (128, 192, 256 bits) encryption is supported. We tested with the Astaro Secure Client, which came with an integrated desktop firewall. Astaro also supports the Cisco IPsec client. The gateway also supported NAT Traversal technology for connections between hosts that contain NAT devices.
Configuration of the VPN tunnels was done through a tabbed-based, web page-style user interface. The connections were easy to define. Once set, policy needed to be configured -- each IPsec connection needs an IPsec policy. A policies tab let us customize parameters for IPsec connections and unite them into a policy. An IPsec policy defines IKE (Internet Key Exchange) and IPsec proposal parameters of the IPsec connection.
The ?one click? client configuration option was a nice feature for quickly deploying and automatically installing Astaro Secure Client software, config files and keys and certificates. Using this feature, one could have remote users download and install the client with a single mouse click. We also liked the RED (remote Ethernet device) management feature that made remote deployment easy while providing a secure connection back to the local LAN, allowing the remote systems to work as if they were local.
Logging was supported through a separate syslog server. Reporting in general was pretty good for the other security features, we did not find a lot of reporting available for the VPN portion. The price for the Astaro IPsec Client is $90 (single) or $80 (pack of 10). The ASG 220 hardware appliance, plus a base license for unlimited users, is $1,275. A subscription with standard support for one year for the ASG 220 Network Security is $795. Support options are available for a fee.