Astaro Security Gateway
Strengths: Plenty of features packed around a solid firewall core.
Weaknesses: Very little log management capability.
Verdict: A very strong all-around performer.
The ASG 425 is at the top end of Astaro’s 1U appliance range, with several smaller versions and two larger options available. The unit offers eight ports, but just one is active by default and is used for the internal segment (and web management). The rest must be specifically enabled and configured, which is our preferred default configuration: everything blocked by default.
Connecting to the internal port, the web GUI got us up and running without any hitches. The GUI works fine, and the dummy SSL certificate installed in the box is easy to change. Doing so caused a bit of confusion in the interface, with the existing admin session becoming stale and reconnection then requiring the stale session to be terminated as only one active login per user is allowed. This sometimes caused some problems with page refreshes, too.
Every page in the interface provides context help, and the appliance provides an electronic version of the manual with search capabilities and a PDF version.
Documentation is very good, with a well-written explanation of deployment scenarios, likely uses and other useful pointers, rather than the walkthrough of the interface most vendors provide.
The unit’s services all worked flawlessly. Kaspersky and ClamAV anti-virus engines are provided, with Sensory Networks hardware acceleration technology. Failover is easy to configure, and we liked the ability to password-protect configuration backups.
IDP (Snort) is included, and new rules can be added easily. Rate limiting and portscan detection all worked well: clients conducting scans can be automatically blacklisted.
The vast majority of protective features are all off by default, which surprised us a little.
Setting up internal servers was a precise, but clunky process of adding host definitions, NAT rules and filter rules. More of this could be automated, but the end result worked exactly as expected.
A set of canned reports offers detailed data on the running status of the unit and an executive summary of main events. These can be retrieved in the GUI or regularly mailed out, but more detailed log browsing is limited.
Multiple appliances can be managed through the Astaro Command Center software, which is a free download.
This is a nicely integrated box with all the features we expected, plus some surprises, like support for UPS notification via USB. This is a good firewall package.