Astaro Security Linux

We looked at version 3.0 of this product in the virtual private network Group Test last year, and it is good to see it being evaluated as a firewall this time around. Astaro might not be a familiar name to most people, but it deserves to be if it continues to produce products such as this.

The application runs on a standalone, hardened version of Linux, making it suitable for most platforms. It is a stateful inspection firewall, but its true strength comes from the sheer number of security features that come as standard - far more than you would expect for a product that is so inexpensive. Indeed, the home version - which is a slightly cut-down application - is actually free.

It offers a wide range of application proxies, such as HTTP, HTTPS, SMTP and POP3, as well as network address translation (NAT), but these are to be expected. What is not to be expected are features such as load-balancing, which is usually the province of much more expensive applications.

Although suited more for the SME market - and does not therefore provide the heavy duty load-balancing provided by StoneGate, for example - it is perfectly sufficient for a medium-sized network.

It works by spreading traffic across multiple web servers in a 'round robin' approach. There is also a degree of traffic shaping, whereby you can prioritize traffic depending on the protocol, service or network sending or receiving. The hierarchical token bucket facility - part of later Linux distributions - allows a degree of QoS management as well.

The application is also a fully-featured VPN, providing a number of authentication protocols such as RADIUS and LDAP, as well as 128-bit encryption. It also provides content filtering. You can filter out ActiveX components, spam, and, optionally, take advantage of Astaro's daily-updated white/black list facility for URLs. There is also the option of the Kaspersky virus scanner.

Installation is easy, and management can be performed remotely through an encrypted WebAdmin console. And if you need it, the user's guide is extremely simple to understand, from the basics right up to the more complex configurations that the product supports. There is also some superb graphical reporting available for both hardware and network performance.

Once again, words almost fail us where this product is concerned. With more features than you can shake a stick at, at a price point that is almost ridiculously low - this is a real winner.

Product title
Astaro Security Linux
Product info
Name: Astaro Security Linux (Firewall group test) Description: Price: $1,495 (100 IPs or nodes)
An astonishingly rich set of security features.
For the price - nothing.
A firewall, content filter and VPN all in one, Astaro Security Linux is an absolute gem.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.