Based on a Toshiba Magnia SG20 solution developer kit, this unit runs a special version of Linux created by Astaro. It includes a firewall, VPN, DHCP server, traffic management and content filter. The latter includes web blocking and anti-spam.
The firewall uses stateful packet inspection and includes proxies for HTTP, HTTPS, SMTP, POP3, DNS, IDENT and SOCKS. It has user authentication and offers protection from the most common forms of DoS attacks. Of course, it provides network address translation. In addition it detects port scanning.
The IPsec VPN offers a wide choice of encryption algorithms: triple-DES, AES, Blowfish, Twofish, Serpent, MD5, SHA1 and SHA2. To support the VPN there is PKI management of X.509 certificates. Alternatively, you can enable the PPTP VPN, which uses up to 128-bit MPPE encryption.
Content control includes the filtering of dangerous web content, such as ActiveX, cookies and other web-based malware, plus a spam-protection toolkit, which includes the ability to accept or reject attachments based on file extension, for example. You can set up user-definable search strings to reject offending HTTP, SMTP and POP3 traffic, whether spam or merely inappropriate content. The anti-spam supports the use of heuristics as well as published real-time blackhole lists and can reject, delete or quarantine suspect messages. There is a daily updated URL-blocking list for http and hourly updated virus signatures for scanning SMTP traffic using the optional Kaspersky anti-virus engine.
The traffic management facility provides load balancing QoS using the hierarchical token bucket system and you can prioritize traffic by network, service, and protocol. The load balancing feature can spread the load across multiple web servers using a 'round robin' queuing system.
Remote management is possible using a 128-bit encrypted web-browser-based interface. Using this graphical WebAdmin utility, set up and configuration is easy. Reporting is also very good with some useful graphical output.
The Toshiba Magnia SG20 appliance hardware is small, neat and stylish. It has a small LCD status display on the front panel and a button to scroll through the menus. The back panel is uncluttered with an Ethernet WAN port, a seven-port switch for connecting the internal network devices, a wireless LAN slot for a WLAN PC-card and a printer port.