High-capacity WAN links are far too expensive a commodity for companies to waste, so some form of traffic analysis and management is needed to get the best value out of them. The PacketLogic PL2 appliance from Swedish company NetIntact looks to have all the angles covered as it offers a range of features highly suited to enterprises and ISPs. The appliance takes a modular approach, so you can start off with the base unit running network surveillance and then add traffic shaping, statistics and firewalling as and when required.

The appliance implements a standard SPI firewall but a fundamental feature of PacketLogic is its Layer 7 inspection capabilities that allow it to identify traffic based on content. Basic firewalls have real trouble identifying suspect traffic such as games, chat, file-sharing and video streaming, because these sorts of applications use the common HTTP port 80.

The PacketLogic had no problem here: it identifies traffic based on the application, so can easily spot this and block it to stop WAN resources being frittered away.

This slim-line 1U appliance packs a good specification build around a Tyan motherboard sporting a pair of 2.8GHz Xeon processors and 1GB of memory. Historical data is stored on a 36GB Ultra320 SCSI hard disk, while LAN and WAN ports come courtesy of a dual-port Gigabit Ethernet card.

The price for the reviewed system includes all modules activated and a license for 128 IP addresses. However, NetIntact has just started to focus on smaller businesses as well and is now offering versions with 4Mbps and 10Mbps network connections, costing $8,477 and $13,446 respectively and licensed for unlimited users.

The appliance functions as a transparent gateway and we had no problem installing it in between our LAN and internet gateway. Good administrative security is provided, because the appliance can only be accessed via a separate network port on the front panel.

NetIntact opted to avoid web browser access simply because Java-based applications are too slow to allow real-time traffic statistics to be gathered. Instead, you get a PacketLogic client utility that implements a secure remote connection to the appliance by enforcing 256-bit encryption.

Network surveillance delivers a wealth of in-depth information and, once you have created objects for all local networks, you can view bandwidth usage by local host, application, and VLAN.

Selecting an entry allows you to delve deeper and see each host's client and server connections. For example, if a user is downloading a file, you can bring up the client and server IP addresses, see the hostnames, ports and services and a table below shows traffic statistics, the direction of the link, the URL and even the name of the file being downloaded. It also provides extensive alerting, allowing you to receive warnings when, say, a host or server is generating too much traffic or a connection has been made to a specific IP address.

The statistics module allows you to interrogate historical data stored on the appliance. It can create detailed graphs on areas such as bandwidth usage by application or the top-ten talkers and show traffic patterns over a period of time. The only drawback is the limited export functions; you can only print the report out or convert it to PDF.

The trickiest part of installation is getting your head around the concept of "objects," "items," and "rules," terms that are used extensively to control and shape traffic and implement security measures. Top-level objects describe networks, ports, services, traffic shaping and even time intervals.

To describe a network, you create an object from the client utility's editor. This can be a single IP address, a range or an entire network. Below this you can add address-exclusion items. Objects are also used to define services, but this is a simple task because NetIntact provides a huge list of predefined services. Traffic-shaping objects are just as easy to create, as you merely enter parameters to define available bandwidth.

Creating a rule to control a service requires you to select the network object that it is to be applied to, associating a service object, and then deciding whether you want to accept, reject, redirect or just drop the packets. Users will not get any warning that they are violating these rules, because the appliance is designed to be completely transparent and users won't know it even exists.

Traffic-shaping rules are just as easy to create because, once again, you select a network object, associate a predefined shaping object to it and use rules to control the flow. Rules can also ensure traffic shaping doesn't waste available bandwidth because they can borrow bandwidth from another shaping rule if it is not being used. You can also schedule rules to be active only during specific periods by creating a time object and associating it with a rule.

Traffic management appliances represent a large investment, but the PacketLogic is competitively priced. The rule concept initially looks complex but, once you have had some practice, they are actually quite easy to create, and provide a powerful method of controlling and managing your WAN assets effectively.