VASCO Data Security aXsGUARD Gatekeeper v7.6.4
Strengths: Nice authentication platform; user level policy management concept.
Weaknesses: Limited security functionality past authentication; interface is not easy to use; appliance requires reboot on most changes.
Verdict: Concept is good, but needs a few more features and a more friendly user interface.
SummaryThe Vasco aXsGUARD Gatekeeper v7.6.4 is an authentication appliance intended for small and midsized enterprises. In addition to strong authentication, the aXsGUARD Gatekeeper has the potential to manage more of an enterprise's internet security needs. Its modular design means that additional software options can be purchased at any time, and specific features can be enabled or disabled as required, including content scanning for email and web access and virtual private network (VPN) management. Users can connect using strong authentication, or with a client, such as point-to-point tunneling protocol (PPTP), internet protocol security (IPsec), Layer 2 tunneling protocol (L2TP) or secure sockets layer (SSL), along with other connection options, such as web portal or reverse proxy.
The initial setup was done through connecting a PC via a crossover cable to the appliance. One has to first login and create a new administrative user and then log out and back in again with that new user. We then set up the local area network (LAN) and wide area network (WAN) ports to our test network specifications. Once we had the base configuration complete, we were able to browse to the appliance and log into the user interface for configuration and management activities. The user interface (UI) was not the easiest we have used, as we find a lot of the programming to be cumbersome. Additionally, we did not like the fact that simple changes required a reboot of the appliance. With the combination of the UI and the required reboots, it took us some time to get the system into a useful state. There were some examples available for setting up users and policies.
The product is geared to manage security from the authenticated users' perspective. Everything is seen from the view of the end-user, so all surf and mail policies are preferred to be determined on a user base rather than machine (IP) base. Depending on user rights, admins can allow users to surf within time restrictions, blocking or allowing specific sites based on URL or content. For email, multiple defense systems - like blacklists, graylists, two anti-virus engines, anti-phishing and anti-spyware engines - are in place. Basic firewall and intrusion prevention system (IPS) features are provided along with the virtual private network (VPN) support, directory service integration (including RADIUS) for importing users and groups, and strong authentication through the built in VACMAN controller. We were also provided the optional content scanning that adds features, such as email anti-virus and anti-spam, user-based rule creation and web monitoring.
The documentation is complete and definitely helped us through the setup and configuration. Eight-hours-a-day/five-days-a-week support for the first year is included in the purchase price, with renewal options at $175 per year. Scanning licenses are $25 per year per user. 24/7, VIP support and pay per incident are all available options for purchase. The price point is very attractive and the authentication-driven approach is a good one. However, one will need some patience to get this device set up. - ML