Astaro's Gateway Security Line Packs a Punch

Thursday Oct 19th 2006 by Charlie Schluting

With true anomaly detection and deep functionality, Astaro's Gateway Security products aren't just feature-full ... they're useful.

Ever been frustrated with the myriad of security appliances the sales droids throw at you? With Astaro's Security Gateway products, you can have a capable all-in-one solution, which actually addresses the security needs of your business.

The problem with virus and spyware detection these days is that much of it is signature-based. If a new (zero-day) virus arrives, very few products can detect it. The same goes for network-based attacks, including worms and botnets. We've seen a rash of products that either block all IRC traffic, or completely misdetect botnets. More recently, people have begun implementing DNS-based countermeasures as a means to break bot communication. This too, is highly dependent on using a priori knowledge about "who is known-evil" instead of detecting the evilness. When a product combines true anomaly detection with enough features to replace tons of other devices on your network as well, we feel that product deserves some mention.

The Security Gateway products from Astaro sit between you and your Internet connection, providing firewall capabilities for just about everything. They can replace spam and virus filtering on your mail servers, act as Web proxies, and even provide router functionalities, like traffic shaping and stateful filtering.

On the e-mail front, the Security Gateways are particularly useful. The hardware appliances are capable of scanning all incoming and outgoing mail for viruses, spam and even phishing attempts, if e-mail has been configured to relay through the device. Keeping up on virus and spam detection software updates can be a very time-consuming job, but the Security Gateway makes the task nearly seamless.

For network security, the Astaro software provides pretty much everything you need. Stateful filters, traffic shaping, VoIP, and redundant uplinks, all while speaking the same language as your other routers, as it supports dynamic routing protocols. The Gateway products even include a VPN server, and the ability to authenticate to nearly every service in existence, including: Active Directory, LDAP, and radius.

Then come the more advanced monitoring and defense capabilities of these devices. As previously mentioned, being able to detect new threats is difficult, and only possible by monitoring network traffic and understanding worm-like behavior. Gateway Security claims to detect anomalous activity, prevent intrusions, prevent DoS attacks, as well as "preventing" worms and botnets.

The Gateway Security software also provides Web security, i.e. Windows security. It can detect incoming and outgoing spyware, and also serve as a content-filtering proxy. The proxy features go far beyond just plain HTTP, including the ability to proxy VoIP, DNS, mail, and of course, it can act as a SOCKS proxy server too.

Businesses looking for a feature-full router that provides stateful inspection, content filtering and VPN access will be pleased with the features available in Astaro's Gateway products. Combine that important feature set with a Web proxy, e-mail gateway, and anomaly detection system, and you've got a winner.

The Astaro Gateway Security product is actually available as a software package by itself, and is also available in a ready-to-use hardware appliance.

The appliances come in seven flavors, ranging from small devices with three 10/100 interfaces, to the high-end with 10 Gigabit interfaces and one 10Gb interface. The Gateway 110 model limits its usage to 10 users, but all the others allow unlimited usage. The claimed throughput for firewall performance ranges from 100Mb/s to 3Gb/s on the 525 models, while the VPN throughput ranges from 30Mb/s to 400Mb/s. We'll get back to that in a second.

Each model offers increasing levels of memory, hard drive space and network interfaces. The high-end models provide two 120GB hot-swap drives, with hardware RAID. The 525F model provides SFP ports as well, making integration with your existing infrastructure quite easy.

At first, we read that the 525F was supposed to handle 3Gb/s of traffic, and we were excited. That is, until we discovered that these appliances were essentially a PC in a box. The high-end 525 models utilize a slow Pentium 4 (3.4GHz, but the troubled P4 line). They claim that it can forward 3 Gb/s via its 10Gb interface, which is quite unlikely. We're willing to grant Astaro that statistic, though one thing is certain: If you handle anything over a few hundred Mb/s, the Astaro products aren't for you. Yes the statistics say the firewall portion can put through that much data, but that also means the rest of the features will likely be unusable.

The Enterprise products appear to just add network interfaces, memory, and slightly faster CPUs. The appliances do allow for redundant configurations, but when you step above the "branch office" level, it's very unlikely that making everything depend on this box will be an acceptable solution. E-mail, VPN, and network security are all processor-intensive applications that should be distributed in high demand environments. The issue of using software-based routers was recently discussed in our article "Branch Office Routers: Build or Buy?"

We were disappointed to discover these were just PC hardware underneath, because the actual software appears to be impressive. Regardless, they're probably well suited for up to 45Mb/s of traffic when using all the features available, which certainly covers branch offices. Their apparent ease of use, and rich feature list make the Astaro Security Gateways an exciting product.

Mobile Site | Full Site
Copyright 2017 © QuinStreet Inc. All Rights Reserved