Costs - Base product, £564; Email filtering, £182 per yr; Web filtering, £223 per yr (All prices inc. 17.5% VAT)
As with many other network security companies Astaro started life with a simple Linux based product that turned a donor system into a fully fledged firewall. Its Security Gateway software still provides these features and more and the latest v7 is now available in a range of preconfigured appliances. It doesn’t look particularly pretty but the Astaro Security Gateway 110 on review is a compact package and targets small businesses with up to ten users.
It’s worth noting that Astaro’s entire range of appliances all use precisely the same code so the 110 has the same feature set as the enterprise level ASG 525. The main differences are the amount of traffic the appliance can handle with the 110 restricted to 100Mbps of firewall throughput. And security features aplenty there are as the 110 offers standard a NAT/SPI firewall augmented with web and email anti-virus scanning, web content filtering, anti-spam services and intrusion detection and prevention. Under the bonnet you have a simple 667MHz VIA processor, 512MB of memory and an internal 40GB hard disk for quarantining emails. You get three Fast Ethernet network ports at the rear although the target market is likely to be using a simple LAN and WAN setup.
On first contact with the appliance’s secure web interface you are guided through a simple startup process and once you’ve accepted the license agreement you’re then transported to a quick start wizard which helps with initial appliance setup. The web interface is well designed and v7 offers a new dashboard showing the status of each security component along with appliance resource usage graphs and a quick glance threat status chart. There’s plenty of work ahead as the only interface defined by default is the internal port and you’ll need to create a DHCP server entry, provide an address range and assign it to this port. You’ll also need to define your WAN port and you have a choice of types including DHCP, PPPoE and PPPoA.
The appliance defaults to blocking all web traffic which means you need to get handy with packet filtering rules if you want to open up access to specific services. However, we would recommend getting your network and service objects defined first as these are made available to all other security functions making it much easier to create rules. Packet filters determine what traffic is allowed to pass between different networks and multiple rules are applied strictly in the order they appear in the filter table.