Refine search for Networking

  Leave a comment      Email TrustedReviews Newsletters

So far, so good but we found further configuration wasn't helped by the indifferent documentation requiring us to avail ourselves of Clavister's helpful technical support. The appliance is locked down tight by default and you need to get Internet access up to register it and activate any options purchased. This is a lengthy process that required us to create separate objects for the IP addresses of the LAN and WAN ports along with routes, a DHCP address pool plus a DHCP server and bind them all together. We then needed to create a firewall rule that allowed outbound access, assign it to a service object and give it a priority. For further fine tuning you can create multiple rules for source and destination network objects that determine whether service specific traffic is blocked or allowed.

Web content filtering requires a new HTTP ALG associated with a service, a port and a new firewall rule. With this is action you can now block ActiveX objects, Java apps and cookies, choose from over thirty content categories to block and apply black and white URL lists. For content filtering, performance could be better. We tested this by visiting a range of games sites and were only blocked from seventy per cent of them. Virus scanning is activated in the ALG and lists of file type exceptions added to it. Email scanning features are the weakest link as the SMTP ALG only allows you to implement virus scanning and restrict the number of messages being passed each minute. You can also block attachment file types but there's no option to block by file size. POP3 support and anti-spam are conspicuous by their absence but these should be available in a month or so.

Standard features are extensive as the appliance can implement user authentication with its local database or integrate with external systems such as RADIUS servers. Traffic shaping lets you implement quality of service policies where rules are assigned to pipes to control the amount of bandwidth certain services are allowed to use. There's an FTP ALG included and load balancing enables the appliance to distribute traffic across multiple servers on the LAN and monitor their health using ping and TCP connection tests. You can keep track of all firewall configuration changes and active configurations must be checked out by an administrator before they can be modified.

Verdict

This diminutive appliance delivers the same level of security features as Clavister's enterprise level products making it remarkably powerful. However, we wouldn't recommend it as a standalone solution for small businesses as the management facilities are clearly best suited to handling deployments across multiple remote offices.

Add your comment