Verdict

”’Costs – Base product, £564; Email filtering, £182 per yr; Web filtering, £223 per yr (All prices inc. 17.5% VAT)”’

As with many other network security companies Astaro started life with a simple Linux based product that turned a donor system into a fully fledged firewall. Its Security Gateway software still provides these features and more and the latest v7 is now available in a range of preconfigured appliances. It doesn’t look particularly pretty but the Astaro Security Gateway 110 on review is a compact package and targets small businesses with up to ten users.

It’s worth noting that Astaro’s entire range of appliances all use precisely the same code so the 110 has the same feature set as the enterprise level ASG 525. The main differences are the amount of traffic the appliance can handle with the 110 restricted to 100Mbps of firewall throughput. And security features aplenty there are as the 110 offers standard a NAT/SPI firewall augmented with web and email anti-virus scanning, web content filtering, anti-spam services and intrusion detection and prevention. Under the bonnet you have a simple 667MHz VIA processor, 512MB of memory and an internal 40GB hard disk for quarantining emails. You get three Fast Ethernet network ports at the rear although the target market is likely to be using a simple LAN and WAN setup.

On first contact with the appliance’s secure web interface you are guided through a simple startup process and once you’ve accepted the license agreement you’re then transported to a quick start wizard which helps with initial appliance setup. The web interface is well designed and v7 offers a new dashboard showing the status of each security component along with appliance resource usage graphs and a quick glance threat status chart. There’s plenty of work ahead as the only interface defined by default is the internal port and you’ll need to create a DHCP server entry, provide an address range and assign it to this port. You’ll also need to define your WAN port and you have a choice of types including DHCP, PPPoE and PPPoA.

The appliance defaults to blocking all web traffic which means you need to get handy with packet filtering rules if you want to open up access to specific services. However, we would recommend getting your network and service objects defined first as these are made available to all other security functions making it much easier to create rules. Packet filters determine what traffic is allowed to pass between different networks and multiple rules are applied strictly in the order they appear in the filter table.

The ASG 110 uses proxies for web, FTP, SMTP and POP3 and each need to be activated first and applied to network objects. The HTTP proxy only takes a few seconds to set up and we simply pulled up the list of definitions we created earlier, dragged our internal network definition across and dropped them into the proxy’s allowed networks box. You’ll need to point your client’s browsers to the appliance’s proxy address and port 8080 as well. The HTTP proxy does offer a transparent mode, which avoids the need for this but, as we found out all too quickly, only supports HTTP and not FTP or HTTPS requests.

The SMTP and POP3 proxies are also easy enough to set up with the former requiring details of your email domains and internal mail servers. From the web proxy page you can activate anti-virus scanning and the appliance uses a two-pronged attack with the open source ClamAV and less well known Authentium products on the case. The same applies to the SMTP and POP3 proxies and you can also activate anti-spam services for each one. These use a barrage of defences to spot spam and score messages appropriately. You can quarantine them on the internal hard disk to be viewed, released or deleted and creating extra users allows this task to be delegated.

Web content filtering is accessed from the HTTP proxy page where you have eighteen categories to pick and choose from. This doesn’t sound much but each one has as many as seven sub-categories which will cover most requirements. During testing we found the content filters worked well and so they should as the URL black list database used by Astaro is one of the largest currently available.

There’s so much more on offer as the appliance can identify popular IM and P2P applications and block them completely or stop them transferring files, it can identify and route VoIP traffic for both the SIP and H.323 protocols, manage basic SSL-VPN connections for remote workers and use QoS to assign priorities to different services to ensure available bandwidth is used efficiently. Reporting is also good as ASL can generate masses of graphs on a range of traffic data along with comprehensive logs and executive reports.

”’Verdict”’

During testing we found the ASG 110 performed well and we were extremely impressed with the level of features on offer. It is undoubtedly a powerful security solution that looks good value although we felt that small businesses with up to ten users are likely to have limited technical know-how may and may find the appliance difficult to configure.

Astaro’s web interface is well designed and the new dashboard in v7 provides a heap of information.


The appliance maintains extensive log files for every area of operation and each feature.


The spam quarantine area can be accessed from the web interface and selected messages viewed, released or deleted.


Extensive web content filtering categories are provided and clients receive a warning if they transgress.


Plenty of reporting tools are provided along with graphs on all traffic related activity through the appliance.

Trusted Score