Strong web content security measures, but
it’s pricey and easily overtaxed
·
Price: $1,125
·
Supplier: www.esoft.com
The InstaGate 404s appliance from US
company eSoft targets the SoHo market and offers tough web security for
networks of up to 15 users. The base system provides an SPI firewall and VPN
support, while eSoft’s Web ThreatPak adds IPS, web content filtering, gateway
antivirus and anti-spyware, plus IM and P2P app controls.
It’s a compact appliance with four Fast
Ethernet ports providing WAN, dual-switched LAN and DMZ duties, and would seem
to be the ideal candidate for use in a small office. However, the 1GHz VIA C7
processor’s cooling fan is noisy: it will be hard to ignore in cramped
environments.
It’s
compact, but the noisy cooling fan is difficult to ignore
Installation is a smooth process: a wizard
helps with registration and the Web ThreatPak download and, once active, it
keeps all scanners and signatures updated automatically. The firewall has
predefined rules so you’re ready to go, but you can add your own if you want
more control over specific services.
Options are provided for creating site to site
IPsec VPNs with other InstaGates or client VPNs for mobile workers. For web
content filtering, you can swiftly set up HTTP scanning using the transparent
proxy mode. Policies can either be applied to all users or selectively to
networks defined by their IP address ranges.
Proxy authentication comes into play with
the user mode, where you can employ the Appliance’s local database or an Active
Directory server. Unlike most competing products, content filtering is carried
out locally and not in the cloud, so eSoft’s own URL database needs to be
downloaded to the appliance.
This didn’t take long and we were then able
to create blocking policies using any of the 17 URL categories and more than 50
sub-categories. You can leave policies permanently active or apply a schedule
so they’re active only on selected days and times.
Gateway antivirus is enabled with a single
click, and you can create lists of IP addresses that are exempt from scanning.
Antispyware is just as easy to activate, and for IPS you can add details of
specific servers you want protected, where the appliance will then create
custom profiles.
eSoft claims a firewall performance of
100Mbits/sec, although in reality, this is the throughput limit of the WAN
port. To test this, we hooked up the 404s to the lab’s Ixia XM2 chassis and its
Xcellon-Ultra NP load modules. The Ixia IxLoad app confirmed the firewall was
good for around 90Mbits/sec, which dropped only slightly with all UTM functions
activated. However, using the appliance’s web interface during testing had a
big impact on performance.
As we refreshed the Threat Monitor
interface, we saw IxLoad register a significant drop in performance, with
throughput falling as low as 10Mbits/sec for brief periods. With such a small
supported user base we don’t see this as a serious problem, but if you have bandwidth-hungry
users you’ll have to avoid using the web console where possible.
There’s no denying that the web content
security features of the InstaGate 404s are highly accomplished, but there are
serious issues. The noisy operation dampens its appeal for the smaller office,
and our tests show that it’s operating at the limits of its performance. The
price is the final stumbling block: stack it up against the WatchGuard XTM 25-W
and it really isn’t such good value for money.
|
Rating
·
Overall: 6/10
·
Performance: 6/10
·
Features & Design: 8/10
·
Value for money: 6/10
|
