EXCLUSIVE: Clearswift MIMEsweeper Web Appliance ENW10

When we looked at Clearswift's MIMEsweeper EN10 mail security appliance a couple of months ago we were very impressed with the level of features and the slick management interface it presented. The company has always offered web content filtering software as well and Clearswift now feels the time is right to deliver it as an appliance based solution.

The ENW10 sits at the top of a family of four appliances and is designed to handle up to 3,000 users. At this level the hardware specification needs to be good and Clearswift doesn't disappoint as it has a good partnership with Dell. Rather than using nondescript boxes of indeterminate origin as some vendors choose to do, the ENW10 is presented as a high quality PowerEdge 1950 which comes equipped with a fine specification.

For installation the ENW10 functions as a web proxy and drops straight into the network without any fuss. All you need to do is reconfigure your client's browsers to use the appliance as a proxy server and this can be done manually, via an AD group policy or using proxy auto-configuration scripts.

The biggest difference between the software and appliance based solutions is the former requires a Windows Server system to run from whereas for the latter it has been completely rewritten for the appliance and uses a hardened Linux kernel.

For URL filtering, Clearswift has not ported across its own software solution but has gone for a third-party product and customised it to slot in to the Linux OS. The MIMEsweeper for Web software has over 40 categories and Clearswift has taken the new service and modified its category list to match. For anti-virus duties, Clearswift has turned to Kasperksy again which is no surprise as it's a particularly powerful product. Aluria, which is now part of the EarthLink group, stands up to spyware and Clearswift has taken its SDK and embedded it in the OS.

When we looked at the MIMEsweeper for SMTP appliance we were impressed with the slick web management interface and it's good to see that Clearswift has used precisely the same design and concepts for the web filtering appliances where all functions have been separated out into different Centres making them very accessible. The appliance can start filtering web traffic straight away as a predefined active policy is created during the quick start phase but new policies are easy enough to create from the Policy Centre.

It uses the same simple three-phase concept for its filtering policies which employs combinations of content rules and routes. These tell the appliance what to look for, how any suspect content should be handled and who should be notified. Content rules determine what you want to look for in web traffic and what you want to manage such as blocking uploads and downloads of files above certain sizes, spyware 'call home' actions and viruses. Internet zones are where you define groupings of URLs and filtering categories and each one can contain multiple entries and a mix of both types.

Web Policy Routes bring it all together as these apply your filtering decisions to selected targets. A drawback is that integration with Active Directory is not supported so all policies can be assigned only to systems via Machine Lists which use IP addresses, ranges and hostname definitions. Policy scheduling is not yet supported either but Clearswift advised us that this and Active Directory integration will be implemented in the next release in March. Policies are used to filter out undesirable web content but at this level they are fairly simple as all they do is block traffic. However, delve a bit deeper as you'll see that policies can be extremely flexible and can be configured to look for a range of specific activities.