EXCLUSIVE: Astaro Security Gateway 120 Appliance

Astaro's latest family of security appliances bring together an impressive range of features that look to offer a complete umbrella of protection to small businesses and enterprises alike. They all use the same preinstalled Security Gateway Linux based software so you just choose the hardware platform that best suits the amount of traffic you expect it to handle.

In this exclusive review we take a look at the diminutive ASG 120 appliance which is aimed at small offices and its unrestricted user license means it should be able to cover quite a few bases. Astaro's choice of hardware platform for the ASG 120 isn't visually inspiring but it is built like a tank. The 667MHz VIA processor is a reasonable choice but as we found during testing the 512MB of memory really could do with being boosted to 1GB as usage rarely went below 65 per cent even with only few clients using it.

The latest v7 brings in a range of new features which include an improved management interface, support for SSL-VPN remote access, email encryption and high availability options. Ever after a brief glance it's clear the ASG 120 is offering as lot more as along with a standard NAT/SPI firewall you get optional web and email anti-virus scanning, anti-spam, web content filtering, intrusion detection and prevention and even the ability to control IM and P2P apps.

Access security is extensive as the appliance maintains a local user and group database but can also integrate with Active Directory, RADIUS and LDAP servers and even Novell's eDirectory. Password complexity for local users can also be configured to stiffen up security even further. To manage web traffic the appliance employs HTTP and FTP proxies which we found easy enough to configure. The HTTP proxy operates in a range of modes but have a care if you choose the transparent method. Whilst this doesn't require you to configure your client's browser connection settings it only supports HTTP over port 80 and won't work with FTP or HTTPS.

General installation is fairly straightforward as the new web interface offers a couple of quick start wizards to help you get going. The LAN interface is automatically configured but we did need to assign a DHCP server and address range to it first. Next came the WAN port and you can pick either of the spare ports and use a variety of connection methods. We opted for a simple intelligent ADSL modem which provided DHCP services to the appliance's WAN port but you can opt for PPPoE or PPPoA as well.

To make general configuration easier it's worth spending some time creating network and service objects. These definitions can be used in a range of functions such as packet filtering rules and proxies and are simply dragged from the side bar to the relevant setting. The new web interface certainly looks good as the home page opens with the new dashboard feature which provides information on the status of hardware resources such as memory and CPU utilisation, a rundown on detected threats and lists of spam and viruses that have been picked up and dealt with.

Whilst it is commendable, the fact that the appliance defaults to blocking all web traffic means you need to create packet filtering rules for access to certain services. However, with your definitions to hand these won't take long and Astaro does provide a pile of predefined services ready for use. Packet filters are applied strictly in the order they appear in the filter table and can be moved up and down the table. A live log shows in real-time what your filters are doing and a colour coded system makes it easy to see what is being dropped, blocked and allowed.