NetASQ U6000 UTM appliance

For IPS, the appliance uses lists of contextual signatures which are provided to protect against attacks including SQL injections and cross site scripting. For each signature you can opt to block or allow traffic, sent out email notifications and place offending hosts in a quarantine area for a specific time period in minutes. Up to four profiles can also be used to customise the ASQ engine’s behaviour for different types of traffic.

Dedicated plug-ins are used for protocol analysis where packets are checked for conformity and these function at the kernel level to further improve performance. All the plug-ins are enabled by default and are set to auto-attach to traffic as determined by the engine’s protocol detection. Policies bring firewall and IPS functions together and are available for traffic filtering, NAT, enforcing implicit rules and applying QoS.

You can create up to ten separate rules with different configurations and use schedules to decide when each one is active. Traffic filter policies are easy enough to create as you pick your interfaces, choose a protocol, assign source and destination objects and select an action.

Anti-spam services are handled by the Vade Retro engine which uses DNS blacklist analysis and heuristic analysis plus domain blacklist and whitelist filtering. To test this we hooked the appliance up in the lab and left it to filter live email for over a week with the clients dropping tagged messages into a separate folder. At the end of the test the U6000 delivers a high spam detection rate of 93 per cent with a low one per cent rate for false positives.

For web content filtering you get NetASQ’s own URL lists as standard but in the review unit we had the optional Optenet upgrade. Performance was also impressive as we configured a rule to block access to all gambling sites, Googled for online bingo sites and watched the appliance only allow access to three sites out of 100 visited.

The RealTime Monitor tool provides a handy dashboard overview of the appliance and its status plus plenty of information about network activity, filtering policies, interfaces and users. The Event Reporter will also prove useful as it offers detailed reports on all areas of operations including services, filtering proxies and IPS plug-ins and the results can be exported to text, CSV, XML and HTML formats.

The U6000 looks a good all-in-one security solution and during testing we found it easy to deploy and manage and capable of delivering high out of the box scores for anti-spam and web content filtering. The hardware platform offers a reasonable specification with plenty of options for network port expansion although HTTPS filtering needs to be supported to make it a complete enterprise security package.