EXCLUSIVE: Opteq i.Q. OP1400
There's certainly no shortage of network traffic management solutions currently available but Opteq's i.Q. steps off the beaten path as it delivers a range of features that makes it quite unusual. In this exclusive review we take a look at the OP1400 which represents the entry-point of this family of nine appliance-based solutions.
Opteq offers enterprise level traffic analysis and packet capture capabilities plus network bandwidth management but augments these with a wealth of other functions including web caching, anti-spam and anti-virus measures along with a number of firewall options. The smart bit is that you can pick and choose which components you fancy so you're not tied in to buying a base configuration with features you may not want. If you only require web caching then you just purchase that component but you can mix and match any other of the modules as well.
At the OP1400's foundation lies a basic Supermicro combo of 1U low profile chassis and motherboard but there's enough grunt here to handle up 150Mbps of network traffic. For testing we dropped the appliance in between our LAN and WAN and configured it to operate in bridging mode. The main web interface is well designed and intuitive and opens with a row of chunky icons providing quick access to each installed module.
The appliances all come with the Singular i.Q. module which provides a web interface from where you can access and manage all installed components from a single screen. This includes a User Administration module where you decide who has administrative access to the appliance and a System Tools module which provides options for configuring bridging and gateway functions, SNMP and license management. Along with these you get Report i.Q. which offers a centralized location with full access to each individual module's reporting facilities.
The Real Time i.Q. module handles all traffic analysis and packet capture and the LAN Monitor provides a rundown on the top hosts and a full summary of all network traffic broken down into graphs and tables showing distributions of packet sizes and protocols plus a handy view of the amount of traffic each TCP and UDP port is generating. Entries have options to drill down deeper for more information where you can even see what traffic each host was generating on an hourly basis. Packet capture can be started manually where you pick the interface, the number of packets and a capture file name. Usefully, you can filter by host, address range, protocol, port, VLAN and even ToS and capture in one or both directions as well. Hosts on the WAN port can be monitored for their general availability and the Service Monitor tool provides more packet capture options.
Opteq advised us that its Bandwidth i.Q. module is the most popular and allows it to compete with established vendors such as Packeteer and Allot Network. It certainly offers a strong alternative as it can manage all inbound and outbound protocols and includes the centralized management of inbound UDP. This enables inbound VoIP traffic management for both H.323 and SIP protocols - a feature which Opteq reckons makes it unique. Rulesets are used to manage traffic and you can apply them to applications, protocols, port ranges and hosts and set bandwidth limitations. You can also apply one of ten priorities to traffic that matches a rule or block it completely and thresholds can be used to stop a rule being activated until they have been breached. Global bandwidth quotas and profiles make rule creation even easier - we certainly had no problems and didn't even need to resort to the manual.
Opteq's ExtendedMPLS function adds another dimension to rules as the packet marking option allows packets to be dynamically tagged with a ToS value. MPLS provides three QoS classes that are used to prioritise traffic but if a class becomes saturated the MPLS service will indiscriminately drop packets. ExtendedMPLS can be used to dynamically reassign classes to ensure that business critical traffic remains unaffected.
Next up is the Web i.Q. module which includes sub-modules for web caching, URL content filtering and ICAP server redirection. The appliance functions either as an explicit or transparent proxy cache and supports proxy and AD authentication and for the latter you can use LDAP to import users and groups. When a user attempts to access the Internet the appliance checks to see if they are authenticated and if not, will enforce authentication before permitting access. Naturally, clustering is supported and the advanced cache parameters make this solution highly flexible.
For Content Filter i.Q. the appliance uses a local URL database managed and maintained by Opteq. Only eleven categories are available but each one can be modified with custom URLs, domains, IP addresses and URL expressions. Groups based on time periods, users and destinations allow multiple web access policies to be in effect at different times of the day and week and it can also integrate with AD via the web cache module. In practice this module worked reasonably well although more categories would make it more versatile.
Two firewall options are available with the advanced firewall acting as a gateway. This implements basic NAT/SPI protection and you can create custom rules to manage inbound and outbound traffic. The packet filter firewall acts as a bridge where it can identify traffic using Layer 7 inspection and apply rules that determine how it is handled. The Mail i.Q module is an SMTP gateway which provides both anti-virus and anti-spam measures along with vulnerability checks for blocking phishing attacks. The well-respected open source ClamAV is Opteq's choice for virus scanning but this can be augmented with other third party products that run on Unix such as Kaspersky. Anti-spam features are also handled by Opteq and include a large list of RBLs along with Bayesian analysis.
In its quest to deliver a single network management solution Opteq has largely succeeded and the fact that its appliances are managed from one interface and can run any or all of the various modules makes it extremely versatile. Some features such as URL content filtering aren't as good as many specialist products but Opteq's real strengths lie in its network monitoring, bandwidth management and caching features and the OP1400 is also priced very competitively as well.
Opteq delivers a complete network management solution in an appliance that looks particularly good value and has versatility as its middle name as you can select only those modules that you want to use.
Supermicro 1U chassis Supermicro P4SGE motherboard 2.8GHz Intel Pentium 4 512MB 266MHz SDRAM 40GB Seagate Barracuda ATA hard disk 2 x Gigabit Ethernet Monitor, mouse, keyboard and serial ports Web browser management