EXCLUSIVE - Astaro Web Gateway AWG3000
Web content filtering is important for many businesses and Astaro's Web Gateway AWG3000 appliance is a sophisticated solution.
Despite their increasing popularity UTM appliances aren't always the top choice for network perimeter security and particularly so for businesses that prefer the sophistication of point solutions. Up until now, Astaro has walked the UTM path but has seen the light as its latest Web Gateway security appliances target businesses that already have existing firewall and IPS solutions and just want to add web content filtering at the gateway. Essentially, Astaro has taken the web component from its ASG UTM products and is offering it as a separate point solution.
The AWG3000 is one of four members of the Web Gateway family and is delivered as an all-Supermicro 1U rack system sporting a reasonable specification. You get a 2.66GHz Core2 Duo processor and 1GB of memory, whilst storage is handled by a single 80GB SATA hard disk. If you want RAID protection then consider the top of the range AWG4000, which is also equipped with a Xeon processor.
Installation in the lab was easy enough as you connect a PC to the appliance's Eth0 port and fire up a web browser. The resulting interface is easily navigable and starts off with a setup routine which sorts out licensing, the appliance's hostname and administrative access. The appliance offers four Gigabit ports and for testing we used the first two for LAN and WAN duties but you can configure the others for functions such as DMZ and high availability (HA).
Note that the interfaces can't function as DHCP clients so you'll need to provide static IP addresses and add details about DNS forwarders. In general, the deployment process was reasonably straightforward although a few examples of network scenarios and possible client configurations would have made the process smoother. We also found the appliance's cooling fans particularly noisy making the AWG3000 a rack cabinet candidate.
The AWG3000 uses HTTP and FTP proxies and supports a choice selection of deployment methods. We opted for the transparent proxy, which checks web traffic over port 80 and requires no client browser configuration. A standard mode uses port 8080 and Astaro offers plenty of user authentication modes as the appliance maintains its own local user and group database and also supports Active Directory, RADIUS and LDAP servers and Novell's eDirectory.
As with Astaro's ASG appliances the Web Gateway family employs Websense's excellent URL filtering service. From the management interface you have eighteen URL categories to pick and choose from and each one contains up to seven sub-categories. The appliance uses Websense's remote URL database so there's nothing to download to the appliance and no updates to worry about.
Astaro uses a pincer movement on viruses as the appliance has two scanning engines, which come courtesy of ClamAV and the lesser known Authentium. If you're worried about performance you can opt for a single engine mode which will drop the latter from the equation. The AWG3000 also provides options for handling IM and P2P apps and offers a basic selection of the more common types which now includes Skype.