The proxy can scan messages for unacceptable content and, where appropriate, challenge users before allowing the message to be sent. All messages can be archived on the appliance or to an external SQL database and searched using FaceTime's legal discovery tools.
For testing we dropped the USG530 into the lab's network and configured our main ProCurve 2848 switch to mirror traffic from all ports to the appliance's connection. You start with it running in a passive discovery mode where it uses Layer 7 packet inspection to find out what's running round the network. The web interface is well designed and the home page opens with a full summary on network activity, statistics for each component, the appliance's status and quick access to the latest reports.
After leaving it monitoring the network for a couple of days we found the levels of information forthcoming to be quite remarkable. We could see which systems were using Windows Live Messenger, those that had the BBC iPlayer loaded and others with GoToMyPC loaded and ready for remote connections. Systems with the BitTorrent Client 6 loaded and active were easily identified as were those that had the Vuze P2P video downloader running.
Traffic is split into the five main categories of IM, P2P, greynet, malware and web filtering and tabs in the interface are provided for each one , enabling you to drill down and view more detail about specific activities. We could see the IP addresses of the systems using IM apps, the user identities, the number of messages for each one and whether they went through the monitoring or proxy ports. For P2P apps you can see the user and system identities and how much traffic was being generated by each one.
Now it's time to go into enforcement mode. This can be switched on individually for each of the five categories and your policies then come into play. Policies can be assigned to lists of IP addresses but AD support means they can be assigned to specific users and groups. For IM, P2P and greynet apps you have hundreds to choose from to block or allow, whilst the web filtering service offers 56 categories. For Facebook there are 23 service categories on offer and for MySpace you have no less than 29 to choose from.
The IM proxy port uses the default policy, where you can set up file transfer privileges and send messages to an external ICAP server for virus scanning. List of restricted phrases can be applied and the appliance can also stop IM being used for spamming by sending a challenge to external users who are required to give a specific response.
With so many apps to monitor and so little time, reporting needs to be good and FaceTime doesn't disappoint. For each category you can view a complete rundown on all activities and drill down for more information on the top blocked products, the systems trying to access them and, with AD policy groups in force, the offending users as well.
There's no denying the USG530 fills the gaps that traditional UTM appliances leave behind. Its awareness of IM and P2P apps and social networking sites is second to none and it augments these abilities with quality anti-malware and web content filtering capabilities.
Verdict
FaceTime Communications 01189 637 469 www.facetime.com Verdict: Controlling IP and P2P apps is not a high priority for traditional UTM appliances as most have a very limited awareness of these. FaceTime’s USG appliances take control to the next level as they are capable of identifying and controlling hundreds of these types of problem apps and have a heightened awareness of social networking sites.
Chassis: 1U rack server; Processor: 2.83GHz Xeon X3360 Memory: 4GB 667MHz DDR2 Storage: 250GB 7.2K SATA hard disk RAID: None on this model Network: 3 x Gigabit Ethernet Management: Web browser
