eSoft InstaGate 806 review
Reduced subscription costs mean eSoft’s latest InstaGate 806 UTM appliance is aggressively priced. It’s packed with security features but a hardware upgrade would improve throughput speeds.
eSoft still has a low profile in the UK network security market despite being founded in 1984. It also differs from the majority of security vendors as rather than rely on third party hosted services, it chose to develop its own.
eSoft has since spun the development side off as a separate company but all its InstaGate and ThreatWall appliances still use these services. In this exclusive review we look at the latest InstaGate 806 which is its flagship UTM appliance.
Hardware prices have also been aggressively slashed as the appliance with SPI firewall and IPsec VPN support now costs 2,204 nigh on a 30% drop from a couple of years ago. The appliance can be upgraded with various SoftPaks and these have also seen prices cut.
The Web ThreatPak includes gateway anti-virus scanning, policy based web content filtering, user authentication, web caching, IM and P2P app controls plus IPS. One-year and three-year subscriptions from Focus Technology cost 1,322 and 2,645 respectively. The Email ThreatPak delivers anti-spam, message content filtering, virus scanning plus quarantining and costs the same as the Web ThreatPak.
The web interface has been redesigned and provides detailed status information about the appliance, subscriptions and security threats
Hardware and deployment
This new model claims to be an upgraded version but in reality the only change is cosmetic with the chassis reduced from 2U down to 1U. It still uses the same CPU and memory as its predecessor which, as you'll see in our performance tests, could do with a refresh.
The appliance has six Gigabit ports with four providing LAN duties and the other two acting as DMZ and WAN ports. Installation is swift as the smart browser interface fires up a wizard on first contact that gets basic LAN and WAN functions operational.
The SoftPak Director handles all downloads and but patience is required. All content filtering is carried out locally so the entire URL database needs to be downloaded first.
The web interface has been redesigned and provides easy access to all features. You can use the SoftPak Director to monitor your subscription status and purchase new features directly from the same interface.
eSoft's SiteFilter offers over fifty URL categories that can blocked or allowed using network or user based policies
Web proxy and email features
The web proxy settings are simple to manage as you can opt to intercept HTTP and HTTPS traffic transparently or enforce authentication using the appliance's local database or Active Directory. Advanced features include a Safe Search option and a web cache where you can set this up to 4GB in size.
The 806 offers extensive mail security features and to quarantine suspect messages, it requires details of your internal mail server so it can filter messages. eSoft's anti-spam measures combine a wide range of weapons including customisable Bayesian filters and heuristic analysis plus black and white lists.
The SpamFilter includes a learning phase and the filters can also be trained manually using eSoft's Outlook SpamFilter add-in. This allows users to mark messages they want classified or declassified as spam.
eSoft's Mail Server upgrade turns the 806 into a full mail server capable of handling SMTP, POP3, IMAP and web mail. The mail server mirroring feature could prove useful if an external ISP handles your mail.
This allows the appliance to download mail from external POP3 accounts and scan it for spam and malicious content. You'll need to configure users on the appliance and set their client application to pick up mail directly from the appliance.
The ThreatMonitor provides detailed information and reports about intrusion, malware, network and web based activities
Initially, eSoft's IPS features look extensive as you can enter address ranges and networks that you want protected. Options are provided for protecting web and mail servers and enabling these automatically creates new policies customised for each type.
Nuisance IM and P2P apps can also be controlled with predefined policies although these are very basic. The policy uses a combination of rules and action profiles which can log this traffic, drop the relevant packets or terminate the connection.
If you want more then check out WatchGuard's XTM 535 and its application controls. It can manage specific activities so you could, for example, decide whether Facebook users can login, edit their profile, chat, access web mail or transfer files.
Our Ixia IxLoad tests showed the appliance maintaining a fairly steady 275Mbits/sec HTTP throughput with all UTM features enabled
For performance testing we hooked the appliance up to the lab's Ixia XM2 chassis and its pair of Xcellon-Ultra NP load modules. eSoft claims a top throughput of 920Mbits/sec which we confirmed using an IxLoad test with lightweight 1518-byte UDP packets.
For real world performance we created an IxLoad test that simulated web clients on one Gigabit load module port accessing web servers over HTTP port 80 on another port. With web filtering and AV enabled we saw a reasonably steady throughput of 550Mbits/sec.
With all UTM features enabled, including IPS, we found the appliance could maintain a load objective of 275Mbits/sec. Any more than this and performance became quite erratic and we also saw the web browser management console having a small but noticeable impact on performance as well.
The InstaGate 806 provides an extensive range of gateway security measures that can be easily customised to suit. It scores well for deployment and ease of use but stack it up against products such as WatchGuard's XTM 535 and you'll find it wanting in the performance stakes.
The reduced subscription charges and appliance costs make the InstaGate 806 a lot better value than previous generations. It’s easy to install and use although its application controls aren’t as good those offered by WatchGuard and it needs a hardware upgrade to improve raw performance
Chassis: 1U rack
CPU: 1.8GHz Dual Core Pentium
Memory: 4GB DDR2
Storage: 2 x 500GB SATA hard disks
RAID: RAID-1 mirror
Network: 6 x Gigabit (4 x LAN, WAN, DMZ)
Management: Web browser