Panda GateDefender Performa e9100lite review

Panda’s Performa e9100lite combines tough wired and wireless network security with good value and performance

Price
£2,646
  • Easy deployment; Single price for all subscriptions; Good security measures; Slick reporting; Remote management
  • Noisy cooling fans; Weak hardware spec

Panda's GateDefender Performa e9100lite aims to provide complete perimeter security for businesses of up to 250 users. This is more a limitation of the hardware as Panda doesn't enforce per-user licensing and you just pay a yearly subscription fee which activates everything. 

And features aplenty there are too as the e9100lite delivers firewalling, support for IPSec and SSL VPNs, anti-virus, anti-spam, web content filtering and application controls. Its mirrored hard disks serve as a web cache and spam quarantine area and Panda provides some cunning wireless security features as well.

The e9100lite has a modest hardware spec comprising an elderly 2.6GHz dual-core Pentium E5300 and 2GB of DDR2. We also found the cooling fans are very noisy making it a poor partner in an office environment.

Panda's dashboard view keeps you posted on proxy and appliance status plus traffic throughput

Proxies for all

The eight Gigabit ports can be used to provide LAN, WAN or DMZ duties. For installation we just hooked a system up to the first port, faithfully followed the quick start wizard and had it up and running with secure Internet access inside 15 minutes.

We particularly liked Panda's colour coordination as it uses green, red, orange and blue zones for trusted, Internet, DMZ and wireless services. This made light work of deciding where to apply our security policies as we could choose which physical ports were members of each coloured zone.

Proxies are used throughput Panda's security policies and control HTTP, HTTPS, SMTP, POP3 and FTP traffic. You have non-transparent and transparent proxies for HTTP and we plumped for the latter as it avoided making any changes on our users' browser settings. 

Profiles are used to assign filtering policies to sources and destinations and enforce authentication using the local appliance, Active Directory, LDAP or RADIUS. For web filtering, Panda offers five general URL categories covering themes such as parental control and security and within these you have a total of 83 sub-categories so filtering can be easily fine-tuned.

Panda's colour schemes made it easy for us to assign policies to the correct ports

Anti-spam and wireless security

The POP3 proxy is easy to configure where it applies anti-virus measures and the SpamAssassin service to inbound mail. However, it can only tag the subject line of suspect spam messages and can't move them to the quarantine area.

The SMTP proxy uses the more sophisticated CommTouch hosted service but can only be applied to mail traffic being passed to an internal mail server. However, along with virus and spam checking, it can send suspect messages to the hard disk quarantine area for further examination.

For wireless network security you simply plug an AP or a switch carrying wireless traffic into the ports placed in the blue zone. For secure Internet services, all proxies can be applied to the blue zone and the firewall configured to allow wireless traffic only between blue and red zones.

The Hotspot feature is a standard service across all GateDefender appliances and supports access and billing controls. You can also use it to redirect wireless users to a login web portal complete with AUP.

Performance surprises

For performance testing we used the lab's Ixia Xcellon-Ultra NP load modules and IxLoad control software. Prior to starting we disabled the appliance's web caching by adding the Ixia's virtual servers to the proxy's non-cache list.

We're not sure how Panda tests its appliances but even with caching disabled we saw significantly better results than those claimed. With the HTTP proxy disabled, we saw an average firewall throughput of 915Mbits/sec - 14 per cent higher than Pandas' figures. 

Enabling the proxy with a basic non-filtering policy saw throughput drop to 480Mbits/sec and with AV scanning enabled this fell further to 230Mbit/sec. IPS takes its toll as with this enabled, IxLoad recorded an average HTTP throughput of 180Mbits/sec still nearly twice Pandas' claims.

To check the appliance's caching efficacy, we reran the test with the proxy only enabled and confirmed our 480Mbit/sec results. Halfway through the test, we enabled the cache for all web traffic and saw the throughput graph jump rapidly up to around 650Mbits/sec.

Along with good on-board reporting, the appliance can be managed remotely using the PMC portal

Perimetral controls and reporting

Panda's Perimetral Management Console (PMC) will appeal to larger businesses and MSPs with multiple appliances spread over different locations. To use the PMC web portal we just needed to register our appliances with it during the setup phase. The portal opens with a list of assigned appliances each with status icons and remote access facilities for management and updates.

On-board reporting facilities are good as the appliance's web interface provides a dashboard overview of all activity and a wealth of graphs for the services, proxies and firewall. The traffic monitoring page provides some slick graphs showing flows and top hosts while live logs for all proxies let us keep a close eye on the action.

Conclusion

The e9100lite is better value than the Dell SonicWALL NSA 2600 as although this appliance is much more powerful, a one-year Total Secure bundle and anti-spam subscription pushes costs to nearly 3,000. What we also like about the e9100lite is its easy deployment, the port zoning features and its vendor agnostic wireless security measures.

Verdict

The Performa e9100lite delivers a good range of security features which includes anti-spam measures and mail quarantining. It’s not as powerful as the Dell SonicWALL NSA 2600 but it is better value and easier to deploy.

Chassis: 1U rack

CPU: 2.6GHz dual-core Intel Pentium E5300

Memory: 2GB DDR2

Storage: 2 x 250GB SATA hard disks

Network: 8 x Gigabit (LAN, WAN, DMZ)

Other ports: 2 x USB 2, RJ-45 serial, VGA

Power: Internal PSU

Management: Web browser

Options: Further yearly subscriptions, £1,408 ex VAT

Featured Resources

Key considerations for implementing secure telework at scale

Identifying the security risks and advanced requirements of a remote workforce

Download now

The State of Salesforce 2020

Your guide to getting the most from Salesforce

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Rethink your cybersecurity strategy for the new world

5 steps to secure the enterprise and be fit for a flexible future

Download now

Recommended

Andrew Daniels joins Druva as CIO and CISO
Cloud

Andrew Daniels joins Druva as CIO and CISO

22 Jul 2020
University of California gets fleeced by hackers for $1.14 million
ransomware

University of California gets fleeced by hackers for $1.14 million

30 Jun 2020
Australia announces $1.35 billion investment in cyber security
cyber security

Australia announces $1.35 billion investment in cyber security

30 Jun 2020
CSA and ISSA form cyber security partnership
cloud security

CSA and ISSA form cyber security partnership

30 Jun 2020

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

3 Aug 2020
How to use Chromecast without Wi-Fi
Mobile

How to use Chromecast without Wi-Fi

4 Aug 2020
How do I fix the Windows 10 Start Menu if it's frozen?
operating systems

How do I fix the Windows 10 Start Menu if it's frozen?

3 Aug 2020