Panda GateDefender Performa e9100lite review

Panda’s Performa e9100lite combines tough wired and wireless network security with good value and performance

Price
£2,646
  • Easy deployment; Single price for all subscriptions; Good security measures; Slick reporting; Remote management
  • Noisy cooling fans; Weak hardware spec

Panda's GateDefender Performa e9100lite aims to provide complete perimeter security for businesses of up to 250 users. This is more a limitation of the hardware as Panda doesn't enforce per-user licensing and you just pay a yearly subscription fee which activates everything. 

And features aplenty there are too as the e9100lite delivers firewalling, support for IPSec and SSL VPNs, anti-virus, anti-spam, web content filtering and application controls. Its mirrored hard disks serve as a web cache and spam quarantine area and Panda provides some cunning wireless security features as well.

The e9100lite has a modest hardware spec comprising an elderly 2.6GHz dual-core Pentium E5300 and 2GB of DDR2. We also found the cooling fans are very noisy making it a poor partner in an office environment.

Panda's dashboard view keeps you posted on proxy and appliance status plus traffic throughput

Advertisement
Advertisement - Article continues below

Proxies for all

The eight Gigabit ports can be used to provide LAN, WAN or DMZ duties. For installation we just hooked a system up to the first port, faithfully followed the quick start wizard and had it up and running with secure Internet access inside 15 minutes.

We particularly liked Panda's colour coordination as it uses green, red, orange and blue zones for trusted, Internet, DMZ and wireless services. This made light work of deciding where to apply our security policies as we could choose which physical ports were members of each coloured zone.

Proxies are used throughput Panda's security policies and control HTTP, HTTPS, SMTP, POP3 and FTP traffic. You have non-transparent and transparent proxies for HTTP and we plumped for the latter as it avoided making any changes on our users' browser settings. 

Profiles are used to assign filtering policies to sources and destinations and enforce authentication using the local appliance, Active Directory, LDAP or RADIUS. For web filtering, Panda offers five general URL categories covering themes such as parental control and security and within these you have a total of 83 sub-categories so filtering can be easily fine-tuned.

Panda's colour schemes made it easy for us to assign policies to the correct ports

Anti-spam and wireless security

The POP3 proxy is easy to configure where it applies anti-virus measures and the SpamAssassin service to inbound mail. However, it can only tag the subject line of suspect spam messages and can't move them to the quarantine area.

The SMTP proxy uses the more sophisticated CommTouch hosted service but can only be applied to mail traffic being passed to an internal mail server. However, along with virus and spam checking, it can send suspect messages to the hard disk quarantine area for further examination.

For wireless network security you simply plug an AP or a switch carrying wireless traffic into the ports placed in the blue zone. For secure Internet services, all proxies can be applied to the blue zone and the firewall configured to allow wireless traffic only between blue and red zones.

Advertisement
Advertisement - Article continues below

The Hotspot feature is a standard service across all GateDefender appliances and supports access and billing controls. You can also use it to redirect wireless users to a login web portal complete with AUP.

Performance surprises

For performance testing we used the lab's Ixia Xcellon-Ultra NP load modules and IxLoad control software. Prior to starting we disabled the appliance's web caching by adding the Ixia's virtual servers to the proxy's non-cache list.

We're not sure how Panda tests its appliances but even with caching disabled we saw significantly better results than those claimed. With the HTTP proxy disabled, we saw an average firewall throughput of 915Mbits/sec - 14 per cent higher than Pandas' figures. 

Enabling the proxy with a basic non-filtering policy saw throughput drop to 480Mbits/sec and with AV scanning enabled this fell further to 230Mbit/sec. IPS takes its toll as with this enabled, IxLoad recorded an average HTTP throughput of 180Mbits/sec still nearly twice Pandas' claims.

To check the appliance's caching efficacy, we reran the test with the proxy only enabled and confirmed our 480Mbit/sec results. Halfway through the test, we enabled the cache for all web traffic and saw the throughput graph jump rapidly up to around 650Mbits/sec.

Along with good on-board reporting, the appliance can be managed remotely using the PMC portal

Perimetral controls and reporting

Panda's Perimetral Management Console (PMC) will appeal to larger businesses and MSPs with multiple appliances spread over different locations. To use the PMC web portal we just needed to register our appliances with it during the setup phase. The portal opens with a list of assigned appliances each with status icons and remote access facilities for management and updates.

On-board reporting facilities are good as the appliance's web interface provides a dashboard overview of all activity and a wealth of graphs for the services, proxies and firewall. The traffic monitoring page provides some slick graphs showing flows and top hosts while live logs for all proxies let us keep a close eye on the action.

Advertisement
Advertisement - Article continues below

Conclusion

The e9100lite is better value than the Dell SonicWALL NSA 2600 as although this appliance is much more powerful, a one-year Total Secure bundle and anti-spam subscription pushes costs to nearly 3,000. What we also like about the e9100lite is its easy deployment, the port zoning features and its vendor agnostic wireless security measures.

Verdict

The Performa e9100lite delivers a good range of security features which includes anti-spam measures and mail quarantining. It’s not as powerful as the Dell SonicWALL NSA 2600 but it is better value and easier to deploy.

Chassis: 1U rack

CPU: 2.6GHz dual-core Intel Pentium E5300

Memory: 2GB DDR2

Storage: 2 x 250GB SATA hard disks

Network: 8 x Gigabit (LAN, WAN, DMZ)

Other ports: 2 x USB 2, RJ-45 serial, VGA

Power: Internal PSU

Management: Web browser

Options: Further yearly subscriptions, £1,408 ex VAT

Featured Resources

The IT Pro guide to Windows 10 migration

Everything you need to know for a successful transition

Download now

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Software-defined storage for dummies

Control storage costs, eliminate storage bottlenecks and solve storage management challenges

Download now

6 best practices for escaping ransomware

A complete guide to tackling ransomware attacks

Download now
Advertisement

Recommended

Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/security/identity-and-access-management-iam/354289/44-million-microsoft-customers-found-using
identity and access management (IAM)

44 million Microsoft customers found using compromised passwords

6 Dec 2019
Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Visit/hardware/354237/five-signs-that-its-time-to-retire-it-kit
Sponsored

Five signs that it’s time to retire IT kit

29 Nov 2019
Visit/business/business-strategy/354195/where-modernisation-and-sustainability-meet-a-tale-of-two
Sponsored

Where modernisation and sustainability meet: A tale of two benefits

25 Nov 2019