GCN Lab Review | Tumbleweed MailGate Appliance 3.0

Mixed bag: The Tumbleweed appliance is very tough on viruses but not spam.

Pros: Good technical support

Cons: Difficult to maintain and manage, lackluster spam protection

Price: $13,400 (500 users)

Spam protection: C

Virus protection: A

Ease of setup: B-

Ease of maintenance: C

Value: B+

The Tumbleweed MailGate Appliance 3.0 shows off some of the best and worst features of an e-mail security appliance. In the setup process you simply have to enter your user ID into the console's Web interface and it will generate a license code for you. However, you have to wait two business days'a wait you're warned about'to get the user ID through e-mail.

Once we got the test MailGate Appliance 3.0 onto our lab network, we noticed it was processing 43,000 e-mails a day, but not tagging any as spam. A quick check found that the drop boxes were in fact full of spam, so even though the appliance reported that everything was working fine, it apparently was not doing anything.

We got on the horn to Tumbleweed tech support for about two hours. (The tech support was actually quite good.) Reps used collaboration software to take control of our admin computer so they could work on the appliance directly. It took over an hour for the rep to determine that although our appliance was reporting it had a valid license, the system itself didn't know that and was refusing to scan e-mail. Company officials said they'd never encountered our problem before. Lucky us.

More troubling was the way the MailGate Appliance 3.0 handled user licenses. Our device came with 1,000 valid user licenses. The problem was that when the appliance was in a live mail stream, it was subject to probing attacks from spammers guessing at valid user names. Each one of the spoofed names generated a user license, so once the MailGate 3.0 hit 1,000 users, it refused to continue scanning any e-mail addressed to users that were not already 'registered.' It turns out we could turn on LDAP scanning, so bounces from the mail server would filter out false users. But because this function is off by default, and not every IT shop will have an LDAP table on their mail server, admins should be prepared to monitor the license situation.

Once we cleared up the user licenses and put the MailGate 3.0 onto our simulated network, its performance was less than stellar. While it did fine with viruses, stopping 99.8 percent of them, it wasn't very hard on spam. It correctly identified 96.2 percent of all spam we sent it, the lowest mark in our review. Given the $13,400 government price tag (with 500 user licenses), there may be better choices to protect your e-mail.

Tumbleweed Communications, Redwood City, Calif., (800) 696-1978, http://www.tumbleweed.com

About the Author

John Breeden II is a freelance technology writer for GCN.


  • business meeting (Monkey Business Images/Shutterstock.com)

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (Shutterstock.com)

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected