GCN LAB REVIEW
eSoft security appliance covers the network
InstaGate's modular approach lets you add functionality as needed
- By Greg Crowe
- Jul 13, 2009
Pros: Easy to setup and maintain, 1U rack space
Cons: In-line system requires temporary Internet interruption during setup
Ease of use: A+
Price: $2,999 ($2,699 government)
Network security is an often nebulous term that covers an array of tasks, each of which covers a specific area of concern for the safety of a computer network. All too often, each specific need requires the purchase of another new device, which has its own space and power considerations. Pretty soon, the network room becomes chock full of those devices, which are filling the racks and taxing the power of the entire operation. This is why many administrators are looking to multipurpose devices to save resources.
A drawback of using multipurpose devices is the gargantuan task of replacing all of the old machines at once, which can sometimes mean a day or more of interrupted Internet access as a new device takes over all of the functions.
The eSoft InstaGate 604 solves this basic problem with modularity. An administrator can start it off with the basic function of a firewall and add functionality as needed. This creates less overall interruption of Internet access.
The Instagate 604 appliance uses a 2.53 GHz Intel Celeron processor and 512M of RAM. It takes up 1U of rack space, which can free a lot of room if it is replacing more than one device. Its four Gigabit Ethernet ports will maintain throughput without bottlenecks.
InstaGate had the easiest setup of any gateway appliance we have tested. After it is connected and turned on, the internal network port gets an IP address from your network’s Dynamic Host Configuration Protocol server, and you can then access it through its Web-based interface from any local computer. At that point, the setup wizard takes you through each step, having you enter the administrator settings and connectivity settings for the external port. Once it has all of the information, it will check the connection to the Internet and to esoft.com. After it connects successfully, you are ready to go.
The firewall functions are what you would expect from a good, enterprise-level system. It has a full array of Network Address Translation functions, allowing an entire network to share a single public IP address — the most common configuration — or map specific internal addresses to public ones. It will redirect traffic coming over a certain port to a specific internal address.
Instagate caches its Domain Name Service lookups, allowing for faster access to the Internet. It also allows administrators to prioritize traffic to use network resources more efficiently.
The ThreatMonitor displays network traffic concisely in the Web-based interface. ThreatMonitor does the best job we’ve seen at displaying network security at a glance. It shows bandwidth usage both for inbound and outbound traffic, and categorizes it by type. It definitely gives you a good idea as to what is going on with your network.
A full-function virtual private network server also is part of InstaGate's basic functionality, allowing for secure, remote access by a network’s users. Managing a VPN can be a daunting task, but having this functionality integrated in the InstaGate can make it a lot easier.
Because the InstaGate uses industry-standard IP Security protocols, it can communicate ably with existing VPNs. It uses another industry standard, Point-to-Point Tunneling Protocol, to talk to its clients. Because PPTP is part of every major operating system, setup on the client side is likely already done, and you need only the server name, user name and password to log on.
However, Instagate's true beauty is the modularity of its optional functions. These are available through what eSoft calls SoftPaks. Once you buy one — or if they are purchased along with the device — you merely need to click the Check for Updates button in the administrator interface. InstaGate’s SoftPak Director will connect with eSoft and download and install the appropriate options automatically.
The company also has a Web ThreatPak that will make Instagate a highly effective Web content filter and intrusion-prevention device. It lets an administrator fully customize white and black lists to get maximum control of the network’s Web traffic. The E-mail ThreatPak functions as a spam and virus filter for an existing e-mail server. It can also monitor e-mail content to prevent users from sending certain types of data, such as credit card numbers.
The company even sells a Complete Mail Server SoftPak that enables the InstaGate to function as an e-mail server. This might be considered a lower-cost alternative to traditional e-mail server software.
The eSoft Instage 604 has a retail price of $2,999 and a government price of $2,699, which we felt were good deals for a combined firewall/VPN appliance, even before you consider its expandability. The ThreatPaks are sold by yearly or multiyear subscription — also with a 10 percent government discount — and eSoft often runs promotions for the purchase of multiple items.
InstaGate would be ideal for a network administrator who needs to consolidate several network security functions in one appliance.
eSoft, 888-903-7638, www.esoft.com
Greg Crowe is a former GCN staff writer who covered mobile technology.