Astaro's Linux-based firewall appliance stands out with a laundry list of capabilities, but runs several steps behind top competitors
Frills and drills
All the news about the interface isn't bad, though. We were quite pleased with the amount of information available right on the front dashboard. While other systems might have prettier interfaces, the Astaro dashboard is very clean, displaying a wealth of information without being cluttered. Another very cool feature is the ability to click on the tiny "I" icons in the Destination NAT (DNAT) interfaces to display where else these definitions were used. As with other systems, you sometimes have to disable linked rules (which depend upon other rules or objects) before you can make major changes. Having a quick way to see where else these rules were applied was very nice.
The HTTP proxy interface has a unique feature: a help section with a flowchart showing the order in which the rules are applied. Proxies have been the bread and butter of firewalls in the past, but they typically come with a cryptic interface. This is a wonderfully useful help file -- what a concept!
The responsiveness of the management interface certainly suffered when traffic ramped up, but the sluggishness wasn't anywhere near as dramatic as with the smaller ZyXel box. Although waits noticeably increased as the traffic load and number of attacks rose, the Astaro system remained responsive to management requests at all times.
The Astaro's throughput was a disappointment. The four units in this review ended up separating into two performance classes, with the SonicWall and WatchGuard far outpacing the Astaro and the much lower-priced ZyXel. At less than one-quarter of the Astaro's price, the ZyXel maintained slightly better throughput while under attack and blocked a slightly higher portion of the attacks. The Astaro could handle a WAN connection up to perhaps a couple of T-1s. For bigger pipes, you may need a UTM with more speed.
Without having an insider's view, the Astaro Security Gateway looks to be a special-purpose server with a single CPU that handles all of the functions right down to a PCI Express interface for the Ethernet ports. It clearly has some sort of encryption processor in it, or the 200 VPNs we ran would have killed the performance. However, if you start turning on lots of features, you'll see a noticeable impact on performance, as UTM functions quickly suck up CPU cycles. Unlike the SonicWall, the Astaro clearly does not partition management operations from the general traffic handling in the CPU cores. All of these functions are competing for resources.
Despite the drawbacks, the Astaro Security Gateway offers a massive collection of services for the price -- much more than what you could get on a roll-your-own box -- and it provides a much cleaner and more coherent management interface than you're going to find in the wild.
You may still be better off sticking with Win7 or Win8.1, given the wide range of ongoing Win10...
Microsoft buried a Get Windows 10 ad generator inside this month's Internet Explorer security patch for...
Here’s the best of the best for Windows 10. Sometimes good things come in free packages
A devoted practitioner offers an eyewitness account of the rise of Linux and the open source movement,...
Google’s second-generation SQL database as a service achieves higher transaction rates than Aurora at...
For collaborative classroom use by teachers and students, Microsoft has a special edition of Office 365...
GopherJS 1.7-1 extends browser app dev to version 1.7 of Google's Go language