Frills and drills
All the news about the interface isn't bad, though. We were quite pleased with the amount of information available right on the front dashboard. While other systems might have prettier interfaces, the Astaro dashboard is very clean, displaying a wealth of information without being cluttered. Another very cool feature is the ability to click on the tiny "I" icons in the Destination NAT (DNAT) interfaces to display where else these definitions were used. As with other systems, you sometimes have to disable linked rules (which depend upon other rules or objects) before you can make major changes. Having a quick way to see where else these rules were applied was very nice.
The HTTP proxy interface has a unique feature: a help section with a flowchart showing the order in which the rules are applied. Proxies have been the bread and butter of firewalls in the past, but they typically come with a cryptic interface. This is a wonderfully useful help file -- what a concept!
The responsiveness of the management interface certainly suffered when traffic ramped up, but the sluggishness wasn't anywhere near as dramatic as with the smaller ZyXel box. Although waits noticeably increased as the traffic load and number of attacks rose, the Astaro system remained responsive to management requests at all times.
The Astaro's throughput was a disappointment. The four units in this review ended up separating into two performance classes, with the SonicWall and WatchGuard far outpacing the Astaro and the much lower-priced ZyXel. At less than one-quarter of the Astaro's price, the ZyXel maintained slightly better throughput while under attack and blocked a slightly higher portion of the attacks. The Astaro could handle a WAN connection up to perhaps a couple of T-1s. For bigger pipes, you may need a UTM with more speed.
Without having an insider's view, the Astaro Security Gateway looks to be a special-purpose server with a single CPU that handles all of the functions right down to a PCI Express interface for the Ethernet ports. It clearly has some sort of encryption processor in it, or the 200 VPNs we ran would have killed the performance. However, if you start turning on lots of features, you'll see a noticeable impact on performance, as UTM functions quickly suck up CPU cycles. Unlike the SonicWall, the Astaro clearly does not partition management operations from the general traffic handling in the CPU cores. All of these functions are competing for resources.
Despite the drawbacks, the Astaro Security Gateway offers a massive collection of services for the price -- much more than what you could get on a roll-your-own box -- and it provides a much cleaner and more coherent management interface than you're going to find in the wild.
You may still be better off sticking with Win7 or Win8.1, given the wide range of ongoing Win10...
Now that we're down to the wire, many upgraders report that the installer hangs. If this happens to...
Angular 3 will have better tooling and will generate less code; Google also is promising a new major...
From data scooping to facial recognition, Amazon’s latest additions give devs new, wide-ranging powers...
Intel’s container-focused Linux distro for the cloud is packed with intriguing features. Here’s what...
In 2017, we're past the point of just dev and test and DR in the cloud. Before embarking on any new...
Data science skills will become more important for coding as software is 'trained' via AI