UTM appliances whip blended security threats
Unified threat management appliances combine multiple perimeter protections with mixed results
The security services available in the M30 are very good, using a mix of best-of-breed and in-house developed services. For anti-virus and anti-spam, ServGate uses McAfee’s scanning engines. For Web filtering, SurfControl is included. All licensing for these third-party tools is handled by ServGate and included in the total price. Because the M30 has a local hard drive, files and messages can be quarantined instead of simply discarded.
As opposed to WatchGuard’s Firebox Core, ServGate’s EdgeForce M30 provides anti-virus scanning for SMTP, HTTP, POP3, and FTP traffic. The M30 passed my anti-virus test with flying colors, managing the 160MB file transfer and stripping out the virus.
ServGate’s IPS, which is based on the open source Snort signatures, allows for a good deal of flexibility when creating content filters. The list of rules is nicely broken up into categories such as “exploit,” “P2P,” and “Web attacks,” which simplifies creating IPS rules for content filters. In all of my penetration tests, ServGate’s IPS rules and policies held firm and prevented any unauthorized access.
Remote monitoring and reporting is very well done using Global Manager. It provides a nice platform for maintaining all aspects of the M30 from a centralized datacenter. A single Global Manager system can handle as many as 200 EdgeForce devices. Look for greater scalability in the next release.
SonicWall Pro 2040
The SonicWall Pro 2040 comes with four 10/100Mbps interfaces for network connectivity and a host of solid firewalling services. Installation and initial configuration was the easiest out of our group, thanks to some handy setup wizards. Setup required only a few minutes to get the appliance online and passing traffic. Policy management is relatively straightforward, again assisted by helpful wizards. VLAN support, although missing from this release, will be available soon.
The Pro 2040 doesn’t leave anything out in terms of firewall features. Its stateful inspection engine comes with a vast array of predefined services and allows for the addition of custom services. For quicker rule creation, individual services can be grouped into a single object. As opposed to Astaro and WatchGuard, SonicWall does not rely on any application proxies. This means the Pro 2040 can apply anti-virus filters and all other protections to any type of traffic.
Firewall policy management is made easier through the use of a new “matrix” view of the access rules. I was able to filter my view quickly to zero in on a specific set of physical interfaces and the rules associated with them. For anyone who has to maintain a large rule set, this feature will ease your administrative burden significantly. Support for dynamic DNS is included, as is QoS, but VLAN support won’t be available until the next OS release. Dynamic routing is also missing from this release; RIP and OSPF will be available in the next version.
VPN capabilities are adequate in the Pro 2040, providing IPSec site-to-site and client-to-site PPTP and support for SonicWall’s own VPN client. Cipher choices aren’t as wide as that in the Astaro 220, but with 3DES and AES256, encryption strength should not be a problem. As with policy creation, a VPN policy wizard walks admins through the initial tunnel definition.