Product Reviews

As with many firewall vendors, Clavister started out with a software solution but now also offers an extensive range of appliances, and in this exclusive review we look at the Security Gateway SG57.

Installation must start at the CLI, where you set up management access and provide an IP address. As we were using Windows Vista and Server 2008 RC0, we had to download HyperTerminal, as this is no longer part of these OSes. Web-browser management isn't supported: instead, you use the bundled FineTune, which is clearly designed to manage multiple appliances. Namespaces are used to store descriptions of all network components including hosts, address ranges, schedules, VPNs and ALGs. All details are held in data source files, so you can have a range of files containing information on specific groups of appliances and associated namespaces.

A global namespace is maintained in each data source and any changes at this level will be disseminated to every member appliance. All appliance details are stored in FineTune's Security Gateway folder, which can also contain its own namespaces, allowing you to organise devices hierarchically based on location

ADVERTISEMENT

or function. This is all very impressive, but it makes initial configuration a real nightmare. To get even a basic firewall up and running, we had to create address and broadcast objects for the LAN and WAN ports, plus DHCP address pool and server objects, and bind them all together. There's more, as a WAN-to-internet route had to be created and then associated with a firewall rule that allowed outbound access. The documentation was no help and we ended up having to use technical support to guide us through this phase.

Rules define source and destination objects, and determine whether traffic should be allowed, blocked, dropped or rejected. The rule is bound to a service object, can be associated with a time schedule and placed in a list in order of priority. Web content security requires an HTTP ALG in the namespace, but you'll need a service object with a port number to which you bind the ALG and then create a new firewall rule. Content filtering offers more than 30 categories, but showed only a 70% blocking success for online bingo sites.

IPS is on the menu and traffic shaping is a handy feature, as this uses QoS policies to assign rules to pipes that determine bandwidth usage. Mail security features are limited. An SMTP ALG object allows you to limit email throughput, apply virus scanning and block by attachment type only, not by size. Antispam isn't available, but this and POP3 support are on Clavister's to-do list.

For businesses requiring centralised support of appliances distributed around remote branch offices, the SG57 excels. However, SMBs requiring only a single appliance will find configuration overly complex. For this type of deployment, Clavister needs to implement wizards or improve its documentation.