Product Reviews

Sitting at the lower end of Stonesoft's security appliance portfolio, the latest StoneGate FW-300 targets small networks comprising tens rather than hundreds of users and aims to provide tough firewall and VPN features. The price may look high but there are no user limits and the appliance's hardware spec allows it to support reasonably high firewall and VPN tunnel throughput. Another feature we liked is that, being fanless, the unit is silent.

A key feature of StoneGate firewalls is they can't be accessed using a standard browser. While more secure, the less convenient modus operandi does limit their appeal. All appliances are monitored and managed via Stonesoft's Log Server service and Management Server (MS) components, while a separate Management Client (MC) is used to access the MS. These can run on the same system or separately and provide the facilities you need to handle multiple appliances from a centralised console.

Initial installation was simple - loading all the management software on a Windows Server 2003 R2 system took a few minutes. The MC opens with a tidy interface and you can start by declaring your appliances to it. Stonesoft uses

ADVERTISEMENT

the concept of elements to represent the network and those devices that are to be part of an access control policy. During this phase you can name the appliance, give it an IP address and decide which of its quartet of ethernet ports can be used for management access. The other network ports can be used as required: all support LAN, WAN or DMZ operations. Should the main management link fail you can add more IP addresses on other interfaces so they can provide backup links to the MS.

Once your firewall configuration has been saved, the MC generates a one-time password. This is used next as you access the appliance directly via its CLI over a serial port connection and run quickly through a setup routine. Here, you nominate the primary management interface, provide it with the IP address of the MS system and add the password.

Firewall security is controlled with policies where each can comprise multiple rules for access, traffic inspection and NAT. You can also apply QoS rules to specific interfaces to guarantee or limit bandwidth. Policies handle inbound and outbound traffic and rule creation is made easier with templates and the option to inherit rules from existing templates. You can push your policies to selected appliances from the MC interface and this feature can also be used to deploy software images and updates. We were impressed with the MC monitoring tools as you can select an appliance and view full statistics and performance data, graphs showing traffic for each interface and general firewall loads.

The StoneGate is expensive and too difficult to use for us to recommend to most small businesses. But, as part of a remote office protection plan for businesses with multiple sites, this appliance could be ideal.