Product Reviews

CyberGuard started 2006 by merging with the mighty Secure Computing to give the new company an extensive portfolio of security appliances. The WW1000 and its content security was impressive enough to gain a brief stay on the PC Pro A List last year. Now we take a closer look at the TSP 1250, which is aimed at firewall and VPN duties in medium-sized businesses and remote offices.

A key feature of this appliance family is the TSP (Total Stream Protection) technology, which delivers extensive application and policy-based security. By employing a wide range of application proxies, this allows security policies to be enforced at the application level. Furthermore, it doesn't use sets of signatures to check the application layer, but buffers each session in memory and runs a full inspection.

The 1250 offers a reasonable specification, which includes seven Gigabit Ethernet ports, although the 256MB of memory is a tad stingey. Installation is easy: the appliance can be managed locally or remotely via a secure web browser and both options use the same well-designed interface. We found the appliance particularly easy to set up, as this phase is helped along nicely by a wizard - a feature not often seen at this level of the security market. This takes you through securing management access and determining how the network interfaces are to be used. Each can be designated

ADVERTISEMENT

as internal, external or DMZ. A new feature on the 1250 is appliance clustering, so interfaces can be used for heartbeat functions.

To open up access, you'll need to create packet-filtering rules, as all inbound and outbound traffic is initially blocked. Rules are built using actions, services, sources, destinations and time periods. Handily, these only need to be created once. With each component defined as an object they can be used in multiple rules and, if an object is modified, any rule using it will receive those changes automatically. For actions, you can block, allow or drop packets, or use an application proxy. Plenty of predefined services are provided, but you can easily create custom services.

Application proxies abound and include H.323 for VoIP traffic and a Circuit option for non-protocol-specific traffic. The latter provides a proxy for bidirectional TCP connections between two endpoints. For a client/server connection, for example, it stops them interacting directly by intercepting the traffic and carrying out Layer 5 inspection. The HTTP proxy filters inbound and outbound traffic for specific HTTP commands and banned URIs (uniform resource identifiers). Resources such as a web page or file extensions can also be included and are defined as pattern objects for use in multiple filters. Email is handled deftly by the SMTP proxy, which inspects mail headers, attachments and body content, and allows you to decide which users can receive and send mail. Messages may be filtered for specific subjects and attachments, and these are defined as objects for use in multiple rules. Actions can also specify that messages are passed to external ICAP or CVP servers for virus scans.

The combination of firewall and application proxies makes the TSP 1250 a powerful security appliance. Auditing, reporting and monitoring features are extensive, and the use of security policies and objects makes light work of ongoing configuration.