Celestix MSA 1500i review
Delivers Microsoft's TMG 2010 to SMBs in a good-value security package that's ready to go out of the box
Review Date: 1 Dec 2010
Reviewed By: Dave Mitchell
Price when reviewed: £1,500 (£1,763 inc VAT)
Features & Design
Value for Money
The MSA 1500i from Celestix differs from Linux-based security appliances since it comes preloaded with Microsoft's Forefront Threat Management Gateway (TMG) 2010 software (our thanks to Wick Hill for supplying the review unit). It claims to deliver enterprise-level UTM features to SMBs with up to 200 users.
TMG 2010 takes over from ISA Server 2006, and at its foundation provides inbound and outbound security gateway services with IPsec VPNs, forward and reverse web proxies and web caching. New features include an SPI firewall, HTTPS traffic inspection and Microsoft's Network Inspection System (NIS), which looks for exploits in Microsoft products.
The rest are optional and comprise email protection, antivirus scanning and URL filtering. The latter two are activated by a Web Protection Service subscription; prices will depend on your existing Microsoft support agreements.
The 1500i runs Windows Server 2008 R2 Standard 64-bit with TMG 2010 Workgroup Edition. The only difference between this and the Branch Edition offered with larger MSA appliances is that it doesn't support load balancing.
Celestix's Comet web interface is designed for remotely managing its MSA appliances. It provides access to the TMG quick-start wizard, where you set up the network ports and choose from four operational templates.
We deployed the 1500i as an edge firewall and quickly integrated it into our AD domain. The TMG client is useful, as it offers HTTPS inspection notifications, auto-discovers the appliance, and offers a one-click web proxy setup.
TMG firewall policies comprise source and destination networks or hosts. They can also allow or deny actions, protocols and specific AD users and groups. Wizards are provided for securely publishing LAN resources such as Exchange web access, SharePoint sites and web servers.
Policies can include web-filtering rules with categories to be blocked or allowed. Microsoft provides over 70 URL categories, all of which were effective.
The optional Forefront Protection for Exchange provides email protection and antispam measures, and doesn't support other third-party email servers. It snaps neatly into the TMG console and provides wizards for declaring your Exchange servers and mail domains. It uses a spam confidence level scoring system for detecting spam and provides three actions where you can delete, reject or quarantine messages.
Both web content and emails are subjected to a barrage of virus scans, as TMG offers up to five engines from Kaspersky, Authentium, Norman, VirusBuster and Microsoft. File-attachment filters can be applied to inbound and outbound traffic, and message bodies can be scanned for specific keywords and phrases.
Reporting is extremely detailed, with options to view details on user activity, web traffic, cache usage and much more. These can be scheduled to run regularly, although it was annoying to find that reports can't be generated for the current day's activity until the following day.
With TMG 2010 in the driving seat, the MSA 1500i offers an impressive range of security measures and is a cinch to integrate into AD domains. The optional security features will push up the price, but for SMBs that want Microsoft on their security appliance this is the one to go for.
Author: Dave Mitchell
- Microsoft patches TIFF flaw in next Patch Tuesday
- Microsoft expands encryption over NSA spying "threat"
- UK Cloud Awards 2014: nominations now open
- BlackBerry says "we're still alive" as sales hit new low
- Has HP turned a corner?
- Adobe admits it's struggling to notify hack victims
- Microsoft rolls out Office 365 admin app for mobile
- Office 2013 Service Pack 1 to arrive early next year
- Backup the best defence against CryptoLocker
- UK SMBs can now buy ads on Twitter
- Switching from iPhone to Android: what I miss, what I don't
- Tech City: Easy to score when you move the goalposts
- How to remove SkyDrive from the Windows 8.1 Explorer
- Switching from iPhone to Android? Switch off iMessage
- Why is Google pumping more money into Firefox?
- Sky Broadband Shield review
- Samsung Galaxy S4: how to double your battery life
- Motorola Moto G review: first look
- IBM Watson meets Willy Wonka
- Google’s support policies shove users towards Chrome
- gTLDs: what your business should know about new domain names
- Can Microsoft survive? A look at servers and tools
- Can Microsoft survive? The future of Office
- A real-world guide to business VoIP
- Sack your PA: how to stay on top of your work life
- Power lies with the internet giants, not the governments
- Software subscriptions return us to a life of servitude
- How to get a job in cloud computing
- Are today's tech start-ups simply get-rich-quick schemes?
- Choosing the right tablet for business
- The importance of load balancing
- Windows Phone App Studio: an easy way to create your first Windows Phone 8 app
- The end of Windows XP support: what it really means for businesses
- Don't rely on Chrome's password vault
- Using Buffer to manage your social media
- Microsoft needs its own Steve Jobs
- Forget credit cards: hackers want your Facebook account
- Can't get fast enough broadband? Here's what to do
- Leap Motion and the battle against UI stagnation
- How to build a really bad network
There are dozens of exciting prizes up for grabs on PC Pro Competitions. All our competitions are free to enter. Try your luck.ENTER NOW