Celestix MSA 1500i review
Delivers Microsoft's TMG 2010 to SMBs in a good-value security package that's ready to go out of the box
Review Date: 1 Dec 2010
Reviewed By: Dave Mitchell
Price when reviewed: £1,500 (£1,763 inc VAT)
Features & Design
Value for Money
The MSA 1500i from Celestix differs from Linux-based security appliances since it comes preloaded with Microsoft's Forefront Threat Management Gateway (TMG) 2010 software (our thanks to Wick Hill for supplying the review unit). It claims to deliver enterprise-level UTM features to SMBs with up to 200 users.
TMG 2010 takes over from ISA Server 2006, and at its foundation provides inbound and outbound security gateway services with IPsec VPNs, forward and reverse web proxies and web caching. New features include an SPI firewall, HTTPS traffic inspection and Microsoft's Network Inspection System (NIS), which looks for exploits in Microsoft products.
The rest are optional and comprise email protection, antivirus scanning and URL filtering. The latter two are activated by a Web Protection Service subscription; prices will depend on your existing Microsoft support agreements.
The 1500i runs Windows Server 2008 R2 Standard 64-bit with TMG 2010 Workgroup Edition. The only difference between this and the Branch Edition offered with larger MSA appliances is that it doesn't support load balancing.
Celestix's Comet web interface is designed for remotely managing its MSA appliances. It provides access to the TMG quick-start wizard, where you set up the network ports and choose from four operational templates.
We deployed the 1500i as an edge firewall and quickly integrated it into our AD domain. The TMG client is useful, as it offers HTTPS inspection notifications, auto-discovers the appliance, and offers a one-click web proxy setup.
TMG firewall policies comprise source and destination networks or hosts. They can also allow or deny actions, protocols and specific AD users and groups. Wizards are provided for securely publishing LAN resources such as Exchange web access, SharePoint sites and web servers.
Policies can include web-filtering rules with categories to be blocked or allowed. Microsoft provides over 70 URL categories, all of which were effective.
The optional Forefront Protection for Exchange provides email protection and antispam measures, and doesn't support other third-party email servers. It snaps neatly into the TMG console and provides wizards for declaring your Exchange servers and mail domains. It uses a spam confidence level scoring system for detecting spam and provides three actions where you can delete, reject or quarantine messages.
Both web content and emails are subjected to a barrage of virus scans, as TMG offers up to five engines from Kaspersky, Authentium, Norman, VirusBuster and Microsoft. File-attachment filters can be applied to inbound and outbound traffic, and message bodies can be scanned for specific keywords and phrases.
Reporting is extremely detailed, with options to view details on user activity, web traffic, cache usage and much more. These can be scheduled to run regularly, although it was annoying to find that reports can't be generated for the current day's activity until the following day.
With TMG 2010 in the driving seat, the MSA 1500i offers an impressive range of security measures and is a cinch to integrate into AD domains. The optional security features will push up the price, but for SMBs that want Microsoft on their security appliance this is the one to go for.
Author: Dave Mitchell
- Microsoft slashes custom XP support price
- Ubuntu LTS Server 14.04 extends cloud support
- Intel: PC sales are "encouraging"
- Google to rank encrypted pages higher
- Heartbleed: the race to reissue security certificates
- Dropbox boosts app line-up with Carousel and Mailbox for Android
- BlackBerry CEO says not selling off phones "any time soon"
- Microsoft halts business downloads of Windows 8.1 Update
- Raspberry Pi targets business with Compute Module
- Microsoft releases final patches for Windows XP
- Windows 8.1 Update: an abject surrender
- The insane economics of Sky Now TV
- No such thing as a free app... so pay up if you want quality
- Time to outlaw crapware-laden installers
- Windows Phone 8.1 video: hands-on
- Office for iPad: key information
- Why every PC buyer owes Richard Durkin a debt of gratitude
- HTC One M8 vs Samsung Galaxy S5: 2014's big-hitters compared
- Windows XP end of life: key information
- Cut out the broadband jargon? What jargon?
- Office: should you buy it, rent it - or dump it?
- Small server vs cloud: which is best for SMBs?
- The best mobile apps for business
- Windows XP: Microsoft’s ticking time bomb
- gTLDs: what your business should know about new domain names
- Can Microsoft survive? A look at servers and tools
- Can Microsoft survive? The future of Office
- A real-world guide to business VoIP
- Sack your PA: how to stay on top of your work life
- Power lies with the internet giants, not the governments
- Make your mobile battery last longer
- Small steps into handling Big Data
- Nexus 5: does it really run stock Android?
- How to get broadband to a garden office
- How to write your company's IT security policy
- Raspberry Pi and Wolfram: a must-have for every child
- Could you get by with Office Web Apps?
- The best Android antivirus apps for 2014
- Headings vs headers: how to use both in Word
- Windows Server 2012 R2: how the Datacenter edition could change SMBs