Celestix MSA 1500i review
Delivers Microsoft's TMG 2010 to SMBs in a good-value security package that's ready to go out of the box
Review Date: 1 Dec 2010
Reviewed By: Dave Mitchell
Price when reviewed: £1,500 (£1,763 inc VAT)
Features & Design
Value for Money
The MSA 1500i from Celestix differs from Linux-based security appliances since it comes preloaded with Microsoft's Forefront Threat Management Gateway (TMG) 2010 software (our thanks to Wick Hill for supplying the review unit). It claims to deliver enterprise-level UTM features to SMBs with up to 200 users.
TMG 2010 takes over from ISA Server 2006, and at its foundation provides inbound and outbound security gateway services with IPsec VPNs, forward and reverse web proxies and web caching. New features include an SPI firewall, HTTPS traffic inspection and Microsoft's Network Inspection System (NIS), which looks for exploits in Microsoft products.
The rest are optional and comprise email protection, antivirus scanning and URL filtering. The latter two are activated by a Web Protection Service subscription; prices will depend on your existing Microsoft support agreements.
The 1500i runs Windows Server 2008 R2 Standard 64-bit with TMG 2010 Workgroup Edition. The only difference between this and the Branch Edition offered with larger MSA appliances is that it doesn't support load balancing.
Celestix's Comet web interface is designed for remotely managing its MSA appliances. It provides access to the TMG quick-start wizard, where you set up the network ports and choose from four operational templates.
We deployed the 1500i as an edge firewall and quickly integrated it into our AD domain. The TMG client is useful, as it offers HTTPS inspection notifications, auto-discovers the appliance, and offers a one-click web proxy setup.
TMG firewall policies comprise source and destination networks or hosts. They can also allow or deny actions, protocols and specific AD users and groups. Wizards are provided for securely publishing LAN resources such as Exchange web access, SharePoint sites and web servers.
Policies can include web-filtering rules with categories to be blocked or allowed. Microsoft provides over 70 URL categories, all of which were effective.
The optional Forefront Protection for Exchange provides email protection and antispam measures, and doesn't support other third-party email servers. It snaps neatly into the TMG console and provides wizards for declaring your Exchange servers and mail domains. It uses a spam confidence level scoring system for detecting spam and provides three actions where you can delete, reject or quarantine messages.
Both web content and emails are subjected to a barrage of virus scans, as TMG offers up to five engines from Kaspersky, Authentium, Norman, VirusBuster and Microsoft. File-attachment filters can be applied to inbound and outbound traffic, and message bodies can be scanned for specific keywords and phrases.
Reporting is extremely detailed, with options to view details on user activity, web traffic, cache usage and much more. These can be scheduled to run regularly, although it was annoying to find that reports can't be generated for the current day's activity until the following day.
With TMG 2010 in the driving seat, the MSA 1500i offers an impressive range of security measures and is a cinch to integrate into AD domains. The optional security features will push up the price, but for SMBs that want Microsoft on their security appliance this is the one to go for.
Author: Dave Mitchell
- Microsoft yanks Windows 8.1 update after crash reports
- Microsoft backtracks on blocking out-of-date Java
- Gartner: time to start planning your Windows 7 upgrade
- Still on IE8? You've got 18 months to upgrade
- Who's buying Chromebooks? American schools
- Microsoft targets Windows in next Patch Tuesday
- Microsoft to block old ActiveX controls in security push
- Samsung and Apple call off all legal disputes, except in the US
- Microsoft ordered to hand over European data
- Will the next Windows 8.1 update arrive next month?
- 20 years of PC Pro: our best covers
- Why we've closed the PC Pro forums
- How to turn off Google Location Tracking
- 20 years of PC Pro: our greatest review mistakes
- 20 years of PC Pro: our first A-List
- Wikipedia's "right to be forgotten" protest hits the wrong note
- 3D printing hits the high street for plastic selfies
- 20 years of PC Pro: What amazed us in our first issue
- How Google Glass ruined my lunch hour
- Smartphone battery packs: can a USB power pack beat the festival battery blues?
- How to set up a wireless hotspot for your business: give customers free or paid for internet access
- Five worst SMB security threats... and how to solve them
- Doing business in a social era
- How to configure SysLookup for your network
- The 18 best Outlook tips for increasing productivity: become an Outlook expert with these lesser-known tips
- Office: should you buy it, rent it - or dump it?
- Small server vs cloud: which is best for SMBs?
- The best mobile apps for business
- Windows XP: Microsoft’s ticking time bomb
- gTLDs: what your business should know about new domain names
- How to sell more ebooks on Amazon
- 10 ways to make your business more secure
- Top five VoIP mistakes
- How to add in-app purchasing to an iPhone, Android or Windows app
- Remote-control ransomware: TeamViewer and software hardball
- Why laptops with serial ports matter to the Internet of Things
- Make your mobile battery last longer
- Small steps into handling Big Data
- Nexus 5: does it really run stock Android?
- How to get broadband to a garden office