Celestix MSA 1500i review
Delivers Microsoft's TMG 2010 to SMBs in a good-value security package that's ready to go out of the box
Review Date: 1 Dec 2010
Reviewed By: Dave Mitchell
Price when reviewed: £1,500 (£1,763 inc VAT)
Features & Design
Value for Money
The MSA 1500i from Celestix differs from Linux-based security appliances since it comes preloaded with Microsoft's Forefront Threat Management Gateway (TMG) 2010 software (our thanks to Wick Hill for supplying the review unit). It claims to deliver enterprise-level UTM features to SMBs with up to 200 users.
TMG 2010 takes over from ISA Server 2006, and at its foundation provides inbound and outbound security gateway services with IPsec VPNs, forward and reverse web proxies and web caching. New features include an SPI firewall, HTTPS traffic inspection and Microsoft's Network Inspection System (NIS), which looks for exploits in Microsoft products.
The rest are optional and comprise email protection, antivirus scanning and URL filtering. The latter two are activated by a Web Protection Service subscription; prices will depend on your existing Microsoft support agreements.
The 1500i runs Windows Server 2008 R2 Standard 64-bit with TMG 2010 Workgroup Edition. The only difference between this and the Branch Edition offered with larger MSA appliances is that it doesn't support load balancing.
Celestix's Comet web interface is designed for remotely managing its MSA appliances. It provides access to the TMG quick-start wizard, where you set up the network ports and choose from four operational templates.
We deployed the 1500i as an edge firewall and quickly integrated it into our AD domain. The TMG client is useful, as it offers HTTPS inspection notifications, auto-discovers the appliance, and offers a one-click web proxy setup.
TMG firewall policies comprise source and destination networks or hosts. They can also allow or deny actions, protocols and specific AD users and groups. Wizards are provided for securely publishing LAN resources such as Exchange web access, SharePoint sites and web servers.
Policies can include web-filtering rules with categories to be blocked or allowed. Microsoft provides over 70 URL categories, all of which were effective.
The optional Forefront Protection for Exchange provides email protection and antispam measures, and doesn't support other third-party email servers. It snaps neatly into the TMG console and provides wizards for declaring your Exchange servers and mail domains. It uses a spam confidence level scoring system for detecting spam and provides three actions where you can delete, reject or quarantine messages.
Both web content and emails are subjected to a barrage of virus scans, as TMG offers up to five engines from Kaspersky, Authentium, Norman, VirusBuster and Microsoft. File-attachment filters can be applied to inbound and outbound traffic, and message bodies can be scanned for specific keywords and phrases.
Reporting is extremely detailed, with options to view details on user activity, web traffic, cache usage and much more. These can be scheduled to run regularly, although it was annoying to find that reports can't be generated for the current day's activity until the following day.
With TMG 2010 in the driving seat, the MSA 1500i offers an impressive range of security measures and is a cinch to integrate into AD domains. The optional security features will push up the price, but for SMBs that want Microsoft on their security appliance this is the one to go for.
Author: Dave Mitchell
- Will the next Windows 8.1 update arrive next month?
- BT One Phone lets SMBs ditch landlines for mobiles
- Microsoft shows Modern apps running in desktop windows
- Apple and IBM buddy up for enterprise push
- Windows Phone 8.1 starts rolling out to Nokia phones
- Government broadband plans "lack ambition"
- SMBs get Office 365 price cuts, new plans
- Windows 7: you can keep it until 2020
- BlackBerry Passport's square for spreadsheets
- Microsoft to release six updates this Patch Tuesday
- How Google Glass ruined my lunch hour
- Smartphone battery packs: can a USB power pack beat the festival battery blues?
- Windows Easy Transfer – not so "easy" in Windows 8.1
- Formula 1: what a difference virtualisation makes
- Office of the future: comfy chairs and tablets everywhere
- I went to Glastonbury and the only thing that got high was my smartphone
- Meet the robots helping teach children
- PaperLater: would you pay to print the internet?
- Amazon vs Kobo: how much to make the ebook switch?
- Phishing emails: how I nearly got caught out
- Five worst SMB security threats... and how to solve them
- Doing business in a social era
- How to configure SysLookup for your network
- The 18 best Outlook tips for increasing productivity: become an Outlook expert with these lesser-known tips
- Office: should you buy it, rent it - or dump it?
- Small server vs cloud: which is best for SMBs?
- The best mobile apps for business
- Windows XP: Microsoft’s ticking time bomb
- gTLDs: what your business should know about new domain names
- Can Microsoft survive? A look at servers and tools
- How to add in-app purchasing to an iPhone, Android or Windows app
- Remote-control ransomware: TeamViewer and software hardball
- Why laptops with serial ports matter to the Internet of Things
- Make your mobile battery last longer
- Small steps into handling Big Data
- Nexus 5: does it really run stock Android?
- How to get broadband to a garden office
- How to write your company's IT security policy
- Raspberry Pi and Wolfram: a must-have for every child
- Could you get by with Office Web Apps?