eSoft InstaGate 404s review
Strong web content security measures, but it's pricey and easily overtaxed
Review Date: 5 Dec 2012
Reviewed By: Dave Mitchell
Price when reviewed: £570 (£684 inc VAT)
Features & Design
Value for Money
The InstaGate 404s appliance from US company eSoft targets the SoHo market and offers tough web security for networks of up to 15 users. The base system provides an SPI firewall and VPN support, while eSoft’s Web ThreatPak adds IPS, web content filtering, gateway antivirus and anti-spyware, plus IM and P2P app controls.
It’s a compact appliance with four Fast Ethernet ports providing WAN, dual-switched LAN and DMZ duties, and would seem to be the ideal candidate for use in a small office. However, the 1GHz VIA C7 processor’s cooling fan is noisy: it will be hard to ignore in cramped environments.
Installation is a smooth process: a wizard helps with registration and the Web ThreatPak download and, once active, it keeps all scanners and signatures updated automatically. The firewall has predefined rules so you’re ready to go, but you can add your own if you want more control over specific services.
Options are provided for creating site-to-site IPsec VPNs with other InstaGates or client VPNs for mobile workers. For web content filtering, you can swiftly set up HTTP scanning using the transparent proxy mode. Policies can either be applied to all users or selectively to networks defined by their IP address ranges.
Proxy authentication comes into play with the user mode, where you can employ the appliance’s local database or an Active Directory server. Unlike most competing products, content filtering is carried out locally and not in the cloud, so eSoft’s own URL database needs to be downloaded to the appliance.
This didn’t take long and we were then able to create blocking policies using any of the 17 URL categories and more than 50 sub-categories. You can leave policies permanently active or apply a schedule so they’re active only on selected days and times.
Gateway antivirus is enabled with a single click, and you can create lists of IP addresses that are exempt from scanning. Anti-spyware is just as easy to activate, and for IPS you can add details of specific servers you want protected, where the appliance will then create custom profiles.
eSoft claims a firewall performance of 100Mbits/sec, although in reality, this is the throughput limit of the WAN port. To test this, we hooked up the 404s to the lab’s Ixia XM2 chassis and its Xcellon-Ultra NP load modules. The Ixia IxLoad app confirmed the firewall was good for around 90Mbits/sec, which dropped only slightly with all UTM functions activated. However, using the appliance’s web interface during testing had a big impact on performance.
As we refreshed the ThreatMonitor interface, we saw IxLoad register a significant drop in performance, with throughput falling as low as 10Mbits/sec for brief periods. With such a small supported userbase we don’t see this as a serious problem, but if you have bandwidth-hungry users you’ll have to avoid using the web console where possible.
There’s no denying that the web content security features of the InstaGate 404s are highly accomplished, but there are serious issues. The noisy operation dampens its appeal for the smaller office, and our tests show that it’s operating at the limits of its performance. The price is the final stumbling block: stack it up against the PC Pro Recommended WatchGuard XTM 25-W and it really isn’t such good value for money.
Author: Dave Mitchell
- Sony revives optical discs with 1TB Archival Disc
- IDC: iPad intertia opens door for Windows tablets
- Office 365 goes social with "Oslo" news feed
- Windows XP: upgrading 30,000 PCs in 30 days
- LibreOffice: ignore Microsoft's "nonsense" on government's open source plans
- Intel Xeon E7 v2 servers support 6TB of RAM
- Microsoft promises video calls between Skype and Lync
- Office for iPad due before July
- Windows 7 on business PCs gets an extension
- Windows apps land on Chromebooks with VMware
- CeBit 2014 diary: Cameron comes to town
- The 5 most interesting UK businesses at SXSW
- Quickest way to upload 1GB? Hop on a train
- Move over Delia: IBM Watson is cooking tonight
- Eric Schmidt on the double-edged smartphone: friend and foe
- Getty joins the race to the bottom
- Hour of Code: five steps to learn how to code
- Sony Xperia Z2 Tablet review: first look
- Sony Xperia Z2 review: first look
- Samsung Galaxy Gear 2 review: first look
- Small server vs cloud: which is best for SMBs?
- The best mobile apps for business
- Windows XP: Microsoft’s ticking time bomb
- gTLDs: what your business should know about new domain names
- Can Microsoft survive? A look at servers and tools
- Can Microsoft survive? The future of Office
- A real-world guide to business VoIP
- Sack your PA: how to stay on top of your work life
- Power lies with the internet giants, not the governments
- Software subscriptions return us to a life of servitude
- Headings vs headers: how to use both in Word
- Windows Server 2012 R2: how the Datacenter edition could change SMBs
- Invoices and VAT: how to set up your documents correctly
- Nexus 5 vs Samsung Galaxy S4 Active: the best phone for avoiding screen burn
- How much is a social user worth?
- The key to choosing a secure password
- Thunderbolt Bridge: a fast Mac migration tool
- Should you advertise on Twitter?
- How to track a lost smartphone
- Self-publishing success: the best way to sell your book