eSoft InstaGate 404s review
Strong web content security measures, but it's pricey and easily overtaxed
Review Date: 5 Dec 2012
Reviewed By: Dave Mitchell
Price when reviewed: £570 (£684 inc VAT)
Features & Design
Value for Money
The InstaGate 404s appliance from US company eSoft targets the SoHo market and offers tough web security for networks of up to 15 users. The base system provides an SPI firewall and VPN support, while eSoft’s Web ThreatPak adds IPS, web content filtering, gateway antivirus and anti-spyware, plus IM and P2P app controls.
It’s a compact appliance with four Fast Ethernet ports providing WAN, dual-switched LAN and DMZ duties, and would seem to be the ideal candidate for use in a small office. However, the 1GHz VIA C7 processor’s cooling fan is noisy: it will be hard to ignore in cramped environments.
Installation is a smooth process: a wizard helps with registration and the Web ThreatPak download and, once active, it keeps all scanners and signatures updated automatically. The firewall has predefined rules so you’re ready to go, but you can add your own if you want more control over specific services.
Options are provided for creating site-to-site IPsec VPNs with other InstaGates or client VPNs for mobile workers. For web content filtering, you can swiftly set up HTTP scanning using the transparent proxy mode. Policies can either be applied to all users or selectively to networks defined by their IP address ranges.
Proxy authentication comes into play with the user mode, where you can employ the appliance’s local database or an Active Directory server. Unlike most competing products, content filtering is carried out locally and not in the cloud, so eSoft’s own URL database needs to be downloaded to the appliance.
This didn’t take long and we were then able to create blocking policies using any of the 17 URL categories and more than 50 sub-categories. You can leave policies permanently active or apply a schedule so they’re active only on selected days and times.
Gateway antivirus is enabled with a single click, and you can create lists of IP addresses that are exempt from scanning. Anti-spyware is just as easy to activate, and for IPS you can add details of specific servers you want protected, where the appliance will then create custom profiles.
eSoft claims a firewall performance of 100Mbits/sec, although in reality, this is the throughput limit of the WAN port. To test this, we hooked up the 404s to the lab’s Ixia XM2 chassis and its Xcellon-Ultra NP load modules. The Ixia IxLoad app confirmed the firewall was good for around 90Mbits/sec, which dropped only slightly with all UTM functions activated. However, using the appliance’s web interface during testing had a big impact on performance.
As we refreshed the ThreatMonitor interface, we saw IxLoad register a significant drop in performance, with throughput falling as low as 10Mbits/sec for brief periods. With such a small supported userbase we don’t see this as a serious problem, but if you have bandwidth-hungry users you’ll have to avoid using the web console where possible.
There’s no denying that the web content security features of the InstaGate 404s are highly accomplished, but there are serious issues. The noisy operation dampens its appeal for the smaller office, and our tests show that it’s operating at the limits of its performance. The price is the final stumbling block: stack it up against the PC Pro Recommended WatchGuard XTM 25-W and it really isn’t such good value for money.
Author: Dave Mitchell
- Toshiba beats retreat from consumer PC market
- Ellison steps down: but who's really running Oracle now?
- Microsoft set to make more job cuts
- Is Peter Pan panto tickets email genuine? Oh no, it isn't
- Intel triples Xeon E5 chip performance, adds DDR4
- Patch Tuesday targets critical IE flaw
- Microsoft refuses to hand over customer emails
- Microsoft yanks Windows 8.1 update after crash reports
- Microsoft backtracks on blocking out-of-date Java
- Gartner: time to start planning your Windows 7 upgrade
- How to check your identity hasn’t been sold to the hackers
- Tim Cook: this is how much TV has changed since the 70s
- Westminster wins the .London battle
- 20 years of PC Pro: from deep pan pizza to virtualisation
- Five reasons why the Apple Watch leaves me cold
- Apple Watch, iPhone 6 and 6 Plus: Tim Cook's Apple back with a bang?
- BT Home Hub 5: how to get maximum speed
- 20 years of PC Pro: one-star reviews (including "the worst tablet we've ever seen")
- 20 years of PC Pro: our best covers
- Why we've closed the PC Pro forums
- How to set up a wireless hotspot for your business: give customers free or paid for internet access
- Five worst SMB security threats... and how to solve them
- Doing business in a social era
- How to configure SysLookup for your network
- The 18 best Outlook tips for increasing productivity: become an Outlook expert with these lesser-known tips
- Office: should you buy it, rent it - or dump it?
- Small server vs cloud: which is best for SMBs?
- The best mobile apps for business
- Windows XP: Microsoft’s ticking time bomb
- gTLDs: what your business should know about new domain names
- How to sell more ebooks on Amazon
- 10 ways to make your business more secure
- Top five VoIP mistakes
- How to add in-app purchasing to an iPhone, Android or Windows app
- Remote-control ransomware: TeamViewer and software hardball
- Why laptops with serial ports matter to the Internet of Things
- Make your mobile battery last longer
- Small steps into handling Big Data
- Nexus 5: does it really run stock Android?
- How to get broadband to a garden office