eSoft InstaGate 404s review
Strong web content security measures, but it's pricey and easily overtaxed
Review Date: 5 Dec 2012
Reviewed By: Dave Mitchell
Price when reviewed: £570 (£684 inc VAT)
Features & Design
Value for Money
The InstaGate 404s appliance from US company eSoft targets the SoHo market and offers tough web security for networks of up to 15 users. The base system provides an SPI firewall and VPN support, while eSoft’s Web ThreatPak adds IPS, web content filtering, gateway antivirus and anti-spyware, plus IM and P2P app controls.
It’s a compact appliance with four Fast Ethernet ports providing WAN, dual-switched LAN and DMZ duties, and would seem to be the ideal candidate for use in a small office. However, the 1GHz VIA C7 processor’s cooling fan is noisy: it will be hard to ignore in cramped environments.
Installation is a smooth process: a wizard helps with registration and the Web ThreatPak download and, once active, it keeps all scanners and signatures updated automatically. The firewall has predefined rules so you’re ready to go, but you can add your own if you want more control over specific services.
Options are provided for creating site-to-site IPsec VPNs with other InstaGates or client VPNs for mobile workers. For web content filtering, you can swiftly set up HTTP scanning using the transparent proxy mode. Policies can either be applied to all users or selectively to networks defined by their IP address ranges.
Proxy authentication comes into play with the user mode, where you can employ the appliance’s local database or an Active Directory server. Unlike most competing products, content filtering is carried out locally and not in the cloud, so eSoft’s own URL database needs to be downloaded to the appliance.
This didn’t take long and we were then able to create blocking policies using any of the 17 URL categories and more than 50 sub-categories. You can leave policies permanently active or apply a schedule so they’re active only on selected days and times.
Gateway antivirus is enabled with a single click, and you can create lists of IP addresses that are exempt from scanning. Anti-spyware is just as easy to activate, and for IPS you can add details of specific servers you want protected, where the appliance will then create custom profiles.
eSoft claims a firewall performance of 100Mbits/sec, although in reality, this is the throughput limit of the WAN port. To test this, we hooked up the 404s to the lab’s Ixia XM2 chassis and its Xcellon-Ultra NP load modules. The Ixia IxLoad app confirmed the firewall was good for around 90Mbits/sec, which dropped only slightly with all UTM functions activated. However, using the appliance’s web interface during testing had a big impact on performance.
As we refreshed the ThreatMonitor interface, we saw IxLoad register a significant drop in performance, with throughput falling as low as 10Mbits/sec for brief periods. With such a small supported userbase we don’t see this as a serious problem, but if you have bandwidth-hungry users you’ll have to avoid using the web console where possible.
There’s no denying that the web content security features of the InstaGate 404s are highly accomplished, but there are serious issues. The noisy operation dampens its appeal for the smaller office, and our tests show that it’s operating at the limits of its performance. The price is the final stumbling block: stack it up against the PC Pro Recommended WatchGuard XTM 25-W and it really isn’t such good value for money.
Author: Dave Mitchell
- Will the next Windows 8.1 update arrive next month?
- BT One Phone lets SMBs ditch landlines for mobiles
- Microsoft shows Modern apps running in desktop windows
- Apple and IBM buddy up for enterprise push
- Windows Phone 8.1 starts rolling out to Nokia phones
- Government broadband plans "lack ambition"
- SMBs get Office 365 price cuts, new plans
- Windows 7: you can keep it until 2020
- BlackBerry Passport's square for spreadsheets
- Microsoft to release six updates this Patch Tuesday
- How Google Glass ruined my lunch hour
- Smartphone battery packs: can a USB power pack beat the festival battery blues?
- Windows Easy Transfer – not so "easy" in Windows 8.1
- Formula 1: what a difference virtualisation makes
- Office of the future: comfy chairs and tablets everywhere
- I went to Glastonbury and the only thing that got high was my smartphone
- Meet the robots helping teach children
- PaperLater: would you pay to print the internet?
- Amazon vs Kobo: how much to make the ebook switch?
- Phishing emails: how I nearly got caught out
- Five worst SMB security threats... and how to solve them
- Doing business in a social era
- How to configure SysLookup for your network
- The 18 best Outlook tips for increasing productivity: become an Outlook expert with these lesser-known tips
- Office: should you buy it, rent it - or dump it?
- Small server vs cloud: which is best for SMBs?
- The best mobile apps for business
- Windows XP: Microsoft’s ticking time bomb
- gTLDs: what your business should know about new domain names
- Can Microsoft survive? A look at servers and tools
- How to add in-app purchasing to an iPhone, Android or Windows app
- Remote-control ransomware: TeamViewer and software hardball
- Why laptops with serial ports matter to the Internet of Things
- Make your mobile battery last longer
- Small steps into handling Big Data
- Nexus 5: does it really run stock Android?
- How to get broadband to a garden office
- How to write your company's IT security policy
- Raspberry Pi and Wolfram: a must-have for every child
- Could you get by with Office Web Apps?