eSoft InstaGate 404s review
Strong web content security measures, but it's pricey and easily overtaxed
Review Date: 5 Dec 2012
Reviewed By: Dave Mitchell
Price when reviewed: £570 (£684 inc VAT)
Features & Design
Value for Money
The InstaGate 404s appliance from US company eSoft targets the SoHo market and offers tough web security for networks of up to 15 users. The base system provides an SPI firewall and VPN support, while eSoft’s Web ThreatPak adds IPS, web content filtering, gateway antivirus and anti-spyware, plus IM and P2P app controls.
It’s a compact appliance with four Fast Ethernet ports providing WAN, dual-switched LAN and DMZ duties, and would seem to be the ideal candidate for use in a small office. However, the 1GHz VIA C7 processor’s cooling fan is noisy: it will be hard to ignore in cramped environments.
Installation is a smooth process: a wizard helps with registration and the Web ThreatPak download and, once active, it keeps all scanners and signatures updated automatically. The firewall has predefined rules so you’re ready to go, but you can add your own if you want more control over specific services.
Options are provided for creating site-to-site IPsec VPNs with other InstaGates or client VPNs for mobile workers. For web content filtering, you can swiftly set up HTTP scanning using the transparent proxy mode. Policies can either be applied to all users or selectively to networks defined by their IP address ranges.
Proxy authentication comes into play with the user mode, where you can employ the appliance’s local database or an Active Directory server. Unlike most competing products, content filtering is carried out locally and not in the cloud, so eSoft’s own URL database needs to be downloaded to the appliance.
This didn’t take long and we were then able to create blocking policies using any of the 17 URL categories and more than 50 sub-categories. You can leave policies permanently active or apply a schedule so they’re active only on selected days and times.
Gateway antivirus is enabled with a single click, and you can create lists of IP addresses that are exempt from scanning. Anti-spyware is just as easy to activate, and for IPS you can add details of specific servers you want protected, where the appliance will then create custom profiles.
eSoft claims a firewall performance of 100Mbits/sec, although in reality, this is the throughput limit of the WAN port. To test this, we hooked up the 404s to the lab’s Ixia XM2 chassis and its Xcellon-Ultra NP load modules. The Ixia IxLoad app confirmed the firewall was good for around 90Mbits/sec, which dropped only slightly with all UTM functions activated. However, using the appliance’s web interface during testing had a big impact on performance.
As we refreshed the ThreatMonitor interface, we saw IxLoad register a significant drop in performance, with throughput falling as low as 10Mbits/sec for brief periods. With such a small supported userbase we don’t see this as a serious problem, but if you have bandwidth-hungry users you’ll have to avoid using the web console where possible.
There’s no denying that the web content security features of the InstaGate 404s are highly accomplished, but there are serious issues. The noisy operation dampens its appeal for the smaller office, and our tests show that it’s operating at the limits of its performance. The price is the final stumbling block: stack it up against the PC Pro Recommended WatchGuard XTM 25-W and it really isn’t such good value for money.
Author: Dave Mitchell
- Microsoft supercharges PowerPoint with Office Mix
- Microsoft and Nokia deal tweaked ahead of completion
- Microsoft slashes custom XP support price
- Ubuntu LTS Server 14.04 extends cloud support
- Intel: PC sales are "encouraging"
- Google to rank encrypted pages higher
- Heartbleed: the race to reissue security certificates
- Dropbox boosts app line-up with Carousel and Mailbox for Android
- BlackBerry CEO says not selling off phones "any time soon"
- Microsoft halts business downloads of Windows 8.1 Update
- Windows 8.1 Update: an abject surrender
- The insane economics of Sky Now TV
- No such thing as a free app... so pay up if you want quality
- Time to outlaw crapware-laden installers
- Windows Phone 8.1 video: hands-on
- Office for iPad: key information
- Why every PC buyer owes Richard Durkin a debt of gratitude
- HTC One M8 vs Samsung Galaxy S5: 2014's big-hitters compared
- Windows XP end of life: key information
- Cut out the broadband jargon? What jargon?
- Office: should you buy it, rent it - or dump it?
- Small server vs cloud: which is best for SMBs?
- The best mobile apps for business
- Windows XP: Microsoft’s ticking time bomb
- gTLDs: what your business should know about new domain names
- Can Microsoft survive? A look at servers and tools
- Can Microsoft survive? The future of Office
- A real-world guide to business VoIP
- Sack your PA: how to stay on top of your work life
- Power lies with the internet giants, not the governments
- Make your mobile battery last longer
- Small steps into handling Big Data
- Nexus 5: does it really run stock Android?
- How to get broadband to a garden office
- How to write your company's IT security policy
- Raspberry Pi and Wolfram: a must-have for every child
- Could you get by with Office Web Apps?
- The best Android antivirus apps for 2014
- Headings vs headers: how to use both in Word
- Windows Server 2012 R2: how the Datacenter edition could change SMBs