July 01, 2010
From £6,900 for 750 users (exc VAT)
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Top hardware specification, high anti-spam and web filtering performance, dynamic content analysis, extensive reporting tools, good value
- Weaknesses: Web interface unintuitive
- Verdict: SmoothWall's SWG-1208 is a very well specified appliance that delivers extensive content security, HTTPS scanning as standard and good web filtering and anti-spam performance
SmoothWall's latest web security appliance is touted as the most powerful of its Guardian family and moves the focus firmly onto larger businesses and expanding educational establishments. Whereas its UTM products function as complete gateway solutions, the SWG appliance is designed to sit behind an existing firewall and provide content security.
The SWG-1208 on review packs one of the best hardware specifications we've seen. This 1U rack chassis is equipped with a 2.66GHz Q9400 Core 2 quad processor teamed up with 4GB of fast DDR3 memory. Of the six Gigabit interfaces, four are currently functional and the OS and quarantine area are loaded onto a pair of mirrored 500GB SATA hard disks.
At the top of the features list is SmoothWall's SmoothGuardian, which monitors and controls web browsing and can scan HTTPS traffic as standard. A key feature is its dynamic content analysis that examines web pages, looking for objectionable content and phrases. This is backed by URL category filtering and the ability to stop file types such as music and videos.
Next up is SmoothIM, which proxies IM app traffic on selected network interfaces, allowing you to scan all messages for unacceptable content and to replace specific words. This employs the Message Censor service that uses rules containing predefined and custom word lists. The SSL Intercept feature also allows the appliance to monitor SSL encrypted chats such as Google Talk and AIM.
The open source ClamAV provides anti-virus and optional modules are available, with SmoothZap offering anti-spam using the Mailshell filtering engine. A licence for this module for 250 users adds a further £1,000 to the price and the second year subscription costs £860.
SmoothZap functions as a mail relay, provides anti-virus scanning and uses the internal hard disks as a quarantine area if required. Usefully, SmoothZap also offers a transparent POP3 proxy.
An optional mail archiving module is also available, which performs a blind carbon copy on all mail. There is an FTP proxy module that monitors all uploads and downloads and can operate in transparent mode as well.
The physical network ports support a number of roles, including zone membership. This allows you to enforce general internet usage policies but also to apply policies that control traffic passing between zones. By default, all zones are hidden from each other, but bridging rules allow communication between zones.
For testing, we opted for bridge mode, where ports 3 and 4 are used to place the appliance in between the LAN and firewall. We could still employ the other ports as additional network interfaces and we also opted to have the first port for dedicated management access. You can deploy the appliance's web proxy in transparent mode, but this won't allow you to implement proxy authentication.
The web interface isn't the most intuitive. It takes a while to get accustomed to where the various features are accessed. It has an extra setting for binding ports 3 and 4 together and with this we had no problems deploying the appliance in our test network.
Opting for non-transparent web proxy brings user authentication into play, where you can apply rule-based access policies to different users and groups. Authentication options are extensive and include a local user and group database, plus support for AD, LDAP and Radius servers.
For the SmoothZap module, we selected the transparent POP3 proxy and left it scanning live email for ten days. We asked for all spam messages to be passed through but to have their subject line tagged so we could use Outlook's rules to move them to a separate folder.
Anti-spam was good, with the appliance scoring a 97 per cent success rate. False positives were more of a concern, as of all the messages tagged as spam, 11 per cent were incorrectly categorised.
However, with the quarantine area in action, you can provide the email addresses of users allowed to manage their own spam. They receive a daily summary and a link in the email takes them to their own quarantine area, where they can review held messages and release selected ones.
The Guardian module allows you to create multiple web access policies. Policies contain multiple filters and offer a wide range of options, with 24 URL categories with a further 74 sub-categories.
A key feature that makes the SWG-1208 stand out is phrase checking within web pages. SmoothWall includes lists of profanities and objectionable words for six other languages as well as English. Performance was extremely good; with the games and gambling categories blocked, we were unable to access any online poker or bingo sites.
In most cases, the weighted phase checks wouldn't even let us see the search results. Social networking was handled well and for these productivity-sapping sites SmoothWall provides a group of categories that blocked us from Facebook, Twitter and the like.
The SWG-1208 delivers plenty of web content security features, backed up by SmoothWall's dynamic content analysis. Its web interface could be more user-friendly, but it delivers quality reporting and good performance for web filtering and anti-spam.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Junior Penetration Tester, Hertfordshire, to £35k + benefits
Infosec People - England, Hertfordshire
Cyber Security Architect
CYBER EXECS - London (Greater)
SOC Analyst, Aldershot, £47-56k + package
Infosec People - Hampshire, England, Aldershot
Senior Security Engineer
Loveworklife Recruitment - United Kingdom
Sign up to our newsletters
SC Magazine UK Articles
- Tesco Bank allegedly ignored warnings of hack from Visa
- Investigatory Powers and Digital Economy Bills could threaten economy
- Updated: A million German routers knocked offline by failed Mirai botnet attack
- Microsoft update left Azure Linux virtual machines open to hacking
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- ICYMI: CEO Sacked; MS Zero-day; Passwords dropped; Ransomware wild, charging hack
- 9.2 million medical records for sale on darkweb
- ICYMI: Tesco warned; IP Bill threatens economy; German routers offline; Azure trojan; Gooligan fraud
- Data centres are on the move - where will they end up?
- 90% of ITDMs believe IAM is crucial to digital transformation success
- Research: Hacked companies could see customer exodus if breached
- Misconfigured drive exposes locations of explosives used by oil industry