February 01, 2009
From £3,000 (exc VAT)
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Top anti-spam and web-filtering performance, a good range of security features, decent hardware specification
- Weaknesses: A few installation glitches, non-intuitive management interface
- Verdict: Not the easiest to configure but delivers plenty of security at a reasonable price
Whereas most network security vendors have moved away from software-only solutions to appliances, SmoothWall has always kept its options open. As a result, its firewall and content-security solutions are available either as software packages that use a standard PC or server host or, in the case of the SmoothGuard 1000-UTM, are delivered ready to go as a rack-mount appliance.
SmoothGuard offers plenty of security features, with the base unit costing £3,000. It comes with SmoothWall's Advanced Firewall, its Guardian web filtering, the SmoothZap email anti-virus, IDS and support for 1000 IPsec VPN tunnels. The price only includes Guardian support for ten users but this can be easily upgraded and SmoothWall also offers optional MailShell anti-spam, traffic-management and QoS options. Bring a pair of appliances on board and you have load balancing and failover to play with as well.
The 1000-UTM is a well-specified appliance. Its 2.12GHz Core 2 Duo processor has 2GB of DDR-2 memory. The network connections are looked after by seven Gigabit ports that can be configured to serve any function from LAN, WAN to DMZ. There's a small LCD display panel and control pad at the front used to reset administrative access, restore factory defaults, reboot the appliance or shut it down.
The management web interface isn't the best designed, as the menu is overly complex. For testing, we dropped the appliance in front of our LAN and configured one port as internal and another as external. However, the WAN port refused to accept an IP address from our router's DHCP server, so we had to configure it with static details. The appliance did not register automatically with SmoothWall, requiring one of its support engineers to remotely access it and reset this function before it worked.
There are plenty of options with network ports. They support roles that include zone membership. This allows you to employ internet access policies but also intra-zone policies. By default, all zones are hidden from each other.
For web filtering, you have transparent and non-transparent modes but you'll need to configure client systems to use the appliance as a proxy. The latter allows you to enforce user authentication and apply rule-based access policies to different users. Authentication options are all present, with a local user database and support for AD, LDAP and Radius servers.
SmoothWall keeps the costs down by employing a range of open source components. The well-respected Snort handles IDS and can use custom or automatic rule lists to look out for particular attacks. Custom rules are created within a file that is uploaded to the appliance - or you can register for a free 'oink' code from Snort and use its automated IDS rules.
IM app controls are fairly basic but the appliance can proxy this traffic on selected network interfaces, allowing you to scan all messages for unacceptable content and replace specific words. To achieve this, you configure the Message Censor service with rules containing predefined and custom word lists. IM file transfers can be blocked but this only applies to communications between IM servers and not direct transfers between IM clients.
ClamAV looks after anti-virus services, although there's not much to do here as this is automatically applied to web and mail traffic. You can choose your own anti-virus solution, as the appliance supports the use of external ICAP servers. For web-content filtering you can create various access policies and apply them to different groups of users (or everyone) and use time schedules to determine when they are active.
There are a wide range of controls as you have 24 main categories and under these are a further 72 sub-categories - although we found it annoying that any kind of policy change always required the proxy to be restarted; and policy creation isn't very intuitive. Nevertheless, SmoothWall scores higher than many other vendors as it also offers phrase checking within web page content.
We found filtering performance to be very good. With the default content-filtering policies activated, our attempts to access a wide range of online gambling and games sites were all rebuffed. We created an extra policy to deal with social networking plus internet entertainment and this blocked access to popular sites, including Facebook, MySpace and YouTube. The safe search feature is another useful tool, as it applies categories to web searches and will block access to the results if necessary.
To test the MailShell anti-spam features, we left the appliance transparently scanning live email for seven days and asked it to tag the subject headers of suspect messages so we could use Outlook's rules to move them to a separate folder. The results were very impressive: the appliance caught every bit of spam that came in during this period. False positives were low and for the test this was less than three per cent.
Installation glitches aside, the SmoothGuard 1000-UTM delivered an impressive performance during testing. The management interface isn't the easiest to use but the level of features on offer for the price makes this a good choice for larger businesses looking for a low-cost security solution.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Junior Penetration Tester, Hertfordshire, to £35k + benefits
Infosec People - England, Hertfordshire
Cyber Security Architect
CYBER EXECS - London (Greater)
SOC Analyst, Aldershot, £47-56k + package
Infosec People - Hampshire, England, Aldershot
Senior Security Engineer
Loveworklife Recruitment - United Kingdom
Sign up to our newsletters
SC Magazine UK Articles
- Tesco Bank allegedly ignored warnings of hack from Visa
- Investigatory Powers and Digital Economy Bills could threaten economy
- Updated: A million German routers knocked offline by failed Mirai botnet attack
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- Microsoft update left Azure Linux virtual machines open to hacking
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- 9.2 million medical records for sale on darkweb
- Microsoft Office 365 hit with massive Cerber ransomware attack, report
- ICYMI: Tesco warned; IP Bill threatens economy; German routers offline; Azure trojan; Gooligan fraud
- Data centres are on the move - where will they end up?
- 90% of ITDMs believe IAM is crucial to digital transformation success
- Research: Hacked companies could see customer exodus if breached
- Misconfigured drive exposes locations of explosives used by oil industry