StoneGate High Availability Firewall & Multi-link VPN
November 01, 2005
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: A very powerful data center-level firewall and multifunction appliance.
- Weaknesses: The limitations of the printed documentation means firms are better off leaving installation to Stonesoft.
- Verdict: A highly scalable solution that is worth considering for enterprise data center protection.
The first thing we noted with this substantial 2U steel-clad device was the lack of a redundant power supply, but there are multiple network ports – four fiber Gig Ethernet connections and 10 copper Gig Ethernet ports.
As for hardware, the unit is based on dual 3GHz Intel Xeon processors, a 40GB hard drive and 1GB of system memory. The front of the unit has bays for six RAID drives, but the unit we tested had only one drive.
Installation is usually carried out by Stonesoft’s engineers, so we reverted to the manual’s setup procedure – connecting a monitor and keyboard directly into the back of the device. From here, we fired up a DOS-based screen from which we configured timezones, admin password and the management network interface.
The device automatically detects the network interfaces present and allows the user to specify the management port. It then gives the option to acquire an IP by DHCP or to manually set a static address. After this, the unit resets itself and reboots.
The quick start guide was not the clearest we have seen, and the documentation does not run in a logical order – we were prompted to jump to chapter five to set up and define the firewall engine, then jump back to setting up the management GUI control panel.
From the supplied CDs, we began by loading up the GUI-based StoneGate Control Panel application and from here began to actually configure the firewall appliance.
The documentation on the CDs in PDF format was vastly superior to the printed instructions.
We set the internal firewall rules from the fairly clear control panel, configuring the network interfaces to firewall off discrete elements of the data center. This means that users could, for example, define security polices for different network areas. From here, we were also able to configure VPN access and IPS functionality.
The unit has excellent scalability. Up to 16 firewall appliances can be grouped into a single cluster, and around 500 firewalls and clusters can be managed from one management server.