Astaro Security Gateway v8
Strengths: Great features for small remote office secure configurations, certificate manager on the appliance
Weaknesses: UI was a bit hard to get through. VPN reporting
Verdict: Decent overall product. Gives you all of the options you need for delivering IPsec VPN
Astaro Security Gateway v8 provides you with a full unified threat management perimeter solution on the platform of your choice. It is available as a hardware, software or virtual appliance. All deployment methods feature the same functionality and management interface and they can be deployed in multiple/mixed configurations.
We tested the hardware appliance and the Astaro Secure Client to build a tunnel between the Astaro gateway and our test systems. The IPsec VPN connections on this security system always use the tunnel mode. Since this appliance acts as a gateway, we did not find this to be a limitation. MD5 and SHA-1 hashing is supported, along with 3DES and AES (128, 192, 256-bit) encryption.
The Astaro Secure Client came with an integrated desktop firewall. The gateway supported NAT Traversal technology for connections between hosts that contain NAT devices. Astaro also supports the Cisco IPsec client.
Configuration of the VPN tunnels was done through a tabbed-based web page style user interface. The connections were easy to define and, once defined, policy needed to be configured. Each IPsec connection needs an IPsec policy and a policies tab let us customise parameters for IPsec connections and unite them into a policy. A policy defines IKE (Internet Key Exchange) and proposal parameters of the IPsec connection.
The one-click client configuration option was a decent feature for quickly deploying and automatically installing Astaro Secure Client software, configuration files and keys and certificates. Using this feature you could have your remote users download and install the client with a single mouse click.
We also liked the remote Ethernet device management feature that delivered ease of remote deployment, while providing a secure connection back to the local LAN, allowing the remote systems to work as if they were local.
Logging was supported through a separate syslog server. Reporting in general was pretty good for the other security features, but we did not find a lot of reporting available for the VPN portion. Support options are available for a fee.
Astaro Security Gateway v8 is available as a 220 hardware appliance and for a base licence for unlimited users it costs approximately c£830. The IPsec client is c£58.50 (single) or c£52 (pack of ten) and a subscription with standard support for one year for ASG Network Security is approximately c£518, making it good value for money.