Astaro Security Linux
: A well-designed system with a comprehensive feature set.
: The system's Linux roots may discourage Microsoft fanatics.
: This system includes features that are provided at extra cost on more expensive systems.
SummaryThis software firewall is based on a hardened version of Linux. Installing it from the CD caused no problems, and the secure version of Linux and the firewall software were installed in one operation.
As the system is pre-configured, a number of security issues that would need to be addressed with a standard Linux installation are avoided. Once installed, the firewall must be administered from another machine on the network using a web browser capable of supporting SSL communications. The interface is mostly intuitive, but some parts had us reaching for the 244-page printed manual.
It is possible to configure the firewall in minute detail, but the system makes reasonable assumptions. The port scanner detection is disabled by default and can be set to accept, reject or ignore port scans. This worked when tested with our port scanners, with the attempts being logged and dropped as the scanners failed to detect any open ports.
The system provides a stateful inspection firewall, comprehensive VPN facilities, virtual LAN (VLAN) support, anti-spam, content filtering, wireless LAN (WLAN) security and denial-of-service protection as standard. Licensing costs depend on the number of seats, and the system is free to home users.
The system provides a wide range of logging and monitoring services, and a wealth of system, network, and firewall information is available. There is a facility to set alert conditions and send warnings to administrators if necessary, but this will only work if the DNS Proxy feature has been enabled or if the SMTP proxy has been set to allow incoming email.
There is no facility to schedule the dispatch of email logs to specified users at a specific time. All logs have to be viewed at the browser or downloaded to the workstation for later review. This is inconvenient if there are several firewall systems being managed remotely, and the ability to automate the collection and distribution of routine log data would be a useful addition to the system. The software does support upload of logs to a syslog server.