Cisco Pro SA 540
Strengths: Hosted anti-spam service with good reporting and quarantining, URL filtering, extra endpoint protection options, SSL-VPNs
Weaknesses: The many optional features will increase costs significantly
Verdict: Cisco offers an all-in-one small business security solution that includes hosted anti-spam and endpoint protection options
Cisco's Small Business Pro portfolio targets firms of up to 100 users and the SA 540 on review aims to offer them a complete network security solution in one box. It brings together SPI firewall, IPsec plus SSL VPNs, mixes in URL filtering, anti-virus and anti-spam and tops it all off with IPS and endpoint protection.
Cisco has teamed up with Trend Micro to provide many features as hosted services. ProtectLink Gateway offers anti-spam, AV and anti-spyware, along with URL filtering and blocking. ProtectLink Endpoint provides local anti-virus protection for desktops and the SA 540 can restrict web access for hosts that don't have the required local protection.
The anti-spam feature doesn't actually require an SA appliance, as all your mail must be redirected to Trend's InterScan servers.
For an SME solution, this is unusual, as the majority of security appliances at this price function as transparent gateways and carry out anti-spam duties internally.
The SA 540 is a compact and quiet desktop or rack-mountable unit with eight Gigabit LAN ports and a pair of WAN ports.
Initial setup is via a quick-start wizard to get your LAN and WAN ports configured. All SA apps support primary and secondary firmware images. However, do not under any circumstances switch to a secondary image if it hasn't been loaded, as this will kill the appliance and turn it into a brick.
The SPI firewall has a default outbound traffic policy, but you can customise it. Endpoint protection comes courtesy of Trend's Worry-Free Business Security Hosted service. Installation is simple: you email each user with a web link that downloads and installs an agent to their system. From a portal to the hosted service you can see which systems have the agent loaded and run scans. You can also apply a single, global policy from the appliance to block web access to any desktop without the agent.
The ProtectLink Gateway option activates both URL filtering and anti-spam.
Performance was disappointing, as, with the games and gambling categories blocked, we got through to 20 per cent of the online bingo sites visited. We were able to block access to nuisance sites such as Facebook and Twitter, but it would be useful if Cisco implemented a URL lookup.
When it comes to implementing anti-spam, don't expect any help from the manuals. Also be aware that it could take up to four days for this change to propagate.
The InterScan service is accessed directly from the appliance's web interface and the portal offers an impressive range of mail-handling reports and statistics.
InterScan scores over most transparent gateways, as it provides full quarantining.
Surprisingly, IPS is an optional feature that costs around £100 per year to activate. It offers the usual defences against common web attacks and its protocol inspection lets you block specific services.
The SA 540 offers a complete network security package but bear in mind that most of the features are optional and can add substantially to the base price. An annual 25-seat licence for the ProtectLink Gateway adds over £430 to your bill; the Endpoint option costs the same again.
Smaller businesses of up to 30 users may be better off looking at products such as Netgear's ProSecure UTM appliance. These transparent gateways are far easier to deploy and although they don't include endpoint protection do cost a lot less than the SA 540.