: Providing two types of administrator account allows a more flexible approach to security.
: The system has little in the way of integration with third-party software, such as anti-virus or email filtering.
: A good device that concentrates on being a firewall, which it does well.
SummaryInstaGate PRO has an Intel Celeron processor rated at 850 Mhz coupled with 256 MB of memory in a 1U rack-mountable unit. The front panel contains a row of indicator lights, an LCD status display and a control panel. The printed documentation is only a six-page quick-start guide. All other documentation is provided as online help or a downloadable manual.
The initial device setup is straightforward. The device will accept an IP address from a DHCP server, but if one is not available it will use a default. If this address is assigned to a device on the network, it will search for the next available address. The selected address can be altered by using control buttons on the front panel to enter a new address and subnet mask.
The device displays its IP address on the front LCD panel when it is operational. No special management software is required since all communication is through a web browser over an SSL link. A set-up wizard runs automatically to control the device configuration process. The device will not accept ordinary http for any command or control functions. Setup requires several steps, starting with a license agreement and registration. The system can have separate device and system administrators.
Device administrators can make configuration changes while system administrators will receive system alerts and summary messages and have access to system log files, but will not be able to make configuration changes. A further security setting will assign a four-digit PIN to the control keypad that will lock it against unauthorized use.
The default firewall rules allow web access from the LAN to the internet and to the DMZ (if configured). Access from the internet to the LAN is restricted to the protocols for VPN access, although the system has pre-configured services defined for services such as AOL and Lotus Notes which can be used in creating new security rules. The system has global options that enable logging, ping response and dropping fragmented packets. The device did not notice our port scans, but did not reveal any open ports.