Panda Performer 9100
Strengths: Excellent anti-spam performance, easy to deploy, intuitive web interface, policy-based security, good reporting and alerting
Weaknesses: No HTTPS scanning, average URL filtering performance, basic IM and P2P controls
Verdict: Panda's web content security appliance is tough on spam and malware, but too easy on URL filtering
Originally focusing on anti-virus measures, Panda's appliance family has grown rapidly in features and the latest GateDefender Performa products now aim to offer a full network security solution. The Performa 9100 on review brings together Panda's expertise in all things virus-related and mixes these together with anti-spam, anti-malware, web content filtering and controls for nuisance IM and P2P apps.
Panda claims the 9100 has enough horsepower to handle up to 500Mbps of web traffic and 220 messages per second. There aren't any licensing restrictions, but the 9100 is aimed at up to 500 users. The hardware platform looks up to the job, as Panda has plumped for a quality Sun Fire X2100 1U rack server.
We found deployment a swift process, as the 9100 functions as a transparent gateway. All we needed to do was place the appliance behind our firewall and in front of the LAN, where it routed all traffic through without any need to reconfigure network clients. The appliance has a separate dual-port Gigabit card installed that provides a hardware bypass circuit, so if the server dies it won't block internet access.
The tidy browser interface opens with a status screen that shows warnings, the latest update times, network connections and activated modules. Plenty of details on throughput are given, including inbound and outbound traffic for each interface, along with graphs for spam, malware and web content filtering. All signature and database updates are handled automatically every 15 minutes and you can also run on-demand updates.
Before you start fiddling with security settings, it's a good idea to set up network definitions. These include IP addresses, LDAP servers, users and domains and apply in policies allowing a range of AUPs and web access restrictions to apply to different users, groups and systems.
Custom policy creation could be easier. Panda's documentation is thin on the ground and the appliance's online help simplistic. The appliance uses a combination of settings and profiles where the former define how each module will behave and the latter list to what or whom it will be applied.
Settings cover anti-malware, content filters, anti-spam and web filtering modules and are used to store unique configurations for them. Protection profiles bring together the network definitions and team them up with settings letting you apply custom security measures to selected systems and users. The IM and P2P module can only be used globally and is not in the settings menu.
Virus scanning can be applied to a range of protocols; if a virus is detected, the appliance will try either to disinfect it or delete it. If it fails to clean the virus out, you can opt to have an infected email sent to the quarantine area; for HTTP and FTP, you can elect to block the transmission.
Infected emails can have the offending attachment stripped out; inbound messages known to have been generated by viral activity will be deleted. Protocols selected for virus scanning will also be checked for spyware, while phishing messages can be redirected, deleted or have a warning message inserted in them.
The content filters are applied to HTTP and FTP traffic and for email you can create filters that check attachments and also look out for text keywords in content. During testing, we had to make Windows Update a trusted site, as the 9100 was blocking all updates.
Anti-spam comes courtesy of Cloudmark; it worked very well during testing, where we configured Outlook clients to download mail from a number of live accounts.
The appliance was set up to tag and pass identified spam and suspect messages. Outlook rules were created on clients to move them to separate mail folders.
After one week, Cloudmark had done a good job. Only one spam message slipped through, leaving the 9100 just shy of a perfect score. For false positives, it incorrectly identified only five messages as spam and tagged three messages as probable spam, even though they were legitimate business mail.
Cobion looks after website filtering and provides 21 main URL categories and over 60 sub-categories to choose from. However, performance was a mixed bag and we were surprised at how much it let through.
With the Gambling and Gaming categories blocked, we Googled for online poker sites and of the 40 visited, we were blocked from all but six. We used the same tactic for online bingo sites but found that for the same number of sites visited we were allowed into over a third of them.
IM and P2P controls are fairly basic, as all you can do is choose from a list of common apps and either allow them or block them completely. We tested this with Windows Live Messenger and found that with IM blocking selected, all activity between logged-in users ceased and new visitors couldn't log in. At this price, we would expect to see a more granular level of control, such as blocking file transfers but allowing conversations.
Performa 9100 offers a good range of web content security measures for the price and is very easy to install and deploy. Anti-spam is impressive and it provides good reporting tools, but URL filtering is a weakness.