Teros 200 Secure Application Gateway Enterprise Edition
Strengths: A truly enterprise-class product that protects against a wide range of attacks.
Weaknesses: Tricky setup gave us a lot of trouble and required handholding from Teros technical support.
Verdict: An impressive, fully featured product, but not very easy to set up.
The Teros 200 is billed as a web application firewall to protect and accelerate web applications against application-layer attacks. Each unit can protect up to 20 web servers.
The unit is sturdily constructed, steel-clad and boasts dual power supplies and three large fans.
When we fired up the system, we realized that these fans are not for show. Some of the devices on test have been relatively loud, but this unit should definitely only be deployed in a dedicated server room – the fan is very noisy. But this should not be an issue given its enterprise market positioning.
The unit is activated via a serial-connected command line management console, not a particularly user-friendly setup method for this class of device. The supplied cable has a serial connector at one end, which went into our management client PC, and RJ-45 at the other, plugging into the unit.
After logging in via telnet with a unique and secure password provided by Teros, we configured the control parameters and the LAN and WAN settings. We gave the device an IP address and set the local subnet mask.
After setting these initial configuration parameters, we moved on to the main management client. This involved firing up an https secure session after we connected a patch lead into the “control port” – not the “LAN port” – of the device. We had serious issues trying to fire up this console, with the browser not recognizing the unit, but Teros’ technical support came to the rescue.
The web-based management interface is clearly laid out and relatively easy to navigate for this scale of enterprise product. It allows administrators to modify the unit to protect any local web servers. It also supports virtual IP addressing, to define and protect a cluster of web servers.
Support for XML-based Web Services Description Language enables this unit by default to block any malicious commands that are not defined by WSDL, while the management interface allows the security administrator to define those commands that users are able to employ.