Strengths: High-end box with great scalability.
Weaknesses: No quality of service; GUI needs integration work.
Verdict: Solid performer that shows the strong CyberGuard pedigree.
The Total Stream Protection (TSP) line was part of the package when Secure Computing bought CyberGuard. This model is a beefy 3U box, supporting up to 38 ports with a total filtered throughput of 2.8Gbps (or half that for AES-encrypted VPNs). Hot-swappable redundant power and RAID storage is standard, and the box fully supports high-availability in various configurations.
Secure Computing provides a great tool for configuration in the form of an offline HTML page that walks through the options and then generates a text file. This can then be put onto a USB flash disk or floppy, and when the machine boots it will configure itself to that spec. The only worry was that the admin password is stored (hashed) in the file, so anyone with access to the same tool could brute-force the original password without much difficulty.
A decent web interface is provided, but we expected more. For a start, there are actually two separate web GUIs, one for the firewall functions and one for the WebWasher content filtering. Given that the management fully supports delegated admin roles, we would like these unified for consistency and to enable cross-function reporting.
Although most customers will prefer the web GUI, we were disappointed that the old X Windows interface is now absent. It wasn't pretty, and was probably scary to non-Unix pros, but it did the job. Now, connecting to a local X session only gives the option of a Firefox browser running the standard web GUI. Please, can we have the old X GUI back?
As a firewall, the TSP is great. There are not as many IP filtering options as we expected, but the box does everything so well you don't really notice. What is there is more than adequate, and is backed up with application-level filtering, which Secure Computing recently extended with release 6.4 of the TSP software.
With built-in content filtering (WebWasher), support for H.323 for voice, two-factor authentication (SafeWord), application proxies and VLAN support and very high-capacity IPsec VPN capabilities, it all adds up to a comprehensive package. We were surprised to see no support for quality of service for a product that scales all the way up to high-end data center environments.
Overall, the box is a solid offering, but we would like to see more of Secure Computing's acquired technology integrated to really flesh it out.