Caption by: Alan Stevens
A well-established vendor of software-based security tools, SmoothWall has taken the next logical step by developing a hardware based UTM (Unified Threat Management) appliance for small to medium sized businesses However, instead of simply porting its software to a low-cost platform (a common approach in this market), the company has gone for an ambitious dual-core-powered device, making it of interest to wide range of companies, large and small.
One look at the hardware specs for the SmoothGuard 1000-UTM and you know it’s something special. Indeed it’s much more of a server than a regular appliance, with an Intel Core 2 Duo processor supported by 1GB of DDR2 memory and a PCI Express I/O bus, plus a 60GB SATA hard disk to hold both the Linux-based operating system and the SmoothWall software.
The device itself comes in a fairly standard 1U rack-mount case that also features seven multi-purpose Gigabit Ethernet ports. These are connected via the PCI Express bus for maximum throughput and can be used to connect internal networks or to the Internet via external routers/modems and to set up demilitarised zones (DMZs) for public-facing servers.
Maximum routing performance between ports is 933Mbps (full duplex) with VLAN support a built-in option on all of the ports, together with load balancing of both incoming and outgoing traffic plus automatic failover capabilities. Failover to a second standby appliance is also an option.
As with most appliances, a web-based interface is provided for setup and management. We found this easy to use, although there’s quite a lot to get to grips with. In fact, if asked to identify a weakness with the SmoothGuard 1000-UTM, it would have to be the sheer volume of options and settings available. However, you don’t have to tweak everything and it doesn’t take that long to get it working, with a useful policy archive that can be downloaded to get started. The accompanying documentation is pretty good, too, and is recommended reading before you embark on the process. Alternatively, most resellers will offer to install the appliance and, if you want, provide ongoing management and support.
Existing SmoothWall customers will find the software involved very familiar as it’s a combination of number of existing products that provide four sets of security tools, starting with the company’s own stateful packet inspection (SPI) firewall. This can be used to protect any or all of the interfaces, whether external or internal plus the DMZ ports. Dynamic and static NAT (Network Address Translation) facilities are also integrated, along with support for Layer 7 packet analysis and intrusion detection and prevention (IDS/IDP).
Secure remote access is the second of the four tool sets, with an integrated VPN (Virtual Private Network) gateway capable of handling both site-to-site and remote user tunnelling. Interestingly, SmoothWall bucks the trend in recommending the Layer 2 Tunnelling Protocol (L2TP) for remote access and teleworkers — primarily because it doesn’t require any additional client software. However, IPsec is also supported if preferred and is the default when setting up permanent site-to-site tunnels, with support for a range of encryption technologies including both 3DES and the latest AES (Advanced Encryption Standard) algorithms. Digital certificate support is also provided along with pre-shared keys for compatibility with other devices.
No hard and fast limits are set on the number of tunnels that can be supported by the SmoothGuard appliance, and there are no licensing limits either. Moreover, there’s plenty of headroom with a claimed throughput ceiling of 200Mbps per port using IPsec with AES encryption.
Next comes web security and content filtering, with some 16 separately configurable security policies available here. These use SmoothWall’s Dynamic Content Analysis (DCA) technology to categorise and filter out content on the fly to, for example, block objectionable material and screen out embedded viruses, spyware, browser exploits and other malicious code. Security policies can be assigned to Active Directory, LDAP and RADIUS authentication groups with further customisation dependent on the time of day another useful option.
The final toolset is designed to protect email systems using multiple scanners to screen out viruses and spam from both POP3 retrieved and SMTP delivered messages. Updates are downloaded and applied automatically every five minutes and suspect messages can be flagged, dropped or directed to a quarantine mailbox. Support for real-time black hole lists is also built in along with protection against phishing attacks and facilities to remove specific types of attachment.
A full set of reporting and alerting tools complete the SmoothGuard package. You can, for example, generate a list of the most visited web sites, time spent browsing and bandwidth used, as well as spam and virus activity. Reports can be generated on demand with facilities available to export data for use in third-party reporting packages such as Crystal Reports.
The SmoothGuard 1000-UTM delivers a comprehensive set of security tools on a powerful hardware platform. It’s not cheap and it doesn’t negate the need for other security precautions; it’s also far from a 'set and forget' solution, requiring a fair amount of setup work. Companies with distributed networks could also find the lack of centralised management an issue. Other than that, however, this SmoothWall appliance has got a lot going for it, especially for larger organisations struggling with the performance issues that can afflict cheaper alternatives.
Caption by: Alan Stevens
Caption by: Alan Stevens