The security appliance market is awash with products that claim to offer every conceivable facility for protecting your network. Anti-virus, firewall protection, intrusion detection, anti-spam and web filtering are the most common options but from our experiences many solutions excel in one or two areas but by spreading themselves too thin often fail to deliver on all counts. Not so with the SentryPilot as Equiinet claims that by focusing only on anti-spam, anti-virus and web content filtering it can deliver a product that is equally strong in all three disciplines.
Installation can take one of two paths as the SentryPilot can function alongside an external Internet gateway using a single network connection or can operate as a gateway itself.
In our test scenario we set up the SentryPilot with an internal LAN connection to our test network and a WAN link to our main proxy server. We then configured all internal test clients to use the appliance as their proxy server. Installation starts by pointing a web browser at the unit to access its tidy management interface. Once Internet access is established each feature needs to be activated by entering different licenses and proof of purchase keys. It’s here that we had problems as the licences supplied to us weren’t even for the correct product and failed to be accepted, resulting in a lengthy call to technical support which could have been avoided.
All access is determined by user accounts and group membership and you can force all users to log on to the appliance first. Each group uses rules to set the level of access and time bands to control when they are active. You can apply multiple rules to a group so you could, for example, allow web access only to a list of corporate web sites during the working day, open up access but with content filtering still active during the evening and block all access at the weekend.
Content filtering comes courtesy of N2H2 and during blacklist creation you can select from forty-five categories that you want blocked. Rather than store the database locally on the appliance, Equiinet takes the simple expedient of maintaining a remote category server that manages a fully updated database that is available to all Equiinet clients. Each time a user accesses the web the appliance checks the content with the remote database before allowing it through. This will generate some extra network traffic but using a central database means Equiinet can ensure all clients are using the latest version and updates won’t incur any hefty downloads.
Email and web anti-virus measures come courtesy of specialists Sophos so you won’t get any better than this. All email and web downloads are checked as they pass through the appliance and dodgy messages can discarded, diverted or returned to the sender. Equiinet downloads new signatures from Sophos’ web site every 15 minutes and compiles them ready for the SentryPilot which itself checks for updates once an hour. This is an automatic process that cannot be modified but new files are applied without any user intervention.
The spam assessment feature scores each message on its spam qualities and can either divert or discard those that reach a certain score. X-headers are also placed in the subject line so you can use local rules on email clients to determine a course of action. The appliance also integrates with the SpamCop service which provides a blacklist of known spammers. It is applied before the spam assessment and will score a message an extra three points if the sender is on the list.
Although not actively promoted, the SentryPilot does actually have a stateful packet inspection firewall as standard. Equiinet advised us that this is part of the operating system and is easier to leave in than take out. It is deactivated by default but you don’t get charged for it should you decide to use it. The appliance even has a parallel port and can function as a basic print server.
Apart from the licensing confusion we found the SentryPilot comparatively easy to install and set up and once you have created your own custom rules, time slots and group memberships can leave the appliance to its own devices as all updates are carried out automatically.
The SentryPilot is aimed at companies that have existing firewall services but want a dedicated appliance providing anti-virus, anti-spam and tough content filtering. Configuration is simple enough but most of the update functions are completely automated. If you want a low-cost solution that you can plug in and forget, this appliance is well worth a look.