Whilst there’s no shortage of Internet security appliances on the market, the Edgeforce Plus from ServGate aims to stand out from the crowd by offering a modular design and licensing system that allows it to be upgraded, easily, as and when required. With the base model you get a 200Mbps stateful inspection firewall with integrated protection against common attacks such as DoS (denial of service) and SYN floods, plus support for IPsec VPNs, with all the standard encryption and authentication methods as well. Up to 1,500 IPSec tunnels are supported but note that the base unit doesn’t come with the VPN client software which must be purchased separately. Twenty five client licenses add a further £190 to the price. If you want URL filtering, web caching and local logging you’ll need the Professional upgrade which comprises a 20GB Seagate ATA100 hard disk and a license key. It’s simple enough to fit. You remove a small sled complete with cooling fans from the rear of the unit, fit the hard disk to it and slip it back into the appliance. WebSense supported - not supplied
After registering the upgrade on the ServGate website, upload the received activation key to the appliance. You can then start controlling user web access and improving performance with caching. With the latter feature enabled, creating lists of blocked or accepted URLs is a cinch. A list of the top twenty sites visited is maintained with radio buttons alongside for swiftly allowing or denying access. You can apply lists of sites and create schedules to determine when these are to be active. The appliance also supports the excellent WebSense URL filtering and management utility but don’t be fooled into thinking it manages this itself. You need to purchase and run WebSense on a separate server and point the EdgeForce in its general direction. However, some useful extra features are provided as the EdgeForce can block all Internet traffic if the WebSense server goes down. It can also send custom messages to users when a web site is being blocked. Build quality is good with the unit being constructed around a compact motherboard equipped with a Pentium III 1GHz processor and 512MB of RAM fitted in a single DIMM socket. Four LEDs at the front reveal system and power status, along with hard disk activity and error conditions. Three 10/100BaseTX ethernet ports are laid out across the front panel and used for links to the LAN and Internet access devices. The third is a DMZ (demilitarized zone) port. This can be used to allow external users to connect to web and FTP servers or workstations over the Internet but still keep the hardware behind the firewall to prevent them from being exposed to attack. Wizards wiped out
No wizards are provided to help with installation, nor are they needed as you point a web browser at the EdgeForce’s default IP address and go straight into the main management interface over a secure connection. The interface is well designed and provides easy access to each function. The EdgeForce Plus commendably defaults to blocking all traffic passing from the internal to external network so you’ll need to create policies before users can access the Internet. These can be applied to specific protocols, and as with URL blocking you can create various schedules that determine when a policy is active. Basic firewall settings are also implemented by default and you can set packet thresholds for blocking SYN attacks and ICMP/UDP floods. A useful feature is MAC to IP address binding which stops IP spoofing from inside the network. Monitoring and logging facilities are particularly good as you can view details of all access to the firewall along with attack alerts, events, traffic and a virus log. There are also plenty of options for customising what you want to see. For the price, the EdgeForce Plus offers particularly good value and compares well with similar security appliances. A useful feature that will appeal to smaller businesses is its ability to be upgraded as required. ServGate also offers faster VPN acceleration and anti-virus email and file transfer scanning courtesy of McAfee, both of which can be activated simply by uploading a license key.