ServGate Safeguards Midsize Networks

EdgeForce Accel provides strong firewall security, but it has rough edges.

The EdgeForce Accel, ServGate Technologies Inc.s first Gigabit Ethernet firewall, provides content-aware firewall capabilities, robust performance and adequate management tools. However, the product is a little rough around the edges.

The EdgeForce Accel started shipping in January; the companys SGOS (ServGate Operating System) 3.2 software became available last month.

eWEEK Labs tested the EdgeForce Accel preloaded with SGOS 3.2 and configured with a full complement of optional Performance, Professional, McAfee Virus Scanning and McAfee Spam Filtering modules—priced at $16,975. A base configuration costs $5,995 and features the stateful inspection firewall engine with layered proxies for common applications such as e-mail and FTP traffic, built atop a hardened Linux operating system.

The basic EdgeForce Accel includes a VPN concentrator with 50 client licenses. The $1,995 Performance Module accommodates additional VPN client licenses and increases throughput and encryption performance.

ServGate leveraged its partnership with Network Associates Technology Inc. to offer McAfee anti-virus and anti-spam modules to its perimeter security appliances. The Full Context Inspection engine, with these modules enabled, defends against network-, application- and file-level scourges.

The EdgeForce Accel uses network-based anti-virus scans. Integrated appliances from companies such as Symantec Corp. also scan for viruses at the network level, but they cost more.

The EdgeForce Accels 1U (1.75-inch) chassis features three copper Gigabit Ethernet ports for internal, external and DMZ networks. However, the device has only one power supply, making it a single point of failure unless two units are deployed in tandem—effectively doubling the price for a reliable solution.

/zimages/5/28571.gifCheck out eWEEK.coms Security Center at http://security.eweek.com for security news, views and analysis.

The $995 Professional Module activates the DMZ Ethernet port and the integrated hard drive, which is necessary for anti-virus and anti-spam services. SGOS 3.2 optionally provides the latest release of the McAfee network anti-virus scanning engine, at $3,995 for a one-year subscription. The anti-virus scanner performed admirably, finding viruses in compressed files and quarantining them on the firewall itself. However, the anti-virus module cannot scan HTTP traffic, leaving Web mail highly exploitable. The in-line spam-filtering option, at $3,995 for a one-year subscription, uses McAfees SpamAssassin.

We used the Web-based management console to configure a site-to-site VPN tunnel to a third-party device (SonicWall Inc.s Pro 330), and another for remote users.

Global Management 1.0, ServGates Windows-based central management application, handles VPN tunnel creation and a few other management functions. It was released to ServGate customers last month but acted like beta software in our tests.

For example, although creating VPNs among EdgeForce appliances was a snap with the Global Management tool, policy deployment was flaky, occasionally wiping out existing configurations without overwriting the new policy.

A full-featured (and more functional) Global Management 2.0 will be available late next quarter, officials said.

Technical Analyst Andrew Garcia can be reached at andrew_garcia@ziffdavis.com.