At its core, eSoft Inc.?s InstaGate EX2 provides VPN and basic firewall capabilities, along with a host of other server functions. With a few tweaks, the EX2 can provide branch offices and small enterprise sites with an easy-to-manage, flexible and fairly comprehensive security package at a low price. However, the price can inflate quickly as a la carte functions are added.
The EX2 includes several new features: an LCD configuration panel on a 1U rack-mountable chassis, a 566MHz Pentium processor and support for a third DMZ (demilitarized zone) network interface. Like its predecessor, the EX2 boasts PPTP (Point-to-Point Tunneling Protocol) and an IP Security-compliant virtual private network, a stateful inspection firewall, and NAT (Network Address Translation) support, as well as Web, file/print, mail, proxy server and Dynamic Host Configuration Protocol server capabilities. Several optional software packages smooth the upgrade path.
eSoft is fighting in a crowded arena, however. SonicWall Inc., WatchGuard Technologies Inc. and NetScreen Technologies Inc. have fairly mature and comparable security appliances on the market, albeit without many of the EX2?s nonsecurity features. On the other hand, enterprises may hesitate to use their perimeter security device as an e-mail or a Web server.
In addition, the EX2, which shipped in late January, does not provide the centralized VPN management for multiple units offered by its rivals.
The EX2?s prices start at $949 and include a 25-user license, two 10/100M-bps Ethernet interfaces, 64MB of RAM and the core software. By default, the EX2 supports Ethernet connections to T-1/E-1, digital subscriber line/Point-to-Point Protocol over Ethernet and cable WAN connections.
Optional components can be purchased for $165 to support ISDN or for $150 to support V.90 Internet connections. A 50-user license upgrade costs $250; the unit supports up to 250 concurrent users. The optional DMZ network interface (which we didn?t test) and associated SoftPak cost $400.
The EX2 taps PPTP for remote client access to the internal network, whereas the IPSec VPN (which we didn?t test) is intended for site-to-site tunnels to remote InstaGate or other IPSec-compliant units.
The PPTP tunnel was easy to establish, and we could connect remote Windows 98, Windows ME and Windows 2000 hosts using only the Windows client. Sites wishing to connect Mac OS clients must purchase a third-party VPN client application.
Using Gibson Research Inc.?s Shields Up, we determined the firewall was operational, filtering external requests on all standard ports. Unlike the SonicWall Pro, the EX2 does not hide its external IP address, rendering the unit pingable from the Internet.
By default, the EX2 provides a stateful inspection and packet filtering firewall, as well as NAT protection. However, there are surprisingly few configurable options: We could create pass-throughs that redirected requests received by the WAN interface on a specific port to a designated internal host, but that was all.
Additional configuration options come with the SoftPaks. The Firewall Policy Manager adds a digital certificate to the Web server, thereby encrypting transmissions to the Web GUI. It also permits the creation of policies to regulate both inbound and outbound traffic, although we couldn?t create separate rules for User Datagram Protocol and TCP packets.
As for other gateway security functions, the Anti-Virus SoftPak ($750 per year for 25 users) scans and cleans incoming mail attachments, and the SiteFilter SoftPak ($540 per year for 25 users) integrates with the proxy server to filter and block access to a ton of categorized Web sites.
Filtering policies can be implemented globally or by user, although the latter was a hassle to set up and administer.
In tests, the unit?s RAM utilization was somewhat disturbing?it hovered around 95 percent. eSoft officials claimed the EX2 can maintain as many as 50 concurrent VPN tunnels, but there is little wiggle room otherwise.