Stonesoft FW-1020 Firewall Is a Scalable Solution for SMBs

Review: Stonesoft FW-1020 provides scalable, redundant network protection.

Download the authoritative guide: The Ultimate Guide to IT Security Vendors

Stonesoft’s FW-1020 packs effective firewall and VPN technology into a $7,700 1U appliance that can be clustered with up to 15 additional Stonesoft firewalls of varying models to provide scalable, redundant network protection.

I tested the FW-1020 at eWEEK Labs and found the device suitable for small and midsize organizations that have a small number of distributed offices. The central management console, StoneGate 4.0, effectively corrals firewall policies and made it easy to push these network access rules out to the FW-1020 device.

The FW-1020, which was part of a flurry of Stonesoft announcements made May 7, is part of a family of appliances that span from 10GB throughput firewalls to branch office models. The FW-1020 comes as an appliance or can by purchased as software only that is installed on approved hardware that you supply. In either case, the product is competitively priced compared to SonicWall, WatchGuard and CheckPoint solutions.

It’s a good thing that the FW-1020 can be clustered because the chassis has only one power supply and one fan, neither of which is hot-swappable. In fact, there are no user serviceable parts in the device. We voided the warranty on ours and opened the case to have a look inside. Our system was equipped with 1GB of RAM and a 250 GB hard drive for configuration and log storage. While I think that most organizations will want to cluster similar devices, the FW-1020 can be clustered with just about any other Stonesoft firewall.

/zimages/7/28571.gifClick here to read more about endpoint protection software.

Like other firewalls in this mid-sized class of products, the FW-1020 provides IPSec and SSL point-to-point and remote user VPN capabilities. I used the remote user VPN client to get access to my lab network while away from the office with a minimum of fuss. As with all other aspects of the product, I configured the FW-1020 VPN through the StoneGate central management console.

In this case the management software was installed on a Windows 2003 server. I accessed StoneGate from a Windows PC running Windows XP via a StoneGate management client package. While the clients can be deployed using Web deployment tools that Stonesoft provides, I hope that the company considers a Web-based management interface.

Having to install the management client didn’t really add much to perception of product security but did increase the inconvenience of managing the product. Stonesoft users who upgrade to the StoneGate 4.0 product also need to pay attention to potential management client problems including having to manually upgrade the client when the management console changes versions.

The management console is quite easy to use. I was up and running on the interface, creating firewall and VPN policies with about half a day of training. While the basics of using the interface are easy to catch on to, IT managers will need to assign experienced security staff to configure and maintain the FW-1020, as is the case with any firewall.

I did like the automated tools that captured device configuration whenever I updated firewall rules. More than once I needed to roll back to a previous firewall configuration after configuring policies that were too constricting. Many of the configuration tasks in the StoneGate software made it easy to revert to previous configurations. The product also pops up tips to ensure that policies work correctly.

Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.