Before fiddling with filters it's well worth setting up network definitions and profiles. You can use definitions to describe objects such as a complete network, a group or a single host and these can also be used to describe custom services and time intervals. Profiles describe what filters you want to apply and a handy feature is that during creation you can view all network definitions in a side bar and drag and drop your selections into the source network window.
Filter actions determine the URL categories you want to block or allow and these can be further customised with white and black lists and file extension blocks. You can also decide on a per policy basis how many anti-virus scanning engines to apply and a feature of the profiles that is unique to Astaro is the ability to assign different operational modes. For some users you could apply the transparent proxy, use the standard mode for others or use different authentication schemes.
During testing we found Websense performed extremely well. For example, we Googled for on-line bingo sites and attempted to visit each different site that appeared in the results. Suffice to say that we gave up after Websense blocked access to the first seventy sites. Those that transgress their assigned AUP will be redirected to a warning web page, which can be customised from the management interface with your own logos and messages.
At present the Web Gateway appliances do not support filtering of HTTPS traffic and Astaro advised us this is on its to-do list. We also found reporting to be comparatively basic. From the management interface you can view details about each proxy with graphs and tables showing traffic throughput, the most popular web domains being visited, those users spending the largest amount of time surfing and the top blocked sites.
The reports screens can't be exported but you can use the executive report feature, which creates a summary of all activity. These can be run at daily, weekly and monthly intervals and the results emailed to a list of users but it is only created in HTML and there are also no options to export this information to other file formats such as PDF. We also found during testing that the report screens were quite slow to update the information.
Along with excellent filtering capabilities the AWG3000 scores well for value as Astaro's pricing structure has no user limitations. The appliance also supports a good range of HA scenarios where you can create active-active clusters of up to ten appliances. There's more here than simple traffic load balancing as CPU operations are also spread across the cluster as well. Active/active scenarios will cost as you need a license for each cluster member but you can go for an active/standby mode where a licence is only required for the active appliance.
Considering the price includes unlimited user support, the AWG3000 looks comparatively good value. HTTPS support is conspicuous by its absence and reporting could be more comprehensive but the Websense URL filtering service enables tough AUPs to be implemented and the combo of policies and definitions makes this appliance very flexible.
Verdict
Policy based filters and network definitions make the AWG3000 a very capable web content security solution. The unlimited user license offers particularly good value but as a point solution it really needs support for HTTPS filtering and reporting should be more sophisticated.
Chassis: 1U rack
CPU: 2.66GHz Intel Core2 Duo
Memory: 1GB DDR2
Storage: 80GB SATA hard disk
Ports: 2 x USB2, 2 x PS/2, VGA
Network: 4 x Gigabit Ethernet
OS: Linux
Management: Web browser
Dave is an IT consultant and freelance journalist specialising in hands-on reviews of computer networking products covering all market sectors from small businesses to enterprises. Founder of Binary Testing Ltd – the UK’s premier independent network testing laboratory - Dave has over 45 years of experience in the IT industry.
Dave has produced many thousands of in-depth business networking product reviews from his lab which have been reproduced globally. Writing for ITPro and its sister title, PC Pro, he covers all areas of business IT infrastructure, including servers, storage, network security, data protection, cloud, infrastructure and services.