Astaro 8.2 Secure Web Gateway

As promised, a short review on the Astaro 8.2 Secure Web Gateway. Before you continue reading, this is a review not a tutorial on how to install this proxy / firewall appliance. The setup of this device (the this is now working but doesn’t do anything useful kinda setup) took me only 15 min. After that I configured and tested for hours and probably days. To be honest I’m still discovering new features every day.

I want to make clear that this software is free for home purposes! Also you can have a trail version for 30 days if you like to test it in a business environment.   I’ve got the Astaro 8.2 running virtually on a Debian server. I use KVM to manage my virtual machines. Currently I’m experimenting with the OpenQRM platform to manage my private “cloud” (for the record, it’s failing)

  • 2x 2.2 Ghz
  • 1 GB of ram
  • 2 Ethernet cards (100mbit)
  • 150 GB disk (this is too big ^^ but whatever)

Why would we need an Astaro Appliance, what is the problem today………

At home I’ve got a lot of computers. Physical and virtual machines. Both types need protection from the cruel outside; called the Internet. Internet has a big value in our life’s. It’s easy to search for information, when we don’t know an answer we often say “google” it.Also  more and more we’re using web 2.0 applications like facebook, gmail, google documents etc. These applications offer us a new perspective on how our daily life looks like.

All this extra productivity has one big downside. The “bad guys” or crackers sometimes wrongly referred to as hackers (No I’m not going in further detail) try to break into our machines and steel personal data, damage the computer, use it in botnets and so on.

So I (and lot’s of other probably to) used to protect each device independently with software like MCafee, Norton, AVG etc. Each of them had the same problem, they used resources on the laptop / computer and still my computers weren’t fully protected. Because today’s anti-virus software relies on signatures, and this fails…. why you might ask…. we’ll this is how it goes

  • A hacker / cracker (I don’t really care) writes a new virus and tests this
  • He starts spreading his virus
  • The first computers have been infected even when they have an AV appliance running, because it is a new virus which hasn’t been found yet by the good guys
  • The AV makers find the suspicous code and put it in the signatures database –> this takes time
  • In the meantime the virus keeps infecting other computers
  • Then you AV appliance needs to update –> now it will find the virus probably, but since the virus is already on your computer you need to do a full scan probably before discovery

As you see, it takes some time before a virus is actually found, and now I’m not even talking about the mutating or dynamic virus / malware.

The biggest reason why I wanted this solution was to spare resources. The solution that I found is the Astaro Security Gateway. A device that acts as a firewall.

The solution

ASG is great for providing many network tasks you might be trying to do manually, with different products, or didn’t even know were possible. You can download Astaro here.

Increase your Internet Bandwidth – You can make easy use of multiple Internet connections at the same time, giving your home more bandwidth.
Protect your Kids Web Surfing Habits – Use Web Filtering to stop sites from infecting you with viruses and spyware, keep your kids from surfing to bad sites, and get full reporting on the activity in your home.
Solve your Spam Mail Problems – Use Mail Filtering to clean up your inbox and reduce the amount of spam you have to sift through using any POP3 or SMTP setup.
Access your Home Network from Anywhere – Dial in using Roadwarrior VPN access to securely use Remote Desktop, transfer files, and even print, from anywhere in the world, even from your iPhone.
Connect to Work or Friends - Create a permanent tunnel to other ASG devices, linking you with a friends network, or having the perfect encrypted link to your office Astaro to work from home!
Stop Viruses in Web and Email – Dual Scanning Engines stop viruses in file downloads, email attachments, and embedded in web sites. Astaro catches them at the gateway, before they can get in to assault your computers.
And a lot more…

Remember this version is only free for home use. They also have a 30-day evaluation period.

Setup

The setup is really easy. Remember that your server will need 2 Ethernet cards. 1 for external traffic and 1 for internal traffic. It’s possible to put the traffic on one card only but you’ll lose 50% or more bandwidth. So if you only have one NIC buy another one!! You can do some testing with 1 NIC but no production tests! Your device will form a serious bottleneck.

The installation took about 15  min. After that I was ready to change my gateway into the internal interface of the Astaro instead of the real gateway.  I’m not going to explain the installation of this device. This is really simple. In fact I’m not going to explain any setup at all. It’s all very simple and Astaro has wonderful guides online. Use them if you’re really stuck or post your questions here.By doing so all my computers send their traffic to Astaro. This gateway will scan the traffic and send it to his own gateway. In my case I’ve got 2 separated networks.

My personal network setup

  • 192.13.37.x –> this is my internal network (it has is own VLAN on my switch)
  • 192.168.1.x –> this is my wireless network (again it has is own VLAN)
  • my router has a route to 192.13.37.x

My wireless clients use the external interface as their gateway. Only my friends use the wireless, all other computers are on the wired network. Which has some serious security and speed advantages.

The first screen after setup

After you logged in on your Astaro Security Gateway for the first time (and all the other times ^^) you will see this screen. This screen has information on the interfaces and shows some statistics on which services you activated. In this environment you see that I didn’t enable the Email encryption (since I’ve got no local mail server) also the POP3, SMTP and Anti spam are disabled. At my place we don’t use these protocols, so I just disabled them. On the left you see the Resources usages from the Astaro. When I use 20MBIT my CPU load is about 40%.

Also you see some statistics on “Today’s threads” I’ve noticed that these statistics dare to be outdated! So don’t fully trust them.

Increase the bandwith

We’ll for me this isn’t that important. Since a few month’s we’ve unlimited bandwidth. Actually Fair Use Policy, but still…  for me it’s not that important. I do notice when I request the same page on a different computer I have a decreased load time. So the caching is working as said. 

Protect your Kids Web Surfing Habits

This is definitely something worth talking about. The Astaro limits the pages people can access. At home I’ve got 3 different networks, internal wire, internal wireless and VPN connections. The wireless is open for the moment so my friends can connect without me giving them a password. They still need to login on the Astaro device but they can have Internet. The Internet usage of the wireless clients is strictly monitored and they aren’t allow to surf to porno sites, shopping sites, and other malicious sites  etc.

My wired clients for example, from who I know they are physically present, aren’t allowed to surf on porno sites during daily hours, after 10 I don’t really care anymore. All the data is still scanned before it enters the network. But small kids are protected against unwanted sites. Also everything they download on my network is scanned against a virus database before the client can download it. The Astaro has 2 methods of scanning. It is quite obvious that when you enable them both it will require more time. Because for me the security is more important than time I decided to enable both methods.

More information.

Solve your Spam Mail Problems

I haven’t tested this feature, but seeing the manual this seems really great to protect mailboxes from unwanted spam. Astaro will never delete a message, so you can still allow a message to pass or reject it completely.

More information

Access your Home Network from Anywhere

This feature is really great, Astaro has a client based on openVPN which allows you to connect from anywhere to your network. For example I’ve enabled this feature and now I can connect to my home network and use my resources like the file server.

Virusscanning

This is the most important thing for me…. The virusscanning….. I’ve tested the Astaro with 50 different virusses. I know it’s not that much but he caught them all. Which makes me feel a bit more safe. I know that the engine of the Astaro is still working with signatures which isn’t that good, but on the other hand so is AVG, Norton and all the other vendors. At the moment I can only name 1 vender who has a different approach and really inteprets the code before send it to the client.

More information.

Reports

The Astaro sends me (you can adjust this) daily a very big report on what has happened on my network. Which domains have been blocked and overridden (yes my clients can override a domain)

 

I’m using the Astaro about 45 days now, and I must say the devices really does what it promises. I surely recommend this device, actually 2 friends of me have implemented the device and 2 more of them are testing and playing with the device.

Screenshots

Some screenshots from Astaro

 

 

 


Any feedback is welcome, if you have any questions at all shoot.

More information on Astaro http://www.astaro.com/

Source: http://www.astaro.com/

http://www.astaro.com/landingpages/en-worldwide-homeuseT

Comments are closed.