Innominate mGuard bladePack review
When one security appliance just isn’t enough, Innominate’s unique mGuard bladePack could be the answer. As the name suggests, it takes the concept of blade servers and applies it to firewall, anti-virus and VPN applications. At the foundation of the mGuard bladePack lies a 3U bladeBase chassis with room for 15 blades.
The first two slots are occupied by hot-plug power supplies, the third home to a controller blade that provides status information about the other blades. The remaining 12 slots can be populated with Innominate’s mGuard blades, with two versions on offer: the enterprise and enterprise XL. The crucial difference is that the latter supports 250 VPN tunnels rather than ten.
Build quality is reasonably good, as the entire chassis and blade modules are constructed from lightweight aluminium. The blade modules merely provide a housing and interface with the chassis backplane for Innominate’s mGuard PCI cards. Each card has an embedded Linux kernel, which runs a NAT/SPI firewall and the Kaspersky Labs virus-scanning engine. The bladePack fits into a wide range of scenarios, as each blade could be used to provide personal protection to one critical system. Blades can also be placed in front of network segments, so different security policies could be applied at the system or departmental level. Installation starts with a browser connection to the control blade. The management interface then provides a visual rundown on blade and power status plus firmware versions.
The blades default to a Stealth mode where they act as a transparent gateway, so you can simply wire a blade in between a network segment or individual system with no client configuration required. However, the routing mode can be used if you want full DHCP services handled by the blade. Fast Ethernet LAN and WAN ports are provided, and web management access is only allowed by default from the LAN side. The interface offers easy access to each function and your first job will be to get the virus signature database downloaded. The blades are truly independent, as they manage their own updates to a predefined schedule and store the database in their own embedded memory.
Virus scanning supports HTTP, POP3 and SMTP, and this is licensed per blade rather than per node. Virus-detection capabilities are exemplary, although options for dealing with infections are basic. For HTTP traffic, any infections are automatically blocked and the blade sends a notification web page to the offender and logs it internally. Infected inbound and outbound messages are also blocked and logged with full mail address details. If you’re using Outlook, you may have to modify the Send/Receive Group settings to download headers only, otherwise infected inbound messages will stay on the mail server permanently.
Each blade supports IPsec VPN site-to-site tunnels and VPN clients, although using the Windows VPN client isn’t easy. Firewall features extend to creating custom rules for inbound and outbound traffic and placing them in a priority list. It’s also possible to define firewall rules within a VPN tunnel – an unusual feature.
The mGuard bladePack is certainly a novel security product, and the reviewed specification, which includes four enterprise XL blades, shows it’s good value for money. Its ability to combine multiple appliances into a single-rack chassis makes it suited to many environments.