SmoothWall Advanced Firewall/SmoothGuardian 4 review
The all-in-one security appliance is a great idea for small businesses, so it’s a shame when some vendors think that supplying the hardware as well entitles them to bump up the price way beyond its real value. An easy way to avoid this is to supply the hardware yourself, and the latest SmoothWall Advanced Firewall (SAF) can rescue even a modestly specified system from the recycling plant.
For testing, we loaded the SAF disc and booted an old 400MHz SCSI-based dual Pentium II system from the CD-ROM drive. The installation procedure runs through selecting and setting up your network interfaces, and the job is done in a matter of five to ten minutes. All IDE and SCSI controllers are automatically detected, the hard disk is formatted ready to use, and you just need to add IP address details for the internal network interfaces. SAF comes with standard support for four network interfaces, but it can use up to 20, which can function as internal, external and DMZ. LAN, ADSL, ISDN and analog modems may be used for WAN connections, and for multiple interfaces it can perform load balancing and failover.
Installation is made even easier, as SAF is able to function as a transparent proxy, requiring no further client configuration. It defaults to blocking all unsolicited inbound traffic, but you can easily add port-forwarding rules for DMZs. If you have multiple internal interfaces then these are separated into zones, and SAF automatically denies users in one zone access to any other. But bridging rules can be applied to allow specific zones to access others. VPNs come as standard, with the base product supporting 20 tunnels.
A number of additional modules make SAF even more versatile and we looked at the new SmoothGuardian 4 web content filter. Once again, installation takes only a few minutes, as you upload the module from the remote management interface and reboot the SAF system. For simple unauthenticated access, you can use one set of rules and content filters, which will apply to all users. In this mode, SAF supports unlimited users. However, it’s possible to customise settings for different users and groups by implementing user authentication, for which the base price includes 250 users. A number of options are available: you can use SAF’s own local user database or query an LDAP server. For the former, it’s possible to redirect users to an SSL login page on the firewall. Providing SAF is operating in non-transparent mode, you can opt for web proxy authentication instead.
The price for SmoothGuardian includes a one-year subscription to its URL-blocking service, which is a categorised list of sites containing dubious content. Once downloaded to the system, you can choose which categories you want blocked and decide which groups they should be applied to. Any transgressors will receive a curt message in their browser, advising them that they’re trying to access a banned site and the attempt has been logged. There are plenty more options, as SmoothGuardian is able to block specific file types, limit access to specific times and days, and filter by phrase.
For the price, SAF is a cost-effective alternative to security appliances. It requires minimal hardware and offers stiff protection measures, while SmoothGuardian slots neatly into the same system to provide extensive content-filtering features.