Panda GateDefender Integra 100 review
Panda’s first move into the security appliance market came in 2004 with its GateDefender 7000, which focused purely on anti-virus measures. The GateDefender 8200, which appeared in 2005, added a number of extra security features, but could never be called a UTM (unified threat management) appliance, as it only functioned as a transparent gateway. The latest Integra machines also function as routers, allowing them to deliver firewall and VPN features. But here, the UTM title is well earned, as they offer a complete suite of protection measures that naturally includes anti-virus, but also adds anti-spam, anti-spyware and web content filtering to the mix. On review is the Integra 100, which is aimed at up to 100 users.
The Integra can be deployed as a transparent gateway, but only two Ethernet ports can be used. If you want DMZs on the other two ports and use VPNs, you must set up the routing mode by configuring the LAN and WAN ports separately, and creating a SNAT (secure NAT) firewall rule to route traffic. The homepage of the web interface is a tidy affair that provides a comprehensive status screen showing the latest updates, network connections and activated modules. Plenty of detail on throughput is provided, including inbound and outbound traffic for each interface, along with lists of files scanned and viruses, spam and spyware caught for each protocol. Virus signatures are downloaded automatically, and you can also run on-demand updates.
The firewall defaults to blocking all traffic until the default Deny All rule is deactivated, and you can customise its behaviour with your own rules. The IPS feature uses signature-based detection and comes with a set of predefined rules. The anti-malware page provides a choice selection of features too. Virus scanning can be applied to a range of protocols, and if a virus is detected the appliance will either attempt to disinfect it or delete it. Infected emails can have the offending attachment stripped, and inbound messages that are generated by viral activity will be deleted. All protocols selected for virus scanning will also be checked for spyware, while phishing messages can be redirected, deleted or have a warning message inserted in them. Our tests included downloading infected files, and the appliance blocked the transfer, thrusting a warning page at us. Infected emails were also deftly handled, with the attachment stripped out and the message body appended with a warning.
Web URL filtering is particularly impressive. This is handled by Internet Security Systems (ISS), which provides a category database with over 20 million URLs. The database is stored locally on the appliance and updated automatically with, on average, over 100,000 new web pages a day. The main advantage of using a local database as opposed to a hosted service, such as that offered by Blue Coat, is that the URL-checking phase is swifter. However, with a decent internet pipeline, we’ve never found any significant differences between the two methods. There are plenty of options to play with, as ISS provides 19 main categories to choose from, and each has multiple subcategories, allowing you to fine-tune web access. In total, you have 58 categories to use, and you can add your own black and white lists. During testing, we found ISS delivered the goods, and the appliance allowed us to send a customisable warning web page to users who attempted to access banned sites. The appliance maintains a detailed event log of any transgressions, which can be filtered and exported to a text file for further reporting.