Dedicated plug-ins are used for protocol analysis where packets are checked for conformity and these function at the kernel level to further improve performance. All the plug-ins are enabled by default and are set to auto-attach to traffic as determined by the engine's protocol detection. Policies bring firewall and IPS functions together and are available for traffic filtering, NAT, enforcing implicit rules and applying QoS.
You can create up to ten separate rules with different configurations and use schedules to decide when each one is active. Traffic filter policies are easy enough to create as you pick your interfaces, choose a protocol, assign source and destination objects and select an action.
Anti-spam services are handled by the Vade Retro engine which uses DNS blacklist analysis and heuristic analysis plus domain blacklist and whitelist filtering. To test this we hooked the appliance up in the lab and left it to filter live email for over a week with the clients dropping tagged messages into a separate folder. At the end of the test the U6000 delivers a high spam detection rate of 93 per cent with a low one per cent rate for false positives.
For web content filtering you get NetASQ's own URL lists as standard but in the review unit we had the optional Optenet upgrade. Performance was also impressive as we configured a rule to block access to all gambling sites, Googled for online bingo sites and watched the appliance only allow access to three sites out of 100 visited.
The RealTime Monitor tool provides a handy dashboard overview of the appliance and its status plus plenty of information about network activity, filtering policies, interfaces and users. The Event Reporter will also prove useful as it offers detailed reports on all areas of operations including services, filtering proxies and IPS plug-ins and the results can be exported to text, CSV, XML and HTML formats.
The U6000 looks a good all-in-one security solution and during testing we found it easy to deploy and manage and capable of delivering high out of the box scores for anti-spam and web content filtering. The hardware platform offers a reasonable specification with plenty of options for network port expansion although HTTPS filtering needs to be supported to make it a complete enterprise security package.
Verdict
NetASQ has always focused on UTM appliances and it shows as its firewall and IPS features are designed to have a minimum impact on network traffic. With no user limits on the license the U6000 offers good overall value and we found the anti-spam and web content filtering services performed well during testing. The only drawbacks are a lack of spam quarantining facilities and no support yet for filtering HTTPS traffic.
Chassis: 4U rack chassis CPU: 3GHz Xeon 5160 Memory: 4GB 667MHz DDR2 Storage: 2 x 73GB Seagate Cheetah 10K.7 Ultra320 SCSI hard disks RAID: Adaptec 2020ZCR Ultra320 SCSI with 64MB cache Network: 6 x Gigabit Ethernet Power: 2 x 800W hot-swap supplies Management: NetASQ Unified Manager, Realtime Monitor, Event Reporter
