Celestix MSA 3200i review

Microsoft has replaced its venerable ISA Server with Forefront TMG 2010 and Celestix delivers it as a complete plug-and-go security appliance. Read this exclusive review of the MSA 3200i to see if it is a more sensible alternative to buying and installing TMG yourself.

IT Pro Verdict

It makes sense for existing users of ISA Server to move up to Forefront TMG 2010 as it has a wealth of new security measures. Our main issues are that TMG’s optional messaging security only supports Exchange and the separately licensed web filtering and anti-virus features will push the price up. Even so, the MSA 3200i takes all the hard work out of deploying TMG and will probably work out better value than trying to do it all yourself.

Dave Mitchell's avatar
By
published
in Reviews

You'll also need to use the dial and screen to create a base firewall rule to allow remote management access. We found the dial a pain to use for setting addresses but at least once we'd finished it could be locked down and secured with a PIN.

With a DHCP-enabled network, you can go straight to web browser management where you'll be greeted with the Celestix Comet interface. This has been designed specifically to remotely manage TMG and it starts with a wizard to help get you up and running.

You have four deployment options and we chose to position the appliance in the lab as an edge firewall. An advantage of having Windows Server on the appliance was it only took a few minutes to integrate it into our AD domain.

Firewall policies can be applied to AD groups and users which consist of source and destination networks or hosts, allow or deny actions and protocols. Wizards are also provided for securely publishing LAN resources such as Exchange web access, SharePoint sites or web servers. For the latter you also have an option for declaring server load balancers.

TMG's web security is vastly superior to ISA Server as malware inspection is carried out automatically whilst NIS uses a regularly updated signature database to watch out for known exploits. Web filtering gets a big boost as Microsoft now provides over seventy URL categories that can be blocked at the gateway.

We found the URL filtering worked very well with our test clients blocked from all manner of dubious sites including games and gambling. A new feature is an option to allow selected users to override a blocking rule. TMG's URL category query tool also proved very useful during testing.

Dave Mitchell
Dave Mitchell

Dave is an IT consultant and freelance journalist specialising in hands-on reviews of computer networking products covering all market sectors from small businesses to enterprises. Founder of Binary Testing Ltd – the UK’s premier independent network testing laboratory - Dave has over 45 years of experience in the IT industry.

Dave has produced many thousands of in-depth business networking product reviews from his lab which have been reproduced globally. Writing for ITPro and its sister title, PC Pro, he covers all areas of business IT infrastructure, including servers, storage, network security, data protection, cloud, infrastructure and services.

Latest News