Author: Carla Schroder
Review Date: 11/5/2004
There’s a lot to say about the ServGate EdgeForce M30, but we’ll keep the introduction short: It’s a worthy entry in the small businesses “security appliance” category. This is what you get in a single, flashy purple 1U device:
- HTTP caching proxy
- Firewall in your choice of NAT, transparent or route mode
- DNS server
- DHCP server
- Remote logging
- VPN server
- User authentication via either the built-in authentication, or LDAP or Radius
- Serial console access
- SSH console
- Both GUI and command-line administration
- Monitors for system status, user activity and services
- Traffic shaping (QoS)
I could list many other features, but suffice it to say, it’s loaded. Included with for $995 price is your choice of a 10-user license for either McAfee Anti-Virus, McAfee spam filter (based on SpamAssassin), or a Web content/URL filtering module based on SurfControl. The software is already in the unit, so all you have to do to activate the additional modules is pay and download the activation key. You also have the option of purchasing 30-user licenses.
Setting It Up
The EdgeForce comes with a good quick-start guide. Powered by the ServGate operating system (SGOS), it can be administered from any PC with a Web browser. This means Linux and other non-Windows users can ignore the references to Windows XP. And it means you may elect to use a nice safe secure browser, like Mozilla, Firefox, Opera, or whatever you like, instead of Internet Explorer.
To fire it up for the first time, go ahead and plug in the power cord and turn it on. The power switch is on the back. It takes 3-5 minutes to boot up. When it’s done, it beeps three times, and the status lights on the front also tell you it’s up. Meanwhile, grab the included crossover cable (mine was orange, which rather clashed with the purple) and connect to your chosen PC or laptop. A laptop sits nicely on top of it. Open a Web browser and point it to https://192.168.100.244, log in using admin/admin, and there you are inside the EdgeForce.
First Configuration Steps
Obviously, your first job is to change the admin password. The next step is to set up your firewall type, configure the settings for your Internet account, security policies, user administration, filtering, DNS, DHCP and so on. You may safely mess around in the configuration menus for as long as you need to, because by default Internet access downstream from the EdgeForce unit is blocked. This allows you to connect the EdgeForce to the big bad Internet without exposing your internal hosts until you’re ready.
A nice feature is the capability to run ping, traceroute, and DNS lookups directly from the EdgeForce, so you can quickly determine if a network problem is on your subnet or on the EdgeForce.
The base EdgeForce unit comes with a maximum rated throughput of 70 megabits per second. (Expansion modules are available if you need more.) You may allocate your available bandwidth any way you like. For example, e-mail traffic can be given a lower priority, and HTTP a higher priority, so that spam floods, or ridiculously large attachments, don’t bring the whole works to a halt.
Content filtering is managed by the various utilities: anti-virus, anti-spam, Web conten, and URL filtering. The anti-virus scans both incoming and outgoing traffic, so you have protection from being a source of contagion.
Important note: when you are configuring your spam and anti-virus filters, will you please do the world a favor, and do NOT set up auto-replies! Virtually all spam and viruses use forged return addresses, so all you’re doing is generating more useless traffic. The Internet is congested enough already.
Prefab Is Cheaper Than Labor
The EdgeForce is designed for admins who want a unit that’s preconfigured and ready to go, with all the important border-security tools in a single, integrated unit. This is not for complete novices — no security product can make that claim. You still need to understand system and network administration. But you won’t have to collect and install the various applications, and the configuration menus are well-organized and easy-to-follow. Patches and updates are installed automatically, at intervals of your choosing.
If something bad happens, and the SGOS becomes corrupted, you can re-flash the CF (compact flash) module. Just download the replacement SGOS from ServGate’s FTP site, and you’re back in business.
What I Like
It comes with all cables: electric, CAT5 patch cables, a crossover cable, and a null-modem cable for serial console access. Good documentation. Plugins are on the front. It has an actual power switch. Purple with matching purple rackmount brackets.
What I Don’t Like
This puppy is loud. If it’s going into a rack or a closet, no big deal. If you want to hang it on the side of your desk, or anywhere near your regular workplace, you’ll want earplugs. servgate.com, like so many websites these days, relies too much on posting documents in .pdf. It would be nice to also have HTML versions.