While most firewall appliances will run a custom operating system, or secured version of Linux, Celestix has decided to use Microsoft's Internet Security and Acceleration (ISA) 2004 Server as the basis for its MSA4000 appliance. It runs Windows Server 2003 using 1GB of RAM and an 80GB hard disk. This, obviously, adds to the price of the appliance.
This 1U appliance also has eight network interfaces, two of which are Gigabit Ethernet. Installation is simple, although our quick-start guide had been corrected by hand. Management is initially through the web interface, which starts a remote control session in a browser, although you can download the ISA Client Software from the appliance, should you prefer. This is a better route, as the ActiveX application does not fit in a browser window and ca not be resized. As this is a Microsoft product, it is best when integrated with Active Directory, so you can create rules and policies that apply to existing users. However, you can also use a RADIUS server for authentication.
Common services have proxies, but other firewall rules are simple to create and manage just by defining the source, destination, services and users to apply the rule to, while you can schedule when it is active. Rules are also easy to apply to VPN traffic, while the VPN itself is very simple to configure for remote access.
The eight network interfaces also let you easily segregate a network. As the MSA4000 is also a web cache, you can use it to create web content caches while still protecting access to the server, increasing performance and safety.
The appliance excels for Exchange deployments as it can filter Outlook Web access, as well as providing Exchange and Outlook RPC inspection. Beyond its VPN and firewall it does not have any extra tools to offer, such as antivirus. Instead, you have to buy third-party software to do the job. While the MSA4000 is around the same price as building a server to do its job, it is easier to install and manage, but best suited to Microsoft environments.
Lots of network ports; easier than building your own ISA firewall.
Antivirus, web filtering third-party; web management not brilliant.
Where Active Directory and Exchange support are excellent, the MSA4000 is a powerful appliance.