The smallest appliance on test, Blue Coat's ProxySG 200 is half the width of standard rack mount equipment and uses a notebook-style power supply. Rather than a pure web filtering appliance, the ProxySG 200 is a full-fledged web proxy, with URL filtering built in. This makes it quick to process requests and gives you a single point of management for your proxy and web filtering.
Finjan Software's NG-5100 can be deployed as a single box, but the system supports a distributed environment where one appliance serves as a policy server, while others can scan through load balancing. It can sit as either a standard web proxy, in which case you have to reconfigure all client computers, or as a transparent web proxy.
NetIQ's WebMarshal now supports all versions of Windows server. The installation is simple, but you need an SQL server on the network. While this means that you have to factor this cost into the purchase, it means you can distribute the WebMarshal install for better performance and scalability. You can also run the database on the same PC, as we did for our test.
Pearl Software's Echo 6 works in a slightly different way to the other products on test. Rather than blocking web traffic at the gateway, Echo uses a client/server approach. The server dictates the policy, while clients installed on each PC control internet access locally. While the server is very quick and easy to install, there's quite a lot of leg work involved in distributing the client to all of your network's computers.
SurfControl's Web Filter is, perhaps, the best known web filtering product on the market. We reviewed the Windows version of the product, but there are also versions available for Cisco CE, Check Point, Microsoft ISA and several third-party appliances, including Blue Coat and Finjan, both in this test. The standard Windows version is flexible – but you will need one copy of the filter per network.
The APD 1000 is a 1U, Pentium 4-based server running Linux. As such, the first configuration steps are to connect a keyboard and mouse, and enter a management IP address for its management Fast Ethernet interface. It's quick and easy to do, and then gives access to the ADP 1000's web-based management, the Dashboard.
McAfee's IntruShield 2700 fits into the middle of its range, offering 600Mbps of throughput. It has six Fast Ethernet and two GBIC ports for detection, and three Fast Ethernet ports for responses. You can install it in either tap mode or inline mode, where the box sits between the router and main network. In inline mode, it's recommended that you use the appliance's high-availability mode.
The Proventia G400 might look like a standard rack-mount Intel-based server, but it's a lot more than that. The hardware was specifically chosen, drivers written for it and a network agent pre-installed. As a result, it can cope with up to 400Mbps of throughput and monitor up to four network segments using its four copper and four fiber Gigabit Ethernet ports.
This is part of SonicWall's security platform appliance range. It's the top-of-the-line model, featuring six Gigabit Ethernet ports and an Intel Xeon processor. Technically, it's not actually an IPS appliance, but more of a firewall with IPS abilities. That said, you can turn the main firewall off and operate it in-line with another firewall.
This IPS (the renamed UnityOne-50) is the baby of TippingPoint's range, able to support throughput of up to 50Mbps – but the firm has a full range of products, able to cope with throughput up to five gigabits. The TippingPoint 50 has dual Fast Ethernet ports, so it can work inline with a connection and a dedicated management port.
This might not be the most attractive appliance, with a bright green front, but its flexible architecture is likely to win it support. It is designed to sit internally or between the firewall and router and can support up to 100Mbps of network traffic. It comes with two Fast Ethernet ports and operates in-line with a network connection. There is also a dedicated management port.
XSGuard's C-Series is the easiest product to install. Just plug the internal side of your network into the marked Fast Ethernet port and the external side in the other marked port. Turn the box on and it connects to the XSGuard servers and starts filtering traffic at 100Mbps.