As usual, our setup process began by setting a workstation IP address to match the product's default network. We logged in to the web interface and were immediately presented with a user-creation wizard, which we used to create an administrator account. Upon completion of that wizard, we were automatically logged in with our new credentials. A menu was displayed with a series of separate wizards, which guided us through configuring the device host name and location data, SMTP relay and administrator email accounts, time server and interface settings. Once complete, a device reboot finished the initial configuration.
While aXsGuard Gatekeeper offers all of the features we expect out of a basic UTM, configuration of those features is not always completely straightforward. Administrators will want to keep the documentation close by. Once configured, the device performed very well. The firewall appears to use your standard IP tables. However, rules are automatically put in place allowing Vasco full access to the device. While ostensibly for support purposes, security-minded administrators will want to disable those rules straight away.
The product uses Snort as the intrusion prevention system, which is great, but administrators are expected to acquire their own registration code for signature updates. The content filter works well, but it is the only component of the device licenced on a per-user basis, so keep that in mind when comparing prices.
Anti-virus protection is provided with ClamAV, another open source component. VPN services are provided via PPTP, IPsec and OpenVPN protocols, and support is also included for Vasco's aXsGuard product, as well as a basic SSL web portal. AD/LDAP integration is included. However, single sign-on features require an agent to be installed on each client workstation. One thing we really did like was the device's multi-factor authentication features, with support for Vasco's Digipass tokens and eID smartcards included.
Documentation was actually very good and all easily accessible from the product's interface, under the documentation menu item. Well-constructed and easily navigable PDFs are available for general device setup, as well as more focused documents covering each of the product's features.
Vasco offers a number of different support options. The standard package provides eight-hours-a-day/five-days-a-week phone and email support, which is upgradeable to a 24/7 support package. A VIP package is also available, which is completely customisable according to the customer's needs. Additionally, per incident and emergency support services are offered, as well as a customer help area hosted on Vasco's website, which offers a knowledgebase and product tutorials.
Vasco's aXsGuard Gatekeeper is priced at c£510 for the hardware unit, and includes the first year of support. The content filter is an optional extra and is licenced at approximately c£16 per user per year.
