CyberGuard's TSP3600 is a beast of a firewall. A case 5U high houses a RAID array for data protection, 13 Gigabit Ethernet ports and one Fast Ethernet (up to a maximum of 30 ports) – more than enough ports to cope with very large networks.
With standard PC connectors on the rear, we found it easiest to plug in a keyboard, mouse and monitor in order to configure it through its X-Windows interface, which runs on a Linux-based OS.
After following the quick-start wizard, which helps you with the initial port and IP settings, you can stick with X-Windows, use the web-based management from another PC (once you have selected a dedicated management port) or switch to the optional Global Command Center.
This latter option is the best choice where you have multiple CyberGuard installations, because the central management simplifies policy distribution, while the software lets you configure role-based administration.
The web interface is very simple to use and security is flexible to configure, offering a wide range of protection, including proxies, circuit proxies and a full stateful inspection engine.
Using the simple, web-based interface, we found it easy to create new rules to block or deny services. The firewall engine can also scan traffic up to layer-7, tackling zero-day attacks other signature-based engines can miss.
High-availability features are limited to failover – available if you buy additional appliances.
What is more, the firewall does not come with any antivirus, but you can help to enforce your company's policy with CVP and ICAP protocols, or buy further software from CyberGuard for anti-virus and content-control services.
For a general purpose firewall, the lack of inbuilt anti-virus and web filtering tools could be considered a big problem.
But for its intended enterprise audience, CyberGuard has concentrated on providing in-depth, high-security protection, which the TSP3600 does well.
Large number of ports.
High-availability costs extra.
A large firewall, the 13 standard ports provide a flexible system able to cope with any size of network. However, the focus on the firewall side means other features are left on the side.