Review: Wedge 1005G Anti-malware Gateway

The 1005G setup procedure was a completely manual process. Given the choice between bridge and routing mode, we elected to deploy the device in a bridge configuration. After setting our workstation IP to the device's default network, we were able to access its web interface. From there, we configured the Ingress interface to match our network, reset our workstation IP and reconnected to the web interface. We then connected the Egress interface to our WAN network, logically just behind our firewall. After that, we reset the default route on our LAN to point to the 1005G, sending all of our outbound traffic through the device. We were then able to set up rules governing anti-virus scanning and SMTP and web content filtering.

One of the first signs of trouble we encountered was when running one of the device's built-in diagnostic tools. The configuration check tool tests the device's network configuration by attempting to connect to various update and support servers. As we discovered, the configuration check consistently fails because one of the servers it attempts to connect to does not exist - or was at least unreachable when we tested it. While not entirely critical, we considered it bad form. 

The 1005G encompasses anti-virus, anti-spam and content filter services. The anti-virus service offers a choice between the Kaspersky Lab or Bitdefender AV engines, and can use Wedge's GreenStreaming feature, which permits the device to begin relaying HTTP information to the client before the entire payload has been downloaded and scanned. The anti-spam service makes use of the Cloudmark spam signature base, and supports configurable thresholds for the number of recipients per message and number of SMTP sessions per IP address. The content filter integrates an anti-phishing URL filter powered by Cloudmark and a website categorisation database maintained by McAfee.

Active Directory/LDAP integration is also supported. However, it requires login and log off scripts to be implemented in order to append IP address information into users' AD entries. However, we were not actually able to get the device to connect to our AD environment due to an inability for the configuration submission form to parse our otherwise valid search schema DN string. 

The product can perform outbound data loss prevention scanning, checking for strings contained in preconfigured DLP categories or for manually entered strings. It also supports high availability clustering.

While the documentation is adequate, we did encounter a few gaps. For example, we were not able to determine how to specify which of the two anti-virus engines were used, even though the administrator's guide says only one is usable at a time. It also offered no workaround from our AD configuration issue. There was enough information to make the other features function, and the PDFs were easily navigable and well organised. 

Wedge Networks offers three tiers of support: basic, advanced and advanced 24/7. Basic provides nine-hours-a-day/five-days-a-week phone and email support. The advanced option adds next-day advanced hardware replacement, and the advanced 24/7 tier upgrades support hours to 24/7. The company also maintains an online knowledgebase and a user support forum, albeit a sparsely populated one.

Wedge 1005G Anti-malware Gateway is priced at c£3,350, plus c£840 per year for basic support.