Just recently my company decided to shift our networking hardware sales and implementation to Astaro Security Solutions. For the last several years we have been strong supporters of SonicWall firewalls. SonicWall has offered nearly all of the solutions Interworks needed to facilitate solutions over the years. We do IT Support for a wide array of clients. Our clients stretch anywhere from internationally wide spread organizations to simple mom and pop shops. And the IT Support we provide covers almost the entire spectrum of what the definition of “IT Support” encompasses. My personal networking experience over the last 7 years covers most of what you might find with working on medium and small businesses environments (computers, servers, printers, networking hardware, software, Windows environments, etc).
So after using SonicWall exclusively for 90% of my clients over the last 7 years and then management decides to move in a new direction with this new Astaro Security Solutions focus, I was very curious to get my hands dirty with it to see what I thought. Apparently management had done their homework. I’m not entirely sure of all of their reasons for the shift but I know one of them was the overwhelming amount of time it takes to setup individual SonicWalls. When setting up point-to-point VPN tunnels between a dozen different offices, the amount of labor time spent adds up pretty quick for each SonicWall appliance.
So luckily we happen to have a client with several extended offices who was ready to completely over hall their entire network with a complete hardware upgrade (computers, servers, networking equipment). And with the upgrade they wanted to have office to office interconnectivity. So we ordered an ASG central firewall appliance for the home office and several RED devices (Remote Ethernet Device) for all of the remote offices.
Setting up the central ASG device for the home office was a combination of 2 or 3 of our technicians working with a bit of Astaro phone support and after the initial implementation of the ASG we implemented the REDs at the remote offices over the next several weeks. We utilized the “internal traffic only” option when syncing all office locations with the home office, so all DNS traffic is routed to a domain controller/DNS server at the home office. Now offices can utilize network shares and office to office printing instead of faxing, plus a few other centralized management features.
I would say that the configuration of the main ASG V8 unit took about as long as your typical non enterprise level SonicWall. It probably took just a bit longer but this is due largely in the fact that it was a first time configuration of the device. Future setups should actually be much easier. Over all I am very pleased with the Web UI more than anything else. Astaro has implemented a “drag and drop” interface that visually makes configuration much easier. Address Objects and Services are easier to find with automatic displays to the left side of your screen when creating new rules. Generally nothing is activated or turned on by default when you get the device and the red and green light theme with activating services is very easy to use.
The ASG V8 did not come with an internal wireless function. We purchased an external Astaro WAP for the home office and one for every remote site. There was a strange rule that had to be added regarding the activation and use of Astaro WAPs. This was some firewall rule where you just add an exception for a strange IP range – 18.104.22.168 and this magically makes Astaro Access Points work.
Configuring every RED was a piece of cake. Not anywhere as long as what it would take to configure a small SonicWall to run at a remote location using point-to-point VPN. Quite literally the configuration of an Astaro RED after prepping the ASG for their connections, is getting the Serial Number off the RED, input that SN into the ASG under RED MANAGEMENT and then once the RED is plugged into a remote office internet connection, it takes maybe 5 minutes but then BOOM, you are linked with the main ASG at the central location. REDs function almost like dumb switches. They have IP addresses you assign them but if you try and access the RED using a web interface it just routes you back to the main ASG. Physically these units are not their own router/firewall. You must plug them into an existing router/firewall on site and they use that device’s internet feed to connect to the home office. Then you connect all local computers into the RED like you would a switch.
Once the RED is up and running, the Astaro WAP just needs to be plugged in and then from the central ASG you will find an unregistered WAP and you simply click a register button and it then inherits whatever settings you specified.
Overall I was very pleased with the ease of setup. One downside I reviewed was there were now more points of failure at the remote office level. These offices once had one all in one gateway, but now have the gateway, a RED, a WAP, and an extra switch because the RED only had 4 LAN ports but the office had 4 computers plus the WAP which needed a connection. So in those cases we went from 1 device to 4 devices.
A 2nd concerning issue was the slowness I had to deal with regarding Astaro’s support. Right now when you call, you do not get to speak with a support representative but instead, you get a ticket and someone contacts you back. I made 2 tickets for 2 separate issues and I did not get called back on one of them. I had to call a 3rd time and complain to get someone to follow up and I was told the ticket got lost in their system. Also, support communication tends to be motivated by their team to go through emails instead of on the phone with no direct communication. They ask for you to open remote management to your unit before they try and connect and then they do all diagnosis and testing without talking to you yet. This kind of support is always frustrating when I am on site, setting up a network, and billing a client hourly and I have to wait not on a call back but an email. Considering this is support for networking appliances, which means I may be a customer on a network without internet access, this is especially frustrating. Conversations with Astaro support gave me the impression their support team is relatively small. Most notably this comes with smaller companies which can be understandable but nonetheless is tough to deal with.
Other than that I give the actual use and implementation of Astaro Appliances and pretty good rating, definitely a step up from SonicWall as far as I can tell so far. I only have experience with one setup but the scalability of these devices looks to be able to cover several more configurations. The whole idea of an Astaro infrastructure centers around central management from one location which is great for IT Support. I am interested to try a similar setup with Astaro units on an extended network setup which tunnels all traffic through a central ASG connection. There seems to be a lot of features with content filtering that looks very promising.