Instagate EX
The esoft Instagate EX is another all-in-one “Internet connectivity solution” designed to provide a quick Internet gateway, firewall and Web server in a single chassis. The market has quite a few of these devices available, ranging in price from a few hundred dollars to several thousand, so the esoft product has a lot of competition to meet head on.
The Instagate EX is a beige box about a foot square and three inches tall. The front of the box has a power pushbutton and three status LEDs. The back of the box has connectors for the local LAN, connection to the Internet through another LAN card, two USB ports (which are disabled), a printer port, two serial ports, and an SVGA output. A spare card slot can hold a modem card for analog or ISDN modems. You can use one serial port for a modem to allow dial-in connections, or both serial ports can be used for dial-outs through connected modems. The printer port can be configured as a network-accessible printer, using the Instagate EX as the host.
We installed the Instagate EX atop a rack of servers, connecting the LAN port to a switched hub and the Internet connection to an external router. We also configured one serial port for dial-in access and the second for dial-out to an ISP through a standard V.90 modem. Powering up the unit takes a few minutes, then the unit can be accessed through administration software supplied on a CD-ROM. Only Windows platforms can act as an administration host, although a Web browser can also be used to access the Instagate EX using HTTP. The client packages supplied with the Instagate EX allow you to set the Instagate EX’s IP address, enable or disable the built-in DHCP server, and set a workgroup name (but not domains).
The documentation that accompanies the Instagate EX is a rather slim manual that tells you how to plug in the different connectors, connect clients through the Instagate EX to the Internet, and configure the basic services such as Web server and e-mail. Although the document is good at providing this information, some administrators will find themselves wondering what else the Instagate EX can do, and fail to find any information therein. For example, if you want to know about configuring VPN forwarding or NAT (Network Address Translation), you need to resort to the on-screen menus and the company Web site (which doesn’t give you all the info you may want). Still, for starting up the Instagate EX, the document is good and since the target for the Instagate EX will be non-administrators this may be the best approach rather than overloading them with configuration information. We had our Instagate EX up and configured in about forty minutes, which isn’t bad.
There are some nice features in the Instagate EX software. For example, an administrator can specify individual user’s Internet access, blocking or limiting some services for particular users. You can also filter Web activity (to prevent downloads of MP3s, for example). Every user of the Instagate EX must have a user account, so larger networks will require a considerable amount of overhead to set up the users on the Instagate EX at first. Thereafter, you have to remember to update the Instagate EX as user accounts change. The mail features are good, offering virtual domain handling (multi-drop mailboxes) as well as mirrored mailboxes and enhanced SMTP Turn Delivery. A test routines to examine your mail options makes sure you don’t inadvertently corrupt the mail handler. Add-in packages allow for addition of better reporting systems as well as anti-virus software.
Despite the claim in the company’s literature about a “bullet-proof firewall”, there’s nothing in the documentation about configuring it properly. This takes a little experimentation and can be frustrating. Again, a better document would be welcome. The number of firewall options is limited compared to dedicated firewall software, but there’s no doubt the Instagate EX will stop most hacking attempts including Denial of Service.
The Web server (again, nothing is said in the manual) is based on Apache and looks much the same as any other Apache-based server. It provides Microsoft Frontpage extensions, as well as FTP and SMB capabilities, but not much more beyond these basic functions. The file server system uses SMB for Windows compatibility, and administrators can set disk quotas for individual users, but the hard drive in the Instagate EX is not suitable for use as a primary data server. The DNS server works well, but other than DHCP there are no other TCP/IP services available (such as NIS/YP).
Setting up a VPN is quite difficult, again without reference to documentation, but it does allow for PPTP, MPPE ( both 40 & 128 bit) as well as IPSec. There’s DES and Triple DES encryption, and both MD5 and SHA authentication capabilities. Key management is included but we didn’t set it up due to lack of time (and lack of documentation).
The basic Instagate EX unit comes with a 25 client license, and expanding user bases can be accommodated with different client license packages. The Instagate EX is not unrealistically priced at just under $1000, but there is a lot of competition in this market. Whether the Instagate EX is right for you will depend on your needs and budget. It’s a solid product with some hard-to-find features we like.
Instagate EX
$995
295 Interlocken Blvd, #500
Broomfield, Colo., 80021, USA
303-444-1600
Fax 303-444-1640
http://www.esoft.com
Summary: Good Web server, mail server, and VPN server in a reasonably priced package. Weak spots are documentation and some TCP/IP services.
Copyright © 1995- Tim Parker Consultant Incorporated. All Rights Reserved.