Anyone played with Astaro Red?

Discussion in 'Networking & Security' started by YeOldeStonecat, May 26, 2010.

  1. YeOldeStonecat

    YeOldeStonecat [H]ardForum Junkie

    Messages:
    11,330
    Joined:
    Jul 19, 2004
    http://www.astaro.com/landingpages/2min-explainer-red

    For wide area networks....
    Big Astaro unit at mothership, these tiny "red" boxes at branch offices...watch the quick demo...easy setup/config. So they're centrally managed, and looks like a wicked quick setup.
     
  2. calvinj

    calvinj [H]ard|Gawd

    Messages:
    1,738
    Joined:
    Mar 2, 2009
    I saw these the other day while surfing their site. It looks cool. Be interesting to see how well it works
     
  3. YeOldeStonecat

    YeOldeStonecat [H]ardForum Junkie

    Messages:
    11,330
    Joined:
    Jul 19, 2004
    Yeah, I might use this for a non-profit client of mine, they have 5x small satellite offices...just 1-2 computers at each satellite, about 35 at the main. I wanted to get Untangle in there...but the satellites are kinda small and some of them are tight space-wise (branch offices at 2x courthouses, 1x at a police station in a small rooom). Current WAN is done using Linksys RV0s.....but I'd like some UTM protection..and having a full extra PC for Untangle at each branch office is difficult.

    I like these...and the Red boxes are tiny..like a normal little home grade router.
    Only thing I'm not crazy about...it's not split tunneling, all internet traffic from the branch office gets fed through the VPN pipe to go out the main UTM at mothership. It's good in one way...yet, 3 of the satellite offices have smaller DSL connections...6/768...so the pipe might get a little full. 15/2 cable at mothership, 7/1 cable at the 1 larger branch.
     
  4. calvinj

    calvinj [H]ard|Gawd

    Messages:
    1,738
    Joined:
    Mar 2, 2009
    Can they justify using some sort of super micro sff server? I know it might me a little harder price wise, but size wise.... Might be easy.
     
  5. Jdaniel

    Jdaniel n00b

    Messages:
    2
    Joined:
    May 27, 2010
    Disclaimer- I work for Astaro. No sales pitch, though- just a little info.

    I've been using RED since early betas, I really like them for their intended purpose, remote office connectivity to an Astaro-managed central office.

    If anyone want to ask questions or see a demo, send me a PM (rather than clog the forums) and I'll be glad to answer.

    Jack
     
  6. Captain Colonoscopy

    Captain Colonoscopy 2[H]4U

    Messages:
    3,862
    Joined:
    Feb 19, 2004
    I thought the RED boxes looked interesting, too. Have not had a chance to sell them yet, though. Might have to take another look at a few of these since Cisco can't get their shit together and ship ASA firewalls.....
     
  7. ciggwin

    ciggwin [H]ardness Supreme

    Messages:
    4,911
    Joined:
    May 30, 2006
    If there is no split tunneling that truly puts it at a handicap. I would have been very interested in it for our remote office when we move.
     
  8. YeOldeStonecat

    YeOldeStonecat [H]ardForum Junkie

    Messages:
    11,330
    Joined:
    Jul 19, 2004
    Yeah that's what I'm trying to decide. This particular client I'm thinking about it for....they need all their VPN tunnel to run this clumsy access based application. Internet traffic shooting through the VPN tunnel will take up some lanes of the highway..leaving less for the app. However...this client has satellites with just 1-2 PCs. So it may not be much of an issue. Benefit from this....the red box for the satellites is tiny...the size of your typical stinksys home router.

    If it did split tunneling...being a UTM box, it would have to be a beefier box....and now we're back at pricey and large box at each branch.
     
  9. Captain Colonoscopy

    Captain Colonoscopy 2[H]4U

    Messages:
    3,862
    Joined:
    Feb 19, 2004
    Not really about RED but did you see that Astaro has released Security Gateway Essential Edition that is FREE for business use now? No UTM features but you get the firewall and VPN and central management from Command Center for free. Hell, that's a fantastic deal right there....

    http://www.astaro.com/landingpages/en-worldwide-essential-firewall
     
  10. YeOldeStonecat

    YeOldeStonecat [H]ardForum Junkie

    Messages:
    11,330
    Joined:
    Jul 19, 2004
    Would you see any advantage to that, over say..pfsense or m0n0 or smoothie?
    My take...if I'm going to do something custom like this....I want UTM...aka Untangle..or in this case...pondering Untangle. I've seen the benefits of UTM so much....
     
  11. Captain Colonoscopy

    Captain Colonoscopy 2[H]4U

    Messages:
    3,862
    Joined:
    Feb 19, 2004
    Well, advantages for me are I like the GUI a TON better than pfSense or m0n0wal or SmoothWall. Also, Command Center for multiple sites is nice. SSL VPN and IPSec VPN that just work, even with the Cisco VPN client, that's a huge plus. Also, you can use the box for internal DNS, DHCP and NTP server. I guess I'm just a big fan of the Astaro boxes in general. I think it would be a great general purpose firewall for people that don't want to pay for Cisco, SonicWall, etc and want a name with support behind it. The Astaro Community is fairly large and supportive, you can also call tech support, which you can't do with pfSense the last time I checked...

    I agree that the lack of UTM features is disappointing but you can always add that for a nominal fee down the road . . . .
     
  12. YeOldeStonecat

    YeOldeStonecat [H]ardForum Junkie

    Messages:
    11,330
    Joined:
    Jul 19, 2004
    Hmmm...there's a point...I haven't seen their CC....but sounds like a good plus.
     
  13. Captain Colonoscopy

    Captain Colonoscopy 2[H]4U

    Messages:
    3,862
    Joined:
    Feb 19, 2004
    And don't forget SSL VPN that ACTUALLY WORKS! :D
     
  14. YeOldeStonecat

    YeOldeStonecat [H]ardForum Junkie

    Messages:
    11,330
    Joined:
    Jul 19, 2004
    Purely browser based...thin java client or something? Easy access to resources on the inside?

    ...I know..I know...you and Bea are telling me ..."Go try it youself!"
    :p
     
  15. Captain Colonoscopy

    Captain Colonoscopy 2[H]4U

    Messages:
    3,862
    Joined:
    Feb 19, 2004
    you log into the web portal and download the client, install it and it works. Yes, try it, you will like it!
     
  16. YeOldeStonecat

    YeOldeStonecat [H]ardForum Junkie

    Messages:
    11,330
    Joined:
    Jul 19, 2004
    "So what did you do today Cat?"

    "Ohh....the wife went out to yard sales with her friend...I wanted to work on my boat...but no....no...I had to go download Astaro, burn it, and install it on an old P4 3 h/t hulk I had. So yeah I'm running from it now!"

    One of my older gaming rigs I had retired....P4 3.0 h/t, 2 gigs of RAM, Asus P4C800, onboard Intel giga, couple of PCI NICs in there..3COM 905b and a Netgear FA311 or something..using the Netgear for my green NIC.

    I blame the Captain for getting me to spend my day inside. :D

    Gotta get used to this different approach to QoS. Smooth web admin....I don't remember it being this slick many years ago when I tried it.
     
  17. Captain Colonoscopy

    Captain Colonoscopy 2[H]4U

    Messages:
    3,862
    Joined:
    Feb 19, 2004
    oh, sure . . . blame ME for YOU being an extreme indoor enthusiast . . . sheesh . . .

    Anwyay, yeah, the QoS is different than Untangle and pfSense but it works fantastic once you get it setup right. Also, make sure you tweak the packet filter or otherwise all traffic except http/s, IM, VoIP will be dropped on its way out the tube. I usually just allow everything out since my son is always finding some new online game or something to play and I got sick of getting calls from my wife saying the internets were broken.
    Posted via [H] Mobile Device
     
  18. calvinj

    calvinj [H]ard|Gawd

    Messages:
    1,738
    Joined:
    Mar 2, 2009
    I'd blame you for no reason what so ever other than i can ;)
     
  19. LoStMaTt

    LoStMaTt 2[H]4U

    Messages:
    3,185
    Joined:
    Feb 26, 2003
    this looks really cool
     
  20. YeOldeStonecat

    YeOldeStonecat [H]ardForum Junkie

    Messages:
    11,330
    Joined:
    Jul 19, 2004
    Yeah that's the first main tweak I did...."allow all out from internal"...else the boy would have whining that his games wouldn't play online, some of wifes real estate stuff wouldn't have been wonky, etc etc. Instantly brought back memories of when I ran Microsoft ISA at home for a while.

    It's really matured since I last tried it a long time ago.
     
  21. kevinzak

    kevinzak Limp Gawd

    Messages:
    370
    Joined:
    Jan 3, 2009
    We're actually testing one in our office for our green network next week. If we like it we're going to start pushing them out to customers as early as middle of June.
     
  22. Uberbob102000

    Uberbob102000 2[H]4U

    Messages:
    2,244
    Joined:
    Apr 29, 2006
    Well downloading to play with now :D
    Maybe it'll end up replacing my PfSense box, but I have to say they've got one slow ass website.
     
  23. Striker109

    Striker109 [H]Lite

    Messages:
    94
    Joined:
    Nov 4, 2009
    I believe their web site is hosted in Germany. Traffic at least for me is coming through via Cogent's international trunks.
     
  24. RiDDLeRThC

    RiDDLeRThC 2[H]4U

    Messages:
    3,881
    Joined:
    Jun 13, 2002
    downloaded their esx appliance an hour or so ago. will load it up tomorrow and play around. might replace pfsense with it we will see.
     
  25. Captain Colonoscopy

    Captain Colonoscopy 2[H]4U

    Messages:
    3,862
    Joined:
    Feb 19, 2004
    Nice to see more peeps checking out this UTM appliance. It really is one of the best out there, IMO. It does require some tweaking to get it setup right, but once that's done it pretty much takes care of itself in my experience. I only wish the business versions weren't so expensive, I might actually be able to sell more of them instead of barfaccuda....
     
  26. calvinj

    calvinj [H]ard|Gawd

    Messages:
    1,738
    Joined:
    Mar 2, 2009
    is barracuda a far comparison? They don't have an all in one UTM appliance. To even get the perks of something like astaro you would have to mix a few of their products.
     
  27. Captain Colonoscopy

    Captain Colonoscopy 2[H]4U

    Messages:
    3,862
    Joined:
    Feb 19, 2004
    See that's the thing though. A lot of my clients already have a Cisco firewall right. So, they decide they want anti-spam and content filtering. Half the time buying two Barfaccudas ends up being cheaper than an ASG. Sad really.
     
  28. LoStMaTt

    LoStMaTt 2[H]4U

    Messages:
    3,185
    Joined:
    Feb 26, 2003
    So I played with the online demos of Astaro and it seems to be very robust.

    I just wonder about the subscription pricing. Most of the reviews I read mentioned how great the product is but that their biggest downside is cost.
     
  29. jmk396

    jmk396 Gawd

    Messages:
    783
    Joined:
    Jul 22, 2004
    Is this any better than pfSense if you don't need any UTM functionality? (eg. no need to block websites, online chat, etc)
     
  30. YeOldeStonecat

    YeOldeStonecat [H]ardForum Junkie

    Messages:
    11,330
    Joined:
    Jul 19, 2004
    The subject of my post here was the "Astaro Red" product..which is a specific light WAN product....not the whole Astaro line.

    Having been a longtime user and fan of PFSense....and having used Astaro at home for a few days now, I don't see the logic of using Astaro if you're going to disable the UTM features. I suppose you could leave some features off..and use some of the barebones features. Astaro would compete again other UTM distros like Endian and Untangle.

    That being said, it's a very matured product, I find it to be a solid product to go head to head against Untangle, with each having its strengths and weaknesses. I actually like Astaros reporting better...from the dashboard point of view. However, the UTM version of Astaro is not free for businesses to use..unlike Untangle, and I think Untangles prices for pay for packages still beats it. I'd lean on Untangles AV and Spyware protection to be better. Yet Astaro has more VPN options.

    QoS wise...I'm still trying to adjust to Astaros QoS features....from experience of using it over the past several days I find PFSense works better in this department. Granted I'm still learning and tweaking, but so far I cannot give myself as smooth of an experience with my online games while others in this house are busy online.
     
  31. kevinzak

    kevinzak Limp Gawd

    Messages:
    370
    Joined:
    Jan 3, 2009
    Just got shipping confirmation, mine gets here Friday, so I rescheduled all my appointments so I could play :p
     
  32. LoStMaTt

    LoStMaTt 2[H]4U

    Messages:
    3,185
    Joined:
    Feb 26, 2003
    The feature that I want the most from Astaro Red is the capability to send an unconfigured router to one of my restaurants that they just swap out and read off the serial number. That alone would be worth it to me.