We’ve been using a SonicWall SOHO3 hardware firewall at HSRA for several years to filter Internet content and comply with federal law regarding student access. A few weeks ago, it started to go bad and needed to be replaced. I didn’t like some of the support policies of SonicWall, so I asked around and was referred to company called Astaro and their ASG120 product.

The process started off on the wrong foot. There were no brick-and-mortar or online vendors, but I found a local company that was listed as a reseller: CPS Tech Solutions in Brooklyn Park. I spoke with Ben Mallonee at CPS and decided to order the 120 model with one year of content filtering and one year of gold support. They don’t carry stock on hand, so the unit would be shipped from the vendor directly to me. This was on Friday and the unit was to arrive on Monday via FedEx. It didn’t, and the shipping saga lasted well into the next week with CPS, Astaro and FedEx reps all calling to apologize for the delay.

When I did finally receive the unit, there were no activation codes. Ben emailed a code, but that only unlocked some of the features I ordered. After much searching, the sales person at Astaro was able to email me the other two codes and I was in business–sort of. The Astaro has more features than the SonicWall, but is also more difficult to configure. My first attempt (while school was in session) didn’t go well, so I decided to switch back to my temporary NAT interface until I could try it after hours. It wasn’t until the following weekend that I had it running well enough to put it in production.

The Astaro allows me to access the web admin interface from either inside the school or via the external public interface. I decided to run some updaters from home and the first one went fine. It restarted OK, so I ran the next one. This one didn’t restart OK and the unit was frozen. This happened on Sunday night and I really didn’t feel like driving in again for a third time that weekend, so I waited until Monday morning to power cycle the unit. That fixed it and I ran the rest of the updates while standing next to the unit in the server room.

There were still a few remaining issues:

• VPN from the native Mac OS X client is broken (known issue)
• VPN using third-party VPN Tracker application sort of works, but not all the services I need
• Port forwarding acted really strangely, so I turned it off. This is probably just a configuration issue on my part. I’ve since decided port forwarding is probably a bad idea anyway.
• Content filtering based on time period would not work unless all times were covered by a rule.

So it appears to be a great upgrade, now that most of the kinks have been ironed out. It is much more powerful than the SonicWall and gives me a lot of new information I can use to manage the connection. It sends me informative emails as events happen and a daily executive report as well. The students aren’t very happy about the improved control, but that’s why we have it…DK

This week my Catholic Aid Association (CAA) sales representative, Sam Welter, brought over my new life insurance policy. I’m not Catholic, but wife is and she used to work there. They have good products and have been around for a long, long time. When I left NWA, I rolled over all of my pension to an annuity at CAA and purchased a new term life policy to make up for the one I used to have from work. Sam told me about a new term life product they were rolling out that required a much more stringent health qualification process. If I could qualify for the new plan, I would pay the same premium, but get about $150,000 more in coverage.

A nurse came out to my house about a month ago and I finally got the word that I passed. My cholesterol levels were much better than my last physical (203 mg/dL on a “good” scale of 140-280) and my wife says the triglyceride results were even more impressive: 58 mg/dL on a expected value range of 10-200. My readings were high on two measures: alkaline phosphatase and lactate dehydrogenase. Both can be related to kidney and liver issues, so I need to research that more. They must not be that bad, though, or I’m sure I would have been turned down. I also rolled over the rest of my NWA 401K money, so I don’t have to worry about the NWA bankruptcy any longer…DK