We’ve been using a SonicWall SOHO3 hardware firewall at HSRA for several years to filter Internet content and comply with federal law regarding student access. A few weeks ago, it started to go bad and needed to be replaced. I didn’t like some of the support policies of SonicWall, so I asked around and was referred to company called Astaro and their ASG120 product.
The process started off on the wrong foot. There were no brick-and-mortar or online vendors, but I found a local company that was listed as a reseller: CPS Tech Solutions in Brooklyn Park. I spoke with Ben Mallonee at CPS and decided to order the 120 model with one year of content filtering and one year of gold support. They don’t carry stock on hand, so the unit would be shipped from the vendor directly to me. This was on Friday and the unit was to arrive on Monday via FedEx. It didn’t, and the shipping saga lasted well into the next week with CPS, Astaro and FedEx reps all calling to apologize for the delay.
When I did finally receive the unit, there were no activation codes. Ben emailed a code, but that only unlocked some of the features I ordered. After much searching, the sales person at Astaro was able to email me the other two codes and I was in business–sort of. The Astaro has more features than the SonicWall, but is also more difficult to configure. My first attempt (while school was in session) didn’t go well, so I decided to switch back to my temporary NAT interface until I could try it after hours. It wasn’t until the following weekend that I had it running well enough to put it in production.
The Astaro allows me to access the web admin interface from either inside the school or via the external public interface. I decided to run some updaters from home and the first one went fine. It restarted OK, so I ran the next one. This one didn’t restart OK and the unit was frozen. This happened on Sunday night and I really didn’t feel like driving in again for a third time that weekend, so I waited until Monday morning to power cycle the unit. That fixed it and I ran the rest of the updates while standing next to the unit in the server room.
There were still a few remaining issues:
- VPN from the native Mac OS X client is broken (known issue)
- VPN using third-party VPN Tracker application sort of works, but not all the services I need
- Port forwarding acted really strangely, so I turned it off. This is probably just a configuration issue on my part. I’ve since decided port forwarding is probably a bad idea anyway.
- Content filtering based on time period would not work unless all times were covered by a rule.
So it appears to be a great upgrade, now that most of the kinks have been ironed out. It is much more powerful than the SonicWall and gives me a lot of new information I can use to manage the connection. It sends me informative emails as events happen and a daily executive report as well. The students aren’t very happy about the improved control, but that’s why we have it…DKOriginally published by DK on October 21, 2006 at 9:25 pm