It may be best known for its anti-virus software products but Panda moved into the security appliance market a number of years ago and now offers an extensive range of hardware solutions. The GateDefender Performa family focuses on delivering web content security at the network perimeter and the latest 9100 now adds controls for IM and P2P apps to its anti-spam, anti-malware and web content filtering features.

As the 9100 functions as a transparent gateway it’s a cinch to deploy. We popped it in between our LAN and firewall enabling it to scan inbound and outbound HTTP, FTP, SMTP, POP3 and NNTP protocols without any need to reconfigure our network clients.

The Performa’s web interface is easy to use and provides plenty of information about web activity.

The appliance comes as standard with a dual-port Gigabit card which has a hardware bypass circuit, so if the system goes belly-up it won’t take all internet access with it. For greater fault tolerance it also supports load balancing across a pair of appliances.

The 9100 is the second in a family of four Performa appliances and is designed to handle up to 500Mbps of web traffic and 220 messages per second. The hardware platform looks up to the job as Panda has opted to use a decent Sun Fire X2100 1U rack server equipped with a 2.8GHz dual-core Opteron and 4GB of DDR2 memory.

The anti-spam module provides a good range of options for handling suspect emails.

The management web interface is a smart affair that provides easy access to all the features. You have two layers of security as the appliance enforces policy based security settings first followed by global settings for each security module.

To use policies you start by creating network definitions, which describe IP addresses, ranges or subnets, LDAP servers, users and domains. You then access the settings management page where you define custom configurations for the anti-malware, web content filter, URL filter and anti-spam modules.

Next you use protection profiles to tie your settings together with network definitions. This enables you to create multiple policies so you can apply different AUPs to users, groups and systems and tie them in with AD authentication if required. We found policies easy enough to create but did note that the IM and P2P module only offers global security restrictions and cannot be included in settings management.

Panda claims an ‘almost 100 per cent’ anti-spam success rate and after testing the 9100 for a week in a live environment we can honestly say we agree. This feature comes courtesy of CloudMark and to test it we left it on its default settings and configured Outlook clients to download mail from live accounts.

The web filtering module offers plenty of categories although its performance isn’t great.

We asked the appliance to tag suspect messages and pass them on where our clients’ Outlook rules moved them into separate folders. At the end of the live test we found a single, solitary spam message had slipped through whilst only five messages were incorrectly tagged as spam.

Web site filtering is handled by Cobion, which offers over twenty main URL categories under which you have more than sixty sub-categories to pick and choose from. Unfortunately, Cobion proved to be less capable at its job that the CloudMark anti-spam.

The anti-malware module provides stiff protection measures that can be customised to suit.

To test filtering we blocked the gaming and gambling categories and Googled for online poker and bingo sites. Of the forty poker sites we visited we were blocked from all but six. However, in our search for bingo games we were allowed through to over a third of those visited.

From the anti-malware module you can configure virus scanning on all or just selected protocols and when a virus is detected the appliance can attempt to clean or delete it. A quarantine area is provided where emails it was unable to clean will be placed, whilst for HTTP and FTP you can have the transmission blocked.

Infected email attachments can be stripped out and inbound messages that are suspected of being generated by viral activity will be deleted completely. The protocols you selected for virus scanning will also be scanned for spyware, whereas phishing messages can be redirected, deleted or have a warning inserted in them.

Panda’s content filters can be applied to HTTP and FTP traffic and we needed to add Windows Update to the appliance’s trusted web site list as it initially blocked all automatic updates. Filters can also be created that check for text keywords in email message content and carry out predefined actions.

Protection profiles enable multiple security policies to be used for different groups of users and systems.

The new IM and P2P module provides a list of common apps and is designed purely to block or allow them. Using Windows Live Messenger on our client systems we found that with IM blocking activated those already logged in could no longer communicate with each other and newcomers weren’t allowed to log in.

During the review we found the browser interface well designed and providing easy access to all features, It opens with a status screen showing the status of warnings, active modules and update times. Graphs show all activity for the anti-spam, malware and web content filtering modules along with inbound and outbound traffic on the two network interfaces.

All signature and database updates are handled automatically every fifteen minutes but you can run them manually as well. Plenty of reports are provided for each module and you can access and view the contents of the quarantine areas, print out the details, export them to text files and clear them down.

The Performa 9100 scores highly for its easy installation and anti-spam capabilities and it looks good value as well, although the number of sites that slipped through the web site filter database in our tests was some cause for concern.

Author: Dave Mitchell

Panda GateDefender Performa 9100 review