Traffic Inspector and competitors: who to whom?
In our previous article , we reviewed the main features of Traffic Inspector, including a proxy server, SMTP gateway, charging rules, network protection, load balancing, as well as traffic accounting and filtering . Now we would like to compare the functionality of Traffic Inspector with the capabilities of similar integrated solutions for managing IT infrastructure.
Despite the large number of very high-quality proxy servers (for example, Handycache) and traffic accounting systems (such as BWMeter and Internet Access Monitor), most of them are, in fact, highly specialized products and solve, as a rule, one or two tasks. Meanwhile, there are not so many truly comprehensive solutions that can be fully trusted to manage network activity. The most famous of them (besides Traffic Inspector) are Kerio Control, Lan2net, UserGate and Microsoft ForeFront TMG, the development and sale of which, unfortunately, ceased in 2012. We will talk about them.
')
Kerio Control (formerly WinRoute Firewall) is a comprehensive security solution that combines several functions — including firewall (firewall) and router, intrusion detection and prevention system (IPS), antivirus, VPN and content filter. The main feature of Kerio Control is the presence of an intrusion detection and prevention system (IDS / IPS), based on the industry standard Snort. The system classifies and stops attacks on servers, applications and infrastructure components.
Simultaneous IPv4 and IPv6 support, connection tracking (SPI), connection limit, anti-spoofing, protocol inspection, traffic policy setup wizard, DHCP server, DNS relay, IP blacklist, network activity analysis, alerts via email, user authentication via Kerberos / Active Directory / Open Directory / proxy / NTLM, full VPN and NAT support, P2P network blocker, Sophos integrated antivirus, load balancing and QoS, traffic shaper, powerful administration functions, support 15 interface languages.
In addition, the product has an ICSA certificate in the corporate firewall category.
Summary: a very powerful and flexible integrated solution from one of the leading companies in this field. The only drawback is probably the high price. The server license for 5 users (including 1 year of technical support) will cost almost 14 thousand rubles, while the same license for Traffic Inspector costs 5,900 rubles.
The Lan2net product has been developed by LLC NetSib since 2004 and is a software firewall for organizing secure Internet access, controlling and counting traffic, and protecting the network. The solution has the following functions:
• Built-in NAT for connecting a local network to the Internet and real-time processing of network traffic.
• DNS Forwarder function that allows you to quickly make a centralized configuration of network parameters, as well as adjust its work seamlessly for users.
• DHCP server for automatic allocation of IP-addresses, which allows to facilitate the work on the deployment of the local area network.
• Redirecting connections to the specified port and / or IP address for accessing local network resources from the Internet.
• Tracking information transmitted from the company's local network via the Internet (e-mail, Mail.Ru Agent, social networks, ICQ). All POST requests, correspondence history, sent files, and emails, including attachments, are saved.
• Blocking access to Internet sites by URLs.
• Traffic counting.
• The speed limit for a group of computers or users with a uniform distribution of bandwidth between the members of the group.
• Monitoring connections in real time.
• System for collecting statistics based on the embedded web server and reporting.
Summary : A good and inexpensive system for small and medium businesses. However, it lacks some of the functions needed by large companies with complex IT infrastructures, for example, full VPN and SIP support, the FSTEC certificate of conformity, a client agent, and a number of others, while the built-in NAT still works slower than the reference NAT from Microsoft.
UserGate is a comprehensive solution for connecting users to the Internet, providing comprehensive traffic accounting, access control and providing built-in network protection. UserGate allows users to rate access to the Internet, both by traffic and by the time of work on the network. The administrator can add different tariff plans, carry out dynamic tariff switching and regulate access to Internet resources. The built-in firewall and antivirus module allows you to protect the UserGate server and check the traffic passing through it for the presence of malicious code.
UserGate consists of several parts: the server, the administration console (UserGate Administrator) and several additional modules.
UserGate server provides access to the Internet, counts traffic, keeps statistics of users on the network and performs many other tasks.
UserGate Administration Console is a program designed to manage UserGate server. The UserGate administration console communicates with the server side using a special protocol over TCP / IP, which allows remote server administration.
In addition, UserGate includes four additional modules: UserGate Statistics, Web Statistics, UserGate Authorization Client, and Application Control module.
Summary: A good solution with a flexible modular architecture, but in order to provide the same functionality as that of Traffic Inspector, you need to purchase at least four additional modules, which in the end will cost much more than a single license for Traffic Inspector. However, for small and medium-sized companies that do not require expanded functionality, this solution is one of the best on the market.
Microsoft Forefront Threat Management Gateway (TMG) allows employees to safely and efficiently use the Internet to work, protecting them from malware and other threats. It provides access to several levels of constantly updated security tools, including URL filtering, malware search, intrusion prevention, application and network firewalls, and HTTP / HTTPS inspection, which are integrated into a single and simple gateway to manage. The product has the following features:
• Support for 64-bit architecture.
• IPv6 support: Web Access Policy: this is the so-called “configuration node”, which contains all the settings for the Web proxy service, the parameters for user access to Internet resources using the HTTP, HTTPS, FTP-over-HTTP protocols (tunneled FTP), and Also, the settings of the module for checking user traffic for malicious code (Malware Inspection).
Malware Content Inspection module for checking web traffic for malicious code. Allows you to inspect HTTP traffic, tunneled FTP traffic of web proxy clients, as well as traffic of outgoing HTTPS connections.
Network Inspection System subsystem for intrusion detection at the network level.
• SIP protocol support, as well as VoIP (Voice over IP) NAT Traversal, allowing this type of traffic to pass through gateways with Network Address Translation (NAT).
• Support for the SSTP (Secure Socket Tunneling Protocol) protocol, which allows tunneling traffic to VPN sessions within the normal HTTP protocol within an SSL session. This mechanism allows you to easily establish VPN connections regardless of the firewall configuration, web proxy server, or network address translation service.
• HTTPS Inspection feature: Inspecting HTTP / HTTPS traffic for viral and spyware code, as well as analyzing web content for compliance with corporate policies (filtering resources based on classification). Function ISP Link Redundancy: support for multiple Internet channels. ISP Link Redundancy allows you to organize a fault-tolerant connection to the Internet through two ISP channels at once.
• Enhanced NAT function: 1-to-1 NAT address translation capability.
Email Protection: integration with the Microsoft Exchange Server 2007 Edge Transport Server role of the Microsoft Exchange Server 2007 mail system to protect email from malware and spam at the network perimeter level. The Forefront TMG Management Console has everything you need to configure this functionality.
Summary: a very powerful and fundamental system from the giant IT industry. However, there are a number of drawbacks (where to go without them): you can install it only on Microsoft Windows Server 2008 x64 OS, there is no support for extended routing, billing and content filtering, as well as a complex licensing, deployment and update scheme. But this is still half the problem: in 2012, Microsoft officially stopped the development and sale of this solution, and the main support will end in April 2015, so relying on this system is very risky.
The Traffic Inspector system is a complex product with a wide range of functionality and eliminates many of the drawbacks of similar solutions:
• Certified billing. The billing system Traffic Inspector has a certificate of compliance of communications, which guarantees exceptional accuracy of calculations (up to a byte). The traffic in the program is calculated for each user, and you yourself define the accounting unit, limits, credits, locks, filters and schedules. It is possible to take into account service headers of communication packets, service TCP traffic, and Ethernet packet headers.
• Extensibility. Integration of new functionality by connecting expansion modules
• Extended routing capabilities. The Advanced Routing routing control system allows you to direct traffic to various access channels, including the satellite. Up to 32 external network interfaces are supported.
• Having its own API, which allows access to Traffic Inspector functionality from external scripts and programs.
• The certificate of the Federal Service for Technical and Export Control (FSTEC), which is a mandatory requirement for product implementation in government agencies, therefore Traffic Inspector is used in the EMERCOM of Russia in the Volgograd region, the MV Khrunichev State Space Research and Production Center government agencies.
• Uses Microsoft's NAT implementation, which has the highest performance in its class.
• Affordable price: the minimum license for 5 accounts costs only 4900 rubles.
Traffic Inspector has not so obvious advantages over competitors, for example:
• Many similar products miscalculate traffic when working through a proxy server. Proxy servers do not take into account packet headers and service TCP traffic, which leads to an underestimate of the result by 5-15%. Traffic Inspector correctly considers traffic in all cases, including when working through its proxy server , SOCKS and SMTP gateway.
• When caching HTTP-content is often difficult to find the optimal parameters of the cache. The desire to save traffic as much as possible leads to problems viewing quickly updated resources. Traffic Inspector has a unique feature that allows users to independently switch the cache mode. Due to the unique algorithm of operation, the use of cache in Traffic Inspector is on average 25–35% more efficient.
In general, we can safely say that in terms of the price / quality ratio, Traffic Inspector is one of the leaders in the market for managing corporate information infrastructure and network security. But the final choice still remains for CIOs and ordinary users.
Despite the large number of very high-quality proxy servers (for example, Handycache) and traffic accounting systems (such as BWMeter and Internet Access Monitor), most of them are, in fact, highly specialized products and solve, as a rule, one or two tasks. Meanwhile, there are not so many truly comprehensive solutions that can be fully trusted to manage network activity. The most famous of them (besides Traffic Inspector) are Kerio Control, Lan2net, UserGate and Microsoft ForeFront TMG, the development and sale of which, unfortunately, ceased in 2012. We will talk about them.
')
Kerio control
Kerio Control (formerly WinRoute Firewall) is a comprehensive security solution that combines several functions — including firewall (firewall) and router, intrusion detection and prevention system (IPS), antivirus, VPN and content filter. The main feature of Kerio Control is the presence of an intrusion detection and prevention system (IDS / IPS), based on the industry standard Snort. The system classifies and stops attacks on servers, applications and infrastructure components.
Simultaneous IPv4 and IPv6 support, connection tracking (SPI), connection limit, anti-spoofing, protocol inspection, traffic policy setup wizard, DHCP server, DNS relay, IP blacklist, network activity analysis, alerts via email, user authentication via Kerberos / Active Directory / Open Directory / proxy / NTLM, full VPN and NAT support, P2P network blocker, Sophos integrated antivirus, load balancing and QoS, traffic shaper, powerful administration functions, support 15 interface languages.
In addition, the product has an ICSA certificate in the corporate firewall category.
Summary: a very powerful and flexible integrated solution from one of the leading companies in this field. The only drawback is probably the high price. The server license for 5 users (including 1 year of technical support) will cost almost 14 thousand rubles, while the same license for Traffic Inspector costs 5,900 rubles.
Lan2net
The Lan2net product has been developed by LLC NetSib since 2004 and is a software firewall for organizing secure Internet access, controlling and counting traffic, and protecting the network. The solution has the following functions:
• Built-in NAT for connecting a local network to the Internet and real-time processing of network traffic.
• DNS Forwarder function that allows you to quickly make a centralized configuration of network parameters, as well as adjust its work seamlessly for users.
• DHCP server for automatic allocation of IP-addresses, which allows to facilitate the work on the deployment of the local area network.
• Redirecting connections to the specified port and / or IP address for accessing local network resources from the Internet.
• Tracking information transmitted from the company's local network via the Internet (e-mail, Mail.Ru Agent, social networks, ICQ). All POST requests, correspondence history, sent files, and emails, including attachments, are saved.
• Blocking access to Internet sites by URLs.
• Traffic counting.
• The speed limit for a group of computers or users with a uniform distribution of bandwidth between the members of the group.
• Monitoring connections in real time.
• System for collecting statistics based on the embedded web server and reporting.
Summary : A good and inexpensive system for small and medium businesses. However, it lacks some of the functions needed by large companies with complex IT infrastructures, for example, full VPN and SIP support, the FSTEC certificate of conformity, a client agent, and a number of others, while the built-in NAT still works slower than the reference NAT from Microsoft.
Usergate
UserGate is a comprehensive solution for connecting users to the Internet, providing comprehensive traffic accounting, access control and providing built-in network protection. UserGate allows users to rate access to the Internet, both by traffic and by the time of work on the network. The administrator can add different tariff plans, carry out dynamic tariff switching and regulate access to Internet resources. The built-in firewall and antivirus module allows you to protect the UserGate server and check the traffic passing through it for the presence of malicious code.
UserGate consists of several parts: the server, the administration console (UserGate Administrator) and several additional modules.
UserGate server provides access to the Internet, counts traffic, keeps statistics of users on the network and performs many other tasks.
UserGate Administration Console is a program designed to manage UserGate server. The UserGate administration console communicates with the server side using a special protocol over TCP / IP, which allows remote server administration.
In addition, UserGate includes four additional modules: UserGate Statistics, Web Statistics, UserGate Authorization Client, and Application Control module.
Summary: A good solution with a flexible modular architecture, but in order to provide the same functionality as that of Traffic Inspector, you need to purchase at least four additional modules, which in the end will cost much more than a single license for Traffic Inspector. However, for small and medium-sized companies that do not require expanded functionality, this solution is one of the best on the market.
Microsoft Forefront Threat Management Gateway (TMG)
Microsoft Forefront Threat Management Gateway (TMG) allows employees to safely and efficiently use the Internet to work, protecting them from malware and other threats. It provides access to several levels of constantly updated security tools, including URL filtering, malware search, intrusion prevention, application and network firewalls, and HTTP / HTTPS inspection, which are integrated into a single and simple gateway to manage. The product has the following features:
• Support for 64-bit architecture.
• IPv6 support: Web Access Policy: this is the so-called “configuration node”, which contains all the settings for the Web proxy service, the parameters for user access to Internet resources using the HTTP, HTTPS, FTP-over-HTTP protocols (tunneled FTP), and Also, the settings of the module for checking user traffic for malicious code (Malware Inspection).
Malware Content Inspection module for checking web traffic for malicious code. Allows you to inspect HTTP traffic, tunneled FTP traffic of web proxy clients, as well as traffic of outgoing HTTPS connections.
Network Inspection System subsystem for intrusion detection at the network level.
• SIP protocol support, as well as VoIP (Voice over IP) NAT Traversal, allowing this type of traffic to pass through gateways with Network Address Translation (NAT).
• Support for the SSTP (Secure Socket Tunneling Protocol) protocol, which allows tunneling traffic to VPN sessions within the normal HTTP protocol within an SSL session. This mechanism allows you to easily establish VPN connections regardless of the firewall configuration, web proxy server, or network address translation service.
• HTTPS Inspection feature: Inspecting HTTP / HTTPS traffic for viral and spyware code, as well as analyzing web content for compliance with corporate policies (filtering resources based on classification). Function ISP Link Redundancy: support for multiple Internet channels. ISP Link Redundancy allows you to organize a fault-tolerant connection to the Internet through two ISP channels at once.
• Enhanced NAT function: 1-to-1 NAT address translation capability.
Email Protection: integration with the Microsoft Exchange Server 2007 Edge Transport Server role of the Microsoft Exchange Server 2007 mail system to protect email from malware and spam at the network perimeter level. The Forefront TMG Management Console has everything you need to configure this functionality.
Summary: a very powerful and fundamental system from the giant IT industry. However, there are a number of drawbacks (where to go without them): you can install it only on Microsoft Windows Server 2008 x64 OS, there is no support for extended routing, billing and content filtering, as well as a complex licensing, deployment and update scheme. But this is still half the problem: in 2012, Microsoft officially stopped the development and sale of this solution, and the main support will end in April 2015, so relying on this system is very risky.
What is good Traffic Inspector?
The Traffic Inspector system is a complex product with a wide range of functionality and eliminates many of the drawbacks of similar solutions:
• Certified billing. The billing system Traffic Inspector has a certificate of compliance of communications, which guarantees exceptional accuracy of calculations (up to a byte). The traffic in the program is calculated for each user, and you yourself define the accounting unit, limits, credits, locks, filters and schedules. It is possible to take into account service headers of communication packets, service TCP traffic, and Ethernet packet headers.
• Extensibility. Integration of new functionality by connecting expansion modules
• Extended routing capabilities. The Advanced Routing routing control system allows you to direct traffic to various access channels, including the satellite. Up to 32 external network interfaces are supported.
• Having its own API, which allows access to Traffic Inspector functionality from external scripts and programs.
• The certificate of the Federal Service for Technical and Export Control (FSTEC), which is a mandatory requirement for product implementation in government agencies, therefore Traffic Inspector is used in the EMERCOM of Russia in the Volgograd region, the MV Khrunichev State Space Research and Production Center government agencies.
• Uses Microsoft's NAT implementation, which has the highest performance in its class.
• Affordable price: the minimum license for 5 accounts costs only 4900 rubles.
Traffic Inspector has not so obvious advantages over competitors, for example:
• Many similar products miscalculate traffic when working through a proxy server. Proxy servers do not take into account packet headers and service TCP traffic, which leads to an underestimate of the result by 5-15%. Traffic Inspector correctly considers traffic in all cases, including when working through its proxy server , SOCKS and SMTP gateway.
• When caching HTTP-content is often difficult to find the optimal parameters of the cache. The desire to save traffic as much as possible leads to problems viewing quickly updated resources. Traffic Inspector has a unique feature that allows users to independently switch the cache mode. Due to the unique algorithm of operation, the use of cache in Traffic Inspector is on average 25–35% more efficient.
In general, we can safely say that in terms of the price / quality ratio, Traffic Inspector is one of the leaders in the market for managing corporate information infrastructure and network security. But the final choice still remains for CIOs and ordinary users.
Source: https://habr.com/ru/post/228061/
All Articles