It’s been a while since I talked about my demo of the Lightspeed box, and I wanted to give my take on it.
The demo unit I evaluated came as a 1 U rack server, and setting it up was as easy as connecting KVM cables and three ethernet There are several different ways you can set it up (transparent bridging, routing or passive modes), and I set it up in Transparent Bridging mode. The nice thing about this mode, is that the NIC in the box (failover card) is set up with some relays that will switch off if the server loses power, or if the service (it runs Windows 200 server) stops responding, and keep network traffic flowing (bypassing the Lightspeed box, of course).
The image below shows the configuration screen you used once you initialize your setup. The initial setup was fairly easy, although I did have tech support walking me through it over the phone.
From the image, you can click on any one of the components and configure it. Very visual, fairly easy. No complaints as yet.
I’ll follow the chart from top to bottom and give you my impressions of each part:
1) Intrusion Prevention: Here is where the Lightspeed didn’t shine very brightly. Out of the box, the Intrusion prevention feature kept knocking telnet traffic off of the network with an idle time of just over a minute or so. When I called for support they had me disable the feature rather than fix the problem. Tech support said we should be able to get the problem fixed, but I should check out the rest of the system first. I was not impressed. I never came back to fix it, mainly because I wasn’t impressed with the rest of the system.
2) Traffic Limiter: I was not able to see a lot of effect of this portion of the device. It may be because my ISP already limits most P2P traffic, but my speeds downloading from bittorrent (Linux ISO’s of course….) seemed no slower than before.
3) Traffic Priority: This was another feature I did not see a lot of difference from. The image to the right shows the configuration for setting priority. I tried setting certain ports higher and lower (like VNC and secure web traffic) and the difference didn’t seem huge. I have no experience with this area at all, however, and suspect you would need your network to be really hammered for this to make a difference. Because I didn’t get my hands on an eval until the last week of school, my traffic was on the light side.
4) Spam mail blocker: I ran this portion in monitor only mode, as we already have a Barracuda Spam firewall in place. It seemed to catch most of the traffic that the barracuda did, with the biggest difference seeming to be that the Barracuda received hourly updates, while the Lightspeed’s were daily – allowing slightly more spam through the gates.
5) Classification and reporting: This is where the Lightspeed really shines. The reporting was comprehensive and easy to use. Here is an example of the report on busiest protocols:
You could click on a protocol to see the high traffic users/machines, and can limit traffic right from this screen. Next is an example of traffic sorted by inbound bytes:
An by the way – no, I don’t get that much IM traffic on my network – it was a slow day late in the afternoon (after school) and my network traffic was fairly light – making one short IM conversation come out on top.
Overall, I liked the reporting features the best – however, the price I would pay for it wasn’t worth it, in my humble opinion. You can access a demo of live reports at http://reports.lightspeedsystems.com
6) Content filtering: Somehow I have the feeling that the same personality type that wants a gazillion different reports on network usage also wants to lock down access to websites tightly. The filtering out of the box a way too tight for my liking. They filtered all *.blogspot.com domains as “adult” even though they have a “blog” category. I did like the feature they had where you could set up the default page that comes up for a blocked site to allow a user to input their email address and a reason for requesting the page to be unblocked. Even though our ISP filters our connection, we still had ~15 sites to “unblock” in the first day alone. This also reminded me how much I enjoyed not having to make the decision on what to block and what not to. I’m happy to let our ISP handle this, and hand out an email address explaining “It’s out of my control”.
Overall, the box did what it claimed to do fairly well. It isn’t a sophisticated firewall, and someone used to more advanced equipment will be left feeling something is lacking. If I didn’t already own the Barracuda spam firewall, and especially if my ISP didn’t provide filtering for free, this box would be a lot more attractive to me. In addition they just recently changed from per server to a per seat licensing, which makes this system even less desirable to me. A recent email said (in reference to licensing cost): “Along with your inquiry, you indicated that you have between 500 and 1,500 workstations. Based on that, I can tell you that Total Traffic Control is an excellent value for small-to-medium networks if an annual software cost of $10 per workstation ($5,000 minimum) is within your budget.” They claim to have a client software agent that will replace the need for anti-virus and anti-spyware software, but it seemed quite far from prime-time when I checked it out.
Final verdict: Not on my network with my budget – far too rich for my blood.