The first thing we noticed about StoneGate's SG-500 was its size – measuring a mere 220mm wide, 254mm deep, and only 50mm in height. Despite this, it manages to pack five 10/100 Base-T Ethernet ports, a serial port, power connection and switch into its back panel, while the front panel has a simple cluster of status indicators for network activity.
The device uses 256MB of Compact Flash memory for storage instead of a conventional hard drive. The SG-500 is designed to be installed in places such as branch offices, where technical support is not readily available, and although its primary use is to provide office-to-office links, it can perform just as well supporting mobile users.
The printed and CD-Rom documentation is comprehensive and well organized. The system needs to be managed by StoneGate's comprehensive system management software, which is available for Windows, Solaris and Linux systems.
The management software is Java-based and needs an appropriate runtime environment. We installed the Windows version on a Windows 2000 system.
Configuring the VPN device is a two-stage process. The device is first defined in the management software, and then the device itself must be configured using a terminal emulation program over the serial connection. The device can then locate the management system and register itself.
Once this has been accomplished, the firewall policies and VPN configurations can be created and downloaded from the management system to the SG-500.
The VPN client software needs to be installed on each client from CD-Rom, although it can be reconfigured from a central point afterwards. It uses a browser interface, and the client machine needs to have both a web browser program and the VPN client software's own web server installed and running before the client software will work.
The software can provide statistical information about connections, generate certificate requests and download configuration data from the management system.
The client has a built-in packet filter which enables you to select several pre-configured traffic restrictions.