In this era of expanding job descriptions, the burly firewall is no longer just a bouncer keeping out shady types. It also functions as a front desk, mediating a wide variety of communication between an organization's intranet and the outside world. While the old school firewall may be sufficient for personal computers or small offices, products like Vicomsoft's InterGate create a moat around a large and active organization.

Vicomsoft describes InterGate not as a proxy server, but rather as "connection management" software. InterGate includes a firewall as well as routing software that can be used to share an Internet connection among local-area networks. InterGate is the rare routing software that can bond — or "team" — multiple Internet connections to pool bandwidth. InterGate's routing can also be used to provide Internet failover safety, substituting one kind of secondary Internet connection (say, a dial-up or DSL line) for a primary connection (such as a T1) in case the latter should become unavailable.

The InterGate suite encompasses several other modules included with the install but whose functionality may depend on additional license fees. The SurfMaster module ($39 to $1,199 for 5 to 2,000 users) allows an organization to filter access to Internet sites based on user-defined blacklists or whitelists, a third-party database known as SurfControl, protocols, or time limits. For organizations (e.g., schools) that receive federal "E-Rate" funding, such filtering software is required to meet CIPA compliance.

The RapidCache module (also $39 to $1,199 for 5 to 2,000 users) is a transparent cache, meaning it acts as a proxy server without requiring administrators to explicitly configure client machines in a proxy-aware way. Besides speeding up delivery of often-accessed content and saving on external bandwidth contention (and possibly cost), the RapidCache can function in offline mode, allowing clients access only to a sandbox of preloaded Web sites.

InterGate's SpamBolt module ($399 to $4,999 for 25 to 2,000 e-mail addresses) is available only for the OS X version. The SpamAssassin-based spam filter scores and marks incoming e-mail messages. Given that SpamAssassin is a widely used engine for anti-spam defense in many mail servers for a variety of platforms, it is unclear why Vicomsoft limits SpamBolt to OS X in this version of InterGate.

Finally, the SuperIntendent module ($199-$5,999 for 5 to 2,000 users) is a reporting tool for the logs InterGate natively generates. Without SuperIntendent, the core InterGate application can log traffic, firewall, filter, DHCP, and system events. With SuperIntendent, these raw logs can be spun into visual reports featuring graphs and pie charts. While the same information can be summarized from the raw logs, for frequent reporting the SuperIntendent module removes one more task from an administrator's to-do list.

The InterGate suite is a mere 10 MB download that installs into an initial 14 MB footprint. Of course, between log files and RapidCache, if enabled, disk consumption could grow significantly. The Windows installation wizard is basic, leaving most of the configuration work up to administrator interface. InterGate can be administered remotely through the Web, although for security reasons this feature is disabled by default, or by using InterGate's Remote Control application, which is a separate but free download.

InterGate features a firewall with stateful packet inspection. If a simple, or "static" firewall could be said to make decisions based only on the delivery address of an envelope, a stateful or "dynamic" firewall considers everything about the envelope, including what's inside, in determining its safety. Unlike other enterprise firewall products, such as Outpost Office and Kerio WinRoute, InterGate's firewall configuration interface is considerably barebones. Whereas the other products can guide an administrator through setting up firewall rules, InterGate assumes some expertise in the area.

Network users can be allowed to automatically connect to the Internet under "guest" privileges, or be required to login for authentication to the Internet. Users and groups can be managed internally or through LDAP, and it enables an administrator to regulate Internet access to different levels for different users or user classes.

InterGate's "webheaders" feature allows static or rotating banners to appear in a frame above all Web pages. Banners can contain any valid HTML and could be used by organizations to distribute announcements or service providers to display ads to support, say, free access through wireless hotspots.

Vicomsoft has put together a somewhat sprawling product with InterGate. It spans several classes of functionality, some of which may be available, depending on the licenses purchased. Some administrative functions are accessed through the administration interface and some through the Web or remote administration interface. Much functionality is packed behind somewhat spartan controls. For some users — even home users, in special circumstances — InterGate's "connection teaming" feature to aggregate bandwidth of multiple Internet connections is unique and possibly quite cost-saving. But for most, InterGate is oriented toward a large organization that wants to centralize its network management, from firewall to routing to content filtering, proxy caching, and (for OS X servers) anti-spam defense. Its mix-and-match licensing scheme might be a burden to smaller organizations, but it is a flexible option for large clients.

Pros: Connection teaming; Broad functionality; Competitive pricing for enterprise deployments.
Cons: Spartan firewall interface; Complex licensing scheme; Lack of anti-spam modules for Windows version.