Review: Symantec Gateway Security Appliance

By on

The Symantec Gateway Security product combines firewall, content filtering and intrusion detection in one rack-mounted system that is 1U high. The content filtering includes anti-virus and anti-spam, plus the blocking of inappropriate content and non work-related surfing. The firewall has all the usual features you would expect from a modern firewall: stateful inspection, packet filtering, NAT, IPsec VPN and full inspection application proxies.

The Symantec Gateway Security product combines firewall, content filtering and intrusion detection in one rack-mounted system that is 1U high. The content filtering includes anti-virus and anti-spam, plus the blocking of inappropriate content and non work-related surfing. The firewall has all the usual features you would expect from a modern firewall: stateful inspection, packet filtering, NAT, IPsec VPN and full inspection application proxies.

The VPN offers a choice of DES, triple-DES and AES encryption algorithms. It also supports authentication via third-party tokens (such as CryptoCARD and SecurID), authentication protocols such as TACACS+, RADIUS, LDAP, and PKI solutions such as Entrust.

Maximum throughput is 90 Mbits/sec, with four 10/100 Base-T Ethernet interfaces fitted as standard. Load-balancing and high availability are supported, enabling you to cluster Symantec Gateway Security units in groups.

Installation and set-up involves allocating IP addresses via the front panel, after which configuration is carried out remotely, but securely, using a Windows NT/2000 workstation running Symantec's own management software.

Sensibly, the firewall defaults to 'deny everything,' but is quickly up and running using configuration wizards. It uses a 'best fit rule' to prevent vulnerabilities being introduced accidentally.

Virus scanning may be configured for SMTP, http and ftp traffic selectively. It is based on Sym-antec's well-known anti-virus technology, including an extensible scan engine and heuristics.

Intrusion detection uses a database of attack signatures updated automatically according to a user-defined schedule. Combined with the intrusion detection features inherent in a firewall that provides packet filtering and proxies, this offers good overall protection against intrusions and DoS attacks.

There is also an internet content filtering feature that allows the blocking of URLs and newsgroups. This is useful for ensuring that internet usage complies with an organization's policies and preventing abuse of the internet by employees.

A CD-ROM contains both the management software and a restore image to rebuild the whole of the appliance software, including the operating system. This is intended for emergency use only, if the hard disk becomes corrupted. We found it hard though to find the option to save the configuration files without help from the manual.

For:

Easy to configure and scalable, with a single user interface for management of multiple appliances.


Against:

Could have been more intuitive to find out how to save the configuration files, although this information is in the manual.


Verdict:

A good all-round solution to the three major security requirements of the modern enterprise: firewall, intrusion detection and content filtering.

Tags:

Most Read Articles

Log In

Username:
Password:
|  Forgot your password?