Review: Symantec Enterprise Firewall

Symantec's Enterprise Firewall works with Windows 2000/2003 or Solaris 8/9. We installed it on our Windows Server 2003 machine with two network interfaces (a requirement of the software).

The base license pack comes with the firewall turned on and support for unlimited gateway-to-gateway VPN tunnels and one client VPN tunnel.

Additional licenses are available for content filtering and high-availability/load balancing. These can be added at any time and do not require additional software to be installed.

Management is also flexible; web-based management – the Security Gateway Management Interface (SGM) is good for a single installation, while Symantec's Advanced Manager deals with multiple installations. We chose to use the web-based management, which starts a Java application.

On first launch, the management console presents you with a setup wizard to configure basic rules and get traffic flowing through the system.

However, changes have not yet been applied until you choose to activate them. The front page of the management also has access to server wizards, which let you give access to web and mail servers quickly.

Firewall protection is based on two technologies: application proxies and packet filters. Application proxies offer more protection, as the firewall can examine the content being sent; packet filters are quick to scan and cover services which do not have a proxy available.

As with the Symantec's Gateway Security 5460, also reviewed in this test, configuration first requires that you create the network building blocks including network addresses, user groups and even groups of services. While this requires more work initially, it makes it easier to create rules later.

The basic firewall package provides a sturdy and reliable enterprise-class firewall, suitable for any small-to-medium business, while additional licensing gets you high availability and content filtering to integrate the software into any enterprise.

For:

High-quality firewall.

Expensive.

Capable of dealing with any sized network, this is a very powerful firewall especially well suited to large enterprises.