appliance

Fortinet offers a range of what it calls 'anti-virus firewalls' for all markets, from the home user to the large enterprise and carrier-class service provider.

Ingrian offers a range of appliances that are designed to secure any application that uses secure socket layer (SSL) transactions, while at the same time speeding up the performance. The company has recently added other features, including authentication, authorization, GZIP compression and an interface to external intrusion detection systems.

NetPilot was created to be a turnkey solution for businesses to solve all their internet connectivity requirements. It provides internet routing and the sharing of a single ISP account; proxy-based firewall and NAT; web server and web caching; servers for DNS, DHCP, FTP and email; access control and URL filtering. In addition it can act as a file and print server for Windows workstations.

McAfee is well known for anti-virus software, and has built its complete anti-virus engine into an internet gateway product that examines HTTP, FTP, SMTP and POP3 traffic for viruses. It also performs content filtering and acts as an email anti-relay. Within the content filtering mechanism anti-spam functionality is included.

Primarily a content-filtering platform, the Minesweeper CF 500 came with optional extras for intrusion detection and vulnerability assessment. Content filtering comprises URL blocking, anti-virus and anti-spam. Standard features include a firewall with an IPsec VPN and a DHCP server.

SonicWALL is well known for its firewalls, but it is now starting to add optional functionality to the range. The model tested came with the extra-cost items of content filtering and anti-virus. Vulnerability assessment is another optional extra, but was not supplied on the review unit.

The Symantec Gateway Security product combines firewall, content filtering and intrusion detection in one rack-mounted system that is 1U high. The content filtering includes anti-virus and anti-spam, plus the blocking of inappropriate content and non work-related surfing. The firewall has all the usual features you would expect from a modern firewall: stateful inspection, packet filtering, NAT, IPsec VPN and full inspection application proxies.

Based on a Toshiba Magnia SG20 solution developer kit, this unit runs a special version of Linux created by Astaro. It includes a firewall, VPN, DHCP server, traffic management and content filter. The latter includes web blocking and anti-spam.
The firewall uses stateful packet inspection and includes proxies for HTTP, HTTPS, SMTP, POP3, DNS, IDENT and SOCKS. It has user authentication and offers protection from the most common forms of DoS attacks. Of course, it provides network address translation. In addition it detects port scanning.

In the Gateway Security product, Symantec has come up with a range of gateway appliances, each of which combines firewall, anti-virus, virtual private network (VPN), content filtering and intrusion detection in one rack-mounted system that is 1U high.

Unique in this test, the iPrism is actually an appliance. Although these tend to be more expensive than software-only products, they usually have the advantage of a fairly solid configuration since they are factory-build.

CyberGuard offers a range of firewall/VPN appliances with specifications ranging from three Ethernet interfaces and 125Mbits/ sec throughput to 21 Ethernet interfaces and 2Gbits/sec throughput. All have an integrated VPN, run the same firewall software, and have the same configuration GUI. We tested model KS1500, which can have up to 18 Ethernet interfaces, of which two are gigabit-over-copper as standard.
Performance is the strength of the KS1500, which is designed to cope with 1.5 Gbits/sec throughput and up to 1.2 million simultaneous connections. The firewall boasts a host of certification standards including Common Criteria Eval­ uation Assurance Level 4+ (EAL4+), ICSA, ITSEC E3, Checkmark, etc. The secure operating system was designed to meet TCSEC/NCSC criteria at the 'Orange-book' B2 level.