This article can also be found in the Premium Editorial Download "Information Security magazine: Best-of-breed: Security Products of the Year: 2006."
Download it now to read this article plus other related content.
Information Security & SearchSecurity.com Products of the year 2006
Network Firewall Appliances and software-based network firewall products
"We selected Juniper because we knew the performance was greater than our previous solution."
Juniper Networks clearly knew what it was doing when it acquired NetScreen in 2004. Its NetScreen-5GT and -5XT firewall appliances earned consistent "excellent" and "good" responses across the board, earning the gold medal in the network firewall category for two years running.
This family of network security solutions is ideal for locking down enterprises' remote offices, retail outlets and broadband telecommuter environments. Its integrated security applications, routing protocols and policy-based management features have earned it the top spot among surveyed readers.
The NetScreen-5GT's and -5XT's stateful packet inspection and signature-based deep inspection threat detection, and DDoS protection capabilities, stop network- and application-layer attacks. Their Web filtering options (available from third-party vendor Websense) prevent users from leaking sensitive corporate information, whether deliberately or through spyware/phishing attacks. The firewalls offer up to 25 concurrent VPN tunnels, an unlimited number of trusted IP addresses and up to 4,000 concurrent sessions.
Specifically, the 5GT has embedded network-based AV that scans for viruses in e-mail, Web and file-transfer protocols. Its embedded Trend Micro antivirus engine scans IMAP, SMTP, FTP, POP3 and HTTP mail protocols, and checks against an encyclopedia of more than 80,000 signatures. (It is important to note that the NetScreen-5XT does not support this embedded antivirus gateway scanning.)
The 5GT's and 5XT's embedded IPSec VPN provides Web-based and XAUTH authentication, with third-party support for RADIUS, LDAP and RSA SecurID.
"We originally selected Juniper because we knew the performance was greater than our previous solution. We had no idea we'd be seeing so many other benefits," says Matthew Gruett, Internet systems specialist for TDS Telecom.
Both the 5GT and 5XT support key routing protocols--including BGP, OSPF and ECMP--and integrate into the network with ease. Dial-backup and dual Ethernet ports support business-critical systems and provide redundancy. Restricted security zones protect corporate activity and offer a clear separation between authorized and unauthorized business use. The zones also offer delineation between home and office users, allowing employees to access the corporate network though a secure VPN connection (work zone) and maintain their access to the Internet (home zone) through normal connectivity.
In addition, the 5GT Wireless appliance also offers support for a wide set of wireless authentication and privacy protocols for 802.11b/g networks.
Cisco PIX 500 Series Security Appliances
Firewall and PIX are synonomous, says one user. "It's what I trust between me and the Internet."
Check Point Software Technologies
It is no surprise that this granddaddy of firewalls continues to draw great user support, getting especially strong ratings for security.
This was first published in February 2006