Gateway Security 5600 series
Price: Starts at $3,150
Symantec's Gateway Security 5600 series integrated security appliance is an ideal solution for enterprises restricted by the expense and resource requirements of separate products. The 5600 series offers firewall, antivirus, antispam, content filtering, IDS/IPS, VPN and client configuration compliance, all managed through a clean GUI.
Installation was a breeze. The front panel of the device includes a two-line LCD display and several command keys, allowing you to configure a network interface without a console cable. Unlike many appliances that leave you wondering about the Ethernet jack/interface relationships, the 5600 series is clearly labeled. The LCD screen displays a strong administrative password to connect to the device through a Java client.
The GUI allows you to create and edit security policies in a straightforward manner and to manage the various security features of the product in a single interface. For example, you may create a single rule that integrates firewall functionality with content filtering. The reporting and monitoring section of the GUI provides integrated reporting from all the components.
Administrators will still need a basic understanding of interfaces, ports and protocols. We created a firewall rule to allow access to our preferred name server; this required creating a service group that included the DNS service, a new host entry for our preferred DNS server and a rule allowing the outbound access.
The clientless VPN works similarly. After installing an SSL certificate, you may offer Web-based VPN services to remote systems. A separate rule base controls acceptable activity, allowing the use of disparate policies for local and remote users. Symantec also offers a client-based IPSec VPN solution.
The 5600 series leverages a number of familiar technologies in the Symantec portfolio--its flagship antivirus technology and the intrusion detection/prevention capabilities used in its network security offerings. The antispam feature, on the other hand, was custom-developed for the 5600 series and is not based on Brightmail.
URL filtering is based on Symantec's internally developed categorization database, as well as its Dynamic Document Review to categorize unlisted URLs. The filter detected all of the well-known objectionable sites we tested it against, but failed to flag several obvious pornography and gambling sites that were not in the database.
You may also use the appliance to enforce client desktop security configuration--provided that you use Symantec client security products, such as AV and personal firewall. Noncompliant clients may be quarantined for remediation.
The 5660 we tested is the high end of Symantec's integrated security series, with 10 built-in 1 Gb Ethernet ports, and support for four additional fiber interfaces. SMBs may wish to consider the lower-end 5640 or 5620. The base product includes the appliance, firewall functionality and unlimited gateway-to-gateway VPN sessions, with added costs for the other security features.
Some enterprises will prefer to diversify their security lineup, opting for best-of-breed and eschewing dependence on a single vendor. However, the 5600 series is an attractive choice for strong, easy-to-manage security capabilities or an integrated solution for resource-poor branch offices.
This product review also appears in the March 2006 issue of Information Security magazine.