Symantec Firewall: The Swiss Army Knife Of Security

Symantec's Gateway Security 5460 firewall offers the technologies and tools to protect both large and small networks. A security appliance that offers firewall and intrusion-protection services, the 5460 scales up to handle the demands of enterprise networks while still offering affordability for midsize networks.

With the security appliance and firewall market becoming increasingly competitive, it can be difficult for vendors to distinguish their products from the competition. Symantec strives to outdo the competition in several areas, including setup, administration and feature set.

Although many businesses may experience sticker shock at the firewall's $26,535 price, that high cost is balanced by the unit's extensive feature set and capabilities. Beyond the expected firewall functions, the 5460 offers content filtering, antivirus support, IPsec VPN, intrusion detection and prevention, high availability, failover support and load-balancing capabilities. In the past, many of those features would have been implemented on separate devices from separate vendors, driving up the total cost of the solution.

Integrators will appreciate the unit's economy of scale, as its feature set and integration prove to be less costly than the previous solution of deploying numerous independent tools.

For sites where cost is a major concern, Symantec offers lower-cost, less-capable units in the 5400 series of its Gateway Security product line.

The 5460 also proves its ROI via its centralized management console and intuitive interface. Those elements reduce training and support costs, and security administrators now need to master only a single device for security and can control all primary security functions from a single console.

As a rule, the broader the feature set, the more complex the setup of the device. Symantec, however, aims to be an exception to that rule by simplifying setup. While it does not offer plug-and-play simplicity, the unit does succeed where many others fail: The setup tasks are straightforward and well-documented.

Initial setup is speeded by the inclusion of a setup wizard and a quick start card, which clearly states requirements and steps to add the 5460 to the network. Administrators manage the unit from a browser with the Java Runtime Environment (JRE). The setup wizard validates that the proper version of JRE is installed on the target workstation and installs it if it is not found.

Physically, the 1U rackmount unit also follows the theme of enhanced capabilities. Solution providers will find six 10/100/1000BaseT Ethernet ports on the back of the unit, which aid in segmenting complex networks.

Segmenting a network can be quite useful for sites that require a DMZ for Web servers that share the same Internet backbone as the internal network. In addition, segmenting enables advanced VPN features to be deployed while offering integration opportunities for solution providers.

The unit also includes a pair of USB ports that can be configured to work with a smart UPS or for sending messages to a pager or mobile phone via a modem. Solution providers can use the serial port to set up terminal access to the embedded Linux operating system at the discretion of Symantec technical support.

The real power of the unit is found in the Symantec Gateway Management Interface (SGMI), which is where all the action happens. The SGMI is an advanced Java-based management console that readily exposes all of the available features of the unit. Accessing those features is based on licenses installed; in other words, solution providers can choose to implement features in stages. If a site is looking for VPN and firewall functionality, a solution provider only needs to sell licenses to enable those features. Adding new features at a later date simply consists of purchasing additional licenses. The unit also sports "a try before you buy" capability,a new feature that can be used for up to 30 days without a license, allowing a real-world demonstration of a considered feature.

Solution providers will find most of the unit's capabilities quite easy to work with, helped in part by the SGMI and clear labeling of screens, context-sensitive help and excellent documentation. The breadth of features can make drilling down to particular options a time-consuming process, but the SGMI interface offers ample prompts to prevent administrators from getting lost in the interface.

Beyond the expected integration opportunities, solution providers can derive profit from training, support and housekeeping duties via service contracts with the 5460. The unit's feature set is best utilized when a security professional manages the various elements offered. What's more, the unit's integrated reporting features allow solution providers to justify many add-on service charges by clearly demonstrating usage and security statistics to those making financial decisions.

All things considered, Symantec's Gateway Security 5460 offers all the security features networks need in a single appliance. The combination of a world-class firewall with well-crafted security features should prove to be a valuable ally to solution providers servicing the security market.

CHANNEL PROGRAM SNAPSHOTS
>Symantec Gateway Security 5460
PRICE: $26,535
MARGIN: 5 to 15 percent
WARRANTY: One year
DISTRIBUTORS: ngram Micro, Synnex, Tech Data
TECH RATING:

CHANNEL RATING:

CHANNEL OVERVIEW: The two-tier channel program of Symantec, Cupertino, Calif., provides varying amounts of leads, technical support, discounts and support from company engineers based on a partner's sales volume. Field-based systems engineers assist in integrations and make joint sales calls. Symantec's partner Web site includes a co-branded marketing program and training resources.

Note: Vendors can earn up to five stars for technical merit and five for their channel program. If the average of these two scores is four stars or greater, the product earns CRN Test Center Recommended status.