Symantec Series Keeps Attacks And Intrusions Away


Believe it or not, small offices and enterprise-owned remote/branch offices have more in common than notespecially when it comes to security. Both SOHOs and ROBOs suffer the same threats and lack the budgets and on-site expertise to effectively battle malware, intrusions and other attacks. These environments and circumstances prove to be perfect for an appliance-based solution, and Symantec has the answer in the form of its new Symantec Gateway Security (SGS) 1600 series of devices.

The SGS 1600 series is currently available in two model designations, the SGS 1620 and the SGS 1680. Both share a common feature set and options, but the SGS 1680 is designed for approximately double the throughput and user count of the SGS 1620.

CRN Test Center engineers put the new SGS 1620 through its paces to see what the product offers the user and what Symantec offers the channel.

The SGS 1620's feature set is impressive, and integrators will find the product offers a full inspection firewall with application proxies, VPN (IPsec and SSL), Gateway antivirus, dynamic protocol anomaly-based intrusion prevention/detection system, dynamic content filtering with dynamic document review, and antispam capabilities. Flexible licensing rounds out the feature set by offering a pay-as-you-go user-count-based model.

The product is easy to install and configureespecially for solution providers already familiar with Symantec's security productsthanks to Symantec's
Security Gateway Management Interface (SGMI). SGMI is the standard GUI
used on Symantec's security products and offers extensive context-sensitive help, along with setup wizards. Products based on SGMI can be remotely managed via a browser and can leverage the unit's integrated VPN to make those sessions secure. Those managing several units also can use Symantec's unified management appliance, the SGS Advanced Management Appliance.

One notable feature is the SGS 1620's ability to bridge two broadband connections to increase throughput or act as a method of failover. That capability is powered by the unit's Flex-Port, a 10/100 interface that can be configured to perform many different tasks, ranging from load balancing to remote monitoring to failover support. The device's network management wizard makes configuration of the unit's ports a no-brainer. The two other ports on the appliance are for connection to the network and ISP.

Those familiar with security appliances will find the policy-based rules recognizable and the most logical way to define who can do what via the unit. Policies exist for everything from firewall control to content filtering to VPN access and almost any capability the unit offers.

SGMI makes policy definition a breeze; a wizard-driven assistant helps administrators quickly define policies, and ample online help pushes the process forward when one is unsure of what to do. One of the first steps in deploying the unit is to define firewall policies. Those policies simply lay out the network paths used and determine which packets and services are allowed to pass through the devicein essence, it does what anyone would expect from a firewall. But, there is a uniqueness to Symantec's approach, which comes in the form of granularity. Firewall policy definitions include several options that are not commonly found on an entry-level appliance and are laid out as tab choices on the policy definition screen. Administrators will find choices such as spoof protection, thresholds and services all readily controllable.

Of course, the product is much more than a firewall and offers several other features that are all as easy to configure. The integrated antivirus and antispyware controls also are accessed via the firewall policy definition process, with equal ease of use. To implement those options, administrators simply select the appropriate check box to enable virus and spam scanning. Content filtering works in a similar fashion, but with one major exception: dynamic document review (DDR). DDR is a patented technology from Symantec that examines every Web document for key words and then builds an acceptability list based on the policies set. Controls are present for all of the categories expected, ranging from offensive language to illegal activities. The product's clientless VPN offers SSL-type access into the network and helps to eliminate the costs associated with client-based solutions. That said, Symantec also offers a client/server-based VPN, but those licenses will come at additional costs.

Symantec has a comprehensive channel program that complements its security products. Aptly named PartnerNet, the company's program includes pre- and post-sales support and 24-hour technical support on enterprise operations. Large partners also receive 24x7 implementation support and priority access to senior Symantec technicians.

Symantec's PartnerPromos portal gives partners access to promotions, incentives, rebates and preapproved collateral materials. Symantec offers free Web-based sales training to all partners. Traditional instructor-led training also is available. Symantec's PartnerNet program is available to certified resellers and solution providers. As part of its current corporate
policy, the company does not release margin information.