Symantec Box Ably Melds

By Cameron Sturdevant  |  Posted 2002-05-20 Print this article Print

Security Tools"> IT managers who have the luxury of building a completely new security setup at the perimeter of a large branch office should consider Symantec Corp.s Symantec Gateway Security Appliance Version 1.0. However, managers who are augmenting installed security tools may be better off investing in more-focused devices or software, rather than getting the SGSA and discarding the previous investment.

Although its not the biggest bargain in town, at $51,999, the SGSA Model 5300, which shipped this month, combines nearly every conceivable security tool in a slim 1U (1.75-inch) rack-mount appliance: Symantec has stuffed firewall, VPN (virtual private network), intrusion detection, anti-virus and content filtering capabilities into a 1GHz Sun Microsystems Inc. Cobalt Raq XTR box with 1GB of RAM and four RJ-45 network connectors.

Alternatively, Symantec offers the SGSA 5200, which supports 250 protected nodes and costs $23,390, and the 5110, priced at $11,790 for 50 protected nodes. Both of these editions shipped last month.

The SGSA 5300 supports an unlimited number of devices, although the company recommends putting no more than 1,000 nodes behind the appliance.

Building, Maintenance

In eWeek Labs tests, we got the sgsa 5300 up and running in just less than a day. Configuration is ongoing, as it is with comparable security tools such as SonicWall Inc.s GX 2500, NetScreen Technologies Inc.s NetScreen 200 and WatchGuard Technologies Inc.s Firebox 2500. Even though we were up and running relatively quickly, we still devoted at least 20 minutes per day after the product was installed to reviewing reports and making sure the SGSA 5300 was correctly tuned.

We used the SGSA 5300s scheduling tool to update our anti-virus and IDS (intrusion detection system) signatures daily, which took the work out of most of our daily chores. We also fiddled with access rules that allowed us to define good and bad traffic on a nearly daily basis. This means that IT managers should allocate enough staff time to properly maintain the SGSA 5300, especially if the organization is prone to attacks.

The SGSA 5300 runs on a customized version of Red Hat Inc.s Red Hat Linux operating system that has been hardened to withstand determined cracking attacks. However, after going through the standard configuration, it was clear that a little more work was needed on our part to make the product really secure.

The most irksome problems we encountered were revealed when we used testing tools, including Nessus, a Linux-based remote security scanner from The Nessus Project (, and Nmap, an open-source security auditing utility from

For example, Nessus reported the banner for our SMTP proxy, identified the device as a Raptor firewall (the product is based on technology gained when Symantec bought Axent Technologies Inc.) and found at least one vulnerability that bad actors could exploit. We were able to adjust the system to close the holes with help from Symantec. IT managers should take this into account, however, before shipping the units to field offices, since the whole point of the product is to make security as simple as possible for offices that likely dont have security expertise.

Maintenance and reporting are simple, effective routines. In addition to automating anti-virus and IDS signature updates, we got convenient, comprehensive daily reports on attacks detected. We advise IT managers who use the product to get in the habit of reviewing the IDS reports and to use the products ability to send a page or e-mail notification when serious problems are detected.

In tests, it was easy to use the product to provide VPN access as well as restrict and monitor Internet access. The SGSA 5300 has setup wizards that handle most tasks, including setting up VPN access. The product uses Microsoft Corp.s Management Console, or MMC, snap-in, so anyone familiar with that fairly common interface should have little trouble configuring new users and all the SGSA 5300s features.

The SGSA provides all the standard features we expected to see for a perimeter gateway security tool, including network address translation, Triple Data Encryption Standard encryption and configurable Ethernet interfaces to support multiple internal and external network connections for a demilitarized zone and a management network, if needed.

The SGSA can be a single point of failure in the network and lacks dual power supplies. Furthermore, Symantec charges full price for a second unit to use in hot-standby mode. Multiple units (as many as eight) can be cabled together and managed as a cluster in several high-availability configurations.

Senior Analyst Cameron Sturdevant is at

Cameron Sturdevant Cameron Sturdevant has been with the Labs since 1997, and before that paid his IT management dues at a software publishing firm working with several Fortune 100 companies. Cameron also spent two years with a database development firm, integrating applications with mainframe legacy programs. Cameron's areas of expertise include virtual and physical IT infrastructure, cloud computing, enterprise networking and mobility, with a focus on Android in the enterprise. In addition to reviews, Cameron has covered monolithic enterprise management systems throughout their lifecycles, providing the eWEEK reader with all-important history and context. Cameron takes special care in cultivating his IT manager contacts, to ensure that his reviews and analysis are grounded in real-world concern. Cameron is a regular speaker at Ziff-Davis Enterprise online and face-to-face events. Follow Cameron on Twitter at csturdevant, or reach him by email at

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel