Symantec Gateway Security 5300
The SGS 5300 is a largish 1RU unit that includes pretty much the whole gamut of Internet security features: it has an integrated firewall, Internet content filtering, intrusion detection, VPN, and of course antivirus engine.
The front panel is quite neat as it flips up to make it easier to use, which is just as well because the two line LCD display is tiny, the characters are much the same size as your average digital watch. The unit can be configured via the LCD display and six buttons on the front panel, and while relatively logical you would be advised to carry out the bulk of the configuration via the Symantec Raptor Management Consol (SRMC) once IP addresses are sorted out. The front panel also features status LEDs for the LAN link and activity and hard drive activity. Yes, the unit includes a 30GB hard drive and what’s more has space for four hard drives in total. The unit is quite expandable, ours was fitted with a single processor but there is the facility for a second. The base unit’s 512MB of memory can be expanded with three free DIMM slots.
The rear of the unit is fairly sparse, other than the four 10/100 LAN interfaces there are two Com ports for console communication and UPS control if necessary.
The setup procedure is a reasonably lengthy process although it is complicated by the perhaps overzealous security in the form of long product registration keys and even lengthy passwords.
Once up and running however the antivirus functionality can easily be configured from the SRMC, which is quite intuitive to drive.
The 5300 monitors SMTP, FTP, and HTTP traffic in either proxy or transparent mode.
Viruses can be cleaned, deleted, or quarantined, and the 5300 combines quite a range of Symantec’s antivirus core technologies. For example, “Bloodhound” is the heuristic module for detection of new and unknown viruses; “Striker” identifies polymorphic viruses, and the NAVEX antivirus engine enables virus definition and engine updates without the need to interrupt the service—updates are carried out automatically by the 5300. The unit also supports very robust content filtering so even before a new virus definition is supplied, attachments with a particular filename, extension, subject line, origin, or size can be dealt with. The 5300 can be configured to warn recipients that a virus was detected and handled and can also warn the sender that a virus was detected in their e-mail.
Mail can also be filtered by file name, file size, subject, domain, and intentionally malformed e-mail. Internet content filtering is a rules-based function. For example you can disallow “satanic/cult” sites while allowing “drugs/drug culture” for example, or a particularly offensive site can be excluded by defining its URL. If you want to be particularly limiting you can disallow all URLs except those specifically allowed. The “allowable filename extensions” setting is not as flexible as some of the others with just an “allow” extension option. If, for example, you allow .gif extensions then every other file extension will be disallowed, you will have to carefully list all the extensions you want passed—a bit of a drag.
If multiple units are deployed in your organisation the 5300 supports high availability and load balancing for the cluster.
| Product: | Symantec Gateway Security 5300 |
| Price: | AU$$21,989 (50-user lic.) AU$28,798 (100 user lic.) AU$44,638 (250 user lic.) |
| Vendor: | Symantec |
| Phone: | (02) 8879 1000 |
| Web: | www.symantec.com |
|
|
|
| Interoperability: |
Screens HTTP, FTP, SMTP, and has very flexible and quite feature-rich virus and content scanning. |
|
|
|
| Futureproofing: |
Automatic virus signature updating. |
|
|
|
| ROI: |
½Considerably more expensive than the other AV appliances and like the FortiGate; also includes firewall, VPN, and intrusion detection. |
|
|
|
| Service: |
½1-year warranty (can be extended to 3 years); phone, e-mail (Mon-Fri 9 to 5 but 24/7 is optional), and Web support. First year support is free. |
|
|
|
| Rating: |
|
|
|
|
10%
8%
Once you know what modern worms do with emails (hint: they fake "from" field), thinking like "it would be helpful if the AVA sent a message back to the sender warning them that they passed on malicious code" is, in my opinion, step in spreading spam around the world.