Network Computingwww.networkcomputing.com

Branch Office Firewalls

Posted by John H. Sawyer on May 3, 2005

Tags: Check Point Software Technologies Firewall-1 Secure Platform,  CyberGuard Corp. TSP 7100 Security Appliance,  DataPower XS40 XML Security Gateway,  Fortinet FortiGate 3600,  Fortinet FortiGate-800 Antivirus Firewall version 2.8,  IDS,  IPS,  Ingate Systems' Ingate Firewall 1200,  Internet Security Systems Proventia M50 Integrated Security Appli-ance,  Juniper Networks NetScreen-ISG 2000,  NIDS,  NIPS,  Nokia's IP260/265,  Reactivity XML Secu-rity Gateway and Manager 2400 Series,  SQL injection,  Sarvega XML Guardian Gateway v5.0.2,  Secure Computing Corp. Sidewinder G2 Security Appliance Model 2150,  Secure Computing Sidewinder G2 and Symantec Corp. Symantec Gateway Security 5440 Appliance,  ServGate Technologies' Edge-Force M30,  SonicWall Pro 5060c with SonicOS 3.0 Enhanced 5060,  Symantec Corp. Symantec Gateway Security 5460,  Symantec Corp.'s Gateway Security 5420,  VPN,  WatchGuard Technologies' Firebox X2500,  Web Services,  Web filtering,  XML firewall,  XML security,  XML security gateway XML gateway,  and ZyXel's ZyWall 70,  anti-spam,  antivirus,  branch-office firewall,  centralized firewall management,  denial of service,  eep inspection,  heck Point Software Technologies' Check Point Express,  high-availability,  security,  stateful failover,  stateful filtering,  Access Control,  Data Networking & Management,  Data Protection,  Firewalls,  Managed Firewall and Intrusion Detection,  Network security appliances,  Networking and Telecom,  Other,  Security and Privacy,  Software and Web Development,  firewall

Channel: Data Protection, Networking & Mgmt, Other

Firewall Blowout Analyzing the Threat-Management Market Review: Deep Inspection Firewalls Review: XML Gateways Review: Branch Office Devices Reader Epoll Results Read More Defense Mechanisms XS40 XML Security Gateway 3.0 Ups the Ante Reactivity's 2400 Series Gateway and Manager with XOS 4.1 Enemy at the Gateway Web Services Security

Our basic network configuration for testing involved three network spaces: the ISP-provided network outside the firewall, the LAN inside the firewall and the corporate network available through a VPN (see "How We Tested Branch-Office Firewalls," for specifics).

Similarities and Differences

The invitations we issue for comparative reviews spell out our minimum requirements, grading criteria and basic test scenario. The vendors decide which products to submit. Although we aim for apples-to-apples comparisons, there's room for variability. Some go toward the top end and take a hit on price, banking on better features and performance. Others meet the bare-bones requirements and hope a low price will give them a boost. Most try to find the middle ground. This self-selection exercise can be a fascinating window into how a vendor will spec out bids for real customers.

The firewall appliances submitted for our tests showed a remarkable range. On one hand, the products from Nokia, Symantec and WatchGuard had sufficient bandwidth, management capabilities and functional depth to place them at the high end. Each would easily support a regional office with several hundred employees and a high-bandwidth leased WAN connection to the enterprise.