Symantec tailors bundle for small offices
- By Patrick Marshall
- Dec 02, 2001
Firewalls and virtual private networks are a natural combination. After all, if you're going to erect a wall between your network and the dangerous world of the Internet, why not build in the tools to create secure holes in the wall? That's essentially what a VPN is — a secure channel from one location to another across the Internet that looks to users like a local-area network.
Symantec Corp.'s new foray into the firewall/VPN market is a competitively priced family of devices targeted at small- to mid-size offices that need to quickly implement a solution.
One advantage of Symantec's Firewall/ VPN Appliance is that it combines three functions — an Ethernet hub, a firewall and a VPN device — into one relatively inexpensive unit. The box itself is generally well-designed, though it's not clear why the ports for Ethernet cables are on the front panel, where they can easily block your view of the LED indicators. The device is available in three models: the 100, 200 and 200R.
Two wide-area network ports — available on the 200 models — enable you to take advantage of automatic load balancing. Even if you're using different technologies on the two lines for your Internet connection, if service on one line is disrupted, all traffic will automatically be diverted to the other line.
And the eight built-in 10/100 Ethernet ports in the 200 models (four ports in the 100 models) mean you can use the device as your hub for a small office. (Of course, if you need more connections, you can simply attach your existing hub to the device.) Throw in the on-board, preconfigured Dynamic Host Configuration Protocol server, and you're looking at a quick and relatively painless setup process.
We found it very easy to set up the firewall and VPN capabilities. We only had to call technical support a couple of times to get everything up and running, and even those calls were only necessary because the documentation was vague in a few areas.
The 200R includes software that allows the device to service VPN clients directly, but the 100 and 200 models can only be configured to work with other VPN servers. In other words, if you're looking to set up a single office with roaming users connecting via a VPN, you're locked into the more expensive 200R model.
Unlike many such solutions, the Symantec devices include basic intrusion-detection and reporting tools, so you can gauge the strength of security measures.
The drawbacks? First of all, you won't find centralized management tools. Each device must be managed individually through its own Web interface. As a result, if you make a change in VPN configuration, you'll have to call up each device in your Web browser to make the configuration changes. Nor does the Symantec solution offer centralized capture of alerts. We'd much rather see a centralized management tool that allows you to receive system alerts and make changes across the enterprise in a single stroke.
Finally, as relatively easy as the Firewall/VPN 200R was to set up, it's not a task for non-information technology staff. That fact, combined with the fact that the device lacks centralized administration tools, is something enterprise administrators will have to consider in mulling over whether to jump from their existing firewall vendor.