While the new devices carry the Symantec Gateway Security brand, they actually run a new scratch-built code base, and are not just lower-performance versions of the enterprise box, according to group product manager George Sluz.
The company expects the three models in the series, which differ in throughput, VPN tunnels supported and WAN ports, to have a street price of between $400 and $750, and are aimed at companies with 75 users or less.
This puts the devices in the same price ballpark as low-end stateful inspection firewall/VPN appliances from small and medium-sized business specialists such as SonicWALL Inc and WatchGuard Technologies Inc.
The 300 Series will touch the same six feature points as the 5400 and other so-called god-boxes – firewall, VPN, antivirus, content filtering, and intrusion prevention and detection – but implemented to account for the price and lack of hard drive.
For instance, while the 5400 scans for viruses, the 300s just do client policy enforcement. They can ping instances of Norton Antivirus to check the version and virus definitions match a secure template, and can then block or alert non-compliant users.
The gateway has software that points to the administrator’s computer, and use this administrator’s configuration – virus signatures and version numbers – and use that as a policy to test all the users against, said Sluz.
Also, the URL content filtering is based not on a supplied block-list of categorized URLs, but on whitelists or blacklists of the administrator’s own creation, Sluz said. Policies can be created to give some users broader web access than others.
The intrusion detection and prevention features have been scaled back, eschewing advanced features such as protocol anomaly detection, to do attack blocking based on a limited set of automatically updated signatures stored in firmware.
From a hardware point of view, Sluz said the more expensive 300 models can do load balancing and failover on two internet links. In addition, the boxes have a slot for an optional 802.11b/g card, allowing them to be turned into wireless access points.
The price point is comparable to other competing devices on the market that are branded as firewalls, and the 300 Series perhaps represents where the god-box market and the low-end firewall market start to converge.
SonicWALL, for example, recently announced its intention to add signature-based intrusion prevention to its stateful inspection firewalls as a subscription-based option in the second quarter, having already applied that model to content filtering.
This article is based on material originally published by ComputerWire
