Gateway Security 5440
High throughput and lots of interfaces; excellent management options.
Additional features can be expensive to activate.
Object-orientated approach to management helps flexibility and policy design; it's a powerful and fast firewall.
Symantec's Gateway Security 5440 fits in the middle of its 5400 series range. It comes with six Gigabit Ethernet interfaces, although you can also buy the 5441, with four fiber and two copper interfaces instead.
Its LCD screen means you can easily set an initial IP address without having to resort to a console connection. Management is performed through the Security Gateway Management Interface.
While this works for a single appliance, those wanting wider management choice should use the Advanced Manager plug-in for the Symantec Management Console, which enables you to manage multiple appliances. It provides role-based administration, the logical grouping of firewalls, and simultaneous flashing of policies to multiple firewalls.
With either of the management options you choose, security is just as good. With essentially a blank canvas when you start, you must create the building block objects of rules first. These include hosts, domains and IP address ranges. While this approach creates an initial management burden, the result is objects that can be reused to create many different rules.
This is a powerful system and forces a higher level of planning than often required. This blank slate approach also means that you do not have a default policy to contend with.
As with other Symantec products, the Gateway Security 5440 uses a combination of proxy servers, for well-known protocols including web and SMTP, and a stateful inspection engine for everything else. It also comes with a VPN accelerator, proving up to 400Mbps of 3DES encryption.
The 5440 only comes with the firewall enabled, you will need new software licenses to upgrade for antivirus, signature-based intrusion prevention, and web filtering. While this seems fair, it is a shame that the high-availability module, for load balancing and failover, is also an optional upgrade. You also have to carefully weigh the benefits of each feature, because enabling them rapidly increases the price.
Nonetheless, the 5440 is a capable firewall, with excellent object-orientated policy management. Combined with Symantec's management console, it can scale and easily be managed in even the largest of environments.