Symantec's Gateway Security 5460 is the largest, and one of the most powerful, appliances that we have had on test. It has eight Gigabit Ethernet ports, which can be configured to segregate a network or for high availability. The firewall can also be configured to load balance between a cluster, improving performance provided you have the correct license.
Initial configuration is easiest using the front control panel and LCD to set an IP address. Once configured, it can be accessed through its web interface, which launches a Java web page called the Security Gateway Management Interface (SGMI).
The first connection also starts a setup wizard, which enables you to configure basic settings, such as locking the front control panel to prevent unauthorized access.
We were pleased with the SGMI, which uses an object-orientated approach to rule generation. Objects have to be created for all network resources, including hosts, domains and IP address ranges. A rule is then applied to these objects, the network interfaces and the traffic direction.
While this requires a high level of planning and work for the initial object creation, once this has been done, the objects can be reused in rules, saving time and effort at a later date.
The forced planning it requires is also likely to improve network security.
As well as a stateful inspection engine, the Gateway Security 5460 also implements proxies for well-known protocols, including HTTP and SMTP. This lets it drill down into the data being sent, scanning the content before passing information on.
The basic appliance only comes with the firewall enabled, but you can upgrade to enable signature-based intrusion prevention, anti-virus and web filtering.
This rapidly ramps the price up, however, so you need to consider where the appliance will be deployed and which jobs could be done more effectively by third-party products.