Symantec Corp. next month plans to ship three new gateway security appliances for use by small-to-midsize businesses as a combined VPN/firewall, Web filtering and intrusion-detection system.
The Symantec Gateway 300 series line is less muscular than Symantec's high-end 5400 security gateway series, which includes an intrusion-prevention system capable of blocking all known attacks at gigabit speeds. In contrast, Symantec's three new Gateway Security models - the 320, the 360 and the 360R - will only recognize about 15 of the most prevalent attacks, including computer worms, which network managers can decide to block.
"In order to run at full-line range, we would have to limit the number of signatures it would detect," says George Sluz, Symantec's group product manager. The Gateway 300 models are not powerful enough to handle intensive IDS or content inspection.
But the Gateway 300 series is relatively low-priced, ranging from US$400 to US$750, and it is a step above last year's Gateway 100 and 200 series, which reached maximum speed of 8 megabits per second.
According to Sluz, the Gateway 300 series relies on technology acquired in Symantec's purchase of Nexland last year. "They were our partner in the 100 and 200 series and now we have full access to their source code."
While the Gateway 300 series does not perform anti-virus content inspection directly at the gateway, it offers a way to check desktops internally to make sure they have the latest anti-virus signature updates and anti-virus software turned on.
"Sometimes people turn off the anti-virus, especially when they're adding new software, and they don't turn it on again," says Sluz. The Gateway 300 series is designed to facilitate policy enforcement to restrict use of the network unless anti-virus software policy is followed.
The Gateway 300 series also provides a way to do Web-based content filtering by setting up a URL "deny" or "allow" list of Web sites.
The Gateway 300 series will be designed to adapt as a WLAN firewall gateway as well.
"We have a wireless option slot with it so you can order it an access-point kit," Sluz says. It will have a 802.11g wireless transceiver, and will support both WLAN b and g client computers. This conversion would outfit the Gateway 300 to act as a WLAN gateway that could provide firewall and IPSec-based VPN support.
Symantec will ship its own VPN client with the series but is undergoing testing with ICSA Labs to ensure its VPN will work with other VPN clients.
And while Symantec will license its products to support up to 75 simultaneous users, the company said it doesn't restrict the numbers of users for each gateway or charge extra. "The gateways will actually support more, between 100 to 200 users, and basically we're not limiting use," Sluz concluded.