Juniper Networks NetScreen-5GT review
When it acquired NetScreen Technologies at the beginning of 2004, networking giant Juniper Networks signalled a move to diversify by offering a range of low-cost security products. The entry-level NetScreen-5GT is aimed at SMEs and remote offices within distributed enterprise environments; it combines firewall, VPN support, intrusion prevention plus traffic management and anti-virus protection. It has been a stalwart member of this family for a while now, so how does the Juniper stack up against the competition from vendors such as Fortinet and SonicWALL?
If installation is anything to go by, the 5GT is a winner, as we had it up and running in a few minutes. The well-designed browser interface fires up a Quickstart Wizard that helps to choose transparent Layer 2 bridging or Layer 3 routing. With the latter selected, we used an Actiontec intelligent ADSL modem on the unit’s untrusted Ethernet port, connected our test PCs to the trusted side, and once DHCP had done its stuff Internet access was immediately available. The 5GT uses different port modes to bind the various interfaces together, and you can decide which security zones they should belong to. Two failover options are available, as the serial modem port can be bound to the untrusted port allowing a modem link to be automatically dialled, or a second untrusted port can be created for a spare Internet connection.
Up to ten VPN tunnels are supported by the base model and the combination of good documentation and Policy Wizards make light work of configuration. Security policies determine how inbound and outbound traffic is handled and can contain source and destination addresses, multiple services and an action. Traffic-shaping comes into the picture as policies can restrict or guarantee bandwidth and prioritise specific services. Policies and traffic-shaping are fundamental features of SME security appliances, but it gets more interesting at the Screening menu. This allows you to add network flood defences, protect against DoS attacks and reject protocol anomalies. You can also block ActiveX and Java content plus ZIP and executable files. The Deep Inspection feature makes the 5GT stand out, since it uses a signature database to detect attacks.
The next line of defence is handled by the integrated Trend Micro anti-virus scanner, with signature updates downloaded and applied automatically as often as you like. It can scan webmail, HTTP, FTP, SMTP and POP3, and be configured to drop the content if infected and replace the web page with a warning message. Infections detected in inbound and outbound email can cause the message body to be changed and the infected attachment replaced with an advisory message.
The optional web-content filtering tools are strong features. The 5GT can direct HTTP requests to existing SurfControl Web Filter or Websense Enterprise servers. Alternatively, you can use the integrated filtering feature that redirects user requests to an external SurfControl Content Portal Authority server.
Don’t be fooled by the compact chassis, as the NetScreen-5GT packs a hefty punch in the security department. It compares extremely well with SonicWALL and Fortinet’s SME appliances. The price may seem comparatively high but you’re getting a lot of features for your money. Juniper advised us this includes a one-year subscription to the anti-virus and deep inspection features, making it good overall value.