Juniper Networks is without doubt one of the largest vendors of security appliances and the NetScreen-5GT represents the starting point of this extended family. It delivers an impressive array of defence mechanisms aimed primarily at small businesses and remote offices, home workers using broadband and other areas such as retail outlets.
The price depends on the features you require and starts at £250 for the basic unit which includes support for 10 IP addresses on the LAN, an SPI firewall, up to 10 site-to-site VPN tunnels, DoS protection and traffic management capabilities. Integrated anti-virus scanning comes courtesy of Trend Micro which costs an extra £100 for a yearly subscription while web content filtering from SurfControl adds a further £170 to the asking price. Alternatively, for around £600 you can go for the Plus model which has no restrictions on the number of users and includes anti-virus scanning and Juniper’s Deep Inspection technology which uses a signature database to detect and block Internet-borne attacks.
Despite its compact dimensions the 5GT packs a fair punch in the hardware department with a 400MHz Intel IXP425 network processor accompanied by 64MB of SDRAM and 32MB of Flash memory. The WAN port can be used to connect the device to an ADSL or cable modem or be used for a direct link to a router and four Fast Ethernet ports are provided for the LAN connections. The serial port can be used as an Internet backup modem link but this is only available in the Plus version.
Initial installation is straightforward and the well designed browser interface fires up a quick start up wizard that helps choose transparent Layer 2 bridging or Layer 3 routing. We opted to use the latter mode as it meant that the appliance could perform NAT on all LAN IP addresses. The first feature that makes the 5GT stand out is security zones which are used to create physical network segments where different policies can be applied. The WAN port, for example, can be bound to an untrusted zone while the LAN ports can be placed in a trusted zone. This allows various port mode combinations to be offered for different working scenarios. Home workers could select the Home-Work mode which uses three zones to allow Internet access but segregates work related traffic from personal usage. With an ActionTec intelligent ADSL modem connected to the untrusted port we left the internal DHCP server to dish out IP addresses and had Internet access available for our test clients in a few minutes.