Inbound and outbound traffic is managed by policies which determine what should be allowed through. These can be applied to all clients or specific addresses and the appliance maintains a customisable address book for each security zone. Essentially, policies are applied to a traffic direction, a set of addresses and a service and contain an action that can be either to permit or deny the traffic or, where a VPN connection between appliances exists, to tunnel it. Each policy can include service groups and the 5GT also contains specific entries for the SIP (session initiation protocol) allowing policies to be created to guarantee bandwidth for VoIP (Voice over IP) applications.
The Screening menu toughens things up even more with defences against a variety of flood attacks, protection against DoS attacks and blocks on ActiveX and Java content along with downloads of executable and ZIP files. Web content filtering doesn’t get any better and this can be handled by either SurfControl or WebSense – two heavyweight service providers. For SurfControl you can either use your own internal database or select the feature which redirects web requests to an externally hosted service as used by the Watchguard Firebox X15w. You can use the entire database to block all objectionable content or create custom profiles containing selected SurfControl categories which can be blocked or permitted. As we’ve found in previous tests there’s little that gets past SurfControl and users who attempt to access banned sites receive a curt warning message in their browser and the attempt is logged by the appliance.
The Trend Micro anti-virus scanner receives automatic signature updates and along with all the other security features can be activated in different policies depending on what traffic you want scanned. We found it comparatively fiddly to set up but email and web content can be scanned; infected content will be dropped and a warning message placed in a web page or dodgy email. For VPN support you get a licence for up to ten site-to-site tunnels and although dial-up VPNs are supported the client packs for this also add more to the total with ten costing around £250. However, Juniper does provide plenty of wizard based help and extensive documentation to aid set up.
The NetScreen-5GT is undoubtedly a powerful little security appliance that does offer overall good value as its wealth of optional features can be customised to suit just about any requirement. However, very small businesses with limited IT skills may find it overly complex to configure and would be better off with simpler, lower cost products such as those offered by SonicWALL or Watchguard.