The 5GT is one of NetScreen's most recent additions to the SoHo/branch office market. It's a small box, about 8" by 5", which sits in a corner and provides firewall services to either 10 computers (basic version) or a theoretically unlimited number of machines (the Plus and Extended versions). It includes a built-in four-port 10/100 Ethernet hub for the internal "trusted" network, plus a single Ethernet port for the external "untrusted" connection. The unit has no fans or internal disk hardware whirring away, so it sits silently in the corner doing its thing.
The 5GT does all of the usual stuff you'd expect from a SoHo/branch office firewall. It provides NAT address protection, VPN connectivity into a central office, user-defined security policies (so you can configure what connections are permitted both in and out of the local network) and DHCP address serving.
The usual management options are available – serial port or IP-based (both Telnet and SSH) text-based configuration, or graphical setup via NetScreen's management offering or simply the built-in Web GUI. We generally find that we set these devices up with their initial addresses via the serial port (that way there's no faffing about configuring a PC with an address that happens to match the unit's own default subnet) and then working with the Web GUI from there.
The management user interface used to be a bit tricky to find one's way around, as some of the names of facilities weren't particularly obvious. The new GUI is a definite improvement, and the introduction of an explorer-like menu of options (where you can expand and contract the various facility groupings) down the left-hand side makes it far more usable than with previous versions. The setup options are split into Configuration (defining how you can connect to the admin screen, updating the firmware and other config options, logging settings and such like); Network (setting interface addresses, routes, DHCP and DNS); VPN (all aspects of L2TP and IPSec VPN configuration); Objects (defining address ranges, IP pools, schedules for policies); Reports (viewing the various statistical and traffic information the device has gathered); and Help (which is self-explanatory).
There are two other items in the setup menu that we've not mentioned yet. One is the Wizards option, which provides quick-start, idiot-proof step-by-step configuration processes for route-based VPNs (the kind you'd use with a SoHo-to-main-office connection) and firewall policies (the actual definitions of what traffic types are allowed in and out). The second, more important item is the Screening menu, which is where the 5GT's most unusual features live.
At the basic end of the firewall functionality is the stuff that most devices of this type provide – EXE/ActiveX blocking, port scan detection, blocking of known-dodgy URLs and the like. There's also an interface to a WebSense server, which again is nothing new (the ageing NS-5 that sits in our lab has always had this). Unusually for this type of device, though, NetScreen have decided to do a bunch of "deep inspection" security analysis as well.
The first "deep inspection" feature is the built-in anti-virus support, which is provided using Trend Micro's technology. It's very simple to configure; you simply tell it which protocols (HTTP, SMTP and/or POP3) you want it to scan, point it at a server from which it can automatically download its AV definitions, tell it how often to download these definitions, and let it go. It's also able to do some file decompression (e.g. to analyse the contents of bundled files), and you can force it to drop files based on size or quantity if you so wish. The other aspect of its "deep inspection" is the device's ability to recognise attacks based on "signatures" contained within the packet streams that are going in and out; there are 20 or so predefined ones, but you can add as many custom ones as you like (so long as you can get to grips with writing regular expressions – something that may take a bit of getting used to).
The NetScreen 5GT is an interesting deviation from the norm as far as SoHo and branch office routers go. NetScreen itself is a respected name in the field of security, and the use of Trend's AV products means that the AV side of the deep inspection facilities maintains this reputation. The device is straightforward to configure, simple to manage, and in our case was running happily within half an hour of opening the box.
There are many SoHo firewalls on the market, but as the NS-5GT shows, the features differ from vendor to vendor. So be thorough about checking the features of each device when you're comparing prices and alternatives.