Amid a world of firewalls that come either as stand-alone boxes or as all-in-one software packages with 'hardened' Linux/Unix kernels, SEF (which started life as the Raptor firewall) is one of the handful left that installs on top of Windows or Solaris. This isn't necessarily a bad thing, of course. But it does leave the nagging doubt that even if Symantec has got it right, can the hacker get through a hole in Windows? Putting this question aside, on to the product itself. Getting up and running requires a Windows 2000 (or Solaris 7/8/9) computer with at least two network interfaces. We used a Pentium-III-based, rack-mount unit from Digital Networks UK with its on-board SiS Ethernet controller and an added NetGear FA310TX. Assuming you have the requisite hardware, you simply run the installer, type the serial number, select the package you want (we chose the non-VPN option for our test) and wait for a few minutes. When the machine has restarted after the install, you configure the interfaces using a small admin application (you have to tell it what's internal and what's external) and then you're ready to go. Note that the interfaces have to be network adaptors and they have to have IP addresses hard-coded - no DHCP allowed here. Traditional rule set
Management, like other Symantec corporate products, is done via the Windows management console. You power up the console and it gives you a choice of the firewalls you may connect to - choose one, enter the admin password and you're away. There's a 'Quick Start' wizard you can walk through to get your basic email and outgoing FTP/Web services set, and once this is done (if, indeed, you choose to do it) you have the more traditional rule-set that you can add to as you see fit. Unsurprisingly, the system has all the normal components you'd expect of a corporate firewall. You can define shorthand entities for hosts, domains, subnets and collections of machines (so you can refer to specific servers instead of having to remember IP addresses), time ranges (so you can apply rules for specific parts of the day or week) and protocols (you get a shedload of predefined protocols, but there's often a need to add your own). Because users (particularly those coming in over the VPN) can authenticate via a number of different means, from traditional to one-time key codes, there's a variety of authentication support that allows you to hook into existing corporate ID systems instead of being forced to have a local password file on the firewall. Access control is done the usual way, with sets of rules defining what's allowed and what's not. Incoming service requests can be redirected by service (so HTTP connections to host X can be sent to A and Email connections to X can be redirected to B). Network Address Translation is an obvious inclusion, of course, and proxy servers for a dozen or so service types (including FTP, HTTP, H.323 and SMTP) come as standard. Logging is essential on any firewall and SEF's is definitely above average. There's a nice logfile browser thrown into the management console alongside a load of default reports for the various aspects of the system (NAT, user logins, proxy services and so on). The final aspect we should mention is the now-obligatory interface to external content monitoring tools. Symantec's choice of external content monitor is Finjan SurfinGate. Setting up the system to hook into a SurfinGate server is just a case of writing in the address. Because different users have different legitimate surfing needs, you can set a collection of surfing 'profiles', that can be allocated to users as required. Overall
Given its heritage, it's no surprise that SEF includes all the features one would expect from a firewall and is relatively simple to configure. Although Windows Management Console can impose its clunkiness on admin packages, Symantec have worked well within its confines to produce a good overall product.


In any security product you should look not just for the features you need but also for a usable, comprehensible management interface. The more complex the latter is, the more likely you are to misconfigure something and open holes through to your private network.