Prices of multifunction security appliances have come down substantially in the past six months, and if you have not bought one yet you may want to take another look.

With that in mind, we decided to take a fresh look at one of the best known of these, an appliance in the Symantec Gateway Security 5600 Series. Symantec sent us an 5640. Their top of the line has twice the capacity of this model, but we had no problems using it in a lab setting and in a medium-size, real-world network.

In our lab tests, we simulated a corporate intranet. We placed a Microsoft Windows XP workstation and a Windows 2003 server inside one of the 5640’s internal protected subnetworks. Outside this network we set up a Linux server loaded with the Nessus (www.nessus.org) vulnerability scanner with settings to attack the other machines.

Installing the Symantec appliance was exceptionally easy. We did initial configuration of IP addresses via a slick digital panel on the front of the appliance.

The series includes firewall, antivirus, antispam, virtual private network (VPN), intrusion detection and prevention, and content-filtering applications. In practice, the firewall component provided excellent protection against intrusion without affecting our network traffic. The unit can be configured to protect your network during a virus outbreak even before virus definitions are available. Our experiences with viruses have led us to prefer this approach, which uses pattern matching and behavior analysis to catch malicious software.

We configured the antivirus component to scan file transfer, Internet and e-mail traffic. When we used our Web browser to open the Symantec Gateway Security home page, we found several configuration wizards that eased administration of the device. The 5640 did a remarkable job of eliminating the need to look at the setup manual every time we wanted to implement a setting. The manual is helpful, but an experienced administrator will have no problem operating the device without it.