Meant for small to medium organizations and regional offices, NetScreen 5GT
is an entry-level firewall appliance with the added advantage of a built-in anti
virus. It is fairly compact and comes with optional accessories to mount it on a
wall. The device sits between your company network and the outside world. For
this, it has a WAN port and four LAN ports. Plus, it also has a RS232 port for
connecting to a dial-up modem, and a serial port to connect it to a PC. The
device can also provide VPN connectivity, for which it supports IPSec and L2TP
protocols.
Configuring the firewall is straightforward. Connect it to your network from
one of the trusted LAN ports, and you can access it via telnet or Web. To test
the device, we connected a machine to its WAN interface and attacked it from the
machine, using some port scanners. We ran a DoS (Denial of Service) and brute
force attack to see whether the firewall is capable of detecting and stopping
them or not.
We noticed that while the DoS attack was in progress, its Web interface
became inaccessible. And in this case, it got more difficult to see the alarm at
the proper time. Since, the interface itself became inaccessible, it couldn’t
be figured out what type of attack was happening. There’s an option in the
firewall’s configuration to generate alarms without dropping any packets. We
ran the DoS attack with both options and got the same results. Thankfully, rest
of the firewall didn’t get affected and continued to function normally.
We then tried running some sniffers from both sides of the firewall, and it
was able to detect the MAC-IP flip-flop happening in both and notified it by
raising a proper alarm.
Snapshot |
||||||||
|
Finally, we also tested its built in anti virus, by sending it a few viruses
(Macro, Trojans, and system) via SMTP and HTTP. Of course, before that we
updated its virus definitions, which happened without any problems. The firewall
easily managed to detect all viruses that tried to pass through it. As it
deletes the infected mails and sends out an e-mail to the intended recipient,
mentioning this action along with the name of the virus.
In case, you try to download an infected mail directly via HTTP, it will open
a page saying that it can’t open the file because it’s infected. There is
one limitation that if you try to transfer a virus-infected file between
the firewall’s internal and external interface, say using FTP, it doesn’t
detect the virus.