Symantec Network Security 7120
Predefined sensor policies let you get protected fast.
Passive mode can cope with twice as much data as active mode.
The easy-to-use centralized management console is excellent.
Symantec's NS 7120 uses a similar-looking chassis to its firewall range, complete with the LCD control panel. This means it is the easiest device to initially configure, as you can set an IP address within minutes of turning it on.
The IP address applies to the management port, which leaves four Fast Ethernet ports for monitoring and one for sending TCP resets.
Once done, management is performed by Symantec's Java-based Network Security Console. It's friendly and easy to use, although the slightly inconsistent interface is a little confusing at first. The first screen shows the hardware devices on your network; you can configure the type of monitoring you want out of each one. Using port pairs, this means that the 7120 can have two in-line sensors or four passive sensors.
In-line sensors can actively block threats, while passive sensors just send reporting data back. There is a disparity of throughput between the two, however, because passive scanning can handle up to 200Mbps of throughput, while in-line connections can handle just 100Mbps.
Security settings are based on policies. The management console comes with several predefined ones, which can be applied to any network sensor with the click of a button. For multiple sensor installations, it provides a rapid way of distributing a policy.
There's also the option to manually create a custom policy. It's easy and you have the choice to block or record each threat you want to scan for. The threat signature database updates automatically, but you can also create your own custom threat signatures to prevent internal threats.
Symantec's Intrusion Mitigation Unified Network Engine uses protocol anomaly, signature, statistical and vulnerability attack interception techniques to block zero-day attacks before a new attack signature is implemented.
The 7120 has a good range of protection tools, but the relatively slow network throughput means that it's probably best suited for scanning slower links.
The management interface is good and simple to use, but lacks some of the high-end features of other products in this test.