Is your SMB customer on a tight budget? Learn the basics about Juniper's Netscreen-5GT Wireless device in this...
review, courtesy of Information Security magazine. It may be just the affordable, high-security bundle they need.NetScreen-5GT Wireless
Price: Starts at $940
Juniper Networks' NetScreen-5GT Wireless device packs a lot of security into an affordable, highly configurable package for SMBs and branch offices. Despite somewhat difficult installation/configuration and weak documentation, this device is a steal at less than $1,000.
The 5GT Wireless bundles a stateful deep-packet inspection firewall, IPsec virtual private network and antivirus into a wireless access point. It supports up to four wireless LANs, each of which can employ different encryption and authentication methodologies. The device supports a wide range of security protocols, including WEP, WPA (both AES and TKIP) and IPsec, and an equally impressive collection of authentication methods -- EAP (TLS, TTLS and PEAP), PSK, LDAP, RADIUS, RSA, SecureID and LDAP.
The 5GT Wireless provides firewall protection, including NAT, through five 10/100 Mbps Ethernet ports and an ADSL port. The device can be administered through a graphical Web interface, command line, console connection, Telnet or SSH. Unfortunately, the Rapid Deployment Wizard doesn't live up to its name, and we opted to initialize and configure the device manually. There are too many unexplained settings choices, and a wrong choice affects the rest of the install. For a device with such extensive security options, the documentation was minimal.
Our testing simulated the device's ability to create multiple security zones, such as those a small business or remote location might deploy. We provided open wireless access to the Internet for customers, secured wireless access for on-site vendors using WEP and the most secure wireless access for employees, using AES WPAv2 (802.11i). Additionally, the employees' wired network was run through the 5GT Wireless.
General wireless radio operations, such as antenna diversity, operation mode, transmission rates and powers, and channel and MAC address control, are very configurable. SSIDs were created by simply choosing a button in the SSID list, which opened an extensive array of settings, such as WEP authentication and encryption methods, and WPA authentication, binding and broadcast and isolation methods -- all on a single page. You can also monitor active wireless associations and conduct site surveys to ascertain the current state of wireless activity.
Once the WLANs were defined, we created and assigned detailed policies for each, with options to permit or deny more than 70 different services (such as HTTP, FTP and SSH) and 18 applications (including SMTP, POP3, IMAP). For example, we allowed AOL on our open wireless connection, but denied it on our vendor and employee WLANs.
Other policy settings include antivirus; virtual private network tunneling and logging; granular control over NAT, authentication, URL filtering, traffic shaping, users and groups; and configurable alarm thresholds.
The IPsec virtual private network offers the same elements of security and interoperability found in Juniper's NetScreen enterprise boxes. Reporting and logging are as comprehensive as the device's security capabilities. Extensive system logs, counters for hardware, flow and zones, interface bandwidth, policies, wireless statistics and active users can be sent to security administrators via the console, interface, email, SNMP, syslog, WebTrends and NSM.
The Netscreen-5GT Wireless delivers an enterprise-caliber capability at an SMB price.
About the author
Sandra Kay Miller is a freelance journalist based in Pennsylvania with more than 12 years experience covering technology. Her work routinely appears in InfoWorld, IEEE's Computer Magazine and Midrange Computing Showcase.
This review originally appeared in the August 2005 issue of Information Security magazine.