-1

I realize that this is a subjective question, but I'm trying to get some experiences

We have Juniper firewalls in our organization (SSG-320M, SSG-5, and some old NS-5GT). We have the option of a yearly subscription for:

  • Deep Inspection Signature Updates
  • Juniper-Kaspersky Antivirus

I seem similar services available from other Firewall vendors.

We have Symantec Endpoint Protection deployed to all workstations and servers, plus a dedicated appliance for e-mail spam/virus filtering. So, I'm not sure what these firewall-base services will bring to the table that I don't already have.

I would appreciate some feedback from people using these firewall services (Juniper or otherwise).

Are these services generally worth it? Do they really catch anything? Do they interfere with normal traffic (false positives)?

myron-semack
  • 2,593
  • 19
  • 17
  • 1
    my .00002 cents worth is can you afford it; if so then buy it, its just another layer in the defense in depth process. And yes they can interfere with normal traffic but thats usually a real small corner case issue. Also as far as dpi is concerned do you need to see into ssl traffic? if so then once again you'll need these updates. – tony roth Nov 05 '12 at 15:03

1 Answers1

2

I use Forefront TMG which provides a similar feature set. I find these features to be 100% worth the price. The antimalware and antivirus features stop suspicious traffic from entering the network. Forefront also provides URL categorization as a service. This is great for blocking whole categories of inappropriate content. The SSL inspection allows me to be sure that no malicious traffic is being passed across secure channels. That is a real problem in today's world.

Are there issues with false positives? Definitely. Not as many as you would think though. Just like any other technology you need to understand each aspect of what your product brings to the table.

If you're looking at starting out with a deep inspection firewall, antivirus subscriptions, ssl inspection, etc be sure that you do some testing in a lab environment first and enable only one of these services at a time. The most overwhelming thing in setting up a firewall with all these features available is delineating between which of the features is stopping traffic you need from getting through. Turning them on one at a time makes it much easier to troubleshoot.

EDIT - Forgot to mention one other thing. By using a firewall device with these services enabled it is possible to use a different antimalware / antivirus vendor than you do on your desktop. This provides me a great deal of peace of mind that I'm not solely relying on a single vendor for my security posture.

Tim Brigham
  • 15,545
  • 10
  • 75
  • 115