Netscreen filters unwanted traffic

Security is a major concern of most companies connected to the Internet, yet qualified security professionals are hard to come by in today’s tight job market. This disparity creates an urgent need for powerful security solutions that are simple enough for non-security professionals to deploy.

To answer this need, Netscreen Technologies Inc., a producer of ASIC-based Internet security appliances, offers a line of easy-to-use firewall/VPN appliances.

Netscreen Technologies maintains four firewall/ VPN products, each developed for networks of a particular size. The Netscreen-5 is aimed at SOHO (small office/home office) networks, the Netscreen-10 at networks operating at 10Mbps, the Netscreen-100 at networks operating at 100Mbps, and the Netscreen-1000 at networks operating at 1Gbps.

Netscreen appliances run on ScreenOS, a proprietary operating system developed by Netscreen that was recently given the ICSA IPSec (Internet Protocol Security) certification. We installed Netscreen-100 and were running with basic connectivity in fewer than 30 minutes. Using ScreenOS’s Web interface, we very quickly configured NAT (Network Address Translation) to mask the IP addresses of our internal network and created remote access VPN tunnels.

You can also implement the product in transparent mode, in which it filters traffic but is not visible to network devices.

The VPN implementation is IPSec compatible, enabling interoperability with other vendors for use in site-to-site VPNs with partners and customers. Netscreen uses IKE (Internet Key Exchange) for secure key exchanges, supports DES (Data Encryption Standard) and Triple DES for encryption, and Radius or Secure ID for user authentication. It also provides a VPN client for remote access.

Netscreen allows you to define virtual IP addresses and mapped IP addresses to connect to servers on a private network from a public network, such as the Internet. It also provides traffic shaping and load balancing to help manage bandwidth usage. This means your network administrator can prioritize traffic to improve the network’s QoS (quality of service), preventing Napster and other streaming media from clogging your bandwidth.

The Netscreen appliance can be a lifesaver for companies that need to secure their networks quickly and effectively. If you don’t have a full-time staff of security professionals, you might need Netscreen instead. It will protect your network without breaking your bank, and more than earns our score of Excellent.

Andress is chief security officer of Evant and president of ArcSec Technologies. She can be reached at

Review Box:

Netscreen-10, Netscreen-100, Netscreen-1000

Supplier: Netscreen Technologies Inc.

Price: US$495 to US$190,000, depending on network size and complexity

Platform: Windows 95/98/2000, Windows NT

Pros: Cost-effective; fast; easy to deploy, configure, and manage; available for networks of all sizes; top-notch traffic-sharing and load-balancing capabilities

Cons: none