The firewall components in Symantec Endpoint Protection have a long pedigree, both prior to acquisition with Sygate and also post acquisition with Symantec. It is a mature and enterprise ready product, consistently performing well and meeting our customer’s complex requirements.
With SEP, the combination of two strong enterprise firewall products has resulted in a very well rounded firewall offering suitable for SMB and large enterprises and encompassing the following features:
o Enterprise Class rules based stateful firewall engine
o Triple Intrusion Prevention Engine
o Scalable Location Awareness
o Application and Device Control
o Detailed Logging and Reporting
o Advanced Network Security protection technologies
In contrast, the Windows Vista firewall is a relative newcomer to the client firewall arena. Based on the Windows XP firewall, its security has been slowly increased through different production revisions and service packs. Initially it was a very basic inbound traffic based filter. Windows XP SP2 introduced the concept of applications and ICMP but was still only able to block inbound communications – all outbound connections where allowed.
Windows Vista enhances this feature set and adds the following new capabilities:
o IPv6 connection filtering
o Outbound packet filtering, reflecting increasing concerns about spyware and viruses that attempt to "phone home"
o With the advanced packet filter, rules can also be specified for source and destination IP addresses and port ranges
o Rules can be configured for services by its service name chosen by a list, without needing to specify the full path file name
o IPsec is fully integrated, allowing connections to be allowed or denied based on security certificates, Kerberos authentication, etc. Encryption can also be required for any kind of connection
o A new management console snap-in named Windows Firewall with Advanced Security which provides access to many advanced options, and enables remote administration
o Ability to have separate firewall profiles for when computers are domain-joined or connected to a private or public network. Support for the creation of rules for enforcing server and domain isolation policies
The major downside to the Windows Vista firewall however is that it still provides no form of reporting or central monitoring, even though they are now able to configure the product with much more granularity than before; administrators are still “blind” when it comes to seeing what’s happening on their client machines.