Firewalls

Jerry Callen jcallen at narsil.com
Wed Mar 31 13:26:45 EST 1999 

Jerry Feldman wrote:
> 
> At the last BLU meeting, someone mentioned an inexpensive self-contained
> firewall product as an alternative to using a firewall in a linux box
> which may be used for other purposes.

Why, that would be me! :-)

> I forgot the name. Could someone please post a URL for that product.

Here's a repost of the message I sent to the list after the meeting.

-- Jerry Callen

============================================================================

At last night's meeting the topic of firewall appliances came up, and
I offered to send some information to the discussion list about the
ones I have investigated. Here is a list of the products I am aware of,
with a little commentary about them. Note that the only product I have
actual experience with is SonicWALL; perhaps some readers may have 
experience other products and can add to my sketchy comments.

- SonicWALL
  Sonic Systems
  www.sonicsys.com

  Hardware gizmo about the size of a hublet. Two RJ45s: one to the Internet,
  the other to the internal network. Configured via a Java-enabled browser on
  the internal network. Can act as a DHCP client to the Internet, DHCP server
  to the internal network. Allows inbound connection requests to be directed
  to a specific internal host on a per-port basis. Can log "knob turners" and
  send the log to an email address or a SYSLOG port on the internal network.

  Implementation uses stateful packet inspection; not all protocols supported
  (such as NetMeeting, some tunnelling protocols). Can be upgraded (firmware
  change) to support VPNs/IPsec. 

  Cost: about $400 for the low-end unit (which I have).

- Instant Internet
  Nortel Networks (part of BayNetworks?)
  www2.nortelnetworks.com/products/Instant/iibrochure.html

  Similar to SonicWALL.

- Netopia R9100 Ethernet Router
  Netopia
  www.netopia.com/hardware/leasedline/r9100.html

  Similar to SonicWALL, but also includes an 8-port hublet.

- GNAT box
  Global Technology Associates
  www.gnatbox.com

  Software solution; it's basically a pre-configured Linux on a single
  floppy that you boot directly. Free download if you want to try it out.

I've had my SonicWALL for about two months. It was dead-up simple to
install and get working with MediaOne; I got it working on my internal
network and did the basic configuration, then called MediaOne and gave
them the new MAC address, and I was up and running. My internal network 
has Linux, Windows 98 and Macintosh clients; they all work fine.

-- Jerry Callen                      Mobile: 617-388-3990
   Narsil                            FAX:    617-876-5331
   63 Orchard Street                 email:  jcallen at narsil.com
   Cambridge, MA 02140-1328

   PGP public keys available from:
       http://www.nai.com/products/security/public_keys/lookup_key.asp
   fingerprints:
       DH/DSS key ID 0x1806252C: 7669 A4CD 759A 6EB7 AF04
                                 C10D B659 2A4B 1806 252C
       RSA    key ID 0x99F7AAE5: D265 DC9C 13FD 6110
-
Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at blu.org (Subject line is ignored).

More information about the Discuss mailing list