Firebox II

 in
This Seattle-based company makes a line of dedicated firewall appliances to serve anything from the SOHO market to a 5,000-user mega-office with up to 100 branches on Virtual Private Networks connected securely across the Internet.
Saving Grace

This is all well and good for larger companies with heterogenous networks, but what about us Linux-only types with a relatively tiny network and budget? (After all, the Firebox II is rated at 500 users and costs five grand.) Not to worry. Remember those SOHOs? Well, they don't run Linux, but they do grok it...as a matter of fact, any SSL-capable browser can configure a SOHO. The configuration screens are all straight, low-graphics HTML, so, while it doesn't look as fancy as the Windows client, you could even talk to it with Lynx patched for OpenSSL. They're also a lot more affordable, with an MSRP of $449 US for a ten-user version. It's about the size and shape of an 8-port hub with a built-in 4+1-port hub on the back and a few status LEDs in the front.

All the Fireboxes do NAT, logging, DHCP both client and server, logging to a remote host, remote setup of one form or another and, if you're stuck with it, PPP over Ethernet. VPN is standard on the big boxes, and a $100 US option on the SOHOs. (Interestingly enough, the VPNs use IPSec and a few other protocols, but not Microsoft's PPTP. Why? That's right. Microsoft wasn't forthcoming with the standards.) The big boxes also perform scan and spoofing detection. All of them come with a year's subscription to LiveSecurity, a “push” service that delivers security updates, both human readable and in software form, via e-mail or directly to the configuration host. Network managers can then upload the software at their convenience. Your subscription also gets you access to the tech support web pages, which include both a knowledge base and a trouble-ticket submission and tracking interface. The license key is also your password to get tech support on the phone. (Don't lose that card!)

The Future of the Firebox

Watchguard said they were working on ways to minimize the number of times you had to reset a Firebox after a configuration change; this makes sense since you can do almost anything except change kernels to a standard Linux machine without resorting to a reboot. They also hinted that there might be Linux in the SOHO's future. For the foreseeable future, however, the big Fireboxes will require a Windows host to configure. Watchguard's primary focus is to make it as easy as possible to deploy a network on a truly grand scale and manage it with a minimum of fuss.

They've done that to a certain extent already. As the old saw goes: good, cheap, fast—choose any two. This isn't cheap, but I think with the dual solution of the Firebox IIs for large, heterogenous networks and the SOHOs for small or Linux-only implementations, a network admin can make a case for these drop-in machines in terms of saved people-time, both up-front and on an ongoing basis. It's not a perfect solution, particularly not for the purists among us, but I think it's a step in the right direction. Not bad for a company “only” five years old.

The Good/The Bad

Glenn Stone (taliesin@speakeasy.org) is a Red Hat certified engineer who thinks AOL CDs make great target practice. He is a participant in the Seattle Linux User's Group mailing list.

______________________

White Paper
Linux Management with Red Hat Satellite: Measuring Business Impact and ROI

Linux has become a key foundation for supporting today's rapidly growing IT environments. Linux is being used to deploy business applications and databases, trading on its reputation as a low-cost operating environment. For many IT organizations, Linux is a mainstay for deploying Web servers and has evolved from handling basic file, print, and utility workloads to running mission-critical applications and databases, physically, virtually, and in the cloud. As Linux grows in importance in terms of value to the business, managing Linux environments to high standards of service quality — availability, security, and performance — becomes an essential requirement for business success.

Learn More

Sponsored by Red Hat

White Paper
Private PaaS for the Agile Enterprise

If you already use virtualized infrastructure, you are well on your way to leveraging the power of the cloud. Virtualization offers the promise of limitless resources, but how do you manage that scalability when your DevOps team doesn’t scale? In today’s hypercompetitive markets, fast results can make a difference between leading the pack vs. obsolescence. Organizations need more benefits from cloud computing than just raw resources. They need agility, flexibility, convenience, ROI, and control.

Stackato private Platform-as-a-Service technology from ActiveState extends your private cloud infrastructure by creating a private PaaS to provide on-demand availability, flexibility, control, and ultimately, faster time-to-market for your enterprise.

Learn More

Sponsored by ActiveState