Noticed that another firewall just came out (they seem to be coming out
every other day now). Disclaimer: I have no relationship with Seattle
Software Labs.
Seattle Software Labs (founded this year via a merger with Mazama
Software Labs -- which was founded by ex-Networx engineers) is
claiming to have the first combined hardware (PC) and software
firewall solution at a price starting under $3,000.
http://www.sealabs.com/
The firewall looks like a hybrid which builds in a number of new
features (which all firewalls vendors appear to be scrambling to
add to their products) on top of the original Mazama Packet Filter
product.
Here is my take on the WatchGuard features/specs at a glance:
o Dynamic Packet Filtering (aka 'stateful inspection').
o Transparent Proxies (for various applications such as
FTP and SMTP). They also call them "intelligent
proxies).
o NAT (they're claiming Network Address Translation, but their
"IP Masquerading~ configuration screen shot and
the description of it on the same Web page make it
appear to me that all internal addresses are
re-mapped to the public IP address of the firewall
rather than to a class C or range of pooled public
addresses ala RFC 1631. Perhaps there is another
setup option screen somewhere? Or not?)
o Embedded Real-Time OS (should provide less latency and
higher throughput than conventional OSes???).
o Configuration Management
- Intelligent Configuration Management
(expert system testing and verifications of rules)
- Point and click GUI configuration.
- Administration console is a separate (not included)
remote (LAN or RS232 connection)
NT, Win95 or Linux machine w/ GUI client interface.
o Monitoring/Reporting:
- Alarm/Event Notification ( incl. probe detection:
port & address scan detection & auto blocking)
- Fails 'shut' if it detects tampering (hmm...
it must cryptographically checksum its own software).
- Log Viewer with search and zoom.
[The following 2 appear to cost extra $$$]
- Historical Reporting
(ie. suspicious activity reports )
- Real-Time Graphical Monitor
(activated-service icons & color-coded connections.
Also meters and bar charts for bandwidth stats)
o IP Spoofing protection
- address
- options
- fragment
o Hardware (or you can use your own 486 or greater PC)
- Pentium Processor ( what Mhz???)
- 16 MB RAM
- 3 10Base-T connections
- When bundled with the Watchguard SMS software
the incremental cost of purchasing the PC box
appears to be only about $500 ( $2,995 vs.
$2,495 without the PC).
o Availability:
- August 15 for PC (Firebox) and Watchguard std software.
- August 29 for (Hist Rpt and Graphic Monitor s/w options)
- They are claiming Q4 '96 availability for add'l options:
* Authentication
* VPNs
* Central Console
2nd Disclaimer: I have no relationship with Seattle Software Labs.
- Morrow
|
|
