SmoothWall Corporate Server enables non-technical users to build a dedicated firewall to connect a network of computers to the internet. This software solution is designed to be cost-effective, because almost any Pentium-class PC can be used as the dedicated hardware platform. This firewall has been developed to meet the internet security needs of small to medium-sized organizations, corporate branch offices, and individuals with demanding security needs.
Installation proceeds automatically by booting from the CD-Rom.
It overwrites the existing hard disk with both a hardened and cut-down version of the Linux operating system and the firewall application itself. Knowledge of Linux is not required and you do not have to do anything at the Linux command line interface. The only options during the install process relate to SCSI disks and IP configuration.
Once installed, the initial configuration of the firewall is done via the graphical user interface of the set-up program. If you cannot boot from a CD-Rom, you can create a boot diskette using a supplied utility that runs on any Windows machine.
When finished, management, administration and further configuration may be done remotely using a web-browser interface to the firewall, once set up. Remote access is secured using https or Secure Shell.
The Corporate Server's configuration information may be backed up to a floppy disk, which can be used in the installation process to create a new Corporate Server using the saved configuration information.
This is useful for cloning the Corporate Server system.
The firewall itself works by stateful packet inspection. Firewall rules are pre-configured to deny everything that is not the result of an out- going request. It has all the features you'd expect in a corporate-class firewall, including network address translation (NAT), DHCP server, port forwarding, web proxy server, static DNS server, and it can cope with multiple internal subnets.
Extra features include an intrusion detection system (IDS) that is based on the well-known open source Snort engine and signatures, and there are specific options that can be configured for additional security. For example, it is possible to prevent the firewall from responding to a ping. It can also be configured to prevent a SYN flood attack and there is support for an APC uninterruptible power supply.
The administrative features include log file examination, and the graphical presentation of internet traffic. You can also add optional features such as:SmoothHost, which allows multiple public IP addresses for server hosting; SmoothRule, which provides internet access control of game-playing access (for example); SmoothGuardian, which is a web content filter preventing access of objectionable web sites; and SmoothTunnel, a virtual private network (VPN) gateway.
The product supports H.323, the protocol used by many voice-over internet protocol programs. Without any specific configuration, it is possible to make H.323 'phone calls' to any external IP address on the internet from the local or DMZ network.
It can also receive incoming 'phone calls,' but this requires setting up a port forward to the H.323 client machine on the local or DMZ networks using TCP port 1720.
After setting up this port forwarding rule, an incoming H.323 call will be routed to the IP address with the associated port forward.
This functionality also works with IP aliases via SmoothHost, so it is possible to set up multiple H.323 clients, including hardware phones and other devices, each residing on a separate IP alias. Corporate Server's implementation of H.323 functionality also works well for video calls.
The basic VPN capability is SmoothTunnel, which establishes a Pre-Shared Key (PSK/Shared Secret) IPSec VPN tunnel to a compatible system. The Smooth- Tunnel add-on module supports compression, X.509 certificate authentication, AES, Blowfish, Twofish, CAST, DES and triple- DES encryption algorithms. It also supports the latest NAT Traversal (NAT-T) mode of operation that enables VPN tunnels to be created across network address translation gateways.
Corporate Server supports WAN, LAN, and DMZ, and a direct connection to the internet can be made through the WAN interface if required, because SmoothWall supports internal or directly connected (usually USB) ISDN and ADSL hardware, and even analogue modems.
Alternatively, connection might be made via an Ethernet router or cable modem. SmoothWall also supports manual failover to an alternate internet connection.
The reporting system is very good, with traffic statistics displayed numerically in a table and graphically over time. SmoothWall also supports a remote syslog, whereby the UNIX syslog is stored remotely in case of catastrophic failure of the system being logged.Corporate Server has excellent documentation and creates a dedicated hardware firewall. It has an easy-to-use installation routine and a web-browser interface for administrative purposes. You do not have to be an expert to set it up securely, and advanced users will find all they need in functionality and features.