Sun iForce VPN/Firewall
The fastest device in the enterprise class.
Making changes to the system configuration is not straightforward.
This is a high-performance device with a first-class firewall.
SummaryThis is a 1U rack- mountable device offering two 10/100 Base-T Ethernet ports and two two-Gb (copper) Ethernet ports supported by an Intel Xeon processor rated at 2.8 GHz with 512 MB RAM and a 36 GB hard drive. The operating system is a hardened version of Linux.
Installation and set up were easy, but the documentation has some minor discrepancies. The device can be configured by using a web browser over a secure connection using SSL or by using the command line interface over a serial port connection. The serial connection has to be used if the system's pre-configured IP address is not acceptable (perhaps due to an address conflict). It is the only way to change configuration options once the system is installed and running. The device needs a PC running Windows to manage the firewall and the system is administered through a secure web browser interface.
Installing the firewall administration software is easy because the firewall software is Check Point Express, already installed on iForce.
Using Check Point Express's SmartDashboard GUI gives access to all aspects of the firewall system, including the SmartDefense IDS and VPN management, as well as the SmartView logging and monitoring system.
Because Check Point Express is available for several platforms, it is platform-independent in its presentation. Its logging and monitoring facilities have a consistent feel and although the underlying operating system is Linux, this is not obvious to the firewall administrator (who needs to have no Linux knowledge at all to use the system). Only when the system is administered through the secure web browser does Linux begin to show, although it is concealed behind a well-designed interface.
Our port scanning tests did not reveal any open ports and we could not identify the device. The system did not report the scanning attempts. Perhaps the default settings in SmartDefense were too liberal, allowing random scanning to pass unnoticed. A simple adjustment of the parameters would probably solve the problem, but it would also generate considerably more log entries than before and might include innocent traffic.