Date: Wed, 16 Dec 1998 00:50:23 -0500 (EST) From: Bill Paul <wpaul@skynet.ctr.columbia.edu> To: freebsd-chat@FreeBSD.ORG Subject: Some good press for FreeBSD (I guess...) Message-ID: <199812160550.AAA05843@skynet.ctr.columbia.edu>
next in thread | raw e-mail | index | archive | help
This week's issue of Info World (December 14th, Volume 20, Issue 50) has a review of several 'firewall appliances' (Test Center Comparison, page 68). Reviewed products include The Fort Knox Policy Router F-3000 from Internet Devices Inc, the Interceptor 3.6 from Technologic Inc, the Watchguard Securiry Management System 3.1 (Firebox II) from Watchguard Technologies and the SonicWall Plus DMZ from Sonic Systems. The reviewers gave the best overall rating to the Fort Knox system, which, according to the 'features' listing on page 71, runs a modified version of FreeBSD. The Interceptor is listed as running modified BSD/OS and the Firebox II uses a modified Linux system loaded from a flash RAM module. The SonicWall is based on a proprietary embedded OS; it was the cheapest of all the devices ($2490US) but also scored the lowest. The other three devices were all priced in the neighborhood of $10,000US. The Linux-based system ranked second. Unfortunately, the article itself doesn't seem to say anything about FreeBSD, which I suppose is not totally unexpected given that these devices are supposed to provide glitzy web-based configuration systems that hide the mean, nasty OS underneath. I've actually had the displeasure of using the SonicWall device. Some of the things that struck me were: - While the device is meant to be configured by a web browser, it has to be one that supports just the right version of java. The manual recommends netscape, and sure enough, when we tried to use Internet Exploder with it, results were less than perfect (things didn't always display properly; no, I didn't try tweaking it: it's a stinking web browser and I have better things to do). - The device can _only_ be configured through a web browser. There is no serial port to which you can attach a dumb terminal in an emergency. This really bothered me: it's incredibly easy to shoot yourself in the foot with the browser interface and get the thing into a state where you can't connect to it via the network. I can't see how you're supposed to fix such a problem without a directly wired console. - There's no way to reset the device back to the factory default configuration. If you forget the management password(s) for the thing, you're screwed. There is a 'reset' button on the back, but all it does is reboot the embedded OS. Yes, I took the cover off and looked inside: no reset switch there either. The manual says nothing on the subject. (Well, it does show you how to restore some of the factory settings through the web interface, but that's not much help if you don't know the managment password in the first place.) Luckily, I didn't have to deal with this contraption for very long, and I hope I never encounter one again. -Bill -- ============================================================================= -Bill Paul (212) 854-6020 | System Manager, Master of Unix-Fu Work: wpaul@ctr.columbia.edu | Center for Telecommunications Research Home: wpaul@skynet.ctr.columbia.edu | Columbia University, New York City ============================================================================= "It is not I who am crazy; it is I who am mad!" - Ren Hoek, "Space Madness" ============================================================================= To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199812160550.AAA05843>