Intrusion.com Inc. last month unveiled a line of firewall/VPN appliances based on Check Point Software Technologies’ VPN-1/Firewall-1 software pre-configured to run with a version of Linux altered, or “hardened,” for improved security.
The appliances are intended for two separate constituencies: the small or remote/branch office and ISPs, managed services providers or large enterprises that can use the Intrusion.com equipment to provide managed firewall and VPN services to their customers.
The Intrusion.com device for the home or small office, the PDS 1110, measures five inches by seven inches and supports speeds up to T-1/E-1. The PDS 1110 has three ports of 10/100Mbos Ethernet and is remotely managed by an authorized systems administrator.
An appliance is much easier to deploy on a network than installing the software onto hardware, said Doug Gregory, the firewall administrator for the State of Kentucky in the Governor’s Office of Technology, in Frankfurt.
“The ideal thing about an appliance is it’s ready to just drop into the network,” Gregory said. The State of Kentucky selected the Intrusion.com PDS 2315 appliance, which supports up to 250 users, after a technical and cost evaluation against competing products, including the Nokia Check Point-based appliance.
Technical staff in Kentucky preferred the PDS 2315 because it was easier to use and slightly more cost effective, Gregory said.
The PDS 1110 ships this week and costs US$895, according to Intrusion.com’s vice-president of product management and marketing, Ryon Packer. Intrusion.com last winter shipped its first two Check Point-based firewall/VPN appliances, the PDS 2100 and 2300, to serve as standalone gateways for a cost of up to US$2,500.
Intrusion.com’s equipment for the ISP and large-enterprise market, announced this week as the PDS 5000 series, are three separate 19-inch rack-mountable units. All are expected to ship next month.
The PDS 5100, which costs US$3,995, is a firewall/VPN device based on Check Point software installed on a 600-MHz Celeron II processor with 128MB of RAM and a 20GB hard drive.
The second appliance in the 5000 series, the PDS 5300, is much the same, but with 256MB of RAM, three Ethernet ports, and serial and USB port connections. It costs US$5,995. The third, the PDS 5500, has an 850-MHz Pentium processor, 512MB of RAM and PCI slots for VPN accelerators, additional network interface cards or WAN interfaces. It costs US$7,995.
The 5000 series can also be used to run Intrusion.com’s intrusion detection software, called SecureNet Pro. However, the devices can’t support both the Check Point Firewall/VPN and intrusion-detection simultaneously, said Packer. “You can only install one or the other because they can’t coexist on a single computer today,” Packer explained.
The reason is that the firewall/VPN is an “in-line device” mainly used to stop communications when need be, while intrusion-detection is a “listening” type of device that inspects traffic for suspicious activity as it is passing through. The differences have made it impractical to combine both applications into one unit.
In the firewall/VPN appliance arena, Intrusion.com will be competing against NetScreen, SonicWall and WatchGuard. Check Point also lets Compaq, Nokia and IBM build firewall/VPN appliances based on the Check Point software.