by December 1, 2004 0 comments



This is the commercial version of the SmoothWall Express (formerly known as SmoothWall GPL) firewall, which is freely available for download. The free one doesn’t come with warranty or support of any kind, but the corporate version does. The corporate version has additional features such as the new GUI interface, SCSI support, multiple sub-netting and backing-up the configuration into a floppy. There’s an extensive list of differences between the two at http://
www.smoothwall.net/products/comparison. gpl. html. 

The firewall is easy to install and configure, and anybody with basic networking knowledge can do it.It’s system requirements are pretty less, thus, you can even run it on any Pentium class machine. These and the low cost make it a good option for emerging businesses, who don’t have highly technical staff. Do keep in mind that SmoothWall requires a dedicated machine.

So it will completely wipe out all data from the hard disk to which it’s being installed. Just boot it from the CD, and the text based installation follows. The important things you have to specify at the time of installation are, whether you need SCSI support or not and the IP addresses of the interfaces. The requirement for interfaces depends on what type of firewall you want to create. If you are just concerned about an internal and one external network, you will need two network interfaces.

But if you wish to create a DMZ (De-militarized Zone), you will need three of them. The working mechanism of the firewall is based on a stateful package selection (IPTables). After the installation, the firewall can be configured remotely using a Web browser, and the good thing is that it does it using secure http access or secure shell. This interface gives you the option to take a backup of your firewall server’s settings to a floppy. This is useful if you want to either clone the settings to a newly installed firewall or want to re-create the firewall (in case of hardware failure) quickly.

We tested the firewall in a number of ways. We first attacked it using software called Firewalk, which sends TTL packets to each port of the firewall and tries to penetrate it. Even the default installation of SmoothWall blocked Firewalk. We then tried to simulate a DoS attack by massively pinging the firewall. The firewall dropped all these packets and continued to operate normally. 

The package additionally has an in-built network IDS, which is helpful for keeping an eye over any suspicious activity inside the network (as the danger is not always external). The IDS works on the renowned engine and signatures of SNORT (an open-source
sniffer). 

The Bottom Line: A good buy if you don’t have in-house Linux experts for support. But, it comes with only 30 days installation support over e-mail. 

Anindya Roy 

No Comments so far

Jump into a conversation

No Comments Yet!

You can be the one to start a conversation.

Your data will be safe!Your e-mail address will not be published. Also other data will not be shared with third person.