I should probably also mention a quote by one of my coworkers.  If you're
easily offended, stop reading now.

"This thing may look tiny, but it's got a cock that's 8 feet long."

> -----Original Message-----
> From: Austad, Jay [mailto:austad at marketwatch.com] 
> Sent: Friday, April 12, 2002 12:28 PM
> To: 'tclug-list at mn-linux.org'
> Subject: [TCLUG] The best firewall ever made. :)
> 
> 
> Ok, I just got ahold of some Netscreen 
> (http://www.netscreen.com) firewalls. I have some of their 
> big ones, but I also got myself a 5xp for home.
> 
> The 5xp is $495, and it's barely more than the size of 2 
> decks of playing cards side by side.  This thing is amazing.  
> Everything is implemented on chip, including the firewalling 
> engine and the IPSec stuff.  The chip is the same chip they 
> put in their big firewalls, which supports 700Mbit of 
> throughput, and 270Mbit of IPSec throughput.
> 
> They've limited the 5xp to 10 tunnels, and stuck 10Mbit 
> interfaces on it to limit it.  It will support 2000 separate 
> sessions, can act as a VPN server and a client.  Has OSPF and 
> BGP routing, a nice web interface, cisco style command line, 
> built in ssh and https, dhcp client for cable modem/dsl 
> users, and you can map outside ports to different internal 
> servers (great for if you only have one public ip and 
> multiple servers on the inside). It can run in transparent 
> mode, where you just plug it inline with one of your ethernet 
> cables and it acts as a filtering bridge, or you can do route 
> or nat mode. Route mode is probably the most robust, as you 
> can still add NAT policies to take care of NAT if you need 
> it.  Oh, I almost forgot, it also has a captive gateway 
> functionality.  So if you have a wireless net, and you try to 
> go somewhere, the browser (or telnet session) will bring up a 
> user/pass prompt generated by the firewall, and you have to 
> login with a valid id before it will pass traffic for you. It 
> can authenticate via a local database, or using RADIUS or 
> LDAP.  You can give varying degrees of access based on usernames also.
> 
> Their bigger firewalls support up to 99 VLANS, and each one 
> can be in a different security zone (99 DMZ's).  You don't 
> have the typical "security levels" associated with each zone 
> either.  Each one can have varying degrees of access to each 
> other.  They also have Virtual routers, where you can tell it 
> to only route between certain VLAN's/Zones, so your office 
> network can be completely independent of your production 
> environment.  For ISP's, it supports Virtual Systems.  You 
> can sell firewall services to clients, and they get their own 
> virtual firewall with their own login.  They can only see and 
> modify settings for their stuff, but they can manage it 
> themselves with no risk of screwing up the rest of your network.  
> 
> In any case, the $495 5xp has more features than most $30,000 
> firewalls, and also has better performance (though it only 
> has 10Mbit interfaces).  If you're looking for a great home 
> firewall or something for remote offices, this thing is 
> definitely the way to go.
> 
> Jay
> _______________________________________________
> Twin Cities Linux Users Group Mailing List - Minneapolis/St. 
> Paul, Minnesota http://www.mn-linux.org 
> tclug-list at mn-linux.org 
> https://mailman.mn-> linux.org/mailman/listinfo/tclug-list
>