Intrusion.com Inc. this week unveiled a line of firewall/VPN (virtual private network) appliances based on Check Point Software Technologies' VPN-1/Firewall-1 software pre-configured to run with a version of Linux altered, or "hardened," for improved security.
The appliances are intended for two separate constituencies: the small or remote-branch office; and ISPs (Internet service provider), managed services providers or large enterprises that can use the Intrusion.com equipment to provide managed firewall and VPN services to their customers.
The Intrusion.com device for the home or small office, the PDS 1110, measures 5 inches by 7 inches and supports speeds up to T-1/E-1. The PDS 1110 has three ports of 10/100M bit/sec Ethernet and is remotely managed by an authorized systems administrator.
An appliance is much easier to deploy on a network than installing the software onto hardware, says Doug Gregory, the firewall administrator for the State of Kentucky in the Governor's Office of Technology, in Frankfurt.
"The ideal thing about an appliance is it's ready to just drop into the network," Gregory said. The State of Kentucky selected the Intrusion.com PDS 2315 appliance, which supports up to 250 users, after a technical and cost evaluation against competing products, including the Nokia Check Point-based appliance.
Technical staff in Kentucky preferred the PDS 2315 because it was easier to use and slightly more cost effective, Gregory says.
The PDS 1110 ships this week and costs US$895, according to Intrusion.com's vice president of product management and marketing, Ryon Packer. Intrusion.com last winter shipped its first two Check Point-based firewall/VPN appliances, the PDS 2100 and 2300, to serve as standalone gateways for a cost of up to $2,500.
Intrusion.com's equipment for the ISP and large-enterprise market, announced this week as the PDS 5000 series, are three separate 19-inch rack-mountable units. All are expected to ship next month.
The PDS 5100, which costs $3,995, is a firewall/VPN device based on Check Point software installed on a 600-MHz Celeron II processor with 128M bytes of RAM and a 20G-byte hard drive.
The second appliance in the 5000 series, the PDS 5300, is much the same, but with 256M bytes of RAM, three Ethernet ports, and serial and USB port connections. It costs $5,995. The third, the PDS 5500, has an 850-MHz Pentium processor, 512M bytes of RAM and PCI slots for VPN accelerators, additional network interface cards or WAN interfaces. It costs $7,995.
The 5000 series can also be used to run Intrusion.com's intrusion detection software, called SecureNet Pro. However, the devices can't support both the Check Point Firewall/VPN and intrusion-detection simultaneously, says Packer. "You can only install one or the other because they can't coexist on a single computer today," Packer explained.
The reason is that the firewall/VPN is an "in-line device" mainly used to stop communications when need be, while intrusion-detection is a "listening" type of device that inspects traffic for suspicious activity as it is passing through. The differences have made it impractical to combine both applications into one unit.
In the firewall/VPN appliance arena, Intrusion.com will be competing against NetScreen, SonicWall and WatchGuard. Check Point also lets Compaq, Nokia and IBM build firewall/VPN appliances based on the Check Point software.