Daunted by the prospect of having to set up a firewall on your client's network?
Fear not - the lads from the unusually named Seattle Software Labs have come up with a simple-to-install box that may be the answer to your prayers.
According to regional vice president Simon Webb, the WatchGuard System is designed around the notion of being a "network appliance". Whereas firewalls today commonly involve either a software package mounted on a workstation or server, or a packet-filtering router, WatchGuard is a single purpose device designed to keep networks safe from outside attacks, while at the same time providing the flexibility to block out bandwidth-killers such as push services.
"We built a purpose built firewall that slots in between those tools, that is focused at the broad market perspective," said Webb. "And basically what we've tried to do is make it easy for people to install.
"With firewalls today, you typically have to bolt them together. You have to get a Unix or NT expert, you have to load the OS, and then you have to set up the IP routing capability. And what we've tried to do is just build a product that is purpose built - you drop it in and you turn it on.
The WatchGuard carries a US Price of $3500 - that translates to between $4200 and $4300, depending on the exchange rate. Webb says for the money you get the complete hardware and software solution, with an unlimited user licence. He says this compares favourably to conventional solutions, where you pay for both the hardware platform as well as the software.
Another argument in WatchGuard's favour is its set up time. Webb says the unit can be up and running within 80 minutes of unpacking the box.
"The reaction that we get is just amazing," said Webb. "People know that it takes at least two or three hours to set up a workstation, and then you load the firewall software. So a firewall today can take anything from a day to three days."
To set up the WatchGuard, a user loads the installation onto a workstation, and determines the desired firewall configuration. The information is then copied onto a floppy disk, which is loaded onto the WatchGuard.
When the WatchGuard is turned on it boots from this floppy, coping all the configuration information into memory.
From this point on it is ready to act as a fully manageable firewall.
The box itself is called the Firebox and, appropriately, is bright red in colour. It consists of merely the motherboard with a Pentium processor, and a floppy drive. It has three connections - one to the ISP, one to the internal network, and one to public domain resources, such as an FTP server.
Webb says the real genius is in the software. The Security Management System can block unwarranted traffic into and out of the network, camouflage internal host IP addresses, control FTP privileges and notify an administrator in the event of attacks or scans. It can also inspect incoming e-mail for likely hacker commands, and inspect Web traffic for dangerous MIME types.
Other software, such as the WatchGuard Graphical Monitor, can provide real-time graphical representations of activity through the firewall, while WebBlocker allows administrators to manage Web surfing by restricting access.
Webb said that while WatchGuard cannot as yet provide virtual private network functions, he expects this will be made available as a free software upgrade later this year.
User authentication is also expected soon.
Seattle Software Labs
Tel (03) 9841 7430
Fax (03) 9841 7583