Using a mature and well-known firewall such as Check Point Express is a distinct advantage.
The separate management interfaces could lead to configuration mismatches between the firewall and the system.
A well-designed and capable performer with a solid firewall.
SummaryThe Nokia IP380 is equipped with a Pentium III 866 Mhz processor with 256 MB RAM in a well-designed, 1U, rack-mountable unit. A hardware cryptographic accelerator for VPN links is included.
It runs under Nokia's IPSO operating system and the basic system provides four 10/100 Base-T ports as standard. Four fiber Gb connections can be added as extras.
Installation was straightforward with a serial connection. Once configured, it entered "stealth" mode, hiding the telnet and http ports and setting up the rule base as "default deny." A certificate was generated that was used to authenticate the connection between the device and its administering PC.
System administration was done via a web browser that connected using a SSL link to Nokia's "Voyager" software on the device. This web-based system handles access to system configuration and monitoring. Remote access can be restricted to IP addresses to prevent unauthorized modifications.
The firewall software is Check Point Express (see page 80 for a full review). Check Point Express provides content security ranging from blocking a specific connection all the way to security servers, which are processes that provide protection schemes for individual servers that operate independently of the firewall rules.This provides another line of defense for individual servers, so any exploit traffic that succeeds in passing the firewall will still be trapped by the server security process.
The SmartDefense system protects against intrusion attacks and an online update service ensures that immediate protection is provided against new vulnerabilities.
The system did not respond to our port-scanning programs, but there was no indication in the logs that the scans had occurred.