NetWall - a high speed firewall by Group Bull


NetWall is a high proxying firewall produced by a major European manufacturer, Group Bull. It is reliable and easy to use. To know about its features, read the article.

NetWall is manufactured by Group Bull which is a major European manufacturer of electronics and software. The firewall runs on IBM's AIX versions of UNIX and on Windows NT. The secure remote control software also runs on these operating systems. NetWall is a bit tedious to install but easy to use. The graphical user interface is similar to Checkpoint Firewall 1's interface and can be run locally on a remote management workstation.

Security features


Stateful inspection filter

The firewall has a strong inspection filter that supports static and dynamic data packets. It makes sure that packets from a trustworthy source are allowed and those from suspicious IPs are restricted to prevent spoofing, denial of service and other cyber-attacks. All information about the permitted packets including their source, destination addresses and port numbers are stored. Though session information in packets is not maintained by UDP, the filter keeps track of the state of TCP and UDP data streams. Numerous protocol filters including HTTP, SMTP, RPC, SQL* Net, SAP, FTP and Telnet are accelerated by the IP filter. As the inspection engine is capable of inspecting data portions of some IP packets directly, the proxying performance of certain protocols improves.

Authentication

A wide range of authentication features including ASCII plain text passwords, Radius, MD/5 Challenge/Response, Bellcore S/Key one-time passwords, smart cards and SecurID Cards are supported by NetWall. The low and the higher security features are integrated together. A complete set of APIs is also provided so that users with some programming support can easily create new authentication options.

Network Address Translation (NAT)

All environments allowing others' valid IP addresses to run in your network must be translated to their legal addresses. NAT supports static and dynamic address mapping.

Optional Virtual Private Network (VPN)

A remote access VPN is different from what a firewall to firewall VPN is. The former is unique in the sense that it is based on a SOCKS proxy which is transmitted through SSL tunnel instead of IPSec. It also supports standard 56, 40 and 128 bit key lengths. The firewall to firewall VPN, on the other hand, is based on DES and triple DES. It supports key lengths up to 192 bits only. The firewall allows both.

Load balancing & high availability

If multiple NetWall firewalls are being used together, the connection load between them can be balanced. In case, any of the firewalls fails, the operation would thus continue. This not only provides high availability of internet services but also protects the network from denial of service attacks.

Support for third party content scanners

The firewall supports third party content scanning applications like MimeSweeper and Virus Wall. Content vectoring is provided to almost all scanners.

Central management

All the firewall devices can be managed remotely using the easy-to-use management tools. This can be done from any Windows or AIX workstation. The communication between the workstation and the firewalls is encrypted and secure.

Security proxies

Application proxies ensure that only safe data traffic passes through the firewall. Thus, NetWall comes with a wide range of security proxies including FTP, HTTP, LDAP, Generic, Gopher, SHTTP/SSL, IMAP4, SMTP, POP3, NNTP, Real Audio/Video, SOCKSV5, TNVIP, Telnet, TN3270, SSL and H.323.

Pricing


To purchase the firewall, one can visit the official website of Group Bull but it doesn't give any pricing information. It simply directs the visitor to NetScape. Though no official information is provided on internet, one can expect the firewall to cost over $3,000.

Review


NetWall is a high speed firewall that gives a wide range of security options to work with. Clearly, it is very reliable. Versatile proxying and centralized authentication makes the network administrator's task even easier but the difficult setup and lack of integration among software components will raise some brows. If I compare it with other firewalls like AltaVista and TNG Security Option, the configuration is not very easy. But, if you have some working knowledge of firewalls, this shouldn't be difficult. Another concern is the cost. Though the price is not officially provided on internet, NetWall has an image of being an expensive firewall. If your network is big and performance, not price is your criteria of buying, you can definitely think of buying NetWall.

Read Lucent Managed Firewall - A dedicated firewall for network security


Comments

No responses found. Be the first to comment...


  • Do not include your name, "with regards" etc in the comment. Write detailed comment, relevant to the topic.
  • No HTML formatting and links to other web sites are allowed.
  • This is a strictly moderated site. Absolutely no spam allowed.
  • Name:
    Email: