Firewall Wizards mailing list archives
commercial firewall licencing
From: Jyri Kaljundi <jk () stallion ee>
Date: Mon, 22 Dec 1997 18:26:16 +0200 (EET)
I have a need to connect multiple firewalled sites together using VPN, and I am trying to find a commercial firewall to do this. I encountered some problems with this while using FireWall-1, so I probably have to use something else. The problem arises about how firewall vendors licence their products with limited IP-addresses. Let's say we have 10 sites in different countries, each with less than 50 machines (or less than 50 IP-addresses) in internal network. I will situate the VPN device in the internal network and allow incoming traffic from one VPN device in another country to this internal VPN, where it gets decrypted. All of these 10 networks can talk to each other using VPN. Now what FireWall-1 does is it counts the different source IP-addresses it sees in the internal network (or actually all network interfaces besides one which is called external and connected to Internet). Now the VPN packets enter through the firewall, but once they get decrypted, their source address will be changed and the FireWall-1 counts them as internal machines. So the 50-IP licence gets a violation real soon, as the firewall will notice 9 times 50 other addresses which seem internal to him. So I need to use another firewall vendor, any ideas? The price is pretty important (otherwise I could just buy an unlimited fw for every country), and all the firewalls in other countries must be managed from one station here in Estonia. How does TIS Gauntlet count the licences for the 50- and 250-IP addresses, does it also listen to all the packets it hears or does it trust the customer not to have more hosts (although Gauntlet 50-user fw is as expencive as FireWall-1 unlimited module). And why not use a firewall VPN - because I have not found a firewall VPN in the free world which would have strong encryption. Jyri Kaljundi jk () stallion ee AS Stallion Ltd http://www.stallion.ee/
Current thread:
- commercial firewall licencing Jyri Kaljundi (Dec 23)
- <Possible follow-ups>
- RE: commercial firewall licencing Linwood Ferguson (Dec 24)