NetWolves Device Keeps Hackers at Bay

MELVILLE, N.Y. (02/25/2000) - NetWolves Corp. last week announced a network firewall appliance that has more features than a Swiss Army knife.

For about the same price as a software firewall, NetWolves' FoxBox also includes a Web server, file server, caching server and Dynamic Host Configuration Protocol server, among other things.

"This would be great for smaller companies and sites that want to limit the amount of gear they have in their network," says Alan Stewart, president of Network Interface, a consultancy in Crystal Lake, Ill.

At the same time, the device can be a problem because if it crashes, the enterprise loses multiple communications capabilities, he says.

FoxBox sits on the LAN side of a WAN router to act as a firewall for devices on the LAN but also comes with WAN interfaces so it can connect directly to the Net and protect a customer's entire network.

FoxBox ranges in price from $3,100 to $7,100, making it less expensive than some stand-alone firewalls, users say. Other multiple-function appliances, such as those made by NetScreen and RapidStream, focus on speeding the packet processing needed to establish secure virtual private networks (VPN).

NetWolves seems to be going more for breadth of functions, and FoxBox is inexpensive enough that customers could buy it and use just one of its features.

For example, the Wall Township, N.J., schools replaced a CyberGuard software firewall with FoxBox to protect their network, says Jeff Janover, director of technology for the school district. The CyberGuard firewall was running on an NT server that crashed every six to eight weeks for a year and a half, he says.

Replacing it with FoxBox cost about $3,500, which is less than the $5,000 to $8,000 it would cost to buy other vendors' firewall software and a server, Janover says.

At that price, Tanagraphics, a New York printing company, was able to buy two FoxBoxes to protect its network. One is active and the other is on standby in case of a failure, says Doug Bressler, Tanagraphics' network director.

FoxBox connects LANs to the Net over dial-up connections or 56K-bps or T-1 dedicated lines. It also supports external digital subscriber line and cable modems.

The gear can also create Internet VPNs with other FoxBoxes. So a company with multiple sites could install FoxBox at each location to set up a VPN. The equipment supports IP Security tunneling that secures data across the Internet.

FoxBox uses Data Encryption Standard to protect the data, but not Triple-DES, a much more secure encryption algorithm.

Bressler says Tanagraphics uses the FoxBox firewall as well as its Domain Name System server to direct traffic sent to an external IP address to the correct internal IP address. That capability let Tanagraphics return its Class C IP addresses to its ISP, Bressler says.

Tanagraphics initially considered installing its own firewall after trying a managed firewall service, but rejected it. Whenever the company wanted to give another employee access rights to the Internet, it took too long to get the ISP to open a new hole in the firewall, he says.

Tanagraphics also uses FoxBox as its mail relay host, but not as its mail server. But knowing FoxBox has e-mail capabilities gives the firm a backup option if its primary e-mail server fails, Bressler says.

The box is based on PC hardware, which Bressler sees as a drawback. "That means it's hardware with moving parts, and moving parts wear out," he says. But he says he is not worried because he has a preconfigured spare on hand.

NetWolves says its equipment is meant for offices with up to 500 LAN users who want to connect to the Internet. FoxBox comes in five models, with the major difference being the WAN interface. WAN options include 56K-bps modem, ISDN, 56K-bps dedicated and T-1. Dedicated lines require an external DSU/CSU. One model comes with dual Ethernet ports, one to connect to the LAN and the other to connect with an external cable modem or DSL modem.

NetWolves: www.netwolves.com.