Introduction to various types of firewalls (2)

4. NAI Gauntlet

Gauntlet is a firewall suite product in the PGP Network security solution launched by the American Network Alliance (NAI). This product belongs to the firewall at the application layer gateway level.

Gauntlet in the application layer in accordance with security policy checks two-way communication, with user transparency, integrated management, strong encryption and content security, high throughput features, can be used for internet/intranet and remote access, and other areas, but these modules relatively simple, relatively low performance, and configuration management interface is basically based on command line, without GUI so intuitive and friendly.

When users use Gauntlet firewall products, they can also choose anti-virus measures according to their requirements, which is one of his characteristics. Configure the gauntlet firewall and check the files, messages, and web content that go into the network, prevent Java and ActiveX programs from attacking the network, filter URLs, report remote access, and live alerts.

Gauntlet provides a rich list of proxy services, including FTP (such as NetShow of Microsoft, RealNetworks, RealPlayer of the company, Zingtechnology Company's Streamworks and VDOnet's vdolive multimedia), SNMP, News, and many others, it also has the ability to establish custom agents. Its accreditation services include: Accesskeyⅱ, Cryptocardrb-ⅰ, axenttechnologies company Defendersecurityserver, vascodatasecurity company Digipass, Securecomputing Company's Safewordauthenticationserver, Securenetkey, SecurID, S/key, and reusable passwords (built in).

NAI Gauntlet does not contain the integrated Web cache feature, does not accelerate enterprise network information access, and does not have firewall array capabilities to support enterprise applications, which is necessary for any software firewall. In general, NAI Gauntlet is more like an enhanced module that provides accessibility to other firewalls, making it a little reluctant to be independent.

The NetScreen-100 of 5.NetScreen technology

Similar to Cisco's pix, NETSCREEN-100 also runs proprietary operating systems. Unlike Pix, which runs on Intel platforms, NetScreen uses proprietary ASIC to form high-performance firewalls that are inexpensive and easy to install. We found that it was easy to install the IP address of the interface through a serial connection. After this step, we will be able to do further work through Netscape or Microsoft's browser. Only pix and FIREWALL-1 are more expensive than NetScreen-100 when NAT is not running, and they are better than FireWall-1 if the performance of running Nat,netscreen is not degraded.

NetScreen are the only products that do not route message packs and let them pass. With this feature, any host or router within the firewall can continue to use the gateway address of the Internet router, or any other router that has access to the external network. This eliminates the need to add another subnet between the firewall and the external router, or move the address of the external router to the internal interface of the firewall, so that the internal host does not have to change their gateway address. We have successfully routed in both normal and transparent mode of operation.