SuSE Firewall on CD 2   Features The Firewall (Live CD): Kernel: 2.4.18 hardened with compartment ipvs (kernel patch for load balancing) New! Packet filter: iptables New! Stateful inspection Proxy services (application-level gateway): FTP proxy HTTP proxy HTTPS support HTTP content filter (HTTPF) Generic TCP proxy (rinetd) Transparent proxy operation SQUID ACL for clients Remote login support (OpenSSH) New! Support of virtual network interfaces DNS: Cache-only name server/forwarder Network time server NTP Furthermore, the live CD contains additional software packages that can be configured manually. Admin host (graphical configuration tool FAS): Click here for screenshots New! Configuration of virtual network interfaces New! Configuration of the ISDN/ADSL access (see hardware requirements) Packet filter configuration Configuration of all proxy services ACL: Configuration of the client access to the WWW (access restriction) New! Configuration of virtual network interfaces New! Evaluation of statistics about: Intercepted data packets Origin/size of intercepted data packets Network traffic for each network card Mail traffic including rejected mail New! Log analysis: syslog, kernel, ipfilter, vpn, system Remote login support (OpenSSH) Maintenance (automatic updates) via YOU (YaST Online Update) Diagnostic tools: tcpdump, ping, ntop, nmap, ethereal, nessus1 1 Attention! nessus does not report the latest version. For the sake of security and stability, stable package versions are maintained. All security-related patches and fixes are ported back to the utilized versions and are thus secure. VPN module: Implemented with IPsec / FreeS/WAN Types of VPN connections: LAN to LAN LAN to Client Client to Client Roadwarrior to LAN (dynamic IP on the client side) Roadwarrior to client The Roadwarrior connection necessitates the use of X.509 certificates Individually configurable filters for VPN tunnels Encryption with 168-bit 3DES keys Key rings (management of X.509 certificates): Implemented with OpenSSL Authentication via X.509 certificate PSK (pre-shared keys) New! The packet filters can be individually configured for each VPN tunnel. Live CD: additional software packages: To provide a comprehensive rage of services on the firewall, the live CD contains the following Open Source software packages. These software packages can not be configured with the graphical configuration tool: cipe VPN tunnel software pptpd MS VPN tunnel server (point-to-point tunneling protocol daemon) ippl IP protocol logger (portscan logger) scanlogd Portscan logger ipvsadm Linux Virtual Server (for the configuration of the load balancer included in the kernel) snmpd For the output of the interface statistics sockd Dante server, socks v4/v5 server (proxy) zebra, ospf6d, ospfd, bgpd, ripd ripngd Routing software (e.g. for BGP and OSPF)

Firewall on CD 2 · Features · FAQs · Screenshots · System Requirements · Customer references · Maintenance Program     Scope of delivery   The scope of delivery of SuSE Firewall on CD 2 includes detailed documentation, 30 days of installation support, and 12 months of maintenance.     New features   SuSE Firewall on CD 2 Kernel 2.4.18 Packet filter IPTABLES Stateful inspection Configuration of virtual network interfaces Graphical configuration of ADSL and ISDN New user-friendly graphical user interface Automatic maintenance update with SuSE YOU (YaST Online Update) Graphical logging function Update to major/minor releases included   VPN module for SuSE Firewall on CD 2 Individual filter configuration for VPN tunnels

Last modified  05/17/2003