A Guide to Technology,
Products, and Deployment
|
Internet @ppliance Industry Report: A Guide to Technology, Products, and Deployment |
|
| FreeGate OneGate 1000
Full-featured web, email, file, and Virtual Private Networking (VPN) services for up to 250 users in a branch office or small business. Includes a built-in WAN interface, such as ISDN, T1, or DSL, and web blocking to control traffic entering and leaving your network.
Price:
Contact: |
 The FreeGate OneGate 1000 is a flexible single-box Internet access and web/email solution for small businesses and branch offices. Unlike appliances that are limited by simplicity or overwhelmed with complexity, the OneGate satisfies nearly everyone with its rich feature set and clean, compartmentalized user interface. Designed for 250 users, this product can be supported remotely by a VAR or configured in-house. Users can post their own web content and update mailing lists with ease, while under the "GateKeeper" covers, ISPs and experts will find everything they need. |
What's inside?
The OneGate 1000 we tested ran modified FreeBSD on a 166 Mhz CPU with 32 megabytes
of memory, mirrored 2.1 gigabyte disks, 56K Frame Relay/DDS with integrated CSU/DSU,
v.34 analog modem, and two Ethernets that separate your internal LAN from a
"demilitarized zone" (DMZ) LAN. This workhorse appliance can top out at 2 Mbps
V.35 or SDSL, 128 MB RAM, and dual 13 GB disks -- plenty of oomph for most small businesses.
The OneGate has a less flashy but more versatile footprint than most appliances:
it is stackable or 19" rack and wall mountable. We used the OneGate's simple
license manager to install Remote Access VPN (included in the price of the unit)
and Branch VPN (additional cost option), and discovered that a 30-day trial of
SurfWatch web blocking was available without a license.
Setting up the OneGate 1000
Start by gathering the information identified by the Getting Started Guide: connection type,
domain name, Ethernet IP addresses, Internet-facing address, ISP telephone number/login/password,
and company mailbox. The OneGate operates with either static or dynamic Internet addresses,
but you'll want a static address if you plan to access your OneGate from outside --
for example, to host an external web site or enable remote access by travelers. Define
an administrator login to complete initial setup and the OneGate reboots itself with its
new configuration. We were running in just ten minutes from start to finish.
GateKeeper Tools enable routine management tasks, such as configuring user accounts,
enabling web and file transfer services, controlling Internet access permissions and
schedules, and shutting down the system. Status monitoring, statistics, and activity
reports are also available through this interface. Context sensitive help is available
from any panel.
Less frequent tasks, and those requiring greater knowledge, are performed with Expert
Tools, tucked safely out of sight, and accessed via the star icon.
Creating User Accounts
To get started, create a user account for everyone in your company or office network.
Each user is automatically assigned a mailbox and personal folder on the OneGate.
Users can be granted permission to publish internal and external files and web pages,
access the Internet from within your network, and securely reach your network from the
Internet using Remote Access VPN.
Like most appliances, the OneGate can provide unrestricted (outgoing) Internet access.
But it can also selectively deny access by individual user, or filter access according
to company-defined policies. When access is filtered, users must log into the OneGate
before they can surf the web. Thereafter, they can only browse sites defined by the
administrator, SurfWatch subscription, or a combination thereof. This is a nifty feature;
it would be nice to selectively control file transfer site access as well.
The OneGate can act as an internal and external FTP server, with or without
anonymous FTP. In addition, the OneGate can be configured to participate in
a Microsoft domain and share files through Network Neighborhood. Users can
drag and drop files into their own OneGate folder or public folders, controlled
by user account permissions. This makes it drop-dead-simple to "publish" a file
where it can be accessed by a web browser or anonymous FTP. The OneGate also
provides an "incoming" folder where outsiders can put files when given permission
to do so. Statistical and detailed reports are available to document both FTP and
web site activity.
Your external web site is named www.yourdomain.com; your internal site
www.hq.yourdomain.com. If you happen to host your site -- or part of your
site -- elsewhere, you can configure a "web pass-through" that tells the OneGate
to redirect requests. A similar convention is used for FTP and mail hostnames.
The OneGate can act as a primary name server or integrate with other name servers.
It can assign addresses to hosts on your LAN and use network address translation
(NAT) to map internal private addresses to external public addresses. We had all
hosts share one static public address, put a server on our DMZ Ethernet, and
redirected requests for www.corecom.com to our ISP-hosted web site. The
reconfiguration required to do this was minimal, the ability to do all of
this with an appliance was a pleasant surprise.
Email Services and Personal Tools
OneGate's UI does an outstanding job of compartmentalizing configuration by allowing
self-management of user accounts. Anyone can use "Personal Tools" to modify his or
her own passwords, leave a vacation mail message, forward mail to another address,
or create and subscribe to mailing lists.
The OneGate can retrieve mail for your domain from your ISP using SMTP or POP.
We had to guess at the "Headers" and "Prefix" incantation required by our ISP; a
little more documentation here would help. The OneGate checks for mail whenever a
dial-up connection is established, and every 15 minutes thereafter. While this UI
offers excellent control over dial-on-demand schedules, intervals, and inactivity timeouts,
it curiously does not provide a directly-configured mail checking interval.
Advanced Security Features
The OneGate includes a packet-filtering firewall, with most configurations
appropriately hidden under Expert Tools. Typically, your firewall should
let insiders access the Internet while keeping others out.
VARs, ISPs, and experienced administrators will appreciate the wealth of information
provided by Expert Tools, particularly GateKeeper Diagnostics. Remote support can be
enabled via direct dial-up or across the Internet, using public key certificates to protect
against unauthorized "back door" access.
The FreeGate OneGate 1000 is an excellent choice for businesses that want a single-box
solution for Internet access and applications. It is particularly well-suited for workgroups
that need web or email hosting with flexible, secure Internet access and VPN support.
The OneGate's Getting Started Guide is well-organized and wonderfully illustrated
with figures and examples that novices will love. Cable the OneGate to your LAN,
pop the CD into a PC that has DHCP enabled, and the auto-run Setup program will find
your unit. Click on Go To OneGate to launch the browser-based user interface (UI).
Four configuration methods are offered: typical, custom, internal (no Internet access),
and RMS. VARs and ISPs will appreciate OneGate's Remote Management System (RMS), an
option that enables two-click customer setup via registration key. Others will find
typical configuration steps fairly quick and intuitive.
Thereafter, access the OneGate's User Interface through IE 4.01 or Netscape 4.5
(supplied) by visiting http://hq.yourdomain.com:8000. The OneGate UI prompts for
name and password, then automatically displays the panel appropriate for your login:
Personal Tools or GateKeeper Tools (shown at right).
The OneGate is a full-featured web server with built-in scripts for a guestbook,
feedback form, and search engine, and web caching to speed Internet site access.
Perl and Java "custom CGI" support is also available. GateKeeper tools
are used to enable internal and external web hosting, and to define lists that grant
access rights to users and groups. This easy-to-use feature allows you to password-protect
selected parts of your web sites, with unrestricted access by default.
It's no surprise that the OneGate can operate as a POP/SMTP email server for
internal and external users. But it doesn't stop there. The OneGate also
acts as a list server: users can create mailing lists and either manually
manage membership or have a "listbot" do the job. Subscribe and unsubscribe
messages are sent to listname-request@yourdomain.com; configuration determines
whether outsiders can join the list. Messages sent to listname-owner@yourdomain.com
are forwarded to the user who created the list. Users can view all company email
addresses and lists in an "Address Book", and the GateKeeper can manually edit any
list (shown at right).
Using the OneGate's Remote Access VPN, authorized travelers, teleworkers, or business
partners can securely "tunnel" into your LAN using the Point-to-Point Tunneling Protocol
(PPTP). The OneGate's Branch VPN connects other networks to your own using IP security
(IPsec) or SKIP tunnels. Unlike most appliances, FreeGate has actually tested OneGate
interoperability with IPsec products from Cisco, CheckPoint, TimeStep, and others.
Tunneling with default policies is surprisingly simple. Expert Tools are available
to create other security policies, and multi-level diagnostics can assist with debugging.
After installing VPN licenses, it took less than five minutes to verify tunneled remote
access and less than an hour to connect our OneGate to its sibling back in Sunnyvale.
Final Word
Copyright ©2000 Core Competence, Inc. and David Strom, Inc.
No part of this report may be reproduced or transmitted in any form or by any means,
electronic or mechanical, including photocopying, recording, or by any information storage
or retrieval system, without permission in writing from the publishers.
All Rights Reserved