Core Competence, Inc. Internet @ppliance Industry Report:
A Guide to Technology,
Products, and Deployment
David Strom, Inc.

FreeGate OneGate 1000

Full-featured web, email, file, and Virtual Private Networking (VPN) services for up to 250 users in a branch office or small business. Includes a built-in WAN interface, such as ISDN, T1, or DSL, and web blocking to control traffic entering and leaving your network.

Price:
OneGate 1000 (up to 250 users) with ISDN,
2 Ethernets, and Remote Access VPN $3,395
V.35, Fractional T1, Frame Relay, SDSL, and
T1 interfaces and disk mirroring for system
redundancy also available

OneGate 150 (up to 50 users) starts at $1,635

Options available on both models:
Branch VPN: $795
Web Blocking: starts @ $395/year for 25 users

Contact:
FreeGate Corp. (Tut Systems)
1208 E. Arques Ave.
Sunnyvale, CA 94086
Phone: (408) 617-1000, (877) 663-4283
Fax: (408) 617-1261
Web: www.freegate.com

Reviewed:
August 1999

OneGate 1000

The FreeGate OneGate 1000 is a flexible single-box Internet access and web/email solution for small businesses and branch offices. Unlike appliances that are limited by simplicity or overwhelmed with complexity, the OneGate satisfies nearly everyone with its rich feature set and clean, compartmentalized user interface. Designed for 250 users, this product can be supported remotely by a VAR or configured in-house. Users can post their own web content and update mailing lists with ease, while under the "GateKeeper" covers, ISPs and experts will find everything they need.

What's inside?

The OneGate 1000 we tested ran modified FreeBSD on a 166 Mhz CPU with 32 megabytes of memory, mirrored 2.1 gigabyte disks, 56K Frame Relay/DDS with integrated CSU/DSU, v.34 analog modem, and two Ethernets that separate your internal LAN from a "demilitarized zone" (DMZ) LAN. This workhorse appliance can top out at 2 Mbps V.35 or SDSL, 128 MB RAM, and dual 13 GB disks -- plenty of oomph for most small businesses. The OneGate has a less flashy but more versatile footprint than most appliances: it is stackable or 19" rack and wall mountable. We used the OneGate's simple license manager to install Remote Access VPN (included in the price of the unit) and Branch VPN (additional cost option), and discovered that a 30-day trial of SurfWatch web blocking was available without a license.

Setting up the OneGate 1000
The OneGate's Getting Started Guide is well-organized and wonderfully illustrated with figures and examples that novices will love. Cable the OneGate to your LAN, pop the CD into a PC that has DHCP enabled, and the auto-run Setup program will find your unit. Click on Go To OneGate to launch the browser-based user interface (UI). Four configuration methods are offered: typical, custom, internal (no Internet access), and RMS. VARs and ISPs will appreciate OneGate's Remote Management System (RMS), an option that enables two-click customer setup via registration key. Others will find typical configuration steps fairly quick and intuitive. Click here to view a larger image

Start by gathering the information identified by the Getting Started Guide: connection type, domain name, Ethernet IP addresses, Internet-facing address, ISP telephone number/login/password, and company mailbox. The OneGate operates with either static or dynamic Internet addresses, but you'll want a static address if you plan to access your OneGate from outside -- for example, to host an external web site or enable remote access by travelers. Define an administrator login to complete initial setup and the OneGate reboots itself with its new configuration. We were running in just ten minutes from start to finish.

Thereafter, access the OneGate's User Interface through IE 4.01 or Netscape 4.5 (supplied) by visiting http://hq.yourdomain.com:8000. The OneGate UI prompts for name and password, then automatically displays the panel appropriate for your login: Personal Tools or GateKeeper Tools (shown at right).

GateKeeper Tools enable routine management tasks, such as configuring user accounts, enabling web and file transfer services, controlling Internet access permissions and schedules, and shutting down the system. Status monitoring, statistics, and activity reports are also available through this interface. Context sensitive help is available from any panel.

Less frequent tasks, and those requiring greater knowledge, are performed with Expert Tools, tucked safely out of sight, and accessed via the star icon.

Click here to view a larger image

Creating User Accounts

To get started, create a user account for everyone in your company or office network. Each user is automatically assigned a mailbox and personal folder on the OneGate. Users can be granted permission to publish internal and external files and web pages, access the Internet from within your network, and securely reach your network from the Internet using Remote Access VPN.

Like most appliances, the OneGate can provide unrestricted (outgoing) Internet access. But it can also selectively deny access by individual user, or filter access according to company-defined policies. When access is filtered, users must log into the OneGate before they can surf the web. Thereafter, they can only browse sites defined by the administrator, SurfWatch subscription, or a combination thereof. This is a nifty feature; it would be nice to selectively control file transfer site access as well.

Click here to view a larger image The OneGate is a full-featured web server with built-in scripts for a guestbook, feedback form, and search engine, and web caching to speed Internet site access. Perl and Java "custom CGI" support is also available. GateKeeper tools are used to enable internal and external web hosting, and to define lists that grant access rights to users and groups. This easy-to-use feature allows you to password-protect selected parts of your web sites, with unrestricted access by default.

The OneGate can act as an internal and external FTP server, with or without anonymous FTP. In addition, the OneGate can be configured to participate in a Microsoft domain and share files through Network Neighborhood. Users can drag and drop files into their own OneGate folder or public folders, controlled by user account permissions. This makes it drop-dead-simple to "publish" a file where it can be accessed by a web browser or anonymous FTP. The OneGate also provides an "incoming" folder where outsiders can put files when given permission to do so. Statistical and detailed reports are available to document both FTP and web site activity.

Your external web site is named www.yourdomain.com; your internal site www.hq.yourdomain.com. If you happen to host your site -- or part of your site -- elsewhere, you can configure a "web pass-through" that tells the OneGate to redirect requests. A similar convention is used for FTP and mail hostnames. The OneGate can act as a primary name server or integrate with other name servers. It can assign addresses to hosts on your LAN and use network address translation (NAT) to map internal private addresses to external public addresses. We had all hosts share one static public address, put a server on our DMZ Ethernet, and redirected requests for www.corecom.com to our ISP-hosted web site. The reconfiguration required to do this was minimal, the ability to do all of this with an appliance was a pleasant surprise.

Email Services and Personal Tools
It's no surprise that the OneGate can operate as a POP/SMTP email server for internal and external users. But it doesn't stop there. The OneGate also acts as a list server: users can create mailing lists and either manually manage membership or have a "listbot" do the job. Subscribe and unsubscribe messages are sent to listname-request@yourdomain.com; configuration determines whether outsiders can join the list. Messages sent to listname-owner@yourdomain.com are forwarded to the user who created the list. Users can view all company email addresses and lists in an "Address Book", and the GateKeeper can manually edit any list (shown at right). Click here to view a larger image

OneGate's UI does an outstanding job of compartmentalizing configuration by allowing self-management of user accounts. Anyone can use "Personal Tools" to modify his or her own passwords, leave a vacation mail message, forward mail to another address, or create and subscribe to mailing lists.

The OneGate can retrieve mail for your domain from your ISP using SMTP or POP. We had to guess at the "Headers" and "Prefix" incantation required by our ISP; a little more documentation here would help. The OneGate checks for mail whenever a dial-up connection is established, and every 15 minutes thereafter. While this UI offers excellent control over dial-on-demand schedules, intervals, and inactivity timeouts, it curiously does not provide a directly-configured mail checking interval.

Advanced Security Features

The OneGate includes a packet-filtering firewall, with most configurations appropriately hidden under Expert Tools. Typically, your firewall should let insiders access the Internet while keeping others out.

Click here to view a larger image Using the OneGate's Remote Access VPN, authorized travelers, teleworkers, or business partners can securely "tunnel" into your LAN using the Point-to-Point Tunneling Protocol (PPTP). The OneGate's Branch VPN connects other networks to your own using IP security (IPsec) or SKIP tunnels. Unlike most appliances, FreeGate has actually tested OneGate interoperability with IPsec products from Cisco, CheckPoint, TimeStep, and others. Tunneling with default policies is surprisingly simple. Expert Tools are available to create other security policies, and multi-level diagnostics can assist with debugging. After installing VPN licenses, it took less than five minutes to verify tunneled remote access and less than an hour to connect our OneGate to its sibling back in Sunnyvale.

VARs, ISPs, and experienced administrators will appreciate the wealth of information provided by Expert Tools, particularly GateKeeper Diagnostics. Remote support can be enabled via direct dial-up or across the Internet, using public key certificates to protect against unauthorized "back door" access.

Final Word

The FreeGate OneGate 1000 is an excellent choice for businesses that want a single-box solution for Internet access and applications. It is particularly well-suited for workgroups that need web or email hosting with flexible, secure Internet access and VPN support.

Copyright ©2000 Core Competence, Inc. and David Strom, Inc.
All Rights Reserved

No part of this report may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage or retrieval system, without permission in writing from the publishers.