Symantec Delivers Linux-Based Firewall for iSeries Model 270

by Alex Woodie

Symantec yesterday announced the immediate availability of Symantec Enterprise Firewall for the iSeries Model 270, a virtual firewall appliance that runs on a "hardened" version of Linux inside a dedicated logical partition. Symantec Enterprise Firewall for iSeries 7.0.3, first announced over a year ago and originally slated for delivery last summer, required additional testing and is now certified by Symantec and IBM for use on the Model 270, with certification tests for additional iSeries servers currently underway.

Symantec Enterprise Firewall for iSeries is based on the Enterprise Firewall product Symantec sells for Microsoft Windows NT/2000 and Sun Microsystems Solaris servers, and it was ported to Linux specifically to run in the iSeries environment. The product automatically installs a streamlined and "hardened" version of Red Hat Linux 7.1 for iSeries, and is designed to run inside its own dedicated logical partition as a "virtual" appliance.

Symantec sells other hardware/software firewall and virtual private network (VPN) appliances, and the company calls SEF for iSeries a virtual appliance to emphasize the idea that the product runs as a separate entity underneath a primary OS/400 partition. With OS/400's capability to allocate iSeries processor and memory resources in a dedicated or shared manner, Symantec asserts that Symantec Enterprise Firewall for iSeries is isolated and runs without concern for other guest logical partitions. Like all applications sharing resources on an OS/400 server, however, Symantec Enterprise Firewall for iSeries is susceptible to any hiccups that may affect the primary OS/400 partition, and Symantec recommends a mirrored environment if the 99.97 percent uptime of the iSeries server is not sufficient for you. To ensure the highest level of security and availability, Symantec strongly recommends that users don't run other applications inside the logical partition that houses Symantec Enterprise Firewall for iSeries.

The fact that OS/400 shops don't have to buy another server or appliance to host a firewall is a key point that Symantec will be emphasizing with Symantec Enterprise Firewall for iSeries. "The whole theme is server consolidation," says Symantec product manager Michele Araujo. "If they have an iSeries with a [Windows] server farm behind it, one of the clear benefits [of Symantec Enterprise Firewall for iSeries] is protecting all of its mission-critical applications and the nodes that are behind it." Those nodes encompass all networked iSeries server assets, including iSeries servers, OS/400 logical partitions, Linux logical partitions, or Windows-based servers connected to the iSeries via IBM's internal xSeries PCI card and external xSeries adapter technology.

Symantec Enterprise Firewall for iSeries is a hybrid firewall that combines three different types of firewalls--including packet filtering, stateful inspection, and full application inspection--into a single product that protects at all layers of the network stack.

Features of Symantec Enterprise Firewall for iSeries include the following:

• Application inspection, with security proxies for HTTP/HTTPs, DNS, Telnet, FTP, and other protocols.
• Strong and weak user-authentication methods, including Gateway, S/Key, SecurID, OOBA, and other authentication methods.
• Integration with Symantec blacklist services via Symantec's Intrusion Detection System products.
• URL blocking and protection from denial-of-service attacks.
• Network-address-translation protection and address hiding.
• Startup wizards, logging, reporting, diagnostic tools, and notification via e-mail and Simple Network Management Protocol (SNMP) traps.
• The Raptor management console plugs into Microsoft Management Console.

Symantec Enterprise Firewall for iSeries is the first firewall application designed to run on the OS/400 server since IBM announced the withdrawal of its Firewall for AS/400 in February 2000. At that time, IBM recommended that OS/400 shops running the firewall take a close look at several third-party firewall alternatives, including AXENT's Raptor firewall, Check Point's FireWall-1, and Cisco Systems' PIX firewall. When IBM announced that support for Firewall for AS/400 would end, along with support for OS/400 V4R5, originally slated for May 2001, it upset some of the 4,000 Firewall for AS/400 users because the product had only been on the market about two years, and because IBM didn't offer any compensation to those shops forced to migrate and upgrade soon after investing in the product. At the same time, the decision to ditch the old firewall can be seen as a wise one, as the firewall was based on an old OS/2 product, it ran on Integrated Netfinity Server cards, and it didn't offer some of the capabilities that were commonplace in third-party firewalls (or on Symantec Enterprise Firewall for iSeries, for that matter), including intrusion detection, virus detection, and paging capabilities.

Symantec Enterprise Firewall for iSeries 7.0.3 is available for AS/400 and iSeries Model 270s running OS/400 V5R1. Later this year, Symantec will start shipping Symantec Enterprise Firewall for iSeries on additional servers, including the Model 800, 810, and 825 servers, all of which will be supported up to OS/400 V5R2, officials say. The reason why Symantec is rolling out support for specific iSeries servers, instead of following a more general operating system release schedule, is that the company must work with IBM to test the product on each configuration to certify that it's stable and works properly.

Symantec Enterprise Firewall for iSeries 7.0.3 is available now from Symantec resellers and is being exclusively distributed through Arrow Electronics' Support Net Division, a prominent iSeries reseller. Pricing for Symantec Enterprise Firewall for iSeries is consistent with pricing for other Symantec Enterprise Firewall products, and starts at $3,995 to protect up to 25 nodes (a "node" being anything with an IP address that Symantec Enterprise Firewall is protecting). The price ranges up to $7,995 to protect up to 50 nodes, $9,995 for 100 nodes, $15,995 for 250 nodes, and $25,995 for an unlimited license. For more information, go to www.symantec.com.

Sponsored By S4I SYSTEMS

S4i Express Document Management Solutions include report distribution, imaging, archiving and retrieving documents electronically. S4i DASD-Plus DASD Management Solutions for DASD clean-up, optimization, surveying your DASD, trending and forecasting future DASD consumption. Why S4i Systems, Inc.? Our Customers tell us that they experience a pay back in MONTHS rather than years! And they represent some of the largest and smallest well known organizations! Here are their stories. Our Expertise is in the iSeries and AS400 arena. Our developers and principles have grown up in the IBM midrange computing environment. Our deep knowledge of this technology enables us to anticipate future capabilities and insights into the best methods to leverage native O/S technology and deliver you rich functionality. Our Support is something that is almost unheard of today, 24X7 access to a live person! How do we do it? Well, first of all, our client to support ratio is very small and second, the applications are so stable that no one needs us. Our Products are highly scalable and affordable. Organizations can afford to use S4i for solving their largest headaches in a small area of their business or enterprise-wide. Learn more. Call us 800-231-5280 (760-231-5280), visit us www.solution400.com or email us.