Mistletoe Technologies SlimLine Security Appliance is a run-of-the-mill firewall appliance—with one big exception: Its tiny.
A Gigabit-speed multifunction firewall, flow manager, data encrypter and/or antiDoS appliance, the SlimLine Security Appliance measures just 3 inches by 6 3/4 inches by 1 inch. The appliance is also small on power usage—the version I tested can be powered from a PoE (Power over Ethernet) switch and drew only 15 Watts of power during tests. The price is likewise small: only costs $1,200.
The SlimLine is intended to provide perimeter-like security inside the LAN for organizations with large numbers of servers. During my tests, the SlimLine worked well as a basic firewall device. However, it has several deficiencies that will (and should) give most enterprises pause.
For one thing, the only version of the management console is in beta. For another, there is no hot failover capability. Failed systems will likely be noticed first by users and second by the management console. Appliances that stop working fail open, causing a loss of connectivity to network resources. Failed appliances must be physically replaced.
There is also an important difference between the SlimLine and more traditional perimeter firewalls: the lack of a DMZ. Because the SlimLine is meant as an internal LAN security device, there is no provision to run services such as mail or DHCP provisioning in a DMZ. There are only two Gigabit interfaces to the firewall: trusted and untrusted. (Company officials told me that the final version of the management console, designed to handle configuration changes and to monitor appliance state, should be available in October.)
The individual management interface is easy to navigate and set up. The initial configuration is done via a serial connection using a command-line interface. Anyone familiar with router or switch configuration should be able to configure the device in a matter of minutes. I called on technical support to speed up the configuration process, and had the device up and running in under an hour.
After configuring basic IP address and routing information, I switched to the Web-based console to complete the SlimLine setup. The usual functions were available, including the ability to integrate with a RADIUS service to authenticate user accounts. Policies were easy to create using either the step-based wizards or with a straightforward policy screen. The product assumes a working knowledge of network architecture and protocols; there is no extensive help system to provide guidance.
System administrators who are short on rack space should note that the SlimLine can be shoved in just about anywhere there is room in the cabinet. I was easily able to zip-tie the appliance and the power supply brick inside the frame of my rack without having to use a slot. Keep in mind that the power brick is almost as big as the SlimLine, and just about as hot—which is to say that neither put out enough heat to warrant an chiller recalculation for the rack.
The SlimLine can be set up in a transparent bridge mode, thus allowing it to be inserted into the network with little or no reconfiguration of existing infrastructure.
I was able to set up VPN tunnels via the interface to enable management access to my systems from the outside world. With all the firewall basics configured, the SlimLine provided good protection for my Windows and Linux servers in my test network.
Basic operational reports come with the system, but there isnt anything fancy. Ill look for the management reports in October to see what is offered beyond the system log files, connections and packet counters currently offered.
Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.