The IP380, Nokia Corp.s latest mid-range security appliance, is a good choice for small and medium-size businesses looking for an affordable, robust, easy-to-set-up firewall/VPN gateway. However, sites with Gigabit Ethernet in their future should look at competing products or higher-end Nokia devices because the IP380 only supports 10/100 Ethernet.
The IP380, which shipped in August, runs Check Point Software Technologies Ltd.s FireWall-1/VPN-1 NG (Next Generation) virtual private network software in a flexible, compact platform.
The IP380 starts at $10,000 and comes with four 10/100M-bps Ethernet ports in a slim 1.75-inch form; customers must purchase the software license separately. Its chassis has two extra slots for optional NICs, where IT managers can upgrade the box with additional 10/100 Ethernet or ISDN cards. A pair of Type 2 PCMCIA slots in the center can house remote management modem cards.
The IP380 unit we tested had an 866MHz processor, 256MB of RAM and dual 10/100 Ethernet interface cards, in addition to the four standard 10/100 ports, giving the IP380 a total of eight 10/100 ports. Our evaluation unit also included an optional $2,000 VPN encryption accelerator card installed within the internal PMC slot.
The test system, which lists for $23,845 (including the encryption accelerator), runs Nokias IPSO 3.5.1 operating system and the cost of a complete license for FireWall-1/VPN-1 NG.
Running Internet Security Systems Inc.s RealSecure 6.5 software, the IP380 can also act as an intrusion detection system. The total cost for a RealSecure IP380 is $15,000.
The IP380 competes with NetScreen Technologies Inc.s NetScreen-203 and NetScreen-208 VPN/Firewall appliances. The NetScreen-208 comes standard with eight ports and has a starting price of $15,000. Another competitor, Cisco Systems Inc.s PIX 525 Firewall, offers up to eight 10/100 Ethernet ports and can be upgraded with Gigabit interfaces. Neither the IP380 nor the NetScreen-208 offers Gigabit upgrade paths.
To see how well the IP380 handled traffic, we conducted firewall and VPN throughput tests using tools from Ixia Inc. At the Nokia performance lab, in Mountain View, Calif., we used an Ixia 1600 chassis with two 10/100 load mod-ules to test the firewall and VPN of a single IP380 with all eight ports for the firewall throughput tests.
We used two IP380s with the VPN accelerator card running Triple Data Encryption Standard/Message Digest 5 encryption for the VPN throughput testing. The Ixia modules were directly connected to the ports of the IP380, and we ran several tests using an RFC 2544 test script with zero loss tolerance and different packet sizes.
The IP380 performed well in the Ixia tests, easily delivering more than 620M bps of throughput across the firewall and transferred data at more than 120M bps through the VPN tunnel.
The IP380 had better firewall performance than the NetScreen-208s ad-vertised throughput of 550M bps, but it fell short of the NetScreen-208s advertised 200M-bps VPN performance.
We could easily manage the IP380 through the serial console port, the Nokia Voyager Web GUI or via the optional Nokia Horizon Manager software. We used the command-line interface to set up initial network settings, and the Nokia Voyager Web GUI allowed us to easily configure the box.
We really liked the IP380s easily serviceable chassis, which enabled us to quickly add memory or interface cards by removing two screws and using the slide-out access tray in the front of the unit. This feature will save administrators time during upgrades or repairs because they dont have to remove the IP380 from the rack.
The IP380 doesnt have redundant power supplies, but it can offer high availability through Virtual Router Redundancy Protocol (VRRP). By comparison, the NetScreen-208 also offers high-availability support for sites that require better uptime.
Technical Analyst Francis Chu can be reached at email@example.com.