Endian Firewall

EFW_2

Endian 3.0 a simple Review

Original Article:

This is not my article, please check out the link above to view the original.

Endian released the new version of its firewall in January. The version jump from 2.5.2 to 3.0 already shows that this is a major release. With the latest version, the developers have visually modernized the user interface and extended it to include other languages. In addition to English, Italian, and German, it now supports Japanese, Spanish, Portuguese, Russian, Chinese, and Turkish.

Cleaning up the GUI has also had a positive effect, especially in the VPN configuration dialogs. The dialogs in the past were not very intuitive, and the system lacked its own certification authority (CA) for certificate management. Additionally, several new features have been introduced, including the previously missing HTTPS proxy.

The outgoing firewall is now familiar with applications like Dropbox, Facebook, Twitter, and Skype and thus allows more finely tuned firewall rules (Figure 1). In version 3.0, the Endian Firewall also replaces the ntop tool for visualizing network traffic with its successor ntopng [8] (Figure 2). It also uses the new Application Control Module (ntop Deep Packet Inspection library).

Installing Endian Firewall:

If you want to test the Enterprise Edition before buying, you will find an online demo on the Endian site. Alternatively, Endian provides test licenses for the commercial version but only with registration [2]. The activation code required for the installation and a download link for the ISO image are sent to you by email. Also, the community edition is available for free downloading.

Whether you use a physical system or a virtual machine for the test, you need a dual-core processor clocked at 2GHz, 1GB of RAM, and 20GB of free hard disk space. After completing the installation, you can initially access the web interface on the default IP address of http://192.168.0.15:10443 . You need to use the passwords for the root user for shell access and admin for the web interface and register your account with the Endian Network for the Enterprise version. This cloud-based management center for Endian Enterprise installations lets you monitor the remaining maintenance period, as well as the hardware resources and your licenses – for example, for the commercial antivirus and URL filters.

The Endian Network also handles the installation of updates and the remote management of Endian Enterprise installations. Access for this purpose is via a reverse HTTPS or SSH tunnel. Additionally, the Endian Network provides a free OpenVPN client for Windows, Mac, and Linux as well as disaster recovery keys (USB images) for restoring Endian hardware appliances.

The Endian Firewall enables the most important services in the direction of the Internet following a default installation: HTTP(S), FTP, SMTP, POP3(S), IMAP(S), DNS, and ping. You can configure this under Firewall  | Outgoing traffic . New firewall rules need to specify the source and target networks or the interface and the desired protocol.

Endian uses the same color coding as IPCop for the network interface (Figure 3). Green refers to the internal network (LAN), red to the external WAN interface, orange the DMZ, and blue the WiFi network. The new Endian version has an Application field that also lets you ban individual protocols or applications. For example, it prevents the use of Facebook and Skype:

EFW_5

This rule must come first in the outgoing firewall configuration. It is followed by a rule that allows HTTP to the outside and with no restrictions for applications.

The integrated open source ClamAV antivirus scanner can be supplemented in the commercial version of Endian UTM by a license for the Panda antivirus scanner. IT works with HTTP, SMTP, FTP, and POP3 proxies; the configuration is found below Services | Antivirus Engine .

More Control Over the Use of HTTP(S):

On the back end, Endian has revised the HTTP proxy with a solution based on Internet Content Adaptation Protocol (ICAP), thus improving performance. The HTTP proxy finally supports HTTPS connections so that the antivirus scanner now also checks encrypted traffic. An additional, commercial license extends the proxy with the Cyren URL filter (formerly Commtouch, Figure 4). In contrast to the standard web filters by DansGuardian, which the community edition also includes, the Cyren variant is familiar with more than 100 million websites organized in five main categories and 80 subcategories. Below Proxy | HTTP | Web filter , you can create profiles for different groups of users, for example, management, standard users, and trainees.

EFW_6

The SMTP proxy also has undergone changes. For example, the Endian Firewall now defines its own smart host with appropriate SMTP authentication data and outgoing IP address for each mail domain. In this way, email can be routed via different Internet mail servers depending on the domain used. Admins also can use a quarantine area below Services | Mail Quarantine to search for blocked messages and their content and to delete or forward as applicable. However, the tool lacks individual email quarantine areas for users.

VPN:

If you look at the VPN configuration in the previous version of Endian Firewall, you’ll see that a fair amount of catching up was needed. The interface of the new version has thus been revamped, and it comes with certificate management courtesy of its own CA, which generates X.509 certificates for the VPN modules. Alternatively, the CA can also generate a certificate signing request (CSR) for an external CA and thus also manage official certificates.

If you changed the IP address for the internal network interface of the firewall during the install – the default is 192.168.0.15 – you must first create a new root host certificate. Start by blocking the old root certificate in VPN | Certificates | Revoked Certificates and then generate a new one with Certificate Authority | Generate new root/host certificates .

The integrated OpenVPN server now also manages TUN interfaces, which is useful especially when you need to integrate smartphones and tablets. Endian has also updated the IPsec module to strongSwan 5.1 and – besides IKEv2 – includes integrated additional encryption algorithms such as Blowfish, Twofish, Serpent, SHA2, and AES-XCBC.

User management in the VPN module has also undergone a revamp: You can now also use the module to create external servers for authenticating VPN users in addition to local users. The module natively supports LDAP, Active Directory, and Novell eDirectory. Additionally, groups of users from directory services can be synchronized and local users organized into user groups (Figure 5). In this way, you can assign user groups popular VPN services or parameters, for example.

EFW_7

Hotspot:

For a long time, Hotspot has been an established and frequently used feature of the Enterprise Firewall. The integrated captive portal sets up guest accounts, whereas the account generator lets the admin create user accounts manually. Alternatively, admins can use Endian SmartConnect, a self-service feature that automatically delivers access credentials to users by way of text message or email. The admin defines whether the tickets are free; if not, billing can be handled through PayPal or credit card.

In the new version, Endian Hotspot also integrates external authentication systems, including LDAP, Active Directory, Novell eDirectory, and RADIUS. It can also create time-limited tickets for Hotspot usage, for example, to allow users one hour of Internet access per day. Another new feature is Hotspot SmartLogin. If it is enabled, Hotspot reads the access credentials from a session cookie in the browser, so users do not need to continually re-enter their credentials.

Even the reporting section has had a facelift. The new dashboard now delivers a summary of the most important events, such as blocked viruses, incoming and outgoing email, attack attempts, and web traffic on a clear timeline. Live logs also helps you quickly compile the most important events in a convenient spreadsheet format. The additional filter function lets you home in on points of interest for troubleshooting, for example.

Conclusions: Endian 3.0:

With the new release, the Endian developers have significantly shortened the gap to other UTM systems on the market – Endian Firewall Enterprise 3.0 is an impressive piece of work. However, much remains to be done. No uniform user database for VPN and web proxy use is available, and you will look for user-specific spam quarantine in vain. Endian also does not provide meaningful security enhancements such as a web application firewall (WAF) or email encryption, even in the new version of its firewall.

Thank you


logo3


 

Leave a Reply