Linux on Nokia IP Series Hardware
Anonymous Coward writes "Michael Rash has written a howto for the Linux Journal on getting Linux to run on a Nokia IP 330. Now we can use a free firewall on a platform normally designed to run Check Point Firewall-1. In these troubling times where IT departments all across the landscape are trying to reduce costs, this will allow companies to say 'No' to expensive support contracts and upgrade costs and still maintain security without having to buy new hardware."
a way to void that warranty
... a hardened freebsd. people have been removing IPSO and install fbsd for quite some time.
this is nothing new.
the nokia IP boxes run IPSO
now, why you'd buy a several thousand dollar p2-450 to begin with, i can't say.
vodka, straight up, thank you!
The Nokia IP series hardware is nothing more than older AMD K6 processor with a small amount of RAM by todays standards. You'd be better off with a $300 PC from Wal-Mart and a couple network cards. Don't get me wrong, I love the fact that Linux continues to spread to new area, but it has to be put into perspective.
Okay first off. A Nokia IP330 isnt worth jack!
I have two of them, and basicaly they are a AMD 800mhz rack mountable device. Brand new...around $4,0000 without any Checkpoint software/licenses.
IDE drives, and some other typical stuff.
You would be better off buying a Dell PowerEdge rackmountable server with no OS. Or if you are using Checkpoint then save a bunch of money and skip the Nokia solution. Use checkpoint Secure OS (Redhat with lots of limitations) and put it on a Dell with 4 hour replacement. That alone would save you over $2K a year in support contracts with a Nokia Platform, and you get a faster firewall to boot!
So explain to me...WTF IS THE POINT!
Yes, Nokia IP330 are expensive solutions. And Yes so is Checkpoint. But anyone who compares Checkpoint to a Linux Free solution...well I would like to see a comparison of that. The Checkpoint firewall is a complete solution, with plugins to your security needs, and yes you ahve to pay extra cash to get it all to interact.
The linux solution is hodge podge and not even close to being remotely the same in either quality, or type of solution.
This would be like comparing MS Exchange to Sendmail. Yes, they both send emails. One is very expensive and has some nice options. The other sends mail well and some think its a better solution. The point being that with Exchange you are not paying for just an email server. It has lots of bells and whistles (dont blame exchange for viruses...Outlook yes, exchange no)
Same with Checkpoint! You are not just paying for a firewall.
So you are going to buy a expensive Nokia IP330 and install linux on it. Very amuzing....
There is more to IPSO, the net OS that runs on the Nokia 330, than just a hardened freeBSD. The networking protocols are coded deep into the kernel, and have been highly optimized. To run a vanilla Linux on the box means that net routing will just become another application to the OS, along with the corresponding hit to performance.
On the Nokia series, you pay a premium for A) Nokia's OS (NetBSD-based, I believe, which has VRRP for failover), B) it's interoperability w/programs like CheckPoint and ISS, and C) being able to rack it.
WAY too much of a premium, in my opinion. When the sales guys at the VAR I was at tried to push them on all our customers, I quietly directed them all to PIXen or OpenBSD.
seeing some other posts ...
... i work tech for a dept. the nokias belong to the uni, so i don't work on 'em), mostly 330s and 440s.
... it's (ipso/fw-1) a common platform in that niche, so it'd be much easier to find someone else that knows how to manage them, and, they have nokia to have fix problems.
we have a number of nokia's where i work (it's a university
granted, they are based on older hw (p2-450s, early p3s, etc). however, what you're paying for is CYA and management. if it breaks, you call nokia or whomever is responsible for providing support for it.
IPSO does one thing, *very* well. personally, i'm of the opinion of a decently spec'd out box running obsd w/pf, but only because i manage the box. some may like linux with iptables or whatever.
suppose you go the obsd/linux route on an off-the-shelf i386 machine. 1. you buy the machine. 2. you have to pay someone to manage it. rough guesstimation, but i see it a *lot* cheaper to buy a few nokia boxes and pay the fw-1 license fees. my dept is already incurring my salary, so we decided to get an i386 box (dell pe1650), two 4 port ethernet cards, and get on with it. it works great. if that thing breaks though, it's my ass. plus, if i leave, someone will need to know how to manage it. the uni where i work going with nokias
vodka, straight up, thank you!
Some thoughts I had when reading the article:
;-) It might be a good idea to delete the compiler after everything has been configured, or even better, don't install it and build any necessary packages on another server, then transfer the binaries to the firewall.
:-D
> Once the new partition table is saved there is no going back; both IPSO and Check Point FW-1 are gone.
Of course, if I were the one doing the installation I'd backup the original drive contents so I could always go back to original configuration (in case of screw up, or if I wanted to sell the unit on e-bay, etc.) It's only 8 Gb...
> When it comes time to install the various packages, select only Network Support and then go into the Select Individual Packages section and add GCC, autoconf and ncurses.
GCC on a firewall box?! Sounds like a new tool of terror for the scrip7 kiddies.
Nice article though. Nothing like putting the screws to those closed source, code hoarding, proprietary software vendors.
I track known Slashdot scumbags on my foes list!