The $330 IPCop/Copfilter firewall 25 watt appliance
Summary: A lot of you probably already know my disdain for desktop anti-virus because of how sluggish it makes your computer and how it actually becomes more of a liability in terms of security. I've talked about how wonderful it would be if you could run your anti-virus at the gateway to protect all of your computers.
A lot of you probably already know my disdain for desktop anti-virus because of how sluggish it makes your computer and how it actually becomes more of a liability in terms of security. I've talked about how wonderful it would be if you could run your anti-virus at the gateway to protect all of your computers. The one thing I couldn't really offer up until recently is how you actually implement this with a practical and relatively cheap solution.
One of the things a lot of people did was to take an old computer that made a lot of noise and probably takes a lot of power which adds up on the electricity bill. Another option was to buy a $600 embedded appliance which is too expensive. The third option which Justin James attempted was to order something all the way from China which took nearly 2 months along with a steep money transfer fee and shipping costs. I got so desperate that I even thought the Apple TV would make a nice low-power cheap appliance only to find out that the EFI BIOS was going to be a pain to deal with.
A year has passed and I'm happy to inform you that the bad old days are over and you can finally buy a low-cost low-powered x86 appliance for a little over $330 with no gimmicks or hacks. Enter Logic Supply's Perimeter B4 appliance for $291 which includes 3 gigabit ports and 1 FastEthernet port as shown in the picture above and below which I got a chance to review. It's an all metal chassis that can be mounted on the wall or just placed in the corner somewhere. [See gallery for a closer look.]
This particular model came with a 2.5" hard drive and 512 MB RAM, but the current model being sold only has 256 MB RAM and 256 MB flash. I'm not sure why they no longer offer the hard drive and more memory option on their website but you might be able to custom order it. If not, you can buy 512 MB of DDR2-533 memory for $9 including shipping and a 20 GB 2.5" hard drive for $29 including shipping. This is the recommended amount of memory you'll need for running IPCop/Copfilter and the hard drive is perfect for transparent caching which speeds things up immensely. If you spend $14.38 including shipping for 1 GB of RAM, that would give you more room to grow.
The noise level in this device is moderate with the three small fans inside (1 for CPU and 2 for chassis). It's a lot quieter than your 1U Cisco switch or router and quieter than some PCs, but it's no silent enough for under-desk operation in my opinion and you might have to make some modifications to the fan to slow them down. You can generally replace the yellow wire leading up to the fan with the red wire which cuts the voltage from 12 to 5 volts and that will significantly slow down the fan. The temperature seemed to be low enough that you could reduce the speed of the fan. I did complain to Logic Supply that they should implement variable speed fans that only speed up and make noise when the system is getting too hot.
Inside the chassis you'll find a standard mini-ITX Jetway J7F2WE-1G motherboard with 1 GHz Via C7 processor which is plenty of performance for a gateway device like this. Typical power consumption was around 25W so it should cost about $22 a year to operate 24x7 at 10 cents per kilowatt*hour.
Here I detached the hard drive and the Gigabit Ethernet daughter card. The hard drive is a standard 2.5" PATA IDE hard drive mounted on a metal holder. There is only one DDR2-533 slot for memory so make sure you buy enough memory.
The system comes with a 10/100 FastEthernet interface on the motherboard and a 3-port gigabit Ethernet card which uses three Realtek RTL8110SC network processing chips all compatible with Linux and BSD. Note that the CPU in this appliance isn't fast enough to turn this thing in to a gigabit router but it's plenty fast as a gateway device. This particular daughter card actually uses the strange 120-pin plug (see gallery for higher resolution image) in the picture above.
IPCop and Copfilter are free Open Source applications and Justin James has a simple guide on how to install IPCop here if you want to get started right away. I'll be following up with a more detailed guide.
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
No PSU?
Yes it comes with a brick, I didn't photograph it.
Isn't this DLink Device easier and cheaper?
I would prefer this, it's cheaper, seems to do everything a home user needs.
Of course not...
Not necessarily
You still have a client to deal with
I was supposed to review this device for George, but when he saw the client for it, he passed.
I still like the idea of the Zone Labs device better, but I haven't taken the time to review it.
This is a better unit: http://www.zonealarm.com/store/content/catalog/products/z100g/index.jsp
Built by the people who do CheckPoint which isn't a bad for SMB market although George has had a few issues with them. I might have to review the item yet.
200 MHz versus 1000 MHz, quad RAM, 100x storage
That is correct!
Yup, I say open source free AV all the way
Just the Gateway?
Howie
If it's a big enough LAN, the file/mail servers would have AV protection
what is the goal here?
Now let's assume that we need IPcop. Then why this box? The IPCop website has links to boards that come with IPCOp pre-installed and have been tested on. I haven't read the details, but I think they are cheaper.
So the question here is what are you trying to achieve? You can get routers from Fritz and others that include printer/mass storage server, IP telephone ports, WLAN, etc for 150 euros. With less power consumption and zero noise.
It's a nice box, but I don't know why I'd buy such think
Replies
2. You get content filtering on the gateway.
3. $330 is a good price for this set of features in an embedded device. I can build a wood or acrylic chassis for cheaper but that requires a lot of work. If you have suggestions for something comparable but cheaper, please do share.
IpCop is wonderful
As good as or better than ISA server too!
In 2005 I started the migration to Linux. I recall how I hardened a linux box into a bastion host, then was going to install IPCop. To my delight, I discovered that IPCop is a complete Linux distribution! No hardening required, as it is a purpose-built flavor of Linux. I also recommend Banish for preventing hack attempts from certain networks. COPFilter and URLFilter are nice add-ons too.
ISA is a totally different animal than IPCop and they don't really compete
Overlap
Ours was MS-only until I started looking at alternatives. We had an employee leave under less than agreeable circumstances. He did what lots of irate folks do - He called the BSA and told them a bunch of lies. That's what motivated me to look elsewhere.
We're amazed at the speed and resilience of our infrastructure, now that we're non-windows. Thanks BSA!
ISA is a firewall and web cache, which required client software if you were going to place any restrictions on the user. IPCop is a Firewall, web cache, IDS, and more, not requiring any client software for full control of web surfing. From my perspective, they both perform the same task(s), though they do so differently.
-Mike
Linux in your wireless router?
You get 5x less processing, 4x less RAM, 100x less storage
VOIP
http://www.voip-info.org/wiki-Asterisk+Linksys+WRT54G
-Mike