| Index of FAQ |
|
General Firewall Q&A
|
|
VPN Q&A
|
| Product Q&A |
| Installation and Setup |
| PPTP
Server/Client Quick setup |
| Partner Program |
| Support |
| Contact |
|
|
|
|
General Firewall FAQ's
|
|
Why do I need a Firewall for my broadband connection?
|
Once you have an always-on connection then the hackers are more likely to be able to find you. If you have no firewall
then they will find you and you will get hacked. With a dial-up connection your IP address changed every time you logged
on. You were a moving target. With an always-on connection and a fixed IP address you become a static target. Hackers
can steal your passwords, credit card details and other confidential information that you would rather not share.
|
|
What attacks will they use if they find me?
|
If they can find you then they will use direct attacks such as exploiting known weaknesses in particular protocols
such as FTP or Telnet. If these services are not available maybe they will send you a trojan horse. It is possible to
send an executable file disguised as, say, a joke. When you run the executable you could actually be launching a remote
control tool such as ‘backorifice’, which will give the hacker complete control over your PC. If they have
no luck with these approaches then perhaps they will make do with just stopping you from accessing the Internet, or
other people from visiting your web site, by conducting a denial of service attack against you. New attack techniques
are thought of every day, and distributed freely among hackers via hundreds of thousands of web sites around the globe.
You must be alert to the threat and have your perimeter defences updated on a regular basis.
|
|
What makes BizGuardian secure?
|
BizGuardian uses the most powerful security technologies including Stateful Packet Inspection, Network Address Translation
(NAT), intrusion detection and logs, branch-to-branch IPSec VPN, PPTP server and DMZ support.
|
|
What is Stateful Packet Inspection?
|
Stateful packet inspection tracks each connection traversing all interfaces of the firewall and makes sure they are valid.
With older firewall technologies such as packet filters, it is possible to ‘spoof’ an incoming session, which
might not have actually originated as a result of a request from inside the firewall. In addition to the source and destination
IP addresses therefore, BizGuardian refers to its own records to confirm that the traffic ‘state’ is valid.
For extra security BizGuardian closes ports until a specific connection is requested. This further reduces the likelihood
of an open port being scanned by an outside hacker.
|
|
Why is BizGuardian built on FreeBSD?
|
BizGuardian is built around a hardened FreeBSD kernel, which is exceptionally robust and stable. It has credibility and
a long Unix track record compared to some of the newer variants available. It has a well-proven, controlled and structured
development methodology. It is the platform of choice for many high traffic web sites including Yahoo! It supports the
biggest single-machine ftp server in the world. It has a sensible and flexible licence, which encourages new added-value
commercial products such as BizGuardian. The main thing however, is the stability and robustness of the kernel. This is
the reason that many leading security vendors choose to utilize the FreeBSD kernel – although not all of them will
openly advertise the fact!
|
|
What is Network Address Translation (NAT)?
|
NAT is one of the more powerful firewalling technologies, which allows your network to utilize a single IP address.
This helps your network to remain hidden from the public Internet by hiding behind the single IP address of BizGuardian.
This address will be automatically allocated by your ISP if you are using BizGuardian through its DHCP client. This
saves the expense of additional (or any) IP addresses being purchased from your ISP. It also means that you can use
any addressing schema that you like internally without having to take external addressing convention, or availability,
into account.
|
|
Do I need to use NAT?
|
No, you can use multiple public IP addresses on your private network if you prefer. However, NAT offers security and ease
of use benefits and so is recommended unless there are specific reasons not to use it.
|
|
How will they find me?
|
What is Intrusion Detection?
The BizGuardian Intrusion Detection System (IDS) analyses all network traffic, both inbound and outbound, for suspicious
patterns that may indicate a network intrusion attempt
|
|
How does BizGuardian protect against Internet worms such as Code Red, Nimda and their variants?
|
BizGuardian studies the information it gathers and compares it to large databases of attack signatures including Internet
worms such as Code Red and Nimda.
|
|
What happens if there is an intrusion attempt?
|
The intrusion attempt is logged. These logs, and real-time alerts, can be passed to your network administrator or your
security partner for threat evaluation.
|
|
Does it matter what operating systems are running on my network?
|
No, these are transparent to BizGuardian.
|
|
How does BizGuardian compare to a security appliance?
|
Bizguardian is a security appliance. It is a hybrid software/hardware solution that turns a relatively low specification
PC into a powerful state of the art security solution. Many commercial security appliances are built on open source
tools. Many are built on Linux for example. Putting Linux in a box gets around the GPL licence problem of having to
redistribute the software source code. A cynic might say that it also allows a vendor to charge much more than might
otherwise be the case for free software on a PC. It might not look like a PC of course but that is what it usually is.
It might have a badge on the front. It might even have a custom case built to make it look a bit sexier. Of course if
it looked like a PC then you might not be prepared to pay lots more money for it!
BizGuardian allows you to create your own appliance in minutes. BizGuardian adds real value through the simple web
based installation, configuration, administration and reporting tools, further reducing your cost of ownership. Reduced
complexity and reduced costs. Simple, strong, security. We believe that BizGuardian is better than a pre-built appliance
for the following reasons:
- No hardware limitations
- Availability of hard disk allows for superior reporting capability
- Standard PC makes for easy disaster recovery
- Future proofed - no forklift upgrade
- Price advantage
- Uses low-cost or spare system unit OR facilitates that long awaited desktop upgrade!
- Supports more users than most low-end appliances at comparable prices.
|
|
What ISPs are you compatible with?
|
Any
|
|
How does the licencing work?
|
Any IP address on the inside of the firewall that tries to go through the firewall either to the Internet or to another
BizGuardian VPN Firewall will use a licence. A user here is not an internal IP address. It is a simultaneous user, i.e.
if there are 200 employees and the company buys a 100-seat license, then only 100 can use the web simultaneously. Others
are denied access until a slot is available – after 30 minutes. A license covers a single site. A remotely connected
PPTP user also uses a BizGuardian license during the connection. For site licences contact sales@bizguardian.com.
|
|
What is the cost for the Content Filtering Updates?
|
We provide this service as part of the ongoing maintenance. BizGuardian includes 90 days of maintenance and support with
very reasonably priced annual upgrades as low as $21/year (for a 4 user firewall) to just $135/year for unlimited Firewall
license maintenance.
|
|
How do I quickly install it?
|
We've made it as easy as possible and typically takes less than 10 minutes to install. Please see our quick start installation
instructions.
|
|
|
VPN FAQ's
|
|
What is a Virtual Private Network?
|
A VPN is the joining of two or more different networks into one visible network in a secure fashion which enables your
business to securely connect remote users, branch offices, business partners, and customers together.
BizGuardian provides two forms of VPN, IPSec (branch to branch) and PPTP (remote users to branch) connections allowing
you to take full advantage of the cost savings and productivity enhancing benefits of virtual private networks. Its
powerful encryption ensures the security of your corporate data.
|
|
What is IPSec?
|
IPSec is the de facto standard for security Protocol.
|
| Is BizGuardian IPSec compatible
with other IPsec VPN devices |
| Yes, although it very much depends
on the setup and abilities of both products.
BizGuardian
VPN has a BizGuardian mode VPN setup
(default) which makes it seemless to establish
IPSec
VPN connections to other BizGuardian firewalls
or a
IKE Compatibility mode that allows
control over the various aspects of encryptions
used,
to configure
to other vendor specifications.
|
What is PPTP?
|
Point-to-point tunnelling protocol is a remote access technology for VPN’s. With PPTP remote users such as road
warriors and those home workers with or without broadband can securely access the companies BizGuardian VPN from a Windows
PC. (Windows 98 and above include the Microsoft VPN software required to connect to BizGuardians PPTP server.)
New: See the PPTP Setup How-To page to
see how quickly you can setup a PPTP Server using BizGuardian.
|
|
How do you ensure that these remote connections are secure?
|
The link is encrypted and the optional use of one-time passwords ensures that access is properly monitored and authorised.
|
|
Why does BizGuardian cost so much less than other Firewall VPN solutions?
|
BizGuardian is based on the FreeBSD UNIX kernel. We have hardened this and spent thousands of development hours on
the GUI, administration, installation and reporting tools to make it a simple product to install, configure and administer
for the bulk of PC network users. As the kernel is open source we are not charging for R&D on this component of
BizGuardian. Other solutions are either more expensive in R&D because they are based on proprietary Operating Systems
such as Win NT, or they are often based on free operating systems such as Linux, but choose not to reflect this in their
pricing structure.
|
|
How is the VPN licensed? How many VPNs can I create?
|
There is no per VPN licensing charge, simply purchase the VPN version of the BizGuardian firewall and create as many
IPSec branch to branch or PPTP connections as you have user licenses to accomodate. For example a company requiring
30 local workstations and a maximum of 20 (concurrent) remotely connected PPTP sessions would require a 50 user VPN
Firewall license.
In other words each local workstation or remote PPTP connection requires a user license.
|
|
Will I need a security consultant to install it?
|
You can do it yourself, honest! Or ask your favourite networking ‘guru’. If you want someone else to do it
then give us, or one of our partners, a call.
|
|
Can I Map a shared drive over a VPN connection?
|
You bet! Anything you can do over a local area network you can do over the VPN.
|
|
What VPN client software do I require?
|
None. Any Windows workstation using Windows 98 or higher has Microsoft VPN (PPTP) built in which is compatible with BizGuardian's
PPTP service.
|
|
How Fast is VPN?
|
It really depends on the speed of your network connection.
Remember that a cable or DSL modem may have a fast
download speed but the upload speed is usually restricted
by the ISP or technology, so connecting via a VPN
to one of these connections
and then retrieiving a file will be limited by the
speed of the uplink on the device.
Since BizGuardian can run on any Pentium PC, a very powerful VPN device can be achieved by installing BizGuardian on
a reasonably fast PC.
|
|
I do not have a Dedicated/Static IP can I use your VPN?
|
Yes. In fact just to keep it as simple as possible we integrate the free NO-IP.com
service into BizGuardian that will automatically register your dynamic IP address whenever it changes allowing you to
establish PPTP or IPSec connections using a name you choose.
|
|
| Product Q&A |
| Does BizGuardian stop Email viruses? |
While BizGuardian does have some basic knowledge of
some network viruses and email attachment viruses, it does not replace
the need for a good virus program on each desktop. It will stop any
unauthorized incoming activity to your private network which could prevent
network worm type viruses.
|
| If I have file and print sharing enabled on a Computer can people on the internet see these files? |
No. The firewall hides this computer and protocols
like netbios from passing through to the internet. (Unless of course
you enable security rules intentionally permit this traffic through).
|
|
How do I change from the Trial version to the Full version?
|
Once you buy online or from a reseller you are provided with a Key. Enter this key into BizGuardian and your trial version
becomes a full version. No reinstallation is required.
|
| Can I access the BizGuardian Admin web pages from the Internet? |
By design, the Admin console can only be accessed via
the inside or private network. However, if you have purchased the VPN
option you can establish a secure PPTP or IPSEC connection to manage
the firewall over the Internet.
|
|
Can I allow certain protocols or ports into my network?
|
Yes. The firewall by default will completely block any incoming traffic, however you can use the BizGuardian Wizards or
Advanced security rules to port forward or allow certain protocols to specific computers inside your network.
|
|
What broadband technologies do you support?
|
Any router that provides Ethernet connectivity is supported. We are aware of users with Cable, ADSL, Leased Line, ISDN,
GPRS and Satellite connectivity.
|
|
What is the cost for the Content Filtering Updates?
|
We provide this service as part of the ongoing maintenance. BizGuardian includes 90 days of maintenance and support with
very reasonably priced annual maintenance plans as low as $21/year (for a 4 user firewall).
|
|
| Installation and Setup |
| What Operating system does BizGuardian require? |
It does not require a operating system! BizGuardian has an embedded FreeBSD UNIX Kernel. Saves you further cost! (You
do not need to know anything about UNIX as you interface with BizGuardian using your Web Browser).
|
| What speed of PC do I need to run BizGuardian on? |
It depends on the number of users and the speed of your
network link. The faster the link and the more simultaneous users the
faster the firewall needs to be. An average small business with less
than 20 users will run very well on a Pentium 166MHZ or faster. For
sites over 20 users or with a 1.5Mbs link or faster, we would recommend
at least a 300MHZ PC. You can use the Monitor page of the BizGuardian
Administrator to see how much CPU usage your firewall is consuming.
Here is a brief on the Hardware Requirements for Bizguardian Firewall:
- Pentium 133 MHZ or faster
- Two PCI Network cards - ( List of Supported cards )
- 48 MEG of memory or greater
- IDE Hard drive (500MB or greater)
- Floppy or bootable CDRom (optional)
|
| Missing Operating System error after install? |
Under your BIOS settings, set the Disk access mode to LBA. The default setting of "AUTO" may cause this Missing Operating System error on some disk drives. You do not need to reinstall, after you change this BIOS setting the installation should boot and run fine.
|
| Does it support Serial ATA drives? |
Yes as long as the serial ATA drive is on the first channel and the disk access mode is set to LBA under the BIOS setting.
|
| So how easy is it really, to Install? |
No drivers to load, no parameters to set. See
the install summary
For quick PPTP VPN Server setup. See the How-To page |
|
Is BizGuardian available on CD?
|
Yes and No. The intial setup is done via Floppies or a CD that you can download, however
during the setup the rest of the BizGuardian software (10MB) is loaded over the internet. This ensures you are always
receiving the most recent version of the software.
The download and automatic configuration takes minutes (usually less than 5, depending on the speed of your connection).
We believe that this simplifies installation for our customers. BizGuardian cuts out the middleman, and his ‘slice
of the pie’. There are no distribution, stock or inventory issues for our partners, and the resultant cost-savings
are passed on to the customer in the form of lower pricing. All upgrades are instantly available through the ‘Update
Now’ facility within BizGuardian.
|
|
How do I connect my BizGuardian appliance to my new broadband connection?
|
BizGuardian connects one LAN adaptor to your new router and the other LAN adaptor to your network hub. Typically cable
connections are supplied with a cable modem, which provides an Ethernet interface for the BizGuardian connection. If
you are connecting your BizGuardian box to an ADSL router you need to ensure that it is a router that provides Ethernet
connectivity, and not a personal broadband modem with a USB interface. Most business accounts are supplied with a router.
Some ADSL connections are supplied ‘wires-only’ where you have to provide the router yourself.
|
|
How many users does BizGuardian support?
|
BizGuardian easily scales up to 1,000 users.
|
| Will BizGuardian install on SCSI disks? |
Currently no. We have kept the cost, size and complexity
of the product down as much as possible.
|
|
How do I configure BizGuardian to work with my ISP?
|
The only information that you require from your ISP is your static IP address if applicable. If your ISP allocates
you an IP address via DHCP then this is configured automatically.
|
| What about drivers for my network cards? |
BizGuardian will automatically detect your PCI based
network cards and configure any drivers required.
|
| Will BizGuardian install thru a Proxy Server? |
Yes. It will first attempt a direct connection to install
via a direct http connection, if that fails you will be prompted to
supply any proxy server information that maybe required.
|
| Will it install via DHCP, even to those ISPs that
require the computer send a specified Host Name? |
Yes. You have the option to provide a Host name before
the DHCP request is sent during the setup.
|
| I Created the two floppy disks using the BizFloppies.exe
but they appear empty? |
This is normal as they are not Windows (FAT) formatted
floppies, so you will not be able to view their contents from Windows
explorer.
|
| How do I configure my client PCs? |
The easiest way is to used DHCP. This is the default
for Windows operating systems. Under control panel network icon, select
the TCP/IP properties and ensure "Obtain an IP Address Automatically"
is selected. The PC will then obtain an address from the firewall the
next time it is rebooted. If you are using static IP's then you will
need to set the PCs IP address manually.
|
|
What is the throughput of BizGuardian?
|
For non encrypted network traffic (non VPN) BizGuardian can easily transfer data at full network card speeds of up to
100mbs. For encrypted IPSec traffic CPU speed becomes more of a factor although, even a 166mhz PC can provide encrypted
traffic faster than required for a cable or dsl connection. As a comparison we have benchmarked BizGuardian 3Des encryption
at over 30mbs and 128bit encryption at over 60mbs on inexpensive 1GHZ celron PCs.
|
| It installed fine. Now how do I manage it? |
Simply connect via a web browser to the default private address of http://10.10.10.1. This may require you configure a
PC as 10.10.10.2, or set it for DHCP and the firewall will configure it for you.
|
|
I don’t want to use the proxy. Can it be turned off?
|
Yes and it is off by default.
The proxy needs to be on if you want to use content blocking features however.
|
|
| Product Support |
| How do I use the multiple Public IP addresses
that are assigned to me? |
You can use static NAT mapping to map these addresses
to private addresses on your network. See the NAT help topic within
the BizGuardian Administrator Online Help.
|
| Can I change the Inside Address from the firewall console? |
Yes. Just hit ENTER on the firewall console and
login with your password and select the menu item to configure the
inside network. If you already have a predetermined private network
scheme you can setup that up here and then connect with a client
PC to manage the firewall without the need to reconfigure a PC has
mentioned above.
|
| What Browsers does BizGuardian support for managing the firewall? |
Currently we support Internet Explorer 5 or higher
for managing the firewall.
|
| Do I need to cleanup the Log Files? |
No. A new version of the log file is created once
the file reaches 100KB. The default settings save the previous 7
versions of each log file. You can customize the number of versions
and size of the files under the log page.
|
| How do I reset the Intrusion counter on the Status page? |
Since this display is a simple count of intrusions
in the Intrusion log file, by creating a new Intrusion log file
(which can be done from the Customize Log Files under the Log page)
you will reset this counter to zero.
|
| I seem to get so many intrusion events are these real? |
It is quite common to receive many "false positive"
intrusion events depending on applications that you run. If you
examine the logs and determine that it is always a specific port
you may decide to allow that port using the Advanced security page,
or deny the port specifically with the log box unchecked.
If your internal computers run ICQ for example, you must tell ICQ
2000, that you are running behind a firewall. It will then use a
more friendly method of connection and prevent unexpected packets
hitting the firewall. See the ICQ wizard for more information on
ICQ.
|
|
| Contacts |
|
If your questions regarding BizGuardian were not answered in the FAQ section then:
|
Please download our PDF
data sheet for a detailed description of our products.
If you have already looked at the data sheet, and still have questions
please contact Sales@BizGuardian.com
|
|
Do you have technical questions that were not anwsered by this FAQ?
|
|
We would be happy to answer your tehnical questions:
You can reach us by phone
Toll free: 1-877-808-8488 or
via email at Support@BizGuardian.com (email preferred)
|
| Do you have a question about the partner program
that didn't get answered in the FAQs or in the Partner Program section?: |
Please contact Sales@BizGuardian.com
for questions regarding the partner program
|
|
|
