PfSense on ZoneAlarm Z100G Wireless Router/Gateway hardware?



  • I'm interested in putting pfsense on a nice piece of hardware, I've seen the nokia 110 & 330 installations and those are nice but what about this:

    http://www.zonelabs.com/store/content/catalog/products/z100g/index.jsp?dc=12bms&ctry=US&lang=en&lid=homepage_promo_top&c=01340

    It says it does all kinds of filtering so I'm assuming that there has to be some type of hd in it [not solid state memory] considering it only costs 150 bucks. I'm hoping someone can shed some light on what type of hardware is in this thing and whether or not it can be modded.

    The stock software on it is a subscription-based installation like the Firebox II's, checkpoint, etc.

    Thanks ahead of time for any help.



  • i would say this is like a linksys device proberly a mips with built in ROM
    not many of these 1/2U boxes run x86



  • Well that's the thing….seems to me that this thing is MUCH bigger and with all of the functionality it has, there's no way it doesn't have some kind of real hard drive, it does all kinds of stuff and that much solid state memory wouldn't make much sense to me...

    Sorry to keep pestering but I have a hunch this is a gold mine... Thanks for all who checked this out.



  • They doesn't seem to provide any real hardwareinfo anywhere. Either send them a mail asking about the specs or buy one and let us know.  ;)



  • The hardware of those ZA boxes is actually identical to the wireless versions of Check Point´s "VPN-1 Edge" (directed towards the enterprise) and "Safe@" (aimed at the SOHO market). Check Point owns Zone Labs, btw. Also, I´ll bet you my underpants that the software in the ZA boxes is essentially the same as the software in the other two boxes ("VPN-1 embedded"), but with the "business oriented" features disabled. Pay a visit to the Check Point site and you will see that they all look the same but in different colours. D-Link too resells those Check Point boxes for many hundreds or thousands (depending on how many "users"), as part of their "netdefend" line.

    Between us, they really, truly, majorly suck, all of those Check Point boxes and their variants. We maintain several of the most expensive models ("VPN-1 Edge"), and you have no idea how much we regret having paid thousands of dollars for each of them. This is the reason we are evaluating pfsense. They are so bad that my guess is that is why CHKP rebranded them and is trying to dump them for a lot less money on unsuspecting "home users" via ZL.

    If you are curious about its guts, the ZA box, just like its cousins, I can assure you does not have an HDD. It most likely has between 32 and 64 MB of dram, and between 8 or 16 MB flash. It and its cousins use some sort of MIPS microprocessor 8running at a ridiculous 200 MHz or so) on which you, to begin with, would not be able to run pfsense (or any other x86 specific software).

    The boxes really do antivirus and "intrusion detection" (very poorly, in my experience). But you do not need an HDD to do content inspection. You may need a hard disk to do it with pfsense as it is now (because of the limited write cycles of flash memory), but it is possible to do anything you want without an HDD if you mount some of your file systems on a virtual RAM drive and keep your software from writing anything onto the flash memory (other than configuration files, definition files and seldom written stuff of the same sort).

    For example, those CHKP/ZA boxes (like the one you want) do that trick. They run a variant of Linux. Furthermore, Nokia´s newer firewall boxes (which are nothing but expensive x86 PCs) actually run plain FreeBSD (although Nokia calls it "IPSO") out of flash memory and are capable of doing content inspection (antivirus, for starters) via Check Point´s "UTM" firewall software completely out of file systems that are mounted on a RAM disk. Those Nokia boxes, btw, can cost so much money that it would freak you out if I told you how much, all for a very well-dressed PC with PMC interface slots, 1 GB of flash memory and 1 GB of RAM. Insane stuff that I happen to know inside out. But we are sick of it now and will buy it no more.

    There are other many "broad-band firewalls" and "enterprise firewalls" (like Juniper´s or Fortinet´s) that can do some level of content inspection or another. They all do it with or without HDDs. Almost all of them run Linux, FreeBSD or some other open-source "Unix-like" OS. They all do the RAM-drive trick that I described above.

    My advice: do not throw away your money. Get a $300 PC and and $80 wifi card, and run pfsense. If you are short on cash, you would be better off with a $80 Linksys/ASUS/Etc broad-band router that can run one of the many little open-source Linux "modified firewall" distributions that you can find on the Internet these days.



  • BTW, the boxes are not big at all. They are about the same volume as any BB router. They are not much bigger than a 3.5" HDD. I have one in front of me and it seems to be about 7 x 5 x 1 inches. Maybe 8 x 5 x 1.



  • Those boxes are most likely unable to run pfsense. I would consider one of these: http://linitx.com/product_info.php?cPath=4&products_id=909



  • @sdale:

    Those boxes are most likely unable to run pfsense. I would consider one of these: http://linitx.com/product_info.php?cPath=4&products_id=909

    I have some of these in service, they run smoothley and perform well.



  • Most firewallappliances use built-to-spec motherbords with regular cpu's/chipsets, so they should work.
    I have one running on an old GTA appliance, works well. Other hardware I'm running on (besides old P2/P3 machines for testing) is from Arbor (MBX-1726, 6 ports) or Lexcom (Lexcom Light, via cpu).


Locked