- Nokia IPSO
-
Check Point IPSO is the operating system for the 'Check Point firewall' appliance and other security devices, based on FreeBSD, with numerous hardening features applied.[1].
The IP in IPSO refers to Ipsilon Networks, a company specialising in IP switching acquired by Nokia in 1997[2].
In 2009, Check Point acquired Nokia security appliance business including IPSO from Nokia[3].
Contents
IPSO Variations
IPSO, now at version 6.2, is a fork of FreeBSD 6. There were two other systems, called IPSO-SX and IPSO-LX, that were Linux-based:
- IPSO SX was Nokia's first release of a Linux-based IPSO, and was deployed in 2002 on the now-defunct Message Protector[4], and briefly thereafter on a short-lived appliance version of the "Nokia Access Mobilizer", acquired from Eizel. It had a partitioning scheme somewhat reminiscent of IPSO SB, a LILO configuration and boot manager also somewhat inspired by IPSO SB, and a software package installer that made RPM packaging look more familiar to a Nokia IPSO administrator. It did not, however, include a full configuration database or Voyager web interface, the two things that normally define IPSO.
- IPSO LX is a nearly vanilla Gentoo based linux OS[5], and is used on Nokia appliances sold with Sourcefire 3D. It includes a full Voyager and database implementation—in fact, the Voyager look and feel in IPSO SB 4.0 onwards was based on that implemented for IPSO LX.
Check Point offers two lines of security appliances - one based on IPSO 6.x, and one based on operating system called SecurePlatform.
IPSO Features
IPSO notable features or firsts include:
- Effective firewall load-balancing (in conjunction with Check Point sychronization), derived from Network Alchemy clustering technology, predating and still independently developed from Check Points ClusterXL.
- The first commercial IPv6 router out of beta-testing (ahead of Cisco and Juniper Networks)
- Firewall Flows for putting Check Point security rule implementation into the dedicated network processor circuitry on-the-fly (though this is now largely evolved into Check Point's SecureXL)
IPSO Versions
IPSO SB was originally derived by Ipsilon Networks from FreeBSD 2.1-STABLE and cross-compiled on FreeBSD 2.2.6-RELEASE and 3.5-RELEASE platforms. Its major components are:
- A configuration database held in memory by the "xpand" daemon, that creates legacy UNIX configuration in /etc on-the-fly.
- A partitioning scheme which places a mini-IPSO in a separate boot manager partition for recovery
- A partition-slicing scheme which segregates read-only and read-write content
- A software packaging scheme which requires all packages to remain in a single location under /opt
- A web interface, Voyager, which was closely integrated with the configuration database. (It has now diverged somewhat.)
IPSO versions up to 2.x were sold by Ipsilon Networks as part of the ATM tag-switching solutions that they originally pioneered. IPSO 3.0 onwards were designed to host Check Point FireWall-1 and other third party packages.
IPSO 3.0 to 3.9 spanned from 1999 to 2005 and, while adding many features and significant performance and hardware refinements, were recognizably the same to the administrator.
IPSO 4.0 was not designed as a major update and was internally numbered as IPSO 3.10. However, Check Point software was unable to process a two-digit dot version, and it also included a refresh of the Voyager HTML interface. Up to that point, JavaScript and frames had been avoided in order to facilitate the use of Lynx as a command line interface. These together resulted in it being renumbered as 4.0. IPSO 4.1 and IPSO 4.2 are incremental releases. IPSO 4.2 will gain source-based routing as its last scheduled new feature. All new development will continue on IPSO 6.x.
IPSO 5.0 build 056 was released in 2009 for VSX R65 support on IP Appliance.
IPSO 6.0 was announced by Nokia in relation to the IP2450 and IP690 hardware. It is based on FreeBSD 6.x. Its primary advantage over IPSO 4.x are improved memory management, performance, scheduling, threading, POSIX-compliance, and other operating system features. IPSO 6.0.7 was released in 2009 for IP690 and IP2450 with CoreXL (multi-core) support. IPSO 6.1 contains other enhancements from FreeBSD 6.x but without CoreXL support. Because of the step change, Nokia advsertised that IPSO 4.2, 6.07 and 6.1 will run alongside each other for a period of time. When Check Point acquired Nokia IP appliance business, 6.07 and 6.1 development branches were merged and combined to 6.2.
Most recent version is IPSO 6.2, released in November 2010[6].
For a while, Nokia offered IPSO 7, which was actually IPSO LX. It was discontinued after 7.2, in 2008.
After acquiring Nokia IP appliance business, Check Point announced project Gaia to combine both IPSO and Secure Platform. First release is expected in 2011.[7]
References
- ^ https://honor.icsalabs.com/pipermail/firewall-wizards/2000-February/007795.html
- ^ http://europe.nokia.com/microsites/aboutnokia/company_information/news/news_htmls/ntc_971209a.html
- ^ http://www.checkpoint.com/nokia/welcome/index.html
- ^ http://www.nokia.com/A4136001?newsid=880176
- ^ http://www.secinfo.com/dsvRq.uu2.a.htm
- ^ http://supportcontent.checkpoint.com/documentation_download?ID=10292
- ^ "Check Point Project Gaia". http://www.checkpoint.com/products/gaia/index.html.
External links
Categories:
Wikimedia Foundation. 2010.