The firewall filters all traffic

HALON SX-101 - 84%

Manufacturer: Skalsoft (www.halon.se) Price: 11 595 SEK Processor: 1 GHz Ports: Two external, four internal 10/100 ports, serial port Operating system: Halon Operating System, H/OS (based on OpenBSD) Encryption protocol: AES, DES, DES 3, Blowfish, Cast, Skipjack Authentication protocol: SHA-1, MD5, MS Chap version 1 and 2 Size: 250x120x50 mm Warranty: Two years Advantages: Really fast, lots of functionality Drawbacks: New and untried product   Weight Grade Performance 3 Excellent Security 5 Excellent Functions 3 Very Good Interface 1 Good Warranty 2 Good Total 84%

The firewall Halon SX-101 from Skalsoft doesn't do things in halves. It's a small, sturdy box with great capacity and lots of nice functionality.

Text: MARTIN AGFORS

Halon SX-101 is a packet filtering firewall, but it also uses methods like TCP normalization to detect faulty packets. In addition, there is a rule-based system for entry detection, complete with pattern matching.

There is a standardized set of firewall rules for most normal needs. If you've got special needs it's really easy to define your own traffic rules; and you can of course have different rules for different interfaces.

SX-101 has a built-in proxy server, able to filter web content. You can use it to create traffic rules to control the access to web pages, due to different traits like domain names, file sizes or types.

Really fast
SX-101 is fast, really fast. Skalsoft states that it can filter all traffic possible to send through the four internal and two external ports. Our simple test, with the Qcheck program and two computers, didn't counter this statement.

We couldn't find any measurable speed difference between traffic routed through the firewall or sent directly through a cross-connected cable.

Built-in encryption
The speedy performance is accomplished through a one gigahertz processor with built-in encryption functions. In addition, the operating system, Halon Operating System, H/OS, is optimized for the task. H/OS is based on OpenBSD, with the BSD system's TCP/IP stack, renowned for its speed and sturdiness.

Skalsoft states that the SX-101 is able to manage traffic loads of 53 megabyte per second in a virtual private net, encrypted with AES, DES, or DES 3. That would make it possible for SX-101 to accept a very large number of concurrent VPN tunnels. License-wise, Skalsoft has opted not to put an upper limit to the number of simultaneous connections. A kind of generosity more manufacturers should endeavor.

You can choose to manage SX-101 through a serial console or a web interface. The serial console is easy to use and it doesn't take long to get started. For the experienced user, who might want to make changes regularly and maybe just want to read the logs, the interface is superbly easy to work in. The web interface has more information and a better overview, though.

The web interface is pleasant, and we had no problems finding our way around it. The settings are separated into three categories: network, firewall and VPN. The categorization feels logical and makes it simple to find the different settings fast.

Several finesses
With SX-101 it's easy to define the firewall limitations, and set the capacity amount different kinds of traffic could use. There are functions for session-based load balancing, as well as Round Robin, in which the numbers of CIDR networks are unlimited. SX-101 gives pretty advanced routing functions considering the low price. You can use the RIP, OSPF, and BGP protocols.

The web interface gives a nice overview. Here, in surveillance mode. The help function is nice and simple. Some words are underlined in the interface, and if you click on them, the help text show up in a message box.

The most exiting function is probably the failover option. If you get two or more SX-101's you can connect them. In the network, all the units will function as a single firewall. If one of them should crash or need to be restarted, the traffic won't be affected and the users won't notice anything. Considering the low price, it's tempting to run two SX-101's with failover, instead of paying several times the price for one unit from the competitors.

Halon SX-101 is an exciting firewall for small businesses. The functionality and the pleasant administrative interface are by all means good, but it's the capacity that impresses us the most. If you've got a fast Internet connection and crave high capacity, this is a worthy low-price alternative to the much more expensive competitors.