Sygate Personal Firewall

provided by: 
Originally published at Internet.com

With a host of advanced security features designed for small, networked organizations connected on a 24/7 basis, as well as ease-of-use capabilities designed for the nontechnical user, Sybergen Networks' Sygate bridges the gaps between proxy servers, firewalls, and virtual private networks (VPNs) at an affordable price.

Sygate for Internet Connection Sharing

Sygate began life as a product that enabled multiple computers to share a single Internet connection via a single modem line, and it is still successful on this basis. Although many Internet connection sharing tools are available in the proxy-server space, Sygate stands out because of how simple it is to set up and administer.

We downloaded an evaluation copy to service three computers on a small-office intranet, and we were up and running with an Internet connection in less than 15 minutes. Of course, most of the work in setting up an intranet is wiring the client computers, installing network cards, and configuring the operating systems, but the relative ease to set up Sygate was apparent.

We set up Sygate to work with both a dial-up phone line and a 24/7 Digital Subscriber Line connection (DSL), and both worked just fine. The installation procedures in both cases were painless: Once Sygate was told which connection was in use, installation procedures specific to the network type were instituted.

Sygate is set up on one networked PC (a dedicated server is not needed). When we installed it, we did not need to mess with the Windows Network Control Panel or TCP/IP parameters. In addition to the tested DSL and dial-up connections, Sygate supports cable modems, ISDN, and DirecPC connections, as well as Ethernet-based networks and home-based wireless networks.

By default, Sygate supports HTTP, HTTPS, NNTP, SMTP, POP3, telnet, FTP, and instant-messaging protocols. Users can add additional protocols, such as RealPlayer, by hand.

Sygate for Proxy Services

There are many ways that Sygate differs from a true proxy server, however. Users must decide whether the benefits of Sygate outweigh any related problems. The server is based on Network Address Translation (NAT) technology, which is typically used in routers. Basically, the applications on a networked PC do not need to be configured to go through the proxy server; under NAT, the networked PC assumes it is a unique entity on the Internet and does not funnel everything through the proxy server.

As a result, applications that do not support proxies, such as Microsoft's version of telnet under Windows, can use Sygate to connect to the Internet. At the same time, Internet applications that do support proxy servers, such as Netscape Communicator, must be hand-configured to work with a proxy server.

In other ways, however, traditional proxy-server technology may better fit an organization's needs. Enabling a proxy server is a good way to ensure access control of high-bandwidth protocols like streaming media; if an organization has not configured the proxy server to support a streaming-media protocol, users cannot use it on their own.

However, Sygate enables its use to be similar to that of a proxy server (in essence, being a proxy of a proxy), providing selective access for applications to run server-based applications or Internet games. Using Sygate's AppRule feature, organizations can configure it to pass certain port traffic to specific PCs on the network. This could be Internet applications (e.g., telnet servers, pcAnywhere hosts, and instant-messaging programs) or Internet-based games.

Sygate for Network Protection via a Built-in Firewall

When working with "always-on" connections like DSL lines and cable modems, security is paramount; an organization does not want someone sneaking into its network and mucking around with its files via the DSL connection. In another departure from the proxy server field, Sygate has a built-in firewall based on packet-filtering and dynamically tunneling technology.

Sygate also excels at access monitoring and enforcement via "black and white lists," which control where networked computers can and cannot go, what they can do, and when they can do it. It keeps track of all access on the Internet, giving users the power (should they want it) to ensure that their employees and peers are not spending more time on sites like "www.Playboy.com" than on company business.

Organizations can apply access policies to both Internet sites and usenet newsgroups. In the case of home office networks, access controls can also be applied to childrens' accounts.

Sygate for DNS Forwarding and Remote Administration

Sygate supports DNS forwarding. When an organization sets up a network, it can assign the TCP/IP address from the PC running Sygate to all the PCs on the network. When these networked PCs need to resolve host names, they will go to the Sygate PC, which in turn will grab that information from the ISP and pass it along to the networked PC. However, Sygate does not support DNS caching, which would record frequently requested DNS look-ups on the Sygate PC.

For operating systems that support it -- including Windows 95/98, Windows NT, MacOS, and Linux -- Sygate offers DHCP capabilities. When a networked computer boots up, it obtains its TCP/IP information (including the address, subnet mask, gateway, and DNS server address) from the Sygate PC.

One promised capability that we did not have a chance to test - because our installation worked from the get-go — was Sygate's advertised network troubleshooting capabilities. When Sygate is installed, it will analyze the network configuration. If the network is not configured properly, Sygate will automatically fix the problem or advise on how the problem can be fixed.

Sygate also supports remote administration of a Sygate server, through a proprietary client application or a telnet connection. (No Web-based administration is supported.) Either way, this tool provides real-time information about network usage and user activity, and gives administrators the power to install software.

The Bottom Line

With its use of NAT technology and a remarkable ease of use when installing and configuring a network connection, SyGate stands out in the proxy-server space. If an organization's needs are limited to what is expected from a traditional proxy server, then Sygate is a strong choice.

However, Sygate does lack some of the more advanced capabilities found in competitors' products -- like DNS caching, Web serving, and remote Web administration capabilities. As a result, organizations whose needs transcend traditional proxy serving will likely want to consider other solutions.