Nokia IPSO
Encyclopedia
Check Point IPSO is the operating system
for the 'Check Point firewall' appliance
and other security devices, based on FreeBSD
, with numerous hardening features applied..
The IP in IPSO refers to Ipsilon Networks
, a company specialising in IP switching acquired by Nokia
in 1997.
In 2009, Check Point acquired Nokia security appliance business including IPSO from Nokia.
Check Point offers two lines of security appliances - one based on IPSO 6.x, and one based on operating system called SecurePlatform.
from FreeBSD 2.1-STABLE and cross-compiled on FreeBSD 2.2.6-RELEASE and 3.5-RELEASE platforms. Its major components are:
IPSO versions up to 2.x were sold by Ipsilon Networks as part of the ATM
tag-switching solutions that they originally pioneered. IPSO 3.0 onwards were designed to host Check Point FireWall-1
and other third party packages.
IPSO 3.0 to 3.9 spanned from 1999 to 2005 and, while adding many features and significant performance and hardware refinements, were recognizably the same to the administrator.
IPSO 4.0 was not designed as a major update and was internally numbered as IPSO 3.10. However, Check Point software was unable to process a two-digit dot version, and it also included a refresh of the Voyager HTML interface. Up to that point, JavaScript
and frames
had been avoided in order to facilitate the use of Lynx
as a command line interface. These together resulted in it being renumbered as 4.0.
IPSO 4.1 and IPSO 4.2 are incremental releases. IPSO 4.2 will gain source-based routing as its last scheduled new feature. All new development will continue on IPSO 6.x.
IPSO 5.0 build 056 was released in 2009 for VSX R65 support on IP Appliance.
IPSO 6.0 was announced by Nokia in relation to the IP2450 and IP690 hardware. It is based on FreeBSD 6.x. Its primary advantage over IPSO 4.x are improved memory management, performance, scheduling, threading, POSIX-compliance, and other operating system features. IPSO 6.0.7 was released in 2009 for IP690 and IP2450 with CoreXL (multi-core) support. IPSO 6.1 contains other enhancements from FreeBSD 6.x but without CoreXL support. Because of the step change, Nokia advsertised that IPSO 4.2, 6.07 and 6.1 will run alongside each other for a period of time. When Check Point acquired Nokia IP appliance business, 6.07 and 6.1 development branches were merged and combined to 6.2.
Most recent version is IPSO 6.2, released in November 2010.
For a while, Nokia offered IPSO 7, which was actually IPSO LX. It was discontinued after 7.2, in 2008.
After acquiring Nokia IP appliance business, Check Point announced project Gaia to combine both IPSO and Secure Platform. First release is expected in 2011.
Operating system
An operating system is a set of programs that manage computer hardware resources and provide common services for application software. The operating system is the most important type of system software in a computer system...
for the 'Check Point firewall' appliance
Computer appliance
A computer appliance is generally a separate and discrete hardware device with integrated software , specifically designed to provide a specific computing resource. These devices became known as "appliances" because of their similarity to home appliances, which are generally "closed and sealed" –...
and other security devices, based on FreeBSD
FreeBSD
FreeBSD is a free Unix-like operating system descended from AT&T UNIX via BSD UNIX. Although for legal reasons FreeBSD cannot be called “UNIX”, as the direct descendant of BSD UNIX , FreeBSD’s internals and system APIs are UNIX-compliant...
, with numerous hardening features applied..
The IP in IPSO refers to Ipsilon Networks
Ipsilon Networks
Ipsilon Networks was a computer networking company which specialised in IP switching during the 1990s.The first product called the IP Switch ATM 1600 was announced in March 1996 for US$46,000....
, a company specialising in IP switching acquired by Nokia
Nokia
Nokia Corporation is a Finnish multinational communications corporation that is headquartered in Keilaniemi, Espoo, a city neighbouring Finland's capital Helsinki...
in 1997.
In 2009, Check Point acquired Nokia security appliance business including IPSO from Nokia.
IPSO Variations
IPSO, now at version 6.2, is a fork of FreeBSD 6. There were two other systems, called IPSO-SX and IPSO-LX, that were Linux-based:- IPSO SX was Nokia's first release of a Linux-based IPSO, and was deployed in 2002 on the now-defunct Message Protector, and briefly thereafter on a short-lived appliance version of the "Nokia Access Mobilizer", acquired from Eizel. It had a partitioning scheme somewhat reminiscent of IPSO SB, a LILOLiloLilo may refer to:People* Lilo , a French actress and singer, the leading lady in the Broadway production of Can-Can* Lilo, nickname of Carmine Galante, American mobster* lilo, nickname of Rob Levin, founder of the freenode IRC network...
configuration and boot manager also somewhat inspired by IPSO SB, and a software package installer that made RPMRPM Package ManagerRPM Package Manager is a package management system. The name RPM variously refers to the .rpm file format, files in this format, software packaged in such files, and the package manager itself...
packaging look more familiar to a Nokia IPSO administrator. It did not, however, include a full configuration database or Voyager web interface, the two things that normally define IPSO.
- IPSO LX is a nearly vanilla Gentoo based linux OS, and is used on Nokia appliances sold with SourcefireSourcefireSourcefire, Inc develops network security hardware and software. The Sourcefire 3D System is based on Snort, an open-source intrusion detection engine.-Background:...
3D. It includes a full Voyager and database implementation—in fact, the Voyager look and feel in IPSO SB 4.0 onwards was based on that implemented for IPSO LX.
Check Point offers two lines of security appliances - one based on IPSO 6.x, and one based on operating system called SecurePlatform.
IPSO Features
IPSO notable features or firsts include:- Effective firewall load-balancing (in conjunction with Check PointCheck PointCheck Point Software Technologies Ltd. is a global provider of IT security solutions. Best known for its firewall and VPN products, Check Point first pioneered the industry with FireWall-1 and its patented stateful inspection technology...
sychronization), derived from Network Alchemy clusteringCluster (computing)A computer cluster is a group of linked computers, working together closely thus in many respects forming a single computer. The components of a cluster are commonly, but not always, connected to each other through fast local area networks...
technology, predating and still independently developed from Check Points ClusterXL. - The first commercial IPv6IPv6Internet Protocol version 6 is a version of the Internet Protocol . It is designed to succeed the Internet Protocol version 4...
router out of beta-testing (ahead of CiscoCiscoCisco may refer to:Companies:*Cisco Systems, a computer networking company* Certis CISCO, corporatised entity of the former Commercial and Industrial Security Corporation in Singapore...
and Juniper NetworksJuniper NetworksJuniper Networks is an information technology and computer networking products multinational company, founded in 1996. It is head quartered in Sunnyvale, California, USA. The company designs and sells high-performance Internet Protocol network products and services...
) - Firewall Flows for putting Check Point security rule implementation into the dedicated network processor circuitry on-the-fly (though this is now largely evolved into Check Point's SecureXL)
IPSO Versions
IPSO SB was originally derived by Ipsilon NetworksIpsilon Networks
Ipsilon Networks was a computer networking company which specialised in IP switching during the 1990s.The first product called the IP Switch ATM 1600 was announced in March 1996 for US$46,000....
from FreeBSD 2.1-STABLE and cross-compiled on FreeBSD 2.2.6-RELEASE and 3.5-RELEASE platforms. Its major components are:
- A configuration database held in memory by the "xpand" daemon, that creates legacy UNIX configuration in /etc on-the-fly.
- A partitioning schemeDisk partitioningDisk partitioning is the act of dividing a hard disk drive into multiple logical storage units referred to as partitions, to treat one physical disk drive as if it were multiple disks. Partitions are also termed "slices" for operating systems based on BSD, Solaris or GNU Hurd...
which places a mini-IPSO in a separate boot manager partition for recovery - A partition-slicing scheme which segregates read-only and read-write content
- A software packaging scheme which requires all packages to remain in a single location under /opt
- A web interface, Voyager, which was closely integrated with the configuration database. (It has now diverged somewhat.)
IPSO versions up to 2.x were sold by Ipsilon Networks as part of the ATM
Asynchronous Transfer Mode
Asynchronous Transfer Mode is a standard switching technique designed to unify telecommunication and computer networks. It uses asynchronous time-division multiplexing, and it encodes data into small, fixed-sized cells. This differs from approaches such as the Internet Protocol or Ethernet that...
tag-switching solutions that they originally pioneered. IPSO 3.0 onwards were designed to host Check Point FireWall-1
FireWall-1
VPN-1 is a firewall and VPN product developed by Check Point Software Technologies Ltd.VPN-1 is a stateful firewall which also filters traffic by inspecting the application layer. It was the first commercially available software firewall to use stateful inspection. Later , Check Point registered U.S...
and other third party packages.
IPSO 3.0 to 3.9 spanned from 1999 to 2005 and, while adding many features and significant performance and hardware refinements, were recognizably the same to the administrator.
IPSO 4.0 was not designed as a major update and was internally numbered as IPSO 3.10. However, Check Point software was unable to process a two-digit dot version, and it also included a refresh of the Voyager HTML interface. Up to that point, JavaScript
JavaScript
JavaScript is a prototype-based scripting language that is dynamic, weakly typed and has first-class functions. It is a multi-paradigm language, supporting object-oriented, imperative, and functional programming styles....
and frames
Framing (World Wide Web)
When using web browsers, the terms frames or frameset refer to the display of two or more web pages or media elements displayed side-by-side within the same browser window...
had been avoided in order to facilitate the use of Lynx
Lynx (web browser)
Lynx is a text-based web browser for use on cursor-addressable character cell terminals and is very configurable.-Usage:Browsing in Lynx consists of highlighting the chosen link using cursor keys, or having all links on a page numbered and entering the chosen link's number. Current versions support...
as a command line interface. These together resulted in it being renumbered as 4.0.
IPSO 4.1 and IPSO 4.2 are incremental releases. IPSO 4.2 will gain source-based routing as its last scheduled new feature. All new development will continue on IPSO 6.x.
IPSO 5.0 build 056 was released in 2009 for VSX R65 support on IP Appliance.
IPSO 6.0 was announced by Nokia in relation to the IP2450 and IP690 hardware. It is based on FreeBSD 6.x. Its primary advantage over IPSO 4.x are improved memory management, performance, scheduling, threading, POSIX-compliance, and other operating system features. IPSO 6.0.7 was released in 2009 for IP690 and IP2450 with CoreXL (multi-core) support. IPSO 6.1 contains other enhancements from FreeBSD 6.x but without CoreXL support. Because of the step change, Nokia advsertised that IPSO 4.2, 6.07 and 6.1 will run alongside each other for a period of time. When Check Point acquired Nokia IP appliance business, 6.07 and 6.1 development branches were merged and combined to 6.2.
Most recent version is IPSO 6.2, released in November 2010.
For a while, Nokia offered IPSO 7, which was actually IPSO LX. It was discontinued after 7.2, in 2008.
After acquiring Nokia IP appliance business, Check Point announced project Gaia to combine both IPSO and Secure Platform. First release is expected in 2011.