Firewall Wizards mailing list archives

Re: Firewall licensing purpose, methods, and techniques

From: <hesselsp () ashaman dhs org>
Date: Wed, 26 Sep 2001 21:19:27 -0400 (EDT)

Bruce,

I don't know what the most common licensing method is, but I would think
most work like this:
During installation, one of the interfaces is chosen to be the external
interface.  Users are any IP address that uses any interface other then
the "external" interface.

Simple and effective.  I beleive this is how fw-1 works... or near enough.

On Wed, 26 Sep 2001, Bruce Platt wrote:

I am curious about how firewall vendors license their products and enforce
them.

Most vendors sell licenses with descriptive phrases like 25 users, 25-100
users, unlimited users, and so forth to describe their license tiers.  They
have a right to collect money for the use of their intellectual property.

When queried, most are vague at best as to what a "user" mean, and answer
with nodes protected by the firewall.  But does a "user" mean someone who
uses a desktop PC to web browse using the http proxy, or does a "user" mean
a mail server protected by the firewall and using the smtp proxy, or does a
"user" mean a networked printer on the protected network which will never
touch the firewall?  I have had one vendor tell me that a user is any device
with an IP stack.  

How do vendors count users?  In pre windows days one could use a ping to the
network broadcast address to count replying unix boxes.  Today one could use
the nmap code that does a "nmap -sP -PT0 network-address" to count
responding machines.  But what network address to use, the network address
on which the fw protected network exists?  What about other networks that
might also be behind the firewall?

That same vendor referred to above also allowed that they do not count.
They trust the purchaser.

Who counts today and how?  I am interested because we provide services using
PVCs over frame connections, and it's time to get a new firewall.

Regards
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards


-- 
--
Paul

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards

Current thread:

Firewall licensing purpose, methods, and techniques Bruce Platt (Sep 26)
- Re: Firewall licensing purpose, methods, and techniques hesselsp (Sep 28)
- Re: Firewall licensing purpose, methods, and techniques Don Ng (Sep 28)
- <Possible follow-ups>
- Re: Firewall licensing purpose, methods, and techniques Steve R (Sep 28)
- Re: Firewall licensing purpose, methods, and techniques TDyson (Sep 28)