Acknowledgment

Many thanks for Abd ElMuniem Mahmoud Senior Network Engineer at Equinox for his great efforts in this project and improving features, Many thanks also for Mr Mohamed Ibrahmim Head of Security team at Pharos Holding for his feedback and guide to project, Many thanks also to Mr Mohamed Azzam from SEE Company for his help and feedback for project progress.

Iron Gate Idea

Idea started in 2011 as Faculty of Engineering, Hellwan University – Graduation Project, We gathered a team dreams to produce an Egyptian product in Network and Security Market, after studying Egyptian and Global markets we decided to work on Integrated Service Router.

The Iron Gate as Hardware Appliance was very difficult to produce with leakage of resources and time, we focused on flexibility by producing software compatible with any Linux Supported Hardware, Hardware may be any personal computer and Hardware dedicated appliance or Small hardware kit.

Linux operating system provides Iron Gate with many advantage over other operating systems including open source software which enable to use, copy and modify Linux source codes improving and enhancing Iron Gate, Linux is very stable and rarely crash compared with windows “blue screen of death” is not a worry for Linux users, Linux more secure and less vulnerable to computer Malware, Trojans, Viruses and Worms, One nice security feature In Linux is that files must be made to be executable by someone with administrator privileges,

which requires a password. So even if a Linux virus is loaded on a Linux computer, it will not be able to run without the user who has administrator privileges intentionally making it executable. Another important aspect of Linux security is the fact that it is open source. Because the programing code is available for anyone to view, there are many eyes constantly examining it, which makes it highly difficult for malware to be hidden within the code, so as conclusion Linux offers variety of features, options and utilities for free.

In 2014, Iron Gate improved with many required features according to market needs and business investments in security appliances, Iron Gate enhanced form just Integrated Service Router including security features to Unified Threat Manager.

Iron Gate Features

Iron Gate is a Unified Threat Manager based on Linux system Integrates many Network and Security features, higher flexibility which could be implemented as separated software or a Hardware appliance, Lower Price compared with Unified Threat Manager Appliances

Software Compatible with any Linux supported hardware.

We will covered two features only in this article “Routing and Firewall” and mention the other features

1- Routing

Iron Gate is based on Quagga open source routing package, Quagga is a routing software suite, providing implementations of OSPFv2, OSPFv3, RIP v1 and v2, RIPng and BGP-4 for Unix platforms, particularly FreeBSD, Linux, Solaris and NetBSD. Quagga is a fork of GNU Zebra which was developed by Kunihiro Ishiguro. The Quagga tree aims to build a more involved community around Quagga than the current centralized model of GNU Zebra.

The Quagga architecture consists of a core daemon, zebra, which acts as an abstraction layer to the underlying kernel, Zserv clients which typically implement a routing protocol and communicate routing updates to the zebra daemon. Existing Zserv implementations are:

Quagga daemons are each configurable via a network accessible CLI (called a ‘vty’). The CLI follows a style similar to that of other routing software. There is an additional tool included with Quagga called ‘vtysh’, which acts as a single cohesive front-end to all the daemons, allowing one to administer nearly all aspects of the various Quagga daemons in one place.

Figure contain Some of Routing configuration on RIP and OSPF protocols

2- Firewall

Iron Gate have variety of firewall options, Iron Gate supports Traditional Firewall based on Linux Iptables built-in firewall, Iptables allows a system administrator to configure the tables provided by the Linux kernel firewall (implemented as different Netfilter modules) and the chains and rules it stores. iptables applies to IPv4, ip6tables to IPv6, arptables to ARP, and ebtables to Ethernet frames, Iron Gate provide Uncomplicated Firewall (UFW) software that ease iptables firewall configuration, UFW provides a user friendly way to create an IPv4 or IPv6 host-based firewall, Gufw is a GUI that is available as a frontend.

Iron Gate supports another type called Advanced Firewall that based also on Linux Firewall supports Statefull packet filtering, Zones segmentation, wide range of router/firewall/gateway applications, Flexible address management/routing support, Blacklisting, VPN Support, Support for Traffic Control/Shaping, Traffic Accounting, IPv6 and Supports GUI controlling and centralized management.

Figure indicates UFW configuration

3- IPS

4- Antivirus

5- SNMP

6- VPN [SSL- IPsec]

7- Syslog

8- Telnet –  SSH

9- DHCP

10- FTP

11- VNC

12- HTTPS Web Management GUI

Iron Gate Added Values

Iron Gate Offers many user facilities which ease to install, run, manage and monitor device, Added value include Web-GUI, Easy install, Virtualization and Friendly syntax

Web-GUI collecting all appliance features in HTTPS web controlled through browsers, Web-GUI controls features of appliance to add, remove and edit rules and configurations

Figure indicate Web-GUI Management through web browser

Easy install enables user to convert any personal computer or hardware appliance to UTM in few minutes with no need configuration from user just select “Install” from menu and everything will go on

Figure indicate Easy Install feature and all required to select “Install”

Virtualization enables users and network administrators to test a “Demo Version” of the product which can tested physically in real network or tested virtually with virtual machines tools and network simulator tools like VMware and GNS3

Figure indicates Virtualization testing Iron Gate on Virtual Machine applications

Friendly Syntax modified many rules and words to be easier and faster

Future Objectives

Iron Gate in continuous development to match market needs and make world security better, mentioned below some of features will implemented in Iron Gate as future work

• Web filtering
• VOIP Gateway
• Wireless Access Point
• Load Balancer
• ADSL Router
• Mail Server
• MPLS
• DNS Server

We continuous improve and upgrade Iron Gate and hope to see Iron Gate appliance soon in market, we are testing and evaluating product performance, so we need your support and feedback about our products and our team welcome anyone interested in our idea and project which can contact me on [email protected]

About the author

Amr Yehia , a Network Security Engineer at Pharos