ISM Questions:
  • How much does the ISM cost?
  • What hardware does UIA use?
    		• Support Questions:
  • How do my employees get support?
  • Does UIA do regular rule maintenance? If my employees need a port opened how is this done?
  • Who is responsible for maintaining software updates on the ISM?
    • Features Questions:
  • Can the ISM be interconnected to other ISM's over a permanent VPN tunnel?
  • Does the anti-spam feature really work?
  • How does the ISM stop services like Gnutella or Kaaza?
  • How long does it take to configure an ISM?
  • Is the ISM hardware or software based?
  • Does ISM provide NAT (Network Address Translation), and if so, can it do both static and dynamic NAT?
  • Does ISM support / require multiple interfaces on firewall?
  • How are ICMP packets handled by default? How are they enabled or disabled from traversing the firewall?
  • How does the GUI connect and communicate with the firewall?
  • Is the HTTP/Proxy service based on Apache?
  • How is log file rotation, backup and purging handled?
  • How are rulebase change control, backup and recovery handled? In other words, what happens if a change is made that causes something to break... how do I revert back to a previous rulebase?
    • ISM Questions:
    Q.  How much does the ISM cost?

    A. 

    See the pricing section.
    Q.  What hardware does UIA use?

    A. 

    UIA uses Dell hardware. Dell has a reputation for just the right mix of reliability and price. While it is true that an ISM can be built in just a matter of minutes onto replacement hardware, it is still important that your users experience the highest possible up-times.
    [back to top]
    Features Questions:
    Q.  Can the ISM be interconnected to other ISM's over a permanent VPN tunnel?

    A. 

    Yes, up to 1024 connections are possible at each node. It's a perfect solution for multi-location businesses that may have a variety of different connectivity flavors at each location.
    Q.  Does the anti-spam feature really work?

    A. 

    Yes it does. Anywhere from 89% to 95% of spam is stopped at the server, on par with many much more expensive solutions. See this comparison for a run down of some available anti-spam systems. Keep in mind that these systems only do this one task, for about the same price as a complete ISM solution. Click here for more information.
    Q.  How does the ISM stop services like Gnutella or Kaaza?

    A. 

    The ISM has a built-in dynamic Intrusion Prevention System. This system looks for particular types of traffic and if a match is made then that IP address is blocked off. This will stop Gnutella and Kaaza even if those services use a common port, such as port 80. Not only is it important to stop these services from a security point of view, but more and more businesses are expected to be responsible for employee downloads of all types.
    Q.  How long does it take to configure an ISM?

    A. 

    After the profile has been made using the web interface, configuring a new ISM takes just minutes.
    Q.  Is the ISM hardware or software based?

    A. 

    The ISM is hardware based and so resides on a separate machine between the Internet and the LAN.
    Q.  Does ISM provide NAT (Network Address Translation), and if so, can it do both static and dynamic NAT?

    A. 

    Yes, the ISM supports both static and dynamic NAT.
    Q.  Does ISM support / require multiple interfaces on firewall?

    A. 

    The ISM needs at least one outside and one inside interface. It can support up to 255 interfaces in fact, but in reality the number of interfaces are determined by the hardware. Each interface or DMZ can have its own set of rules.
    Q.  How are ICMP packets handled by default? How are they enabled or disabled from traversing the firewall?

    A. 

    By default ICMP packets of type 8 and 13 (ping) are allowed up and to the ISM. However, each ISM is a customized installation so any ICMP policy can be changed or initiated at any time.
    Q.  How does the GUI connect and communicate with the firewall?

    A. 

    The GUI is a web based server that is ON the firewall (ISM). Only IP's that are determined by the end customer security policy are allowed to even view the authentication page.
    Q.  Is the HTTP/Proxy service based on Apache?

    A. 

    No, but it does use another open source application called Squid.
    Q.  How is log file rotation, backup and purging handled?

    A. 

    Log files are rotated every night, there are a total of 7 days worth of log files on the ISM at any given time. Hack attempts however are archived for three months.
    Q.  How are rulebase change control, backup and recovery handled? In other words, what happens if a change is made that causes something to break...how do I revert back to a previous rulebase?

    A. 

    UIA makes all the rule changes. Each change is backed up to a central server. UIA can restore back to any time and date that a rule was changed. UIA keeps a complete revision history of all configuration changes.
    [back to top]
    Support Questions:
    Q.  How do my employees get support?

    A. 

    End-users will contact a UIA ISM administrator directly. UIA does all support live and on the spot. UIA acts as the security department for your company.
    Q.  Does UIA do regular rule maintenance? If a user need a port opened how is this done?

    A. 

    Yes, UIA does all support live and generally port openings are done with the end-user on the phone.
    Q.  Who is responsible for maintaining software updates on the ISM?

    A. 

    UIA performs all updates. The ISM has an automated update system. All updates are pushed out from UIA to the firewall. The time between a vulnerability or patch announcement and an update to your ISM is very short. Often times it's just a matter of hours. The ISM is not required to reboot after an update. Updates can safely be done during business hours without interrupting service.
    [back to top]