Technologies & Products
Overview
Communication Protocols
Distributed Data Management
High Availability
Network Management
Development Tools
Security
V-IPSecure (IPSec/IKE)
SSHield (SSH)
SSLimSecure (SSL)
FireFly (Firewall)
NetF1 (IPv4/IPv6 stack)
GNAT (NAT)
AuthAgent Kerberos
AuthAgent Radius
AuthAgent X.509
X-Calibur (802.1X)
EMANATE®
EMANATE/Lite

FireFly (Firewall)

Filtering Support | Hooks for Stateful Inspection | Management Support | Complements Network Security

FireFly is a robust, lean, high performance, packet-filtering, firewall implementation. Its core engine permits or denies packets from passing through it based on a pre-defined policy. FireFly’s unique, advanced features include hooks for dynamic firewalling and stateful inspection. Itssmall footprint and robustness have been specifically designed for use in an embedded environment. FireFly’s unprecedented flexibility and easy customization make it the firewall of choice in embedded networking applications.

Filtering Support
FireFly supports the following filtering options:

  • Source and destination IP addresses.
  • Source and destination port numbers.
  • IP/TCP/UDP/ICMP Protocol based filtering.
  • TCP flags such as FIN, SYN, RST, PUSH, ACK & URG
  • All ICMP types
  • IP options such as strict source route, loose source route, record route and time stamp.
  • Fragment flag in the IP header.

FireFly Operation

Top

Hooks for Stateful Inspection
Stateful inspection provides the ability to track and control the flow of communication passing through the firewall filter. The ability to keep track of state and context information about a session simplifies rules and tries to interpret higher-level protocols. FireFly does not force any specific implementation of such inspection but enables custom versions of circuit-level filtering, and application-level filtering to be easily added with the hooks provided.

Top

Management Support
FireFly supports a customizable management interface presented through a string-based command layer, which can be easily controlled through a web-server, structured data files such as XML or via a CLI. Support for rule numbering provides ease of overriding at any level. Customizable hooks for logging and forwarding enable specific actions to be taken when accepting or rejecting packets.

Top

Complements Network Security
Securing a network requires many different pieces of a very large puzzle. FireFly’s system security typically involves keeping an embedded device protected from external access on specific ports. This acts as a powerful complement to network security which protects data in transit, when used with security solutions such as SSHield. A combination of SSHield’s Secure Shell tunneling and FireFly’s restricted external access enables sophisticated security policy settings by allowing a secure point of entrance through the network to the embedded device. Fine grained control over the accessibility of application ports from the public network can be gained while at the same time allowing full access from within the tunneling capabilities of SSHield.

Insects Bump-In-The-Stack Model

Top

 
 
FireFly for VxWorks Datasheet
FireFly for pSOS+ Datasheet

© 2008 Embedded Solution Partners, World Rights Reserved | Terms of Use | Privacy Policy | Site Map