Q and A

Q&A before purchasing

Ｑ：Are there any differences between CD boot and installation?

Ａ：As it is little difference in efficiency, there is no difference in speed.

Ｑ：While no statement of required hardware, are any OS available for installation?

Ａ：A machine which satisfies the requirement of hardware will be available for installation. One Point Wall is OS itself, so it is necessary to have another OS. After the installation, OPW will have rewritten on OS which is in use.

Ｑ：Why do we prepare three of NIC as recommended hardware?

Ａ： One for port of bridge on the above network, one for the below network and another one is for administration. We recommend three NIC for security even though it is possible to set up by only two of NIC. 。

Ｑ：What does USB memory as recommended hardware use for?

Ａ：This memory is used to output logs, to serve the configuration and update. When using after installation, you can save the configuration on USB flash memory. If you do not want to save log and the configuration, you do not have to have the USB flash memory.

Ｑ：Is it possible to block data traffics for proxy servers on a network?

Ａ：Depending on configuration, it does not work for blocking because of irregular data on the proxy servers. Please contact us for details.

Ｑ：When using OPW in an inspection mode, do we need a shared hub? Shared hubs are not on the market though.

Ａ：Shared hubs are available at NetAgent. We deal in this type hub and One Point Wall at the same time.

Ｑ：How many times are the new rules made?

Ａ：We usually make the rules twice per month or respond to demand.

Ｑ：What information do you use for making new rules? Do you cooperate with any venders?

Ａ：We have an original system of for investigation and observation. We do not have the cooperation so far.

Ｑ：Are rule files and engines automatically updated?

Ａ：You will update files according to your choice. Although updating engines are operated on manual accompanied with reboot, it is little time.

Ｑ：Do we need to request CDs for updating?

Ａ：No, you do not. After user’s registration, we send the CDs to those users.

Ｑ：When we used a CD which is a copy of One Point Wall, it does not work.

Ａ：One Point Wall does not operate with a CD copied. It is necessary to buy a number of CDs as many as you need.

Ｑ：Is it possible to configure One Point Wall on Giganetwork?

Ａ：One Point Wall is an interface less than 100M. On the Giganetwork, we recommend installing One Point Wall on a responsive server to Gigabit or buying appliances made by TaKaRa NETWORK SYSTEM Co., Ltd.

Ｑ：Did you decipher Winny code? Does it mean that you acquire Winny source program?

Ａ：No, it does not. That is source program analyzing data on a memory when program is running.

Ｑ：Does One Point Wall judge Winny traffic by features of traffic patterns.

Ａ：One Point Wall deciphers Winny traffic code and judges it.

Ｑ：Does One Point Wall record node information as a log?

Ａ：No it does not. It only records IP address and ports. Logs do not include traffic contents.

Ｑ：Which Winny version can One Point Wall block out?

Ａ：We verified the operation of an inspectional filter on “Winny v2 7.1, 7, 6.6, v1 1.14, custom5, custom6”.

Ｑ：Can One Point Wall respond to Winny 2b7.2?

Ａ：Completed.

Ｑ：Can I prevent data breaches by virus infection coming from Winny?

Ａ：Since One Point Wall cut off a machine on which Winny is running from the network, the first leakage is blocked. However, One Point Wall cannot prevent the second leakage by cash holders.

Ｑ：If there is a virtual hub of SoftEther on the external network, can that avoid obstruction by One Point Wall?

Ａ：No, it does not.

Ｑ：Can One Point Wall block SSL traffic of SoftEther?

Ａ：Yes, it can. ( completed to 0.50beta3, 1.0)

Ｑ：Is One Point Wall able to inspect SoftEther VPN 2.0 Beta 3.2 as well as SoftEther 1.0?

Ａ：It is completed by the pattern file 1.5.

Ｑ：Is One Point Wall able to block uploading of WinMX?

Ａ：Yes, it is because the traffic is the same as download but not the way.

Ｑ：How are log outputted?

Ａ：For Winny log by OPW, see below,

03/01-02:30:26.701121  [**] [1:0:1] Drop Winny Connection request [**]
[Classification: Potential Corporate Privacy Violation] [Priority: 1] 
{TCP} 192.168.1.1:4524 -> xxx.xxx.xx.xxx:17316

Ｑ：One Point Wall block out by only port numbers?

Ａ：One Point Wall works with the contents of the packet and port numbers as well.

Ｑ：How level machines do I need?

Ａ：An entry level server machine shows enough function. When it has only one network interface, memory needs 512MB or more.

Ｑ：Why cannot conventional firewalls block out?

Ａ：That is because conventional firewalls block out based on IP address and port numbers. Conventional firewalls are sometimes tricked by traffics and make ways for those traffics which are not permitted by administrators.

Setting and management

Ｑ：There is something wrong with One Point Wall.

Ａ：Please contact us with information below;：pbh-support@netagent.co.jp
・ The construction figure of the test environment
・ the screen capture of the system condition on the web display of One Point Wall administration
・ files under [/log] folder

Ｑ：While booting CD, 「Can't find KNOPPIX filesystem・・・」is displayed and OPW does not start.

Ａ：When OPW is booted by CD-ROM drive connecting by USB, this case can happen by boxes.
Please contact us for the detail.

Ｑ：Does IP address assigned on NIC need at the upper side and the lower side?

Ａ：When making Network Bridge, it is necessary to set IP address on a port for administration but not to have NIC for the both sides.

Ｑ：When OPW is used by CD boot, will we need to reboot it at a certain period?

Ａ：No, you will not particularly.

Ｑ：When OPW is used by CD boot, active system always depends on Memory, but does not store on CD?

Ａ：Unless you modify the configuration or use command which has no existence on memory, it does not happen to store on CD in active.

Ｑ：Do 2channel type of internet forums mean that IP address is specified as 2cnnel, SHITARABA and Futaba channel?

Ａ：Because we do not specify them by IP address, the same type of internet forums may be blocked out.

Ｑ：Is there any differences in rules of First Time, 1, 2 for 2channel?

Ａ：That is the difference in the writing form.

Ｑ：Would you tell me how to descript rules?

Ａ：We do not provide the personal service but have a One Point Wall technical training a couple of time a year. In the training, we have a program for making rules as CE. We will notice the next training on our web page “Support and Training”.

Ｑ：Memory can recognize only 1 G?

Ａ：One Point Wall specification is for 1G. Even if memory increases, improvement is not able to be expected in the performance. One Point Wall is available to use untouched.

Ｑ：How can I define the interval that NTP adjust time?

Ａ：When you select “refresh setting” of the schedule on the administration page, the interval is adjusted by each refreshing. However, if you do not, the interval is not adjusted automatically. Please be careful about that.

Ｑ：When some users configure rules separately on the same Network, how does One Point Wall work?

Ａ：Every rule is conformed for the whole Network. For example, if a user selects Messenger Login and Winny, and another user selects MSN messenger and SoftEther, One Point Wall blocks all traffics to MSN messenger, Winny and SoftEther.

Ｑ：The latest version of SoftEther VPN 2.0, Bata4 is not blocked well.

Ａ：The latest version of SoftEther VPN 2.0, Bata4 is not blocked well.
A. Don’t you configure rules as the external network? If you configure rules as the external network, it may not block the traffics when connecting to network which is out of rules. Please try to reconfigure rules on the administration page.
[Configuration] - [Rule parameter] then, make [External Network] section empty - Click on Submit - update

Ｑ：The system log shows only [box opw [816]: One Point Wall starting: ids mode].

Ａ：That is correct activity. “One Point Wall’s system log” displays the logs the below only when booted up, shout down, modification, configuration update and rotate log. In addition, in regard to action of logs of conventional server actions, it is written on [log/ syslog]. You can confirm it on a console such as ssh by the login.
Feb　2　09:26:05　　box　　syslogd　　1.4.1#10:　　restart.
Feb　2　13:42:16　　box　　--MARK--

Ｑ：An alert log accumulates enough and it is cleared suddenly.

Ａ：The alert logs are rotated every week, and rotated logs are saved at the weekly log per five weeks. You can make sure of alert logs by following action,
[Maintenance] ? [Execute command] ? [zcat/ log/ alert.log.1 (or 2~4). gz].

For more detai, please contact us.
MAIL: pbh-sales@netagent.co.jp TEL: 03-5625-1243