Phoenix IT-100 Appliance

Phoenix IT-100 Appliance. Fanless 500Mhz Transmeta Crusoe TM5600. 128MB SDRAM. 32MB CF. 2 x Realtek RTL8100B 10/100 Ethernet Nics. 1 x Prism54-based 802.11b/g Wireless NIC. Stateful inspection firewall. 5-20 users. 70 Mbps (5K pps) maximum cleartext throughput. 10-14 Mbps IPSec VPN throughputs. Utilizing OpenWrt®  software, which also has a WebGUI and a comparable feature set as pfSense® but much less demand on CPU performance and memory capacity.

OpenWrt® is an embedded operating system based on the Linux kernel.

Notes:

  1. The IT-100 does not have VGA. Console is through a DB-9 serial port with the following communication parameters: 38400baud 8n1.

Network Interfaces

See the picture of the back panel.

  1. WAN (ETH0 RTL-8139 10/100 Ethernet interface): The first RJ45 Ethernet port from the left.
  2. LAN (ETH1 RTL-8139 10/100 Ethernet interface): The four-port switch hub.
  3. OPT1 (WLAN0 PRISM-54 802.11bg wireless interface) with two built-in hidden diversified antennas.

Features

Folloing are the built-in features of OpenWrt® running on the Phoenix IT-100. Many are managed by LuCI, the WebGUI.

  1. Web-based graphical user interface: LuCI.  See image.
  2. Iptables-based (netfilter) firewall.
  3. OpenVPN and OpenConnect VPNs.
    • IPSec (Strongswan) is also available but requires setup and maintained through command-line, as it is not integrated into LuCI.
    • The IT-100 is limited in its CPU performance and can only accommodate a few tunnels.
  4. LuCI built-in splash screen. Full feature captive portal CoovaChilli is available, but requires setup and maintained through command-line, as it is not integrated into LuCI.
  5.  Intrusion prevention systems (IPS) and intrusion detection system (IDS): Snort, which also requires setup and maintained through command-line, as it is not integrated into LuCI. Snort implemenation should be planned with consideration to the limited CPU performance of the Transmeta Crusoe TM5600 in the IT-100.
  6. Traffic shapper: sqm-qos. Qos can be installed and is integrated itno LuCI.
  7. Fail-over: ucarp, which requires setup and maintained through command-line, as it is not integrated into LuCI.

There are additional packages that can be installed if desired. However, space is limited on the 32MB CF, about 15MB available. And a reset-to-default will wipe out installed packages to return the IT-100 back to its original factory configuration.

Deployments

The Phoenix IT-100 appliance has been employed at the following network locations to protect SMB (Small and Medium Business):

  1. SOHO (Small Office and Home Office)
  2. Captive Portal
  3. Branch Office
  4. VPN Endpoints

Performance as a VPN Router

IPSec Throughput1 Phoenix UNO
500 Mhz VIA C7
Phoenix IT-100
500Mhz TM5600
Cisco ASA 5505
Cleartext 88.5 Mbps 70 Mbps (5K pps) 150 Mbps
3DES 8.3 Mbps 9.5 Mbps 27 Mbps
(Soekris VPN1411)
40 Mbps
AES256 45 Mbps 14 Mbps 32 Mbps
(Soekris VPN1411)
40 Mbps

1As measured by IPerf. The IPerf performance was compared to the reported measurements of the Cisco ASA 5510 in the following article: IPSec Performance of Cisco ASA 5510 as Measured by IPerf.

List price: $199.99
Price: $199.99
$199.99
Printer-friendly versionPDF version
Image: 
IT-100 Appliance
IT-100 Appliance back
Luci OpenWrt WebGUI
SKU: OWIT-100
Specifications: 

Capabilities, Performance and Cost Comparison:

Firewall Model
(Cisco License)
Phoenix IT-100 Cisco ASA 55053
(Security Plus)
Performance Summary
Concurrent Sessions 16,000
(limited by the fixed 128MB SDRAM)
10,000
(25,000)
Firewall Throughput 70 Mbps
(5K pps) 
150 Mbps
IPSec VPN Throughput 14 Mbps (AES-256)1,2
9.5 Mbps (3DES)
40 Mbps4
(100 Mbps3)
Maximum Site-to-Site and Remote Access VPN Sessions 10 
(limited by CPU performance and RAM capacity)
10
(25)
Multi-Wan
Load Balancing
Dual Wan
(limited by number of available interfaces)
?
Failover Supported Yes!5 Not supported
(Stateless Active/Standby)
Technical Summary
CPU Speed 500Mhz Transmetta TM5600 500Mhz AMD Geode LX
Memory 128MB 512MB
Storage 32MB CF minimum 64MB System Flash
Interfaces 2 x Realtek RTL8100B 
Fast Ethernet
1 x Prism-54-based 820.11b/g WiFi
8-port Fast Ethernet switch
with dynamic port grouping
(including 2 PoE ports)
Virtual Interfaces (VLAN) None
(RTL8100B does not support VLAN)
3
(20)
Power Consumption 12W ~ 12W (estimated)
Additional Network Security Capabilities
Intrusion Prevention Snort
(Subscription required)
Not Available
Cost $150 $3867
($850)8

Notes:

1As measured by IPerf. The IPerf performance of the Cisco ASA 5510 was measured and discussed in the article IPSec Performance of Cisco ASA 5510 as Measured by IPerf.
2The IPerf performance of the Phoenix IT-100 was measured using the same methodology described in the article IPSec Performance of pfSense Firewall Appliance.
3As reported in Cisco Sales Literature and Documentation. (Cisco Router Performance data come from here.)
4Estimated from Cisco ASA 5510 iperf data

5Through wan3 or ucarp!
6Active/Active configuration requires multiple security contexts (or virtual firewalls).
7Cisco ASA firewall cost is typically found on the Internet and includes the basic firewall feature set of Cisco ASA Software Release 8.2.
8Cisco ASA firewall cost includes the security plus license, which is required for advanced features like security contexts and active/active high-availability.

Support and Warranty

  1. One (1) year industry standard warranty.

Additional Notes:

  1. The IT-100 Firewall appliance is a complete fanless system, with no upgradable part.
  2. It has NO VGA, only serial console. The serial console setup is 38400,8n1 ( 38400 baud, 8-bit data, no parity, 1 stop bit).
  3. Although the IT-100 has 128MB RAM, 16MB is used for code morphing.
  4. The Hacom Phoenix IT-100 Appliance has a standard 1-year warranty.
Case Options IT-100
IT-100
Dimensions

246mmx240mmx54mm