Hello there,
I just finished an FTP install of the latest SNF
version and I'm impressed with the way it looks. The functionality for just
about everything seems to be there, but I did run into a few things that may be
considered for change before it's officially released. Please bear with
me:
1. The DMZ zone is entered as one of the default
zones, along with LAN and WAN. If it is not going to be used and you choose to
delete the DMZ zone, the rules for it still remain in the policies and rules
sections. I think it would be good to have any policies and rules that
implicitly list a specific zone as a source or destination be removed when that
zone is removed. It's not necessary to have rules and policies in place for a
zone that doesn't exist. Sure you can go in and remove each of these
rules/policies one at a time but it could be simpler.
2. On rules and policies (both) after customizing
the defaults and hitting apply, the screen refreshes and the policies/rules list is gone. Because of this you don't
know if the changes you made were actually applied. You can hit a link on the
left navigation menu and then go back to the policies/rules and then you'll see
your rules.
3. On the VPN config page there is a message
stating: "Look at help page before to start the configuration" should probably
read "Look at the help page before starting the configuration". Aside from the
issue of semantics and where is the help page anyways? Some of the other pages
do actually have a help button at the bottom, but this page specifically
references a help page which doesn't have a link on the page. Also there is a
message that states "This part allow you to define IPSEC and IPIP tunnels with
end points" should be corrected to say "This part allows you to define IPSEC and
IPIP tunnels with end points"
4. When selecting to "Add and Interface manually"
from the Network Card screen you are presented with the following
message:
"The corresponding module will be loaded in memory
and will try to detect your card. You may have to give additionnal informations
to this module: most often the I/O port (io=0x300 for instance), and eventually
the irq (irq=5 for instance)."
The word "additional" has one too many of the
letter "n".
Also when modifying the interface configuration,
the phrase "IP Address" is incorrectly shown as "IP Adress". This is also the
case within the "Internet Access" screen, as well as the subsections of
"Internet Access".
5. In the "Services" section, one of the Web Proxy
modes is "Manual with authentification", which should actually be "Manual with
authentication"
6. On the top of the main "Firewall Rules" page is
the following message:
"This section allows the control of all zones,
interfaces, hosts, masquerading NAT, Proxy ARP, Default Policy and Restrict
acces Rules" The word "access" is missing an "s". On that same page at the
bottom is the message "! Warning ! CLEAR remove all rules from your Firewall",
the word "remove" should be replaced with "removes"
7. In the "Zones setup" section, the message at the
top "Look at help page before to start the configuration " should say "Look at
the help page before starting the configuration" and this is another page that
has no Help button even though it's referenced.
8. Under "Monitoring" section, the System Usage
graph has some issues:
The CPU load graph at the top has a reference
beneath it that states: "Load Average one mesure
each 5 minutes". This should be "Load Average: One measurement every 5
minutes".
The MEM SIZE graph at the bottom has the following
reference list:
Ram menory one mesure each 5 minutes (Should say
RAM memory: One measurement every 5 minutes)
Ram menory free one mesure each 5 minutes (should say RAM memory free: One measurement every 5 minutes) Swap memory used one mesure each 5 minutes (should
say Swap memory used: One measurement every 5 minutes)
Memory used for cache one mesure each 5 minutes
(should say Memory used for cache: One measurement every 5 minutes)
If you drill down into these graphs by clicking on
them, the subsections need the same changes as well.
9. Under the main Tools section there's a
sentence:
"This section provide tools to do maintenace tasks" would be better phrased "This section provides tools for maintenace tasks. 10. In the Logs section, one of the log types is
"Authentification". This should say "Authentication"
11. There doesn't appear to be a defined timeout
set for the web administration, I'm not sure if this is by design or not but a
10 - 15 minute timeout may not be a bad idea.
12. If you select to turn on the caching
nameserver, it does create a named.conf file correctly but there is no port 53
listener to pick up requests directed at the firewall. It appears that bind is
not listed as a snf dependency, although it probably should be so that if anyone
chooses to run this caching nameserver option it will function the way it
appears it should instead of having to install bind and then rely on snf to
configure it.
That's pretty much it. Aside from that it all looks
great.
Cheers all!
-Z
|