Aries One Security Appliance, Part One

It looks like a handsome clock radio, with its sleek charcoal case, brushed silver front panel, LCD screen, and discreet rubber pushbuttons. But the Celestix Aries One security appliance costs about ten times as much and does far more.

Inside the sleek packaging is an x86-based single-board computer, with 128MB RAM and a 5 GB disk drive. The back panel has all of the standard PC connectors you've come to know and love, including USB and PCMCIA. It runs Linux, and it hosts Check Point VPN/security software. It's a DHCP server and router for your LAN, and on paper, at least, it's the answer to all your networking problems.

Now if only I could get it to work.

The Aries One came with a single page of instructions, showing which Ethernet port to connect to the Internet and which one to feed to your LAN hub. A piece of cake: you set up the Aries One through your browser via its hostname or default IP address.

I've lost count of the number routers I've had in and out of my home LAN--WatchGuard, SonicWall, Linksys, Netgear, D-Link--all happily violating my Terms of Service agreement with my cable provider. So after lunch yesterday, I popped the Linksys out, hooked up the Aries One in its place, and powered it up. The LCD screen came to life, and in a very Linux-y, businesslike way, displayed the whole boot sequence. Cool. Then an authoritative male voice issued forth from the speaker, saying, "Your network is now secure."

I would have preferred a female voice, but that's just me. You know the one--from all the science fiction movies where somebody arms the self-destruct mechanism and The Disembodied Voice says in her implacable, incontrovertible alto, "The ship will self-destruct in five minutes." All the (surviving) crew members look up, worried…. But I digress.

I pointed the browser on one of the laptops to 192.168.1.1 so I could log into the Aries One and configure it. Nothing. Ah, I know--reboot the PC so that it gets a fresh IP address from the DHCP server in the Aries One. Reload the browser, enter the address… nothing.

A quick check with ipconfig showed that the laptop didn't get an IP address. Hmm. Maybe the DHCP service didn't start. The menu and configuration screens on the Aries One were easy to navigate, and I ascertained that its base address was, indeed 192.168.1.1, and that DHCP was active. But it wouldn't talk to the laptop or other PCs. I tried changing and forcing the address at both the Aries One and laptop sides, but that didn't work, either.

So I yanked the Aries One from my LAN hub and connected it directly to a laptop via a crossover cable, which Celestix had thoughtfully provided (along with a straight cable) in the box. Success! I then tried it with another hub, with just the laptop and Aries One on it. Nothing. I substituted two different Ethernet switches for the hub; still nothing. And yes, I used known-good cables. At this point, I had involved Celestix tech support, which was helpful and knowledgeable, but ultimately just as baffled as I was by the box's behavior.

I went back to the crossover cable. The box greeted me with a split sign-in screen, where I could either set up the Aries One box or the Check Point software. I dove into the Check Point Administration page, as the one-page instruction sheet suggested. By this time, my 17-year-old son was home from school. He peered at the screen and the setup options, and was impressed by the router's features, which include DMZ, static routing, customizable security levels, denial of specific services, including HTTP, FTP, IRC, AIM, etc., logging on the built-in hard disk, VPN, stateful packet inspection, excellent policy management tools, and more.

I entered my hostname in the proper field, selected DHCP for the rest, and clicked "Apply." Nothing. Typically, in a router setup, there's a place to enter your domain name, too, but there was no such field in the Check Point setup. I tried some other things, including hardcoding the cable modem's IP address. That didn't work, either.

I called Celestix again, asking how to get the domain name in there. They directed me to the Aries One side of the box, which is largely a Web shell around Linux and its underlying IP configuration. There was no place for the domain name there, either, but we concatenated it with the hostname and put it into that field. It showed up in the hostname table, which I took as a good sign. But when I went back to the Check Point side and asked for a DHCP connection with the cable modem, it failed again.

The tech guys at Celestix finally suggested, after some online research, that my Comcast connection doesn't support Linux. That's certainly true in terms of the cable company's install software, but why should the cable modem know or care what operating system the router was running?

By now, it was 9:30 at night. The network had been down since noon. My family was feeling severely network-deprived, and was making ugly, threatening noises. In the interest of self-preservation, I reconnected the Linksys router and got data flowing again.

I'm not done with the Aries One, despite this failure. My next step is to bring it into PC Labs, where I can run it off the Labs' LAN or hook it to our DSL line. I want to know why it wouldn't connect through a hub, and why DHCP was failing on both sides of the box.

I really like the features of this box, especially the generous little hard disk that stores utility software, log files, and makes updating a snap. $799 is a lot to pay in these days of sub-$200 routers, but the Celestix has a feature mix that puts it closer to professional, high-end routers and security devices.

We'll see how this little drama unfolds.

Copyright © 2002 Ziff Davis Media Inc. All Rights Reserved. Originally appearing in ExtremeTech.