Search /
Docfinder:
Advanced search  |  Help  |  Site map
RESEARCH CENTERS
SITE RESOURCES
Click for Layer 8! No, really, click NOW!
Networking for Small Business
TODAY'S NEWS
Valentine's Day Patch Tuesday: Microsoft to issue 9 patches, 4 critical
Mobile World Congress sneak peek: Quad-core smartphones, Ice Cream Sandwich & more
Microsoft details 'Windows on ARM' program
March debut of 'iPad 3' a sure bet, says analyst
FBI unbolts Steve Jobs 1991 investigation file
Cisco boosted profit, sales in Q2 while cutting costs
Macs take on the enterprise
Four crazy tech ideas from Google's Solve for X project
Obama 2012 campaign playlist revealed courtesy of Spotify
Oracle buying Taleo for US$1.9 billion in direct hit at SAP
Amazon attacks Apple: You get 3 Kindle products for price of iPad 2
Pre-rendered pages highlight latest Google Chrome release
Microsoft exec: Lync-Skype integration a 'compelling opportunity'
The future of hypervisors
/

Reviews /

Response to RFP: WatchGuard

Today's breaking news
Send to a friendFeedback

Network World Fusion, 05/10/99

WatchGuard LiveSecurity System Overview

The WatchGuard LiveSecurity System is a complete Internet security solution that includes full firewall protection, virtual private networking to encrypt communications, LiveSecurity broadcasts that continuously update your network's perimeter defenses, and the Firebox II network security appliance.

WatchGuard offers two VPN solutions designed for use in a distributed working environment:

WatchGuard Remote User VPN to secure communications between telecommuters or traveling employees and their protected corporate network

WatchGuard Branch Office VPN to secure communications between branch offices and trading partners

As an integrated firewall/VPN solution, the WatchGuard LiveSecurity System can offer seamless integration and ensure the secure transmission of data among Powell Electrical Manufacturing Company's off-site employees, central office, and eight subsidiary offices. All security policy creation and management, including the establishment and monitoring of any VPN connections, is handled using WatchGuard's easy to use Security Suite and Policy Manager software, installed on a standard Windows-based workstation.

In addition to our VPN solutions, the WatchGuard LiveSecurity System offers the following features:

The LiveSecurity Broadcast Service delivers up-to-the minute security information and software updates directly to your management workstation over the Internet, allowing you to take advantage of a virtual staff of security experts.

An integrated collection of management tools to keep you fully informed of network connections and activities without overwhelming you, including full logging and notification capabilities.

Full firewalling capabilities, including:

access control using a combination of dynamic stateful packet filtering and proxying of services such as HTTP, SMTP, and FTP

network address translation, including both IP masquerading and port forwarding

auto detection and blocking of spoofing and probes

authentication against an NT domain server, RADIUS, CRYPTOcard, or WatchGuard's own proprietary authentication server web access control options which allow you to control web surfing privileges according to user, site, and time of day

Technology Requirements

Listed below are the requirements of this RFP as we understand them:

Fault Tolerant solution

Solution must be centrally managed using a standard management package

VPN usage statistics must be available

Solution must allow secure access to the central headquarters network by telecommuters, Powell's mobile sales force, and any executive management staff working remotely

Solution should be expandable to secure communications between Powell's central headquarters and its eight subsidiary offices in the future.

Technology Recommendation

Based upon review of this RFP, WatchGuard Technologies, Inc. recommends the purchase of a single LiveSecurity System for Powell Electrical Manufacturing Company's central headquarters office. This single LiveSecurity System will not only provide a complete security solution for the central headquarters, but will also allow up to 50 simultaneous Remote VPN connections between the headquarters and any telecommuting or mobile employees.

WatchGuard Remote User VPN relies on Point-to-Point Tunneling Protocol (PPTP), a widely accepted standard. A "tunnel" created between the remote host and the LiveSecurity System Firebox allows all traffic to flow securely across the Internet. No additional client software is required. Microsoft Windows 95 and Windows NT workstations come equipped with PPTP or are PPTP-ready. Free Dial-Up Networking upgrades are readily available from Microsoft.

The PPTP tunnel is established using the Dial-Up Networking dialogue on a Windows workstation. Remote users are authenticated using MS-CHAP against a user/password list maintained in the Firebox configuration. MS-CHAP relies on a challenge-response mechanism that ensures the client's password is never passed across the Internet.

Once the tunnel has been established, all data exchanged between the Firebox and remote client is encrypted using RSA RC4 encryption standards. The Firebox decrypts and filters each packet received from the remote client according to the configured rules. Depending on the type of information being transmitted by Powell's off-site employees, you may choose to use either RSA RC4 40-bit weak encryption, or 128-bit strong encryption.

Coming soon will be a IPSEC-based solution, to which Powell Electrical Manufacturing will have the option of migrating in the future.

Powell Electrical Manufacturing Company's network administrator also has the option to log all VPN traffic; and run reports on network traffic using WatchGuard's integrated Activity Reporting system.

It is also recommended that Powell Electrical Manufacturing Company consider purchasing a WatchGuard LiveSecurity System for each of their eight subsidiary offices. With a LiveSecurity System protecting the network of each office, it is then straightforward to create Branch Office VPN tunnels among the offices, along the secure flow of encrypted data between offices as required.

WatchGuard Branch Office VPN, a standard feature of the WatchGuard LiveSecurity System, supports IPSec encryption suite (with support for DES and 3DES), as well as WatchGuard's proprietary encryption protocol. Our IPSec-based Branch Office VPN solution is compliant

with the current IPSec architecture as defined by the IETF (Internet Engineering Task Force). Internet Key Exchange (IKE) is supported to help manage the many pairs of keys required for numerous VPN tunnels are established. WatchGuard supports the latest draft of the IPSec standard that uses the IKE protocol for dynamically negotiating keys.

The WatchGuard Proprietary Encryption Protocol uses RSA RC4 encryption standards to establish a secure tunnel among multiple WatchGuard Fireboxes. As Powell is located here in the US, RSA RC4 128-bit encryption is available for your use, and RC4 56-bit encryption is also available if desired.

If WatchGuard's proprietary Branch Office VPN is chosen, we provide a VPN Wizard to walk you through the straightforward process of setting up VPN tunnels. The Wizard begins by identifying the Firebox at the other end of each tunnel and each network behind the Firebox. The VPN Wizard also assists you in setting up packet filter rules for unencrypted received packets. Running the VPN Wizard from a "headquarters" office makes it very easy to save configuration information to remote branch office Fireboxes.

Once the VPN is established between two Fireboxes, all exchanged data flows securely over the Internet. Each packet is encrypted and encapsulated. Received packets are decrypted, unencapsulated and filtered by the receiving Firebox to ensure compliance with the configured access rules.

Regardless of which Branch Office VPN option is used, all Branch Office VPN traffic can be optionally logged for reporting purposes using WatchGuard's integrated Activity Reporting tools.

Pricing

The price of a single WatchGuard LiveSecurity System for Powell Electrical Manufacturing Company Central Headquarters is USD$4,990. This price includes an unlimited user license, one year of the LiveSecurity Broadcast Service and LiveSecurity System Support, and is inclusive of both Remote User and Branch Office VPN capabilities as described above. Additional LiveSecurity Systems could be purchased to secure the subsidiary offices at the same price.

Conclusion

WatchGuard Technologies, Inc. appreciates the opportunity to provide a complete solution to meet Powell Electrical Manufacturing Company's VPN needs. We believe that we offer a comprehensive security system that is easy to use and cost effective. Should you have questions about the information contained here, please feel free to contact us at (206) 521 8340 or visit us on the web at www.watchguard.com.

RELATED LINKS

Additional responses
Plus the original RFP and a sample RFP from The Gartner Group.

Review: VPNs
We test 15 products. Network World, 5/10/99.

Interactive VPN buyer's guide
Find a VPN that best matches your critieria.


NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.