Background
Radguard offers Happy Pharmaceuticals its cIPro-System, a self-contained flexible solution that will answer Happy Pharmaceuticals' current needs, including the full support of its T3 lines. Radguard's solution will also provide the infrastructure for future growth of the network and business needs. Radguard is proud to offer Happy Pharmaceuticals a centrally-managed solution that will help it maintain its 99.99% availability while adding bullet-proof security to its networks.Assumptions
Radguard believes that once a corporation decides to manage its firewalls remotely, it exposes its firewalls to several attacks. The management traffic become as sensitive as the data within the corporation, since if it is tampered with, all internal data is exposed. Therefore, Radguard recommends that firewalls should only be managed using encrypted traffic and should not respond to any management traffic unless it is encrypted and authenticated. It is Radguard's experience also that Network administrators find that managing their network from a central site only, although it is highly desirable, is often unrealistic. Most administrators require the ability to manage their network remotely as well. Most administrators require the ability to manage their firewalls through the Internet.Recommendations
1. Management Radguard therefore recommends the use of the strongest security standards available to manage all firewalls. Radguard's managed firewall solution answers this challenge by allowing corporations to utilize IPSEC in managing their firewalls, thus permitting administrators to mange firewall securely, whether the management communications are carried over the Frame Relay network, the Internet or any other public network. Even if the management communication will traverse the Frame Relay network only (as the RFP suggests), because of its high sensitivity Radguard recommends that it will be encrypted and authenticated and not sent in the clear. 2. Redundancy The cIPro-System's unique redundancy scheme will allow Happy Pharmaceuticals to have hot standby connections at each site. Depending on the chosen network architecture, these can be used on different networks, or on different entry points to the same network (e.g. via 2 or more different ISPs). This will allow Happy Pharmaceuticals to surpass its target of 99.99% uptime and fault tolerance requirement. The cIPro system includes fault tolerance and restoration features to maintain network traffic even under the harshest conditions. It supports automated redundant topologies directly to the firewall and comprehensive back-up features for network certification, topology and security policies. 3. Design Radguard's cIPro System will interconnect the central site and remote sites, by deploying a cIPro-HQ (which includes a Certificate Authority) in the central office and cIPro-VPNs in each remote location. All VPNs will be centrally managed using either an HP-Openview platform or a stand-alone GUI at the central Site and wherever management is needed (e.g. a traveling administrator's laptop). Radguard's cIPro System units are hardware boxes that are dropped at remote sites (between the LAN and the internet router), with little or no effect to the local network, and configured and maintained remotely. 4. Features The following cIPro System attributes will prove especially useful in answering Happy Pharmaceuticals' requirements: Performance. Since the cIPro system is a hardware-based solution, it will easily cope with the number of user sessions that Happy Pharmaceutical expects. Each cIPro component can support up to 100mbps, which will easily cope with the T3 pipes.- Firewall functionality. The cIPro-System includes protection against all known attacks, and provides Happy Pharmaceuticals with an easy to configure policy-based GUI to control access to the internal network. NAT capability is included with the Firewall functionality and has limited effect on performance.
- Simple installation. A plug-and-play installation that requires minimal changes to the current network. Since the cIPro-System is hardware based, it does not involve installation, configuration and maintenance of an Operating System.
Increased security. All internal traffic will be IPSEC protected, including SNMP management. cIPro devices will only accept SNMP traffic that is IPSec/IKE protected. Furthermore, the cIPro-System's real time operating system as well as the absence of a file system protects it from all vulnerabilities of the commonly used Operating Systems.
- Simple GUI. The cIPro system's management system, cIPro-MNG, is a GUI, policy-based network management system which provides complete control over secure network communications, with simple drop down menus and easy to follow graphic icons. Adding to the flexibility of cIPro-MNG is the capability to work as a stand-alone product or with HP Open View. In both formats, cIPro-MNG represents the managed firewalls network in the form of an easy to understand network map. The user clicks on easily recognizable icons in order to select and change the policies of specific firewalls. Both versions provide the same level of security audit functions, including textual information on SNMP traps and visual indication of alarm events.
- Logging. Logs are automatically stored on each device and traps and alarms are sent to the management station/s. The cIPro-Mng software includes all the necessary log analysis tools. Alarms can be configured to activate pagers, send e-mail, etc.
- Simple GUI. The cIPro system's management system, cIPro-MNG, is a GUI, policy-based network management system which provides complete control over secure network communications, with simple drop down menus and easy to follow graphic icons. Adding to the flexibility of cIPro-MNG is the capability to work as a stand-alone product or with HP Open View. In both formats, cIPro-MNG represents the managed firewalls network in the form of an easy to understand network map. The user clicks on easily recognizable icons in order to select and change the policies of specific firewalls. Both versions provide the same level of security audit functions, including textual information on SNMP traps and visual indication of alarm events.
Support and Maintenance
All RADGUARD products include a full one year warranty, in addition to regular product upgrades for the duration of the warranty. Support is provided by RADGUARD's distribution channels and RADGUARD's technical support department.Cost
Central Site: $14,950- Includes:
- 1 cIPro-HQ
- 1 cIPro-VPN (for Redundancy)
- 2 Firewall Modules for 1-25 internal users (Includes NAT functionality)
- 1 cIPro-Mng
- 1 cIPro-VPN (for Redundancy)
- 1 cIPro-VPN
- 1 Firewall Module for 1-25 internal users (Includes NAT functionality)
Vendor responses:
|
|
|
|
Firewall RFP
See what the vendors are responding to. Includes links to all the RFP responses.
Review: Firewalls
Raptor Firewall 6.0 takes top honors in our testing. Network World, 7/19/99.
Issues and trends
Where the firewall market is headed and what to look for. Network World, 7/19/99.
Interactive buyer's guide
Detailed specs on 52 models. Find the one that meets your criteria or compare two or more models on different specs.
Forum: Firewalls
Post your firewalls questions and discuss their use in this forum.
Firewalls to the rescue
Interviews with firewall users. Network World Fusion, 7/19/99.
