• United States
Executive Editor

Ingate beefs up encryption, NAT support

Jun 05, 20032 mins
Network SecurityNetworkingSecurity

* Ingate Systems improves VPN features on its appliances

Ingate Systems, which makes firewall/VPN appliances that support Session Initiation Protocol, has upgraded its software to boost the VPN capabilities of its devices.

The software adds a new type of encryption – Advanced Encryption Standard (AES) – to the DES and Triple-DES capabilities it already had, and improves support for network address translation (NAT).

AES is the latest federally approved encryption standard; it is more secure than Triple-DES and requires less processing power as well.

NAT can hamper VPN traffic by changing private source IP addresses to public ones, preventing VPN sessions from starting because it can look like someone has tried to hijack the session. The new software adds the ability to handle NAT even if the traffic must cross a firewall that doesn’t support NAT.

Ingate devices always supported IPSec VPNs, but they now also support Point-to-Point Tunneling Protocol, a VPN protocol that is supported by Windows clients and is simpler to configure than IPSec. Ingate says its appliances also support IPSec clients made by other vendors as long as these clients comply with the IPSec standard. IPSec client software allows remote PCs to create VPN tunnels with VPN gateways.

VPN capabilities for Ingate firewall appliances are sold as a separate software module.

The Ingate firewall/VPN gear is best for users that want to use applications that rely on SIP, such as forms of voice over IP. Because voice can use varying ports in a firewall, it is key for the firewall to keep track of which call is using which ports and to shut them down when the call is over. Firewalls without SIP support run the risk of being fooled by intruders and opening ports for phony calls, thereby compromising the security of the network.