Firewalls

Firewalls are a key part of any network - controlling access both inwards and outbound. We won't go into how firewalls work, as a quick search of "Firewall 101" in Google will yield a large number of documents explaining the basics. In choosing a firewall, we believe there are a few things to look out for:

• Firewall speed (ideally using a realworld measure - such as IMIX) - note also that UTM functions will considerably slow down a firewall.
• Firewall sessions (a secondary measure of the firewall capability) that can give you another guide for sizing
• Type of WAN connection - current generation firewalls increasingly offer WAN cards (such as ADSL, SDSL, E1 etc) integrated into the firewall
• VPN speed - and number of tunnels supported
• Routing & other advanced firewall networking (eg NAT, PAT, Bandwidth management)
• Logging and de-bugging (often overlooked - but critical to the firewall administrator in time of trouble!)
• UTM functions - more of this below

UTM

Firewall technology has moved on over recent years with the advent of the UTM or content securty firewall. Much hype and many myths prevail in the market place of whose approach is better. Simply speaking UTM is about looking into the application payload of the packets passing through the firewalls. This means you can enforce your virus scanning, web surfing, SPAM and intrusion prvention policies at the gateway as well as at other points in your organisation. Vendors tend to offer 2 main approaches - Partnering/porting or self develop. Clearly there are pro's and con's to each, but we tent to side with the Partner/port approach on the basis that, say, a dedicated AntiVirus company or URL filtering company is likely to to a more complete job than an in-house written and maintained solution.

Whichever route you intend, if you run on-board UTM functions, you should expect at least a 50% reduction in performance of your firewall. Most vendors, at the top-end, do not recommend running UTM on the gateway; they offer a hand-off method of enforcement. So a Juniper ISG will commincate using a redirection protocol to an AntiVirus Gateway or Websense server.

 

Juniper Networks
	Purpose-built security solutions designed to satisfy customer networking and security requirements that range from small branch office to high speed carrier and data centre environments. Key features: Wide range of high performance appliances with a consistent management interface with common facilities from bottom to top of the range. Tightly integrated set of best-in-class security applications to protect against Worms, Trojans, Viruses and other malware Flexible configuration options, allows integration to most network environments For more information and product details, please visit our online store
Fortinet
	Fortinet is the pioneer and leading provider of multi-threat security systems that enable secure business communications and deliver the best security, performance and total cost of ownership available. Their wide range of award-winning security systems and subscription services protect the networks of more than 20,000 customers worldwide - including the largest telecommunications carriers, service providers and enterprises of all sizes. For more information and product details, please visit our online store
Check Point
	Check Point Firewall/VPN solutions provide businesses with Choice. VPN-1 Power software can run on general purpose platforms or purpose built appliances (eg Nokia or CrossBeam). Recently announced the UTM-1 platform joins the VPN-1 Edge as a Check Point appliance solution based upon NGX code base. For the home / small office user there are the Safe@ appliances based upon Sofaware, a Check Point derivative of VPN-1 technologies. For more information and product details, please visit our online store
Cisco
	Cisco has a range of technologies to meet the needs of business large and small; from the PIX 501 to the larger PIX systems, through the ISR (Integrated Services Routers) with in built Security facilities, to the new dedicated ASA - Adaptive Security Appliances. Cisco has a solution for you. For more information and product details, please visit our online store
SonicWall
	SonicWALL’s layered approach to network security removes the burden and complication created by other solutions while providing a higher level of protection. Each SonicWALL network security appliance can be configured and customised with an expanding array of security services into a solution which will integrate seamlessly into any network while providing complete protection. Every appliance is capable of integrating support for gateway anti-virus, anti-spyware, intrusion prevention, enforced desktop anti-virus, content filtering, wireless security and more. For more information and product details, please visit our online store