Overview
Security is typically provided at many levels, with the highest level provided using Application Layer Gateways (ALG). This is important for the many protocols, including SIP, H.323, FTP etc. that use dynamic ports to establish connections between computers. While it is possible to leave a range of ports open so these connections can get through, it is far more secure to inspect the application packets and dynamically open only the ports requested by the application. Encryption is another important level of defense, providing much greater privacy of information traversing the network. Virtual private networks (VPN's) are being widely adopted as an extension of today's corporate network. The Converged Access Point (CAP) integrates multiple security functions in an all-in-one device that also includes advanced traffic monitoring and management services. Security functions include:- Managed Stateful Inspection (SPI) firewall
- ALG (Application Layer Gateway) Firewall identifies specific application level flows.
- IP Address Translation: NAPT
Logical, Service-based Integration
Normally an integrated solution reduces multiple devices or technologies to an individual chip, board or software system that is loaded into a single chassis. This physical integration provides the benefits of reduced cost, ease of operation, reduced complexity, etc. But the integration of traffic management, bandwidth expansion and security requires more that physical integration. Logical coordination of the different functions is also required. In the “single chassis” approach, each logical element still needs to be managed separately. In addition, the security device and the traffic manager each have its own classifier. This means that every packet is processed at least twice, adding latency to the system. This can affect mission-critical applications, particularly for remote offices that are served by a sub-T1 WAN link. In addition, monitoring and accounting of the traffic are typically separate. Data has to be reconciled separately in order to measure the efficiency of the system. With the fully integrated CAP solution, deployment is simplified with the ability to set one policy for both security and traffic management. Traffic is classified just once, eliminating the latency problem. In addition, the system can be configured using one console, while monitoring and accounting data are collected in the same place for faster and easier analysis of network performance.Integrated, Policy-based Configuration Management
Setting up a security device requires careful planning and meticulous execution. All the necessary rules need to be identified. The proper security settings must be applied to different hosts and applications. Converged Access has greatly simplified device set-up. Creating a security rule automatically creates the corresponding traffic management policy and vice-versa. This reduces the time to deploy devices, particularly at remote offices with minimal IT staff. This level of integration also reduces the time and complexity required to change security rules or traffic policies – easing management of a large, broadly distributed network of CAP devices.Other Products in this category:
|
Top
