Enterprise customers looking to rapidly deploy a single inexpensive box to extend firewall and VPN protection to small offices now have new options from Nokia Corp.
Nokia this month will ship three new members of its IP line of Internet VPN appliances, two for 10- to 15-user offices, the IP51 and IP55, and one for 50- to-500-user offices, the IP530. These offerings are in addition to three earlier appliances designed for larger sites. The company also is introducing acceleration devices to off-load the processing of Secure Sockets Layer security with the idea of speeding up the e-commerce transactions that SSL is often used to protect.
The combination firewall/VPN appliances are meant to simplify setting up VPNs. Rather than installing VPN and firewall software on a router or server at each site, companies can ship these boxes fully configured. They can be installed quickly with relatively little involvement of IT staff. Analysts credit Nokia with holding a lead in sales of these appliances, which are also made by VPN specialist vendors such as NetScreen and WatchGuard and network giants Cisco and Nortel.
All three devices provide a firewall to protect the Internet access links at branch offices and establish IP Security-based, encrypted tunnels to other corporate sites. To handle this, Nokia adds Check Point Firewall-VPN-1 software to its dedicated VPN hardware.
The IP51 is designed to sit between a WAN router and the branch-office LAN, and has two Ethernet connections for those links. The IP55 has its own asymmetric DSL port, so it can be directly connected to an ADSL Internet service and act as the WAN router, Nokia says.
The IP530 would sit between a WAN router and a LAN, consisting of four Ethernet ports. Typically, one would connect to the router, two to LAN devices and one to corporate devices that are outside the firewall, such as Web servers, Nokia says. The IP530's firewall supports 50M-bit/sec throughput, and the device can encrypt using Triple-DES encryption at the same speed.
"These devices let corporations afford much more rigorous and uniform security policies, whereas before you had to make cost-benefit trade-offs. You weren't going to protect a US$50-a-month DSL connection with a $30,000 firewall. With this type of device you don't have to make these Solomon-like decisions," says John Lawler, an analyst with Infonetics.
To achieve this firewall speed, the IP530 uses a new feature of Check Point's software called Secure XL, says Dan McDonald, vice president and general manager of Nokia's Internet devices division. The firewall checks the source and type of traffic of each packet up to Layer 7 of the Open Systems Interconnection model until it identifies TCP/IP sessions that are authorized to pass through. It then updates a connection table that can screen subsequent packets by parsing them only to Layer 3, McDonald says. That can make the firewall three times faster using the same hardware, he says.
The IP55 costs $1,295, the IP51 costs $895 and the IP530 costs $16,995.
Nokia also recently introduced Nokia CA200 and CA600 SSL accelerators. These devices handle SSL-processing Web servers, improving the transaction speed of SSL-protected sites. These devices employ clustering and load-balancing technology Nokia acquired with the purchase of Network Alchemy last year.