Enterprise customers looking to rapidly deploy a single inexpensive box to extend firewall and VPN protection to small offices now have new options from Nokia.
Nokia will this month ship three new members of its IP line of Internet VPN appliances, two for 10- to 15-user offices, the IP51 and IP55, and one for 50- to 500-user offices, the IP530. These offerings join three appliances Nokia offers for larger sites.
The company also is introducing acceleration devices to off-load the processing of Secure Sockets Layer security with the idea of speeding up the e-commerce transactions that SSL is often used to protect.
The combination firewall/VPN appliances are meant to simplify setting up VPNs. Rather than installing VPN and firewall software on a router or server at each site, companies can deploy these boxes fully configured. They can be installed quickly with relatively little involvement of IT staff, Nokia claims. Analysts say the new devices will help Nokia compete with VPN vendors such as NetScreen and WatchGuard and network giants Cisco and Nortel.
All three devices provide a firewall to protect the Internet access links at branch offices and establish IP Security-based, encrypted tunnels to other corporate sites. To handle those functions, Nokia adds Check Point Firewall-VPN-1 software to its dedicated VPN hardware.
The IP51 is designed to sit between a WAN router and the branch-office LAN, and has two Ethernet connections for those links. The IP55 has its own asymmetric DSL port, so it can be directly connected to an ADSL Internet service and act as the WAN router, Nokia says.
The IP530 would sit between a WAN router and a LAN, consisting of four Ethernet ports. Typically, one would connect to the router, two to LAN devices and one to corporate devices that are outside the firewall, such as Web servers, Nokia says. The IP530's firewall supports 50M bit/sec throughput, and the device can encrypt using Triple-DES encryption at the same speed.
"These devices let corporations afford much more rigorous and uniform security policies, whereas before you had to make cost-benefit trade-offs. You weren't going to protect a US$50-a-month DSL connection with a $30,000 firewall. With this type of device you don't have to make these Solomon-like decisions," says John Lawler, an analyst with Infonetics.
To achieve this firewall speed, the IP530 uses a new feature of Check Point's software called Secure XL, says Dan McDonald, vice president and general manager of Nokia's Internet devices division.The firewall checks the source and type of traffic of each packet up to Layer 7 of the Open Systems Interconnection model until it identifies TCP/IP sessions that are authorized to pass through. It then updates a connection table that can screen subsequent packets by parsing them only to Layer 3, McDonald says.
That can make the firewall three times faster using the same hardware, he says.
The IP55 costs $1,295, the IP51 costs $895 and the IP530 costs $16,995.
Nokia also introduced Nokia CA200 and CA600 SSL accelerators. These devices handle SSL-processing Web servers, improving the transaction speed of SSL-protected sites.
These devices employ clustering and load-balancing technology Nokia acquired with the purchase of Network Alchemy last year.