By
Tim Greene
Network World, 08/26/02
MOUNTAIN VIEW, CALIF. - Nokia
is bolstering its IP family of firewall-VPN
appliances to make it possible to use a single chassis to
create a range of firewall and VPN security domains, reducing
the need for multiple devices or buying a bigger box than is
really needed.
The new products, based on
the same two-slot chassis, comes standard with four 10/100M
bit/sec Ethernet ports for separate security zones, but can be
expanded to support either six or eight Ethernet ports by
adding two-port cards. So a user who needs six ports can buy
the chassis with one card. The alternative would be to buy two
boxes that have three or four ports each, or buy an eight-port
appliance that would have two unused ports.
Competitor NetScreen
Technologies has two fixed-configuration devices, the
NetScreen 204 with four ports and NetScreen 208 with eight,
but nothing in between.
Nokia's new rack-mountable
hardware comes in two models: the IP 350 and IP 380. Other
appliances in the IP family, such as the IP 330, have only three
Ethernet ports standard.
This is important to
Countrywide Home Loans, which has beta-tested the new equipment.
The company wants to keep traffic in isolated zones so only
authorized users can get at it. The alternative would be to add
more appliances, says Ken Quan, Countrywide's vice president of
network computing. "These have more Ethernet interfaces
than the IP 330 so I can segregate traffic into [demilitarized
zones]. It is more price-efficient," he says.
The devices sit in corporate
networks connected to a LAN and to dedicated Internet links, and
act as a firewall or VPN gateway or both.
Nokia says the IP 350 and IP
380 are designed to support VPNs and firewalls for corporate
offices with 100 to 250 users. They run VPN-1/Firewall-1
software made by Check Point Software. Throughput on the IP 350
is 375M bit/sec for the firewall and 60M bit/sec for Triple-DES
encryption. On the IP 380, the speeds are 600M bit/sec for the
firewall and 90M bit/sec for the VPN. A hardware upgrade is
available for the IP 380 that boosts the encryption to 130M
bit/sec.
These speeds are more than
ample to protect Internet access links of the size that is
likely to be used at branch offices with 250 users, and the
extra processing power might seem like overkill, particularly
the IP 380 with the expansion card.
This power becomes necessary if
the device is used to run intrusion-detection software at wire
speed instead of firewall/VPN software. Both these devices can
run Internet Security Systems' RealSecure intrusion-detection
software, the speed of the IP 380 with the accelerator is 100M
bit/sec, enough to shield a 100M bit/sec LAN segment at wire
speed.
Few users would go out looking
specifically for a hardware platform that supports both
firewall-VPN and intrusion-detection software, says Zeus
Kerravala, an analyst with The Yankee Group. Those are separate
purchasing decisions, he says.
But Quan says that Countrywide
uses both firewall and intrusion-detection software running on
Nokia boxes, and that reduces the number of administration and
management platforms network engineers have to learn.
IP 350 costs $5,800 and the
base model of the IP 380 costs $10,000. They will be available
at the end of the month.
|
