Firewalls & VPN

Management Overview

A firewall is a security device that sits on the perimeter of your network and protects it from undesirable access from the outside. Typically they are used to protect an organisation's internal network (or LAN) from the Internet. With the current state of the Internet, they are no longer seen as the only security requirement, but they are probably the most important one.

An unprotected computer placed on the Internet with no firewall will typically become infected with malware in as little as ten minutes. A computer sitting behind a poor quality or badly configured firewall will typically not last much longer.

Multiple Internet Links

More and more organisations are starting to question the validity of operating with just a single broadband link. Broadband has very much transitioned from being an innovative technology with a bit of novelty factor into a business critical component. At the same time, demand for bandwidth has easily outstripped the capabilities of the ISPs in the UK to supply. Many ISP networks are struggling to grow to meet the demand, so they resolve this by things such as Acceptable Use Policies and traffic throttling. While ADSL broadband is ultimately at the mercy of the BT network, our experience of network issues tends to fall into the ISP networks rather than with the BT exchanges (although they do have their problems from time to time).

On top of this, the current economic climate is casting shadows on some ISPs and whether they will be able to survive the credit crunch.

Many businesses are therefore concerned that a single broadband line is a significant risk. Many aspects of business today will suffer considerably with the loss of Internet connectivity. While some businesses are lucky enough to have other providers available for a different type of Internet connection (e.g. cable modem), even being able to have multiple ADSL lines but with different ISPs helps to share the risk and considerably reduce the likelihood of being completely disconnected.

The cost of additional broadband lines (whether ADSL, cable etc) is sufficiently low that most businesses would not give it a second thought. Unfortunately it is not as simple as plugging additional routers or firewalls onto the local network. Instead, these broadband routers need to all sit behind a single firewall, which is the single entry/exit point from the local network.

Exmos recognised this pattern several years ago and started looking for a solution. While our then current firewall technology could handle two Internet links, it was not done in a particularly clever way and did not give the best utilisation of the links. In essence it was very early days of equipment that could provide this type of function and we were working with the first generation solution from the manufacturer.

We also felt that while two links were obviously better than one, in reality it was not going to be sufficient and we would soon be looking for something to handle three links and more.

There were also companies starting to look at how broadband could be used not only as a failover for their leased lines, but as a mechanism to give a low cost boost in bandwidth. In other words, not just to be used when the leased line failed, but to share the load with the leased line.

After considerable market research, equipment demonstrations and evaluations, we selected the Stonegate firewall from Stonesoft and subsequently became a partner. These devices allow any number of Internet connections across any mix of connectivity types. The traffic is load balanced across all these lines, ensuring that money is not being spent on lines that are lying idle except in an emergency. The majority of our customers use our fixed price managed firewall service to run these devices, alleviating them of acquiring the skills in-house to look after the devices.

Find out why Stonesoft was a clear winner.