Stonesoft is delighted Exmos has agreed to sell our advanced network security platform and integrated appliances.
At Stonesoft we only work with a limited number of ambitious partners like Exmos, who are able to share our commitment to solid business strategies as well as long term commercial success.
We are entirely confident that the StoneGate technology will quickly meet and exceed the real-life challenges faced by Exmos' customers seeking to secure their information flow and future business continuity.
E spent a considerable amount of time evaluating not only the Stonegate firewall, but also Stonesoft as a potential partner. Having elected
to trial the equipment and been impressed with the initial outcome, it was clear that this solution was considerably different from the more
typical web managed firewalls we tend to see in the field today.
The next nine months were spent working on how we intended to configure and deploy our Stonegate solution. During that time we transitioned
it from our test environment to running our live network. That in itself showed how much we were becoming impressed with the platform as
our Internet connection is our main communication medium with all of our customer sites. We had a considerable number of VPN links to
reconfigure and we immediately became dependent on the Stonegate working to plan.
During this time, we were gaining valuable experience in running Stonegate and the Stonegate Management Console (SMC) in a real-world environment. It also gave
us the opportunity to make mistakes and deal with problems which then had to be resolved with the urgency that a live system dictates. With a test only
system it is too easy to "leave it until later". By the time we came to deploy our first customer installation, we were extremely comfortable with what
we were doing.
Multiple Internet Links
Being able to provide multiple Internet links for our customers was the key driver. We saw many manufacturers who could do two, but in a fairly
simplistic fashion. This was typically a round-robin configuration, a second link that became active once the first link reached a certain utilisation,
or a second link that became active when the first failed.
What we were after was the ability to connect literally as many links as we required and a device that was agnostic when it came to the type of link. In other words,
a firewall that would happily work with ADSL, SDSL, cable, leased line and any others (metro Ethernet, satellite, 3g etc). We wanted the ability for all of these links
to be operational at the same time, with traffic being load balanced across them.
For every Internet request, the Stonegate will determine the fastest interface to use based on the amount of traffic already being utilised on the links
and which has the fastest route to the server that will handle the request.
The Stonegate firewall allows us to do exactly that. We have solutions running today that are a mix of ADSL, SDSL, leased line and metro Ethernet.
Where we have sites linked by VPN and Stonegate firewalls at each site, we are able to mesh the VPNs across each of the Internet links. The Stonegate
allows detailed control of which links we want to participate and then simplifies the configuration effort. Even a scenario where we have a different number of
links at each site is allowed. For example, a head office with two ADSL lines and a branch office with three ADSL lines can be meshed so VPN traffic can
run between any of the five endpoints.
The same load balancing functionality exists across the mesh VPN, meaning every request will utilise the fastest permutation of links available.
Having faster links is not the final solution to the problem. It is still relatively easy for multiple web downloads to saturate a broadband line. The same goes for
large e-mail transmissions and particularly those inbound where there is no visibility within the organisation to even know it is arriving.
Traffic Shaping (or Quality of Service - QoS) is the ability to prioritise the different type of network traffic. Typically we want to make e-mail a lower priority and then grant
a higher priority to traffic such as web (if that is appropriate) or more likely traffic such as Citrix or Terminal Services.
The Stonegate takes this a level further and does not force us to permanently allocate bandwidth to each of these categories. If there is no other traffic on the link, then e-mail
can have all the bandwidth available. It is only when the higher priority traffic starts being used that the e-mail traffic is slowed down.
Centralised Management Console
Managing a large number of firewalls where we have to individually remote to each device and logon to the web interface quickly becomes unmanageable. The
Stonesoft SMC allows us to manage all of these firewalls from a central console and server on our network. Configurations are built using the SMC and then
pushed to the appropriate firewall once completed. Rule scenarios can be modelled before deployment. If a configuration stops the firewall from communicating
back to the SMC, it will automatically revert to the prior configuration.
Detailed Traffic Logging
Having a detailed insight into the type of traffic passing through the firewall is a necessity both in terms of arriving at a good configuration and
also troubleshooting issues. Stonegate allows both a real-time view on traffic plus it keeps a historical database. All of this traffic can be filtered
and reported on.
We can take multiple firewalls and cluster them in an active-active, load balanced configuration. All the firewalls in the cluster manage all the links,
so loss of an appliance does not mean loss of any of the links.
Robust Firmware Updates
Firmware updates have always been a difficult element of managing firewalls. If the firmware update fails, we often end up being unable to
communicate with the device. With early firewall appliances, this involved a return to the manufacturer. Newer ones allow a factory reset, but
this means they then have to be re-loaded with their configuration - which obviously cannot be done remotely as the firewall is no longer operational.
Stonegate firmware updates can be pushed from the management console. If the update fails, the firewall will automatically revert to the prior firmware,
prior known good configuration and re-contact the management console.
In a cluster configuration, individual nodes of the cluster can be updated independently of the others. This means in mission critical environments, there
is no loss of connectivity at all during firmware updates. For a single firewall environment, the firewall will be offline for a few minutes while it
reboots after the update.