This tip is part of SearchSecurity.com's special Integration of Networking and Security School. For additional information on remote office security, visit our Securing your first remote office: Solutions for less than $10,000 lesson page.
There are several vendors that offer managed network services appliances for remote offices, which are often called Unified Threat Management (UTM). These products typically include a firewall, VPN and intrusion detection features, along with antivirus screening tools and an assortment of other security measures. That covers a lot of ground, and this technical tip demonstrates what is involved in configuring and maintaining this type of protection using firewall/VPN appliances from Check Point Software Technologies, SonicWall and Fortinet.
What the three products have in common is some form of managed network services offering, so that they can update their features, antivirus signature files and patches without any IT intervention. A monthly subscription fee is required for this service, but in turn there's no need to worry about maintaining these boxes.
Check Point has its Safe@Office brand of appliances that are offered for the SMB space, which advantageously run similar software to the larger Check Point firewalls. That can be helpful if your remote office has its own RADIUS authentication server, because it can be set up to use that same directory for network authentication. Check Point recently announced the UTM-1 appliance for larger enterprise customers. The other two vendors started their businesses in the SMB arena and are working their way up to offer products for larger enterprises.
Taking a look at the setup routines, SonicWall has one of the easiest ones, with several wizards that walk you through the basics, including a setup wizard that has a mandatory password change. It looks like the screen below.
The Check Point main services screen is shown below. You can see at a glance the particular service, whether the subscription is active or not, and if the box is connected to the managed services controller back at Check Point headquarters.
Fortinet has something similar, but places it on the main status screen as shown below. This provides information on the various subscriptions (and more importantly, when they expire), firmware version of the box and some summary usage statistics too. Also useful is the icon at the top of the screen that indicates the port status of the box; in our case, nothing is connected to it other than the WAN port, but if PCs were connected, these ports would be illuminated. There is also a command-line console window at the bottom of the screen shot which users can type in.
SonicWall's main status screen is shown below, and it has less information than Fortinet's, with basic information about ports, subscriptions and alert messages.
SonicWall has a separate services screen that goes into more detail about each managed network service, and it looks like the screen shown below, where license counts and the subscription period are enumerated.
Each of the three products has an intrusion detection and prevention subsystem that requires a fair amount of work to set up and maintain. Check Point calls its product Smart Defense and has a detailed series of configurations that cover the usual threats by protocol type, as shown below.
Fortinet has something similar with its IPS, with a long list of attack vectors and radio buttons to enable/disable them. SonicWall separates its IPS and IDS. The IPS looks like the following, with a long list of potential exploits for which you can enable detection.
Its IDS subsystem is in a separate location, and looks like the following screen.
Lastly, there are some other configurations that are required, such as setting up antivirus or antispyware features. Check Point's antivirus setup screen is fairly simple and looks like the following screen.
SonicWall has a more complex configuration for its antispyware. You can choose various threat levels, particular protocols to scan (such as Web, FTP or the various email protocols), and set up various antispyware policies for its scanner to check, as shown by the screen below.
Fortinet includes the ability to scan instant messaging traffic on its box, and setting that up will take you to the screen shown below. You can automatically allow or block one of the three major IM vendors (AOL, Microsoft and Yahoo) and set up policies for particular users as well. This is something that is often found in much more expensive products and can be a useful security tool.
About the author:
David Strom is one of the leading experts on network and Internet technologies and has written extensively on the topic for nearly 20 years. He has held several editorial management positions for both print and online properties, most recently as Editor-in-Chief for Tom's Hardware. In 1990, Strom created Network Computing magazine and was the first Editor-in-Chief establishing the magazine's networked laboratories. He is the author of two books: Internet Messaging (Prentice Hall 1998) which he co-authored with Marshall T. Rose and Home Networking Survival Guide (McGrawHill/Osbourne; 2001). Strom is a frequent speaker, panel moderator and instructor and has appeared on Fox TV News Network, NPR's Science Friday radio program, ABC TV's World News Tonight and CBS-TV's Up to the Minute.