secure gateway – firewall - verizon enterprise solutions€¦ · 3 agenda • the customer...
TRANSCRIPT
Secure Gateway Firewall provided by Verizon Business Services. All services may not be available in all areas.
© 2006 Verizon. All Rights Reserved.
Secure Gateway – FirewallSecure Gateway – Firewall
2
The Verizon names and logos and all other names, logos, and slogans identifying Verizon’s products and services are trademarks and service marks or registered trademarks and service marks of Verizon Trademark Services LLC or its affiliates in the United States and/or other countries. All other trademarks and service marks are the property of their respective owners.
PROPRIETARY STATEMENT
This document and any attached materials are the sole property of Verizon and are not to be used by you other than to evaluate Verizon’s service.
This document and any attached materials are not to be disseminated, distributed, or otherwise conveyed throughout your organization to employees without a need for this information or to
any third parties without the express written permission of Verizon.
3
AgendaAgenda
• The customer environment:
– Business objectives
– Business challenges
• Verizon solution:
– Secure Gateway – Firewall
• The Verizon difference
• Summary and next steps
Secure Gateway Firewall provided by Verizon Business Services. All services may not be available in all areas.
© 2006 Verizon. All Rights Reserved.
Section 1Section 1
The Customer Environment
5
Business ObjectivesBusiness Objectives
• Reduce operating expenses
• Increase operational efficiency
• Establish a flexible, scalable, and robust Internet service
• Implement an integrated private and public network
• Ensure network stability and predictability
6
Business ChallengesBusiness Challenges
• Minimal technical expertise at remote locations
• Lack of standardized public network access
• Absent or minimal centralized protection against security threats
Secure Gateway Firewall provided by Verizon Business Services. All services may not be available in all areas.
© 2006 Verizon. All Rights Reserved.
Section 2Section 2
Verizon Solution: Secure Gateway – Firewall
8
• Minimal technical expertise at remote locations
• Lack of standardized network access
• Absent or minimal centralized protection against security threats
• Help reduce operating expenses
• Increase operational efficiency
• Establish a flexible, scalable, and robust Internet service
• Implement an integrated private and public network
• Help ensure network stability and predictability
Challenges Objectives
Verizon Secure Gateway –
Firewall
Overcoming Challenges to Meet ObjectivesOvercoming Challenges to Meet Objectives
9
InternetInternetVerizon Verizon
IP NetworkIP Network
Secure Gateway – Firewall Secure Gateway – Firewall
Customer Network 1
Customer Network 3
Trunks to UUNET
NBFW PVC
HR Routers
Protected Path Through Secure Gateway
NBFW
Secure Gateway
Customer Network 2
Verizon Frame Relay/ATM/Private IP
Verizon Frame Relay/Verizon Frame Relay/ATM/Private IPATM/Private IP
10
Secure Gateway Port: NRC/MRC
Private Network:NRC/MRC
• 64K to 3 MB standard (ICB above 3 MB)
• Dual Secure Gateway port/gateway provisioned (network service redundancy) for additional charge
Standard rates for Private IP, Frame Relay, and ATM apply
Secure Gateway – Firewall U.S. Pricing – One Component + Private Network
Secure Gateway – Firewall U.S. Pricing – One Component + Private Network
Secure Gateway Firewall provided by Verizon Business Services. All services may not be available in all areas.
© 2006 Verizon. All Rights Reserved.
Section 3Section 3
The Verizon Difference
12
Benefit Feature Challenge Addressed Objective Met
Provides Verizon Frame Relay, Provides Verizon Frame Relay, Private IP, and ATM customers Private IP, and ATM customers with the ability to securely with the ability to securely access the public network access the public network (Internet)(Internet)
LowLow--cost firewall optioncost firewall option
Verizon NOC provides 24x7 Verizon NOC provides 24x7 management, monitoring, and management, monitoring, and support for HWC and VPNsupport for HWC and VPN
Helps protect network from Helps protect network from common attackscommon attacks
Can help eliminate costly Can help eliminate costly redundant circuitsredundant circuits
No onNo on--site technical site technical resources neededresources needed
Secure Gateway – Firewall Overcoming Challenges to Meet Objectives
Secure Gateway – Firewall Overcoming Challenges to Meet Objectives
Centralizes networkCentralizes network--based firewall servicebased firewall service
Utilizes firewall located Utilizes firewall located in the Verizon networkin the Verizon network
Verizon monitors, Verizon monitors, maintains, and manages maintains, and manages the networkthe network--based based firewall platform (not firewall platform (not rulerule--sets)sets)
Provides protection Provides protection from many types of from many types of network threatsnetwork threats
Internet Access Internet Access for Verizon Private for Verizon Private Network customersNetwork customers
NetworkNetwork--based servicebased service
Lack of standardized network accessLack of standardized network access
Absent or minimal centralized Absent or minimal centralized protection against security threatsprotection against security threats
Minimal technical expertise Minimal technical expertise at remote locationsat remote locations
Absent or minimal centralized Absent or minimal centralized protection against security threatsprotection against security threats
Lack of standardized network accessLack of standardized network access
Minimal technical expertise Minimal technical expertise at remote locationsat remote locations
Bring stability and predictability Bring stability and predictability to the corporate network (WAN) to the corporate network (WAN) environmentenvironment
Absent or minimal centralized Absent or minimal centralized protection against security protection against security threatsthreats
Can help reduce expenses and Can help reduce expenses and ensure network stability and ensure network stability and predictabilitypredictability
Can help ensure network Can help ensure network stability and predictabilitystability and predictability
Provides an integrated solution Provides an integrated solution for private and public network for private and public network connectivity, can help reduce connectivity, can help reduce expenses, and establish a expenses, and establish a flexible, scalable, and robust flexible, scalable, and robust Internet serviceInternet service
Can help reduce expenses and Can help reduce expenses and increase operational efficiencyincrease operational efficiency
13
YesYesYesYesUDP floodingUDP flooding
YesYesYesYesFragmentation attacksFragmentation attacks
YesYesYesYesIPIP--spoofing attacksspoofing attacks
YesYesYesYesTCPTCP--based attacksbased attacks
YesYesYesYesICMP attacksICMP attacks
VariesVariesNoNoIntrusion detectionIntrusion detection
VariesVariesNoNoReportingReporting
Centralized or distributedCentralized or distributedCentralizedCentralizedManagementManagement
Firewall at central site Firewall at central site
or local firewalls at remote sitesor local firewalls at remote sitesNone RequiredNone RequiredCPECPE
Requires individual firewalls at each remote Requires individual firewalls at each remote
location or centralized firewalllocation or centralized firewallSecure Gateway portSecure Gateway port
(cost determined by bandwidth)(cost determined by bandwidth)CostCost
Verizon CPE-BasedFirewall
Verizon SecureGateway – Firewall
How Is Secure Gateway – Firewall Different From CPE-Based Firewall Service?How Is Secure Gateway – Firewall Different From CPE-Based Firewall Service?
14
Secure Gateway – Firewall Case Study: Seafood Processor/Distributor
Secure Gateway – Firewall Case Study: Seafood Processor/Distributor
• Customer requirements:
– Network standardization
– Prioritize traffic for a future implementation of VoIP
– Obtain secure centralized Internet access to a specified subset of their end-users
– Eliminate circuit and service redundancy
• Verizon solution:
– Private IP network
– Secure Gateway – Firewall
Summary: Secure Gateway – Firewall Solves Business ChallengesSummary: Secure Gateway – Firewall Solves Business Challenges
• Secure access to the Internet
• Centralized protection against security threats
• Reduced network costs
Secure Gateway Firewall provided by Verizon Business Services. All services may not be available in all areas.
© 2006 Verizon. All Rights Reserved.
Section 4Section 4
The Verizon Difference
Secure Gateway Firewall provided by Verizon Business Services. All services may not be available in all areas.
© 2006 Verizon. All Rights Reserved.
Section 5Section 5
Appendix• Pricing • Details on NAT Functionality With SIG
• Firewall Configurations • Details on DDoS Policy
• Details on Firewall Rules
18
$1,300.00$1,300.00$200.00$200.003,072 3,072 NANANANA2,048 2,048
$650.00$650.00$200.00$200.001,536 1,536
$450.00$450.00$100.00$100.001,024 1,024
$420.00$420.00$100.00$100.00768 768
$360.00$360.00$100.00$100.00512 512
$310.00$310.00$100.00$100.00384 384
$250.00$250.00$100.00$100.00256 256
$170.00$170.00$100.00$100.00128 128
$150.00$150.00$100.00$100.0064 64
MRCNRC
Secure Gateway portSecure Gateway portPort Speed (KB)Port Speed (KB)
U.S. Secure Gateway Port Pricing (MBS II, MBS I, and Pre-MBS)
Note: 4680 Kbps to 15,360 Kbps Secure Gateway ports are available after obtaining an approval from Capacity Planning. Minimum one-year term required.
Early termination fee applies. Please see your Verizon account manager for complete details.
Pricing was effective July 2005 and subject to change without notice. Excludes taxes and surcharges.
Secure Gateway – Firewall Secure Gateway Port Pricing
Secure Gateway – Firewall Secure Gateway Port Pricing
19
InternetInternet
Customer Network
Secure Gateway – Firewall Standard Configuration
Secure Gateway – Firewall Standard Configuration
Frame Relay or ATM Link
NBFW PVCTrunks to
UUNET
HR Routers
NBFW
Verizon Frame Relay/
ATM/Private IP
Verizon Verizon Frame Relay/Frame Relay/
ATM/Private IPATM/Private IP
InternetInternet
Customer Network
Trunks to UUNET
HR Routers
NBFW
Customer’sPVC to Private IP
Link to Private IP
Verizon Frame Relay/
ATM/Private IP
Verizon Verizon Frame Relay/Frame Relay/
ATM/Private IPATM/Private IP
Verizon Verizon
IP NetworkIP Network
Verizon Verizon
IP NetworkIP Network
20
Customer Network
Customer Network
Secure Gateway – Firewall Redundancy Configuration
Secure Gateway – Firewall Redundancy Configuration
NBFW 1
NBFW 2
NBFW 2
NBFW 1
InternetInternet
InternetInternetVerizon Frame Relay/
ATM/Private IP
Verizon Verizon Frame Relay/Frame Relay/
ATM/Private IPATM/Private IP
Verizon Frame Relay/
ATM/Private IP
Verizon Verizon Frame Relay/Frame Relay/
ATM/Private IPATM/Private IP
Verizon Verizon
IP NetworkIP Network
Verizon Verizon
IP NetworkIP Network
21
Verizon Frame Relay/
ATM/Private IP
Verizon Verizon Frame Relay/Frame Relay/
ATM/Private IPATM/Private IP
Verizon Frame Relay/
ATM/Private IP
Verizon Verizon Frame Relay/Frame Relay/
ATM/Private IPATM/Private IP
Customer Network
Customer Network
Secure Gateway – Firewall Redundancy Configuration (cont’d)
Secure Gateway – Firewall Redundancy Configuration (cont’d)
NBFW 2
NBFW 1
Trunks to UUNET
Frame Relay or ATM Link
NBFW 1
NBFW 2
Trunks to UUNET
HR Routers
HR Routers
Verizon Verizon
IP NetworkIP Network
Verizon Verizon
IP NetworkIP Network
InternetInternet
InternetInternet
25
Details on Network Address Translation (NAT) ServicesDetails on Network Address Translation (NAT) Services
26
Details on NAT/PAT Translations and Mapping FeaturesDetails on NAT/PAT Translations and Mapping Features
PC 10.10.10.1.80
PC 10.10.10.2.8080
PC with any 10.10.10.x.23
SMTP Server10.10.10.43.25
orPublic Address
Assigned to Customer Previously
PrivateAddresses
NBFW/NAT
66.200.243.146
66.200.243.146
10.10.10.1.8translated to
66.200.243.145.105
10.10.10.2.8080translated to
66.200.243.145.9189
10.10.10.x.2343.25mapped to
66.200.243.146.25
10.10.10.x.23translated to
66.200.243.145.245
InternetInternetVerizon
Frame Relay/ATM
Verizon Verizon Frame Relay/Frame Relay/
ATMATM
WWW
FTP
SMTP Servers