|
|
|
|
|
|
| ISP Resources |
| ISP-Lists ISP Glossary ISP News The List ISPCON Events Free Newsletters |
|
|
|
||
| internet.commerce | ||
|
Partner With Us |
RFP Series: VPN for Broadband SMBs
| NetScreen Technologies: Develops ASIC-based Internet security appliances and systems that deliver firewall, VPN and traffic shaping functionality to data centers, service providers and enterprises. |
|
|
|
|
| Table of Contents: | |
Introduction
We are pleased to propose our security systems to help IPRVnet create
the following services. NetScreen Technologies develops ASIC-based Internet
security systems and appliances that deliver high performance firewall,
VPN and traffic shaping functionality to Internet data centers, service
providers and enterprises. This approach offers customers award-winning
performance, scalability, and manageability in one comprehensive security
solution.
Solution
Sets:
Low tech small office:
We recommend a NetScreen-5 Elite for a population of 10 to 25 on-site
employees. The NetScreen-5 Elite:
- Protects an unlimited number of devices in the Trusted Network.
- Allows any of these devices to access the Internet in non-VPN mode up to a limit of 1,000 concurrent sessions.
- Allows up to 10 VPN tunnels to be pre-configured and shared by any number of users.
- Acts as a DHCP client with or without PPPoE authentication on the Untrusted Port and NATs that address for use in the Protected Network.
- Acts as a DHCP Server on the Trusted Port, allowing users to have DHCP assigned or hard coded addresses and other parameters.
- The NAT function also allows assigning public addresses to servers that need to be accessed by public users.
- Capital cost for NetScreen-5 is $995.
- Average time to create a typical configuration from scratch: 1 to 2 hours.
High tech dot-com:
For a population of 50 employees, of which several are teleworkers and
road warriors, a NetScreen-10 should be used. It:
- Protects an unlimited number of devices in the Trusted Network.
- Allows any of these devices to access the Internet in non-VPN mode up to a limit of 4,000 concurrent sessions.
- Allows up to 100 VPN tunnels to be pre-configured and shared by any number of users.
- Allows one DMZ network.
- Capital cost for NetScreen-10 is $3995.
- Average time to create a typical configuration from scratch: 2 to 4 hours.
Distributed Mid-sized business:
Proposed solution - Population: 200 employees total, 100 at head-office,
4 Branch offices, 50 mobile. The requested solution is NOT an ASP/MSP
HOSTED service. Therefore all equipment will be CPE but will be managed
remotely by the provider as an MSSP.
The existing Head-office firewall maybe replaced by a new hardware VPN/firewall device in order to homogenize the management structure. The financial savings in software updates and support for subsequent years will most likely pay for the purchase of a new generation, NetScreen hardware based firewall.
Having a NetScreen firewall at Head-Office will also allow the branch offices to use smaller VPN/firewall devices (such as the NetScreen-5) since will be able to restrain their concurrent VPN tunnels to 10 or less by using the NetScreen Hub & Spoke VPN system.
- Hub & Spoke Design: The Hub &
Spoke system allows any NetScreen firewall to act as a relay for VPN
sessions established between this hub and two IKE IPSec compliant VPN
devices. For example, this Hub can be used to relay a VPN from a branch
office to a B2B partner who is using some other type of device.
The NetScreen Hub actually encrypts and decrypts the data, allowing the Hub to further apply security rules, in case the source or destination are not under the customer's control (for example: between an employee using VPN client and a B2B partner). Since the NetScreen can handle very high encryption rates, it can handle the extra load of encrypting and decrypting the relayed data.
- Branch Office equipment solutions: Assuming
an even distribution of 25 users per Branch-Office, the NetScreen?5
Elite should provide the performance needed for all their needs. These
are:
- An unlimited number of concurrent users can access the Internet in NAT mode, with a maximum of 1,000 concurrent sessions. 2)
- Up to 10 VPN tunnels can be established, one of which should be used to connect all users to the Head-Office in VPN mode. The other 9 VPNs could be used for B2B or remote access from these users.
- NetScreen appliance devices provide Traffic Shaping to control bandwidth allocation between sessions based on a variety of factors such as session types, source, destination, time and so on. This assures that Internet access and file transfers will not impeded interactive core business traffic.
|
The Head-Office NetScreen should be setup in High Availability mode. So a second NetScreen-100 should be delivered. There is no extra cost for the Hot Standby HA feature. | |||||||||||||||||||
| NetScreen Technologies RFP: | |
|
|
| Best of ISP-Planet | ||
|---|---|---|
|
ISP-Planet
Guide
ISP-Planet's Principal Studies Directories:
Q2 2008 Top U.S. ISPs by Subscriber (Updated 08/29/2008)
ISP-Planet's Blogroll | ||
ISP-Planet's
RSS feed
Jupitermedia Corporation has two divisions: Jupiterimages and JupiterOnlineMedia
Legal Notices, Licensing, Reprints, Permissions, Privacy Policy.
Advertise | Newsletters | Tech Jobs | Shopping | E-mail Offers