Nokia IP265 Security Guide - Page 4

2 NOKIA VPN APPLIANCE 2.1 Overview The Nokia VPN Appliances are IP security platforms designed to provide a secure, reliable, and manageable integrated security solution for secure Internet communication and access control for networks. The security platforms combine the security-hardened operating system, IPSO, with the market-leading Check Point VPN-1 firmware suite on a purpose-built security hardware platform. As network devices, the Nokia VPN Appliances support a comprehensive suite of IP-routing functions and protocols, including RIPv1/RIPv2, IGRP, OSPF and BGP4 for unicast traffic and DVMRP for multicast traffic. Some highlighted security features of the Nokia VPN Appliances are: • Read/write and read-only access modes • Screening of all incoming communications to ensure authorized user access • SSH-secured remote management of the modules (IPSO) • SSHv1 and SSHv2 supported • TLS-secured remote management of Check Point applications • Secure VPN between subsystems • Multiple layers of authentication required when accessing the remote management interface for IPSO The Nokia VPN Appliances are rack mounted devices that are differentiated through their internal CPU processors and performance levels. The modules are designed to efficiently support real-world, mixed traffic solutions. As VPN platforms, all modules greatly accelerate the embedded Check Point VPN-1/FireWall-1 performance by using the Nokia Firewall Flows. VPN performance is enhanced through the use of internal hardware cryptographic acceleration. The following chart illustrates the performance differences of the modules covered by this Security Policy: Model IP260 IP265 IP1220 IP1260 CPU Type Celeron Celeron Xeon Xeon Firewall Speed 272Mbps 272Mbps 2.2Gbps 3.9Gbps VPN Speed (AES, TDES) 113Mbps 113Mbps 1.2Gbps 1.7Gbps © Copyright 2005, 2006, 2007 Nokia Page 4 of 43 This document may be freely reproduced and distributed whole and intact including this Copyright Notice.