Appliance Blends Firewall and VPN Technologies

Any discussion of the Internet as an integral part of the enterprise network begins and ends with security. Taking this into account, while also making provisions for the future of the Internet as a networking tool, Technologic Inc. introduces the latest version of its Interceptor Firewall Appliance.

Interest in finding new ways to incorporate the Internet as an efficient, inexpensive way to conduct e-business and facilitate network connectivity is on the rise. "More and more we're seeing customers interested in using the Internet, more so than simply providing their employees Internet access," says David Aylesworth, product manager for Technologic (Atlanta).

Technologic's Interceptor Firewall Appliance 3.6 perpetuates the company's vision of providing Internet services while maintaining airtight security. Version 3.6 has been designed to leverage the built-in capabilities of Windows 98 and NT to provide free virtual private networking (VPN) via Microsoft's Point to Point Tunneling Protocol (PPTP) standard.

"People are integrating VPN technology into firewalls, that's a trend that's been going on," Aylesworth says. Though VPN technology had at one time been separate from firewall technology, the integration of the two has served to streamline implementation and trim the cost of such an implementation for the consumer, according to Aylesworth. "They deal with a single vendor and a single management interface to do the things it makes sense to do at the gateway to your network."

The purpose of PPTP is to allow remote users to access their office networks without the expense of third-party client software, and to do so in a familiar, Windows-based environment. With PPTP, Technologic can support Microsoft's development of this technology for its operating system, according to Aylesworth. "With some products, the user will have to purchase and install client software on the workstations they want to use to tunnel in to the network remotely," he says. "With [the Interceptor Firewall Appliance], they can take advantage of functionality that's already built into their operating system."

"Organizations are increasingly realizing that VPN solutions with the Windows platform and PPTP are easy, affordable and secure," says Kevin Kean, group product manager for Windows NT server communications at Microsoft Corp. "This combination of features has made PPTP the leading protocol today for VPN solutions, and we are pleased that Technologic has chosen to offer an interoperable solution with PPTP support."

"We're going to see more and more things being added into firewalls," Aylesworth says. "One of the things we're doing with future versions of our product is integrating other technologies into the firewall. The reason for that is, TCP/IP networking isn't as simple as, for example LAN protocols -- like IPX and NetBEUI -- in the sense that it can be more complicated to manage a TCP/IP network. The only reason for using TCP/IP on your network is to connect to the Internet. That's the big reason today, anyway."

Technologic's goal is to incorporate other technologies that make TCP/IP simpler. "If we're forcing people to use TCP/IP, then why not incorporate all the other technologies like DNS [domain name system] and DHCP [dynamic host configuration protocol] into the product," Aylesworth says. The idea is to have Technologic's Internet gateway be the only product a user needs to meet all TCP/IP service and management requirements.

Technologic's capability to provide a complete firewall security solution while also facilitating remote network access is a significant factor in Ensco's plans to implement Interceptor Firewall Appliance 3.6 later this year. Ensco (Lincolnshire, Ill.) manages hazardous waste from locations throughout the United States. Ensco incinerates this waste using high-temperature rotary kilns, producing brime from the ashes. The brime is then sold to local oil companies and can be used as a type of cement for their drilling.

The decision to implement the firewall appliance was driven by Ensco's plans to have its users and clients access data via the Internet, according to Brian Bricker, the company's computer operations manager for AS/400 and telecommunications. "Once the users access the system, they will be able to input criteria or parameters via the Internet for the information they are requesting," he says.

When the system is up and running, the Interceptor Firewall Appliance will serve as the first link in from the Internet, according to Chance Evans, a member of the computer operations user support staff.

The new Interceptor Firewall Appliance will be used to protect Ensco's AS/400s -- a Model 620 running local production and a Model 170 running Domino, both on V4R2 of OS/400. In addition to its J.D. Edwards OneWorld software for managing payroll, accounting and maintenance files, Ensco uses homegrown code to handle industry-specific procedures, such as the certification of information about the materials the company burns.

While the security of its corporate information is important to Ensco, Bricker points out that much of the company's data is public information, due to a high level of regulation from the Environmental Protection Agency (EPA). "It's most important for users to have their individual information protected," he says.

The primary motivating factor behind Ensco's e-business initiatives is to provide clients with access to information in real-time, according to Bricker. "Any information that people put into this system, anything that's incinerated in our plant and anything that's shipped out is available in real-time. The biggest thing is trying to get real-time information to our users and customers."