Secure Remote Access
Comprehensive solutions for secure remote access.
The world is generating electronic data at an astonishing rate, and that data is increasingly underpinning so much of what happens in our lives.
In the last few decades, a virtuous cycle has occurred:
- The ease with which electronic data can be gathered, stored and accessed has benefited, and transformed, many spheres of human activity.
- This in turn has stimulated yet more ways to collect, provide, and use data.
In a remarkably short space of time, we have moved from a world in which information was stored on paper and kept in filing cabinets and folders, to a world in which all information—immense amounts of information—exists in “the cloud”.
Storing, accessing, and updating paper-based data was a slow, expensive process. By contrast, interaction with cloud-based data can be incredibly convenient. As a result, many of the ways in which society and business now operate are dependent on access to electronic data. That data must also be available, accurate, and able to be accessed easily and securely.
Allied Telesis secures data connectivity
Allied Telesis provides comprehensive network security solutions—securing the internal LAN infrastructure, the interface to the Internet, and connections across the Internet. Our security technology has evolved with the Industry throughout the decades we have been in business. We have extensive experience in end-to-end network security, and a strong track record in safeguarding our customers’ networks.
Working away from the office has increased in popularity, and the desire to connect smaller branch offices to the corporate LAN has greatly increased. Allied Telesis provides powerful solutions for secure remote connectivity to company information from anywhere, at any time.
This document showcases a number of secure remote access solutions and technologies.
AR Series secure VPN Routers
Allied Telesis secure VPN Routers combine firewall, routing, switching, and comprehensive Virtual Private Networking (VPN) capability. IPsec-based VPNs enable secure inter-branch data transfer, while SSL VPN connectivity supports remote teleworkers, and other users who require secure access to a corporate network.
AR Series UTM Firewalls
Allied Telesis Unified Threat Management (UTM) Firewalls provide the ideal integrated security platform for today’s networks. Powerful VPN connectivity, firewalling and threat protection are combined with routing and switching, to provide an innovative high-performance solution. Application and Web control ensures Enterprises can control applications and how they are used, as well as manage web traffic for productivity, legal and security purposes.
Secure inter-branch connectivity
Allied Telesis secure VPN Routers and UTM Firewalls provide powerful VPN solutions to connect corporate offices, whether it be for securely connecting branch offices to a head office, or for businesses extending their LAN across more than one location.
IPsec site-to-site VPN
Allied Telesis security appliances implement highly secure VPN connections using advanced encryption algorithms. Multiple simultaneous site-to-site VPN tunnels can be employed, and at the same time multiple remote user VPNs can support out-of-office workers (described in the “Secure remote access for users” section).
Configuring tunnels between offices is a simple process of following the VPN wizard in the Device GUI. Once VPN connections are configured and running, no maintenance is required. Encryption keys are renegotiated on a regular basis to keep one step ahead of snoopers.
To eliminate the risk of initial encryption keys, known as “pre-shared keys”, being leaked, the routers can use digital certificates for authentication. The VPN network can be fully integrated with a certificate server system to receive certificate revocation lists, and so on.
A full range of other security options is available: extended authentication of VPN peers, anti-replay protection, keep-alive monitoring, and much more.
Flexible data tunnelling options include:
- Tunnelling multicast data: multicast-based server applications and for remote video cameras.
- Mixed IPv4 and IPv6 tunnelling: providing IPv4 in IPv6 tunnelling, and IPv6 in IPv4 tunnelling.
Allied Telesis VPN technologies adhere closely to published standards, and have proven interoperability with a multitude of other VPN devices.
Diagram 1
In the scenario shown in diagram 1, the head office Allied Telesis UTM Firewall will provide a highly available connection to the Internet. The connection ensures sufficient bandwidth for all traffic. The Allied Telesis routers act as secure VoIP gateways, allowing the corporate VPN network to be used for voice, video and data services.
The Quality of Service (QoS) capabilities of the Allied Telesis routers mean they can easily manage the prioritization and bandwidth allocation for different types of traffic. Real time VoIP and video applications can operate effectively over the same connection that is carrying bulk data, for example file transfers, email, or web browsing. QoS protects voice and video streams from surges in the bulk data load, giving a smooth user experience.
Corporate LAN extension
Using Allied Telesis security appliances to bridge Ethernet LANs across a wide-area connection is an effective means of simplifying a multiple site network, providing the same network environment for staff at both locations. The equipment attached to the networks at both sites can operate as though connected to the same Layer 2 LAN, and no special configurations are required to allow for a Layer 3 network environment.
Using bridging to unify multi-site LANs is particularly valuable when there are multiple VLANs in use, as shown below in diagram 2. Each VLAN can simply extend across the multiple sites, and the access policies and addressing schemes defined for each VLAN apply equally at each site. As users move from one office to another, they see the same identical network environment whenever they connect.
A Layer 3 hop between the sites would completely break the uniformity of the VLANs, and greatly complicate the task of providing an equivalent connectivity experience throughout a given VLAN, regardless of physical location. Therefore, bridging of tagged VLANs is a very valuable network service. Some service providers do offer such a capability, but at considerable cost. Businesses can avoid this cost by using the tagged VLAN bridging functionality of Allied Telesis routers, and extending VLANs across multiple sites while using a standard wide area connection.
The number of bridged VLANs, and the VLAN IDs of the bridged VLANs, is entirely under your control. There is no need to put requests into the service provider to change the service configuration.
This solution provides true LAN extension with full security, fully under your control, using standard Internet connections.
Diagram 2
Secure remote access for users
Today’s business environment has an ever increasing need for remote access to the corporate LAN. Staff may have days when they work from home, and travelling professionals require instant access to online company resources.
SSL VPN access
Allied Telesis UTM Firewalls and VPN Routers support SSL VPNs, which are a convenient method of accessing business networks.
Users simply utilize the OpenVPN client on their computer, tablet or other mobile device. Using the HTTPS protocol, SSL VPNs are compatible with the security policies of almost all network installations. This makes them ideal for travelling staff, who may need to access the corporate network from a variety of public space networks as well as from home, as shown in diagram 3.
Whereas firewalls in residential, hospitality or public networks will often frustrate mobile users by unwittingly blocking transfer of IPsec traffic, it is almost unknown for SSL VPNs to be blocked.
Diagram 3
User identification and authentication, full Ethernet bridging, and NAT traversal are all inherent in the operation of SSL VPNs. There is no extra protocol layering, complexity and processing overhead, as is the case with IPsec VPN.
To provide advanced SSL VPN capabilities, the Allied Telesis solution incorporates a client side agent application, as shown in diagram 4. This has the following advantages:
- It is independent of web browsers, and their inherent security vulnerabilities.
- It uses Layer-2 tunneling mode, to enable secure LAN extension over the Internet.
- There is a choice of UDP or TCP transport.
- It contains a high level of application flexibility.
Diagram 4
Summary
Allied Telesis comprehensive network security solutions have evolved to keep pace with the way we conduct business and live our lives. As remote network access and user mobility have increased, our technologies have kept pace with modern corporate practices.
Our secure VPN Routers and UTM Firewalls make it easy to connect branch offices to a head office, or extend the corporate LAN, so all employees have full network access from all company locations. Powerful remote access solutions ensure workers always have access to online resources and applications.
Allied Telesis solutions support secure business data access from anywhere, at any time.