Nokia Virtual Firewall

A robust solution for enterprises and service providers

The cost of configuring, supporting and refreshing many separate firewalls, as well as administering service support and licensing agreements can be overwhelming. The solution? Consolidate multiple firewalls onto a single Nokia appliance and still maintain multiple, separate security enforcement policies per firewall.

With Nokia Virtual Firewall for Check Point VSX, enterprises can protect internal department and intranet services with firewalls that augment traditional perimeter firewalls - as well as protect complex extranets with a wide array of partners, suppliers and other organizations. Service providers receive an acceptable ROI on a deployed system supporting multiple subscribers of all sizes.

Features

• Based on Check Point VPN-1 Power VSX
• Supports multiple virtual firewall systems on a single Nokia IP Security Platform
• Allows customized policies for each virtual firewall system, ensuring that the policies in force best meet specific needs
• Supports extranets with multiple partners, suppliers and other organizations with different trust models
• Supports dynamic routing protocols for each virtual system
• Supports multicast routing for each virtual system
• Supports transparent mode for each virtual system
• Active-active high availability via Nokia VRRP active-active
• Interoperates with other systems and software
• Meets standards needed to comply with heightened corporate and regulatory mandates
• Manages mission critical connections that can't be compromised
• Management via the Web-based Nokia Network Voyager interface or CLI for single device management or Nokia Horizon Manager for multi-device management

Benefits

• Lower operational and support costs by consolidating firewall infrastructure
• Manage with ease - multiple firewall instances are represented on an individual system
• Seamless network integration
• World-class customer service and support
• Global network of 7x24x365 Technical Assistance Centers
• Nokia First Call - Final Resolution support
• Worldwide product part spares and on-site services
• Software Subscription service delivers updates, minor feature releases and device compatibility

Support

Nokia offers world-class global support and services to service providers, distributors, resellers and enterprise customers who buy, sell and use Nokia security and mobility products. Nokia is recognized for world-class support and is dedicated to excellence with Technical Assistance Centers around the world, and on-site service capabilities in 1,000+ metropolitan areas covering more than 150 countries.

• Global network of 7x24x365 Technical Assistance Centers
• Nokia First Call - Final Resolution support
• Worldwide product part spares and on-site services
• Software Subscription service delivers updates, minor feature releases and device compatibility

Visit business services and support for more information on support for security products.

• Security Product Summary Guide
  (PDF file, 527 KB)

Product datasheet

• Nokia Virtual Firewall for Check Point VSX - datasheet
  (PDF file, 111 KB)
• Nokia Multiple Domain Security - datasheet
  (PDF file, 232 KB)
• Nokia IPSO - datasheet
  (PDF file, 66 KB)

Comparison matrix

• IP Security Platform Comparison Matrix
  (PDF file, 303 KB)

White papers

• SecureXL and Nokia IPSO™ White paper
  (PDF file, 510 KB)
• Nokia Multiple Domain Security
  (PDF file, 284 KB)

Internet Protocols

• IP RFC 791
• ICMP RFC 792
• ARP RFC 826
• ICMP Router Discovery (server) RFC 1256
• CIDR RFC 1519
• Static Routes
• RIP RFC 1058
• RIP Version 2 (with authentication) RFC 1723
• OSPFv2 RFC 2328
• OSPF NSSA RFC 3101
• IGMPv2 RFC 2236
• IGRP
• PIM-SM RFC 4601
• PIM-DM RFC 3973
• BGP4 (optional) RFCs 1771, 1963, 1966, 1997, 2918
• IPv4 RFC 791
• VRRPv2 RFC 3768
• Requirements for IPv4 Routers RFC 1812
• Bootp/DHCP Relay RFC's 951, 2131
• Route Aggregation & Redistribution
• Unnumbered Interfaces
• Flow control IEEE 802.3
• Private (RFC 1918) and Public IP Routing
• VLAN 802.3Q

Management

• Nokia Network Voyager
• Command line interface
• Supported by Nokia Horizon Manager
• Role Based Administration
• SNMP RFC 1157, SNMPv2c, SNMPv3
• Telnet RFC 854
• FTP RFC 959
• SSHv2 (secure Telnet and FTP)
• HTTP Server RFC 2068
• SSL/TLS RFC 2246

Other

• Virtual switch
• Virtual router
• Supports up to at least 100 virtual firewalls
• Transparent Mode Firewall
• Resource Control
• VPN between GWs and internally between VS(s) and VS(s)
• Policy based routes (Source based routes)
• Overlapping IP (NAT feature with the same internal N/W behind each VS)
• -DHCP relay per VS

High availability

• VRRP (active/passive) RFC 2338 and
• VRRP (active/active)
• Check Point VPN-1/FireWall-1 state sync
• Hot-swappable redundant hard disk drives
• (RAID 1)*
• Hot-swappable redundant power supplies*
• Hot-swappable redundant fans*
• Auto backup restore on VRRP pair (restores both CP and IPSO configuration)

* Available on select IP security platforms

Security

• SSHv2
• Role-based administration
• SSH (secure Telnet and FTP)
• SSL/TLS (secure HTTP) RFC 2246
• Encrypt end-user passwords
• MD5 authentication
• NTP Client and Server RFC 1305
• RADIUS Client, TACACS+ Client
• RIPv2 MD5 authentication

LAN support

• 10/100 Mbps Ethernet
• 10/100/1000 Mbps Ethernet
• Copper Gigabit Ethernet
• Fiber Gigabit Ethernet
• VLAN (Virtual LAN)
• 10 Gigabit Ethernet Nokia ADP Card