Protecting End Users when entering the SD-WAN World
From the moment you replace your WAN-edge routers with Riverbed’s SteelConnect EX SDWAN solution, you certainly gain the ability to move to multiple lower-cost Internet circuits and enhance your application identification performance. However, how can you ensure your bases to be covered? Riverbed provides with a wide diversity of tools to keep protecting end-users in the new SD-WAN era.
Riverbed SteelConnect EX SDWAN is capable to reference inbound traffic against a state table to determine if it is a valid reply to an existing outbound connection. If it is, the traffic can pass.
The SteelConnect EX offers a rich security feature set that’s licensed-based. There are three license levels:
- Secure SD-WAN Essentials, includes Stateful and Next-generation firewall (NGFW) capabilities
- Secure SD-WAN Standard, also includes Stateful and NGFW capabilities
- Secure SD-WAN Advanced, includes Stateful, NGFW, as well as Unified Threat Management features.
The Stateful Firewall provides a mechanism to enable full visibility of the traffic crossing through the firewall and enforces very detailed access control on the traffic. To begin making use of this capability you must classify traffic. This is the process of identifying and separating traffic in a manner that makes it identifiable to the firewall service.
To classify the traffic, the stateful firewall verifies its destination port and then tracks the state of the traffic. SteelConnect EX monitors every interaction of each connection until the session is closed.
The stateful firewall grants or rejects access based not only on port and protocol but also on the history of the packet in the state table. When the SteelConnect EX stateful firewall receives a packet, first it checks the state table for an established connection or for a request for the incoming packet from an internal host. If nothing is found, then the packet’s access is subject to the access policy rule.
The Next-generation firewall (NGFW) is a robust security module that has the intelligence to distinguish different types of traffic. Recall that the Stateful firewall made use of ports, protocols, and IP addresses to identify traffic and create an entry in the state table. The NGFW provides network protection beyond the protection based on ports, protocols, IP addresses. In addition to traditional firewall capabilities, the NGFW includes filtering functions such as an application firewall, an intrusion prevention system (IPS), TLS/SSL encrypted traffic inspection, website filtering, and QoS/bandwidth management.
Unified Threat Management
SteelConnect EX includes Unified Threat Management (UTM) capabilities, which can be turned on by configuring the threat profiles in the NGFW policy rules. This means that UTM requires the use of the NGFW first.
SteelConnect EX has a built-in antivirus engine. This engine will scan live traffic looking for threats. To accomplish this, the antivirus engine waits till the last byte of the file is received before processing the entire file at runtime. You will need to configure at least one antivirus profile to enable the scanning of files for viruses.
As a conclusion, it is evident that implementing a Riverbed SD-WAN solution is not only superior in terms of performance but also in security, always enhancing user productivity. Contact us for a personalized proposal for your companies’ needs.