StoneBlog.stonesoft.com

Virtual Private Network Consortium, better known as VPNC, tests interoperability of various VPN technologies from different vendors. During year 2011 Stonesoft Firewall/VPN has received two new IPsec interoperability logos. These are logos for IKEv2 and IPv6.

Testing conducted by VPNC proves that vendor has implemented standards defined protocols in a way that can be used in real life where interoperability between different vendor’s implementation is frequently needed.

written by juhalu - 376 views \\ tags: VPN

Have a shiny new iPad/iPhone/iOS device and wonder how to access all your precious corporate data? Are you a sysadmin who needs to manage the corporate LAN from everywhere? Do you need some intranet-only web pages you don’t want to publish for security reasons?

This simple tutorial will explain how to create a VPN between your StoneGate and your iDevices.

Thanks to Marco Rottigni who gave me precious hints to make all things work!

This is my very first post to the Stoneblog, if you want feel free to give me feedbacks and suggestions! Roberto

written by roberto.toniolo - 2,229 views \\ tags: firewall, iOS, iPad, Tips & Tricks, VPN

SMC 5.3.1 is now publicly available and FW/VPN 5.3.0 is also published as controlled shipment. I wanted to conclude the StoneGate 5.3 feature previews by listing the other significant enhancements that are introduced in version 5.3. More details can be found from SMC and FW Release Notes and product manuals.

Continue reading »

written by Tero Jantunen - 1,158 views \\ tags: 5.3, ADSL, Certificates, Dynamic routing, Feature Previews, firewall, SMC, SNMP agent, VPN, WiFi

Internet Key Exchange (IKE or IKEv2) is the protocol used to set up a security association (SA) in the IPsec protocol suite. StoneGate FW/VPN 5.3 introduces the support for IKEv2 (in addition to IKEv1) in VPN configuration. IKEv2 includes the support for IKEv2 Mobility and Multihoming Protocol (MOBIKE). MOBIKE enables transparent recovery for VPN clients if the IP address of the VPN client or the IP address of the gateway to which the VPN client is connected changes in the middle of an open VPN connection.

Continue reading »

written by Tero Jantunen - 980 views \\ tags: 5.3, Feature Previews, IKEv2, SA, SMC, troubleshooting, VPN

StoneGate FW/VPN and SMC 5.3 provide a couple of nice enhancements related to StoneGate’s unique Multi-Link feature.

Continue reading »

written by Tero Jantunen - 1,067 views \\ tags: 5.3, Aggregation, Feature Previews, multilink, QoS, Throughput, traffic balancing, VoIP, VPN

This other brand new session monitoring view lists all VPN Security Associations that have been currently negotiated in the firewall. The view lets the administrator e.g. to filter VPN SAs, create statistics, aggregate the table by any field and save VPN SA monitoring snapshots for further analysis.

Continue reading »

written by Tero Jantunen - 836 views \\ tags: 5.3, Feature Previews, firewall, Monitoring, SA, Security Association, SMC, VPN, VPN tunnel

My last post about Multilink, called MultiLink VPN works, it just does. is over a year back. I wrote that piece, because I knew it was one of the last possibilities to get a screenshot with that many firewalls in one picture. Reason is, that we found a way to use the advantages of a MPLS-Network without the normal drawbacks.

Our major security concern with MPLS is the ability for users within the MPLS-Network to communicate with each other. That’s why up to that date, every office had its own Firewall, ISDN Backup, and a standardized ruleset allowing the very basics only: communication with headquarters and regional branch headoffices. This ability to control traffic is lost with MPLS, unless your provider offers the ability to split the uplink and the downlink of the MPLS Lines. Cisco calls this “MPLS half-duplex VRF”, and it lets you centralize the firewalls of smaller offices. Continue reading »

written by jebATpop-i - 853 views

VPN Consortium (VPNC) recently started to test IPsec VPN product interoperability against a new criteria. The test is about VPN interoperability when tunnel setup is authenticated using certificates from a common trusted certificate authority.

In October 2010 VPNC update first results were announced. StoneGate Firewall/VPN was among the first five vendors to pass this test and receive right to use this new logo.

As a VPN technology this is nothing new for StoneGate FW’s IPsec VPN. It has supported certificate based VPN authentication starting from the very first version.

written by juhalu - 1,043 views \\ tags: VPN

StoneGate IPsec VPN Client 5.1 contains two important enhancements: VPN Client can automatically contact the defined backup gateway in case the connection to primary gateway fails VPN Client can inteligently recover from connectivity problems by trying IKE negotiations automatically with different connection settings

Continue reading »

written by Tero Jantunen - 2,925 views \\ tags: 5.1, backup gateway, Features, IKE retry, IPsec VPN Client

…to experience StoneGate at best in your virtual infrastructure!

After the large success of previous version, here’s the update featuring:

• StoneGate Management Center version 5.04
• StoneGate Firewall/VPN version 5.04
• StoneGate IPS version 5.0.2
• StoneGate SSL VPN version 1.3.2

in a ready-made configuration according to following schema:

The system includes virtual machine compatible with the newest version of VMware virtualization systems (Virtual Machines version 7) like vSphere, VMware Server 2.0.x and VMware workstation 6.5 and later.

You can find more details and download links here.

Network Security. Virtualized

written by RoarinPenguin - 1,560 views \\ tags: svdk, virtual demo kit, virtual playground, Virtualization