StoneBlog.stonesoft.com

Virtual Private Network Consortium, better known as VPNC, tests interoperability of various VPN technologies from different vendors. During year 2011 Stonesoft Firewall/VPN has received two new IPsec interoperability logos. These are logos for IKEv2 and IPv6.

Testing conducted by VPNC proves that vendor has implemented standards defined protocols in a way that can be used in real life where interoperability between different vendor’s implementation is frequently needed.

written by juhalu - 361 views \\ tags: VPN

Have a shiny new iPad/iPhone/iOS device and wonder how to access all your precious corporate data? Are you a sysadmin who needs to manage the corporate LAN from everywhere? Do you need some intranet-only web pages you don’t want to publish for security reasons?

This simple tutorial will explain how to create a VPN between your StoneGate and your iDevices.

Thanks to Marco Rottigni who gave me precious hints to make all things work!

This is my very first post to the Stoneblog, if you want feel free to give me feedbacks and suggestions! Roberto

written by roberto.toniolo - 2,168 views \\ tags: firewall, iOS, iPad, Tips & Tricks, VPN

SMC 5.3.1 is now publicly available and FW/VPN 5.3.0 is also published as controlled shipment. I wanted to conclude the StoneGate 5.3 feature previews by listing the other significant enhancements that are introduced in version 5.3. More details can be found from SMC and FW Release Notes and product manuals.

Continue reading »

written by Tero Jantunen - 1,146 views \\ tags: 5.3, ADSL, Certificates, Dynamic routing, Feature Previews, firewall, SMC, SNMP agent, VPN, WiFi

Internet Key Exchange (IKE or IKEv2) is the protocol used to set up a security association (SA) in the IPsec protocol suite. StoneGate FW/VPN 5.3 introduces the support for IKEv2 (in addition to IKEv1) in VPN configuration. IKEv2 includes the support for IKEv2 Mobility and Multihoming Protocol (MOBIKE). MOBIKE enables transparent recovery for VPN clients if the IP address of the VPN client or the IP address of the gateway to which the VPN client is connected changes in the middle of an open VPN connection.

Continue reading »

written by Tero Jantunen - 974 views \\ tags: 5.3, Feature Previews, IKEv2, SA, SMC, troubleshooting, VPN

StoneGate FW/VPN and SMC 5.3 provide a couple of nice enhancements related to StoneGate’s unique Multi-Link feature.

Continue reading »

written by Tero Jantunen - 1,048 views \\ tags: 5.3, Aggregation, Feature Previews, multilink, QoS, Throughput, traffic balancing, VoIP, VPN

This other brand new session monitoring view lists all VPN Security Associations that have been currently negotiated in the firewall. The view lets the administrator e.g. to filter VPN SAs, create statistics, aggregate the table by any field and save VPN SA monitoring snapshots for further analysis.

Continue reading »

written by Tero Jantunen - 826 views \\ tags: 5.3, Feature Previews, firewall, Monitoring, SA, Security Association, SMC, VPN, VPN tunnel

VPN Consortium (VPNC) recently started to test IPsec VPN product interoperability against a new criteria. The test is about VPN interoperability when tunnel setup is authenticated using certificates from a common trusted certificate authority.

In October 2010 VPNC update first results were announced. StoneGate Firewall/VPN was among the first five vendors to pass this test and receive right to use this new logo.

As a VPN technology this is nothing new for StoneGate FW’s IPsec VPN. It has supported certificate based VPN authentication starting from the very first version.

written by juhalu - 1,037 views \\ tags: VPN

In StoneGate Management Center 5.2 the VPN troubleshooting tools have improved significantly. There are a lot of new drill-in actions available in System Status view. You can for example right-click any VPN tunnel in the VPN diagrams and drill-in to logs that flow through the selected tunnel. You can also right-click individual Gateways or Endpoints (from the Info panel) and drill-in to the related logs.

written by Tero Jantunen - 1,507 views \\ tags: 5.2, Drill-in, Feature Previews, firewall, logs, Shortcuts, SMC, troubleshooting, VPN, VPN diagrams

StoneGate Management Center 5.0 introduces a new network diagram type: VPN diagrams. That gives you two interesting opportunities:

• Visualize the VPN topologies
• Monitor the status of VPN tunnels

VPN diagrams are autogenerated in the System Status view. You’ll see the VPN topology and the status of the VPN tunnels with a single click. You can also select individual Gateways from the Status tree. Then system draws you a diagram that includes all the tunnels of all your VPNs in which the selected gateway is used. And if these features don’t still satisfy your needs, you can of course create your custom VPN network diagrams that show you exactly the information you need. Network diagrams are btw a convenient tool also for documenting your environment.

written by Tero Jantunen - 3,698 views \\ tags: 5.0, Features, SMC, stonegate, VPN

If there is a link with a smaller MTU somewhere between the VPN gateways, the router connected to the link will send ICMP fragmentation needed message (type 3, code 4) as a response to ESP packets that have DF bit set and that are bigger than the MTU.

However, only the MTU information is stored on the firewall at that time but no ICMP error message is sent to the endpoint of the original connection.

When the host in the internal network sends the following packet, that’s when the firewall handling the connection will reply with the ICMP error message.

written by RoarinPenguin - 3,846 views \\ tags: engine, fragmentation needed, ICMP, VPN