VPN integrates client firewall
- By William Jackson
- Jun 19, 2002
The Firewall-X virtual private network client from Blue Ridge Networks Inc. of Chantilly, Va., has a built-in firewall to keep intruders from hijacking a VPN connection. But it differs from a personal firewall because each client firewall is centrally managed.
'The biggest complaint we had from our customers' was potential exposure of office LANs to attack through employees' home computers, said Lisa Jensen, executive vice president for marketing.
Blue Ridge developed the product without using third-party firewall products because 'we were having trouble integrating the central management' into them, she said.
Version 6 of the Blue Ridge VPN is the first commercial release with a firewall, but the company's government customers have used similar products since 1998.
The Blue Ridge VPN is certified under FIPS-140-1 and 140-2.
'We have a lot of customers who have heightened concerns after Sept. 11, particularly water authorities,' she said.
Jensen said the early VPN versions worked only with Microsoft Windows NT networks and deleted some non-IP protocols when installed. The early firewalls operated continuously whether the VPN was in use or not, meaning that a user could connect to the Internet at home only through the employer's firewall.
Version 6 allows either that sort of continuous operation or dynamic operation, in which the firewall functions only when the remote employee is using the employer's VPN.As flexible as a wall
Security-conscious government sites require the continuous configuration, Jensen said.
Firewall policy is not very flexible. It lets through only encrypted IP packets or, optionally, Packet Internet Groper and Address Resolution Protocol packets.
'Over time we will broaden it,' Jensen said.
The Blue Ridge VPN client license costs $17.95 a month per user; the Firewall-X option adds $9.95 more per month.
William Jackson is freelance writer and the author of the CyberEye blog.