If there is more than one office using Ugunssiena cybersecurity suite, connections between offices are used to determine if each particular internet connection is alive.

Failover is provided for following:

• Routing
• NAT
• VPN
• DNS

Use in Single office with two ISP’s

In one office setup most useful is automatic failover of the ISP (Routing and NAT). That allows for users to not to worry about the availability of the internet as long as at least one internet connection is working properly.

For users outside the office, it is possible to use VPN for secure connection to the company’s resources.

DNS failover functionality is useful in case you host your home page at the office. In this case, outside visitors of your home page will experience only the short period when the homepage will be unavailable. As DNS records are automatically changed, availability of home page will resume.

Use at Multiple offices

If your organization has operations in more than one geographic location with Ugunssiena cybersecurity suite you can set up secure intranet by using standard internet connections at the offices. Military grade encryption for VPN and failover functionality will ensure availability and security of all your companies’ intranet resources and communications.

With multiple office setup you can still use all features described in one office scenario plus seamlessly share companies resources all over the organization no matter at which office they are located.

If two internet connections are available for example at two geographically remote offices, VPN connection is set up in a way to automatically use the best possible connection. With two internet connections in two remote sites, there is in total four possible combinations to establish VPN channel. All four possible link combinations are constantly monitored and the best is used to communicate. If link quality deteriorates, automatic VPN failover to the new best link is performed. Naturally, it means that in case if one of internet providers fails the remaining will be automatically used for VPN communication.

The post Automatic ISP failover for VPN appeared first on Ugunssiena IT.

Main functionality of Ugunssiena VPN:

• Maintaining secure and encrypted communications even on the insecure public networks
• New session cryptography key is generated for each session and/or after pre-selected time intervals
• TripleDES or another cryptography algorithm is used for fast traffic encryption
• Uses IPsec and is compatible with other IPsec systems
• Use of encryption keys of defined length. Depends on hardware performance and required level of security
• Authentication using X.509 digital certificates
• Flexible configuration allows selecting type of traffic and services VPN lets trough
• Data flow compression allows for faster communication
• It is possible to use hardware cryptographic accelerator to reduce load on CPU and improve the throughput of VPN connection
• Users may choose to use double encryption of the VPN connection by encrypting both on software and hardware level

Protocol support on the VPN network:

• TCP and UDP
• BOOTP, BGP, DNS, FTP, HTTP, HTTPS, KERBEROS, LDAP, NTP, OSPF, POP3, RADIUS, RIP1/2, RSH, RLOGIN, SMTP, SNMP, TELNET, VRRP etc.
• Windows networking protocols
• Novell IP, Samba, UNIX NFS and other file and print service protocols
• Oracle, MS SQL, Sybase, MySQL, Postgres and other SQL access protocols
• VoIP and audio/video protocols including Real audio and IP telephony protocols
• Application level protocols (LotusNotes etc.)

Accounting and audit:

• VPN traffic log
• System configuration changes log
• System administrator action log

Quality control of the VPN connection:

• Counting of VPN traffic with selected time intervals
• Graphical monitoring of VPN load
• Configuration of quality settings in VPN server
• Possibility to maintain several connections of different priority in one VPN tunnel. Useful for separating real-time traffic (voice, streaming video) from the rest of communication.

Authentication and encryption:

• User authentication using access code and password
• User authentication using digital certificate (PKI)
• Different size of cryptography keys from 1024 (basic level) to 8184 (military grade encryption)
• Session TripleDES key size up to 168 bits
• 509 standard digital certificates
• Connection from administrator console computer to VPN system encrypted using SSL3 protocol

Management functions:

• Centralized VPN server and VPN client management
• Centralized VPN network configuration and monitoring of the VPN connections
• Web interface
• Multilanguage support with ability to switch between languages at any time
• Command line support
• Integrated management with e-proxy management
• New VPN configuration is applied to the VPN tunnel in real time, no system restart is needed
• Support of text-like IP addresses for centralized VPN configuration

Stability and reliability:

• Real-time monitoring of VPN service and tunnel with automatic service restart if malfunction is detected
• Real-time control of the system resources (memory, network interfaces, disc) according to pre-defined levels
• Automatic failover between VPN service modules in redundant setups

The post VPN appeared first on Ugunssiena IT.