1 / 24

eSafe Implementation Topologies

eSafe Implementation Topologies. CVP Implementations. Using ESG CVP + ESM SMTP. Mail Relay. DMZ. ESM SMTP. SMTP. HTTP FTP. ESG CVP. Mail Server Exchange Server. Internal Network. Load balancing with ESG CVP. Options 1. Using an extra CR for HTTP, FTP and SMTP

jerzy
Télécharger la présentation

eSafe Implementation Topologies

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. eSafe Implementation Topologies

  2. CVP Implementations

  3. Using ESG CVP + ESM SMTP Mail Relay DMZ ESM SMTP SMTP HTTP FTP ESG CVP Mail Server Exchange Server Internal Network

  4. Load balancing with ESG CVP • Options • 1. Using an extra CR for HTTP, FTP and SMTP • 2. Using an extra CR for SMTP only • 3. Using FW-1 CVP load-sharing Mail Relay DMZ ESG CVP ESG CVP Mail Server Exchange Server Internal Network

  5. NitroInspection™

  6. Standard ESG NitroInspection implementation Mail Relay DMZ ESG HTTP SMTP FTP Mail Server Exchange Server Internal Network

  7. ESG NI (NitroInspection) + ESM SMTP Mail Relay DMZ ESM SMTP SMTP ESG HTTP FTP Mail Server Exchange Server Internal Network

  8. ESM for Exchange + ESM SMTP Mail Relay DMZ ESM SMTP SMTP ESM forExchange Mail Traffic Mail Server Internal Network

  9. Load Balancing--High Availability

  10. Multi-LAN ESG NI Mail Relay Second Network DMZ ESG NI Mail Server Exchange Server Internal Network

  11. Load balancing with ESG NitroInspection Mail Relay DMZ ESGCR+CI ESGCI ESGCI Mail Server Internal Network

  12. ESG NI with Hardware load-balancers (Alteon, F5, CSS…) Mail Relay DMZ ESG Load balancers + HA ESG Mail Server Internal Network

  13. ESG NI smart L4/L7 switches(no single-point-of-failure) DMZ Web server L4/L7 switch ESG Only HTTP traffic is redirected Mail Server Internal Network

  14. ESG NI load-balancing with StoneSoft SecurityCluster

  15. High Capacity Content Security(With Radware CID) • MIME type based content routing • Built in high-availability and load-balancing ESGHTML only inspector HTTPHTML Only ESGHTML/FTP archive inspector Aladdin/RadwareContent Manager HTTP/FTPZIP Only HTTP/FTPAll other ESGHTML all other content inspector SMTPOnly ESMSMTP content inspector Other protocols and Trusted HTTP traffic bypasses Content Inspectors (according to MIME type) Internal Network

  16. High Capacity Content Security(With Radware CID) LAN Radware CSD-AV FW Potentially Malicious Content EXE, ZIP, HTML eSafe Content Security Farm ESG3 ESM1 ESG2 ESG1 ESG1 – HTTP traffic, only HTMLs ESG2 – HTTP/FTP traffic, only archive (zip) files ESG3 – HTTP/FTP all other traffic ESM1 – SMTP traffic

  17. HTTP Proxy environments

  18. ESG NI in a DMZ with a Firewall and a Proxy HTTP DMZ Mail Relay ESM SMTP ESGall internal IPs are defined as Trusted Destinations Only HTTP/FTP requests from the proxy are inspected Proxy Mail Server Exchange Server Internal Network

  19. ESG NitroInspection™with a switch and a Proxy DMZ ESM SMTP SMTP Proxy’s Default Gateway Proxy ESG NI Mail Server Exchange Server Internal Network

  20. Throughput

  21. Internet Connection Naming Convention • ISDN = 64Kbit/sec • USA: • DS1/T1 – 24 * ISDN = 1.544Mbit • DS2/T2 – 4 * T1 = 6.176Mbit • DS3/T3 – 28 * T1 = 44.736Mbit • Europe: • E1 = 2Mbit • E2 = 8Mbit • E3 = 34Mbit • OC1 = 55Mbit • OC3 = 155Mbit

  22. eSafe Gateway (NitroInspection) • Load balancing is done using 3rd party device • High-capacity is done using Radware CSD

  23. eSafe Gateway CVP * Load balancing for CRs is done using CVP

  24. eSafe Mail / SMTP • One eSafe Mail is capable of processing on average: • 40,000 to 60,000 emails in one hour • 10,000 employees sending/receiving 50 email in one working day • Load balancing can be done: • Check Point CVP • DNS MX records • 3rd party load balancer (Radware, F5, CSS, Alteon etc.)

More Related