Products
White Papers
Data Sheets
Case Studies
Support Login
Locate a Partner

 
iPolicy Networks In the News
 

iPolicy 3300 Intrusion Prevention Firewall

Information Security, Dec. 2004
Product Review
by George Wrenn

Lately, it seems like everyone is pushing add-on features to their firewalls--creating smarter, more functional, active perimeter defense devices. iPolicy Networks isn't just following the trend; it's effectively consolidated several key security apps into its iPolicy 3300 Intrusion Prevention Firewall.

The iPolicy 3300 is a stateful inspection firewall that also boasts impressive IDS, IPS, VPN and Web filtering capabilities. Holding it all together is iPolicy's Single Pass Inspection Engine, which inspects packets against multiple policies and security checks at once. The company says this gives the appliance the ability to provide in-depth inspection without impeding performance.

As a firewall, the iPolicy 3300 is impressive, supporting 200,000 concurrent sessions at 350 Mbps. It has all the standard firewall features, such as NAT, port address translation, H.323 traversal, time of day policy and ingress/egress control.
While other vendors have brought complementary security functions to the firewall, iPolicy has integrated the capabilities of IDS/IPS, filtering and anomaly detection in a single appliance.

The IDS/IPS engines have more than 1,900 signatures for inspecting traffic at layers 3 through 7, giving the appliance the ability to detect a wide range of attacks.

The 3300's anomaly detection engine monitors traffic for patterns that fall outside acceptable norms. While not foolproof, it does help detect unknown exploits and attacks. To test the anomaly detection, we set up a rule to filter all ingress IP traffic for the keyword "root" with a log action and automatic notification. All of our attempts to access root admin privileges from outside the network were successfully detected, logged and alerted.

The iPolicy 3300's weak point is its IPSec VPN capability, which only offers TripleDES and 50Mbps throughput. The addition of AES encryption and SSL VPN functionality should be on iPolicy's development plans.

iPolicy 3300 comes with an intuitive management console that looks as though it was inspired by the popular Check Point GUI. Its well-organized tree menu gives security managers single-click access to subfunctions and management settings, filtering and VPN capabilities, IDS/IPS settings and firewall administration. While functional for a single installation, iPolicy recommends its centralized management server for multiple installations.

The iPolicy 3300 Intrusion Prevention Firewall is a winner. Its breadth of solid and complementary security features and technologies gives enterprises a lot of active firepower for their perimeter defense.
 
 
Prasenjit Ghosh Roy
pgroy@techmahindra.com
 
 
 
 
 

 

 

Home | About Us | Products | Technology | Solutions | Support | Partners | News & Events | Resources | Contact Us
Copyright ©2009 iPolicy Networks - Security Products Division of Tech Mahindra Limited | Privacy Policy | Site Map