The Nortel VPN Gateway appliances provide for the organization a single point through which remote access to internal Web and network applications can be managed. The appliances support both SSL and IPsec-based connections, in both client-less (browser-based) and client-installed flavors.

Features include both endpoint validation and session wiping (the endpoint can be first examined for necessary configurations before being allowed access; and all data used in a session is automatically wiped from the host PC when the session is shut down), and additionally supports the transmission of encrypted data both between the client and the gateway, and the gateway and the corporate servers that it fronts. Access to corporate resources can be both identity and context based; i.e., users first authenticate themselves (multiple methods are supported, including a DB local to the appliance, as well as LDAP, RADIUS, NTLM, Active Directory, Netegrity, and digital certificates/tokens) to the platform, which then provides to them the access they are allowed based both on who they are as well as where (on a corporate managed PC vs. a Public PC, for example) they are logging in from.

The appliance itself can be clustered in all-active configurations of up to 255 appliances; with "Single System Image" technology providing support for centralized management of the clustered devices. Multiple sites can be connected together into clusters via IPSec-based site-to-site connections.

Clients connect via client-less (browser-based), enhanced-client (applet-based), or the Net Direct option, a downloadable client; with each client option offering increased levels of access to the corporate network. The Net Direct options provides "... access to all TCP and UDP applications." Mobile device and IPsec client connections are also supported.

Other features include support for Single Sign-On; hardware-based SSL acceleration (the device can be used purely as an SSL offload for existing servers if desired); automatic log-off after a defined inactivity period; application layer filtering; and virtualization support such that each appliance can be partitioned into up to 250 VPN or customer domains.

Two versions of the Nortel VPN Gateway are currently offered. The 3050 has a single P4 CPU, 1 GB of RAM, and supports up to 2000 concurrent VPN sessions; while the 3070 has dual Intel Xeon CPUs, 2 GB of RAM, and supports up to 5,000 concurrent VPN sessions. Both models have a pair of 10/100/1000 ports for LAN connectivity and an expansion port for the addition of a pair of 10/100/1000-TX or FX (3070 only) ports.

New to the VPN Gateway portfolio is the Nortel Secure Portable Office (SPO) - which preloads the client connectivity components onto a user-carried USB stick. With SPO, the user plugs the stick into a Windows-based PC (2000+), and, following user authentication, the device automatically establishes the secure connection to the Corporate VPN Gateway. The product provides to the user a "Virtual Desktop," within which they can access their designated network applications; and when the stick is removed from the PC all data and applications are also removed. Data and applications transmitted to the PC are encrypted both in transit and on the PC itself. Nortel lists Aladdin Knowledge Systems and their eToken platform as a partner in their SPO efforts; but additionally states that the product is compatible with generic USB Flash devices and CD ROM, as well.

The Nortel VPN Gateways are available now. Visit the Nortel Web site for further information.

product submission by EITPlanet Staff

E-Mail this page to a colleague
send info about Nortel VPN Gateway

Suggest a link
for the Nortel VPN Gateway fact sheet