250 likes | 416 Views
eSafe Implementation Topologies. CVP Implementations. Using ESG CVP + ESM SMTP. Mail Relay. DMZ. ESM SMTP. SMTP. HTTP FTP. ESG CVP. Mail Server Exchange Server. Internal Network. Load balancing with ESG CVP. Options 1. Using an extra CR for HTTP, FTP and SMTP
E N D
Using ESG CVP + ESM SMTP Mail Relay DMZ ESM SMTP SMTP HTTP FTP ESG CVP Mail Server Exchange Server Internal Network
Load balancing with ESG CVP • Options • 1. Using an extra CR for HTTP, FTP and SMTP • 2. Using an extra CR for SMTP only • 3. Using FW-1 CVP load-sharing Mail Relay DMZ ESG CVP ESG CVP Mail Server Exchange Server Internal Network
Standard ESG NitroInspection implementation Mail Relay DMZ ESG HTTP SMTP FTP Mail Server Exchange Server Internal Network
ESG NI (NitroInspection) + ESM SMTP Mail Relay DMZ ESM SMTP SMTP ESG HTTP FTP Mail Server Exchange Server Internal Network
ESM for Exchange + ESM SMTP Mail Relay DMZ ESM SMTP SMTP ESM forExchange Mail Traffic Mail Server Internal Network
Multi-LAN ESG NI Mail Relay Second Network DMZ ESG NI Mail Server Exchange Server Internal Network
Load balancing with ESG NitroInspection Mail Relay DMZ ESGCR+CI ESGCI ESGCI Mail Server Internal Network
ESG NI with Hardware load-balancers (Alteon, F5, CSS…) Mail Relay DMZ ESG Load balancers + HA ESG Mail Server Internal Network
ESG NI smart L4/L7 switches(no single-point-of-failure) DMZ Web server L4/L7 switch ESG Only HTTP traffic is redirected Mail Server Internal Network
High Capacity Content Security(With Radware CID) • MIME type based content routing • Built in high-availability and load-balancing ESGHTML only inspector HTTPHTML Only ESGHTML/FTP archive inspector Aladdin/RadwareContent Manager HTTP/FTPZIP Only HTTP/FTPAll other ESGHTML all other content inspector SMTPOnly ESMSMTP content inspector Other protocols and Trusted HTTP traffic bypasses Content Inspectors (according to MIME type) Internal Network
High Capacity Content Security(With Radware CID) LAN Radware CSD-AV FW Potentially Malicious Content EXE, ZIP, HTML eSafe Content Security Farm ESG3 ESM1 ESG2 ESG1 ESG1 – HTTP traffic, only HTMLs ESG2 – HTTP/FTP traffic, only archive (zip) files ESG3 – HTTP/FTP all other traffic ESM1 – SMTP traffic
ESG NI in a DMZ with a Firewall and a Proxy HTTP DMZ Mail Relay ESM SMTP ESGall internal IPs are defined as Trusted Destinations Only HTTP/FTP requests from the proxy are inspected Proxy Mail Server Exchange Server Internal Network
ESG NitroInspection™with a switch and a Proxy DMZ ESM SMTP SMTP Proxy’s Default Gateway Proxy ESG NI Mail Server Exchange Server Internal Network
Internet Connection Naming Convention • ISDN = 64Kbit/sec • USA: • DS1/T1 – 24 * ISDN = 1.544Mbit • DS2/T2 – 4 * T1 = 6.176Mbit • DS3/T3 – 28 * T1 = 44.736Mbit • Europe: • E1 = 2Mbit • E2 = 8Mbit • E3 = 34Mbit • OC1 = 55Mbit • OC3 = 155Mbit
eSafe Gateway (NitroInspection) • Load balancing is done using 3rd party device • High-capacity is done using Radware CSD
eSafe Gateway CVP * Load balancing for CRs is done using CVP
eSafe Mail / SMTP • One eSafe Mail is capable of processing on average: • 40,000 to 60,000 emails in one hour • 10,000 employees sending/receiving 50 email in one working day • Load balancing can be done: • Check Point CVP • DNS MX records • 3rd party load balancer (Radware, F5, CSS, Alteon etc.)