Esafe implementation topologies
This presentation is the property of its rightful owner.
Sponsored Links
1 / 24

eSafe Implementation Topologies PowerPoint PPT Presentation


  • 83 Views
  • Uploaded on
  • Presentation posted in: General

eSafe Implementation Topologies. CVP Implementations. Using ESG CVP + ESM SMTP. Mail Relay. DMZ. ESM SMTP. SMTP. HTTP FTP. ESG CVP. Mail Server Exchange Server. Internal Network. Load balancing with ESG CVP. Options 1. Using an extra CR for HTTP, FTP and SMTP

Download Presentation

eSafe Implementation Topologies

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Esafe implementation topologies

eSafe Implementation Topologies


Cvp implementations

CVP Implementations


Using esg cvp esm smtp

Using ESG CVP + ESM SMTP

Mail Relay

DMZ

ESM SMTP

SMTP

HTTP

FTP

ESG CVP

Mail Server

Exchange Server

Internal Network


Load balancing with esg cvp

Load balancing with ESG CVP

  • Options

  • 1. Using an extra CR for HTTP, FTP and SMTP

  • 2. Using an extra CR for SMTP only

  • 3. Using FW-1 CVP load-sharing

Mail Relay

DMZ

ESG CVP

ESG CVP

Mail Server

Exchange Server

Internal Network


Nitroinspection

NitroInspection™


Standard esg nitroinspection implementation

Standard ESG NitroInspection implementation

Mail Relay

DMZ

ESG

HTTP

SMTP

FTP

Mail Server

Exchange Server

Internal Network


Esg ni nitroinspection esm smtp

ESG NI (NitroInspection) + ESM SMTP

Mail Relay

DMZ

ESM SMTP

SMTP

ESG

HTTP

FTP

Mail Server

Exchange Server

Internal Network


Esm for exchange esm smtp

ESM for Exchange + ESM SMTP

Mail Relay

DMZ

ESM SMTP

SMTP

ESM forExchange

Mail Traffic

Mail Server

Internal Network


Load balancing high availability

Load Balancing--High Availability


Multi lan esg ni

Multi-LAN ESG NI

Mail Relay

Second Network

DMZ

ESG NI

Mail Server

Exchange Server

Internal Network


Load balancing with esg nitroinspection

Load balancing with ESG NitroInspection

Mail Relay

DMZ

ESGCR+CI

ESGCI

ESGCI

Mail Server

Internal Network


Esg ni with hardware load balancers alteon f5 css

ESG NI with Hardware load-balancers (Alteon, F5, CSS…)

Mail Relay

DMZ

ESG

Load balancers

+ HA

ESG

Mail Server

Internal Network


Esg ni smart l4 l7 switches no single point of failure

ESG NI smart L4/L7 switches(no single-point-of-failure)

DMZ

Web server

L4/L7 switch

ESG

Only HTTP traffic is redirected

Mail Server

Internal Network


Esg ni load balancing with stonesoft securitycluster

ESG NI load-balancing with StoneSoft SecurityCluster


High capacity content security with radware cid

High Capacity Content Security(With Radware CID)

  • MIME type based content routing

  • Built in high-availability and load-balancing

ESGHTML only inspector

HTTPHTML Only

ESGHTML/FTP archive inspector

Aladdin/RadwareContent Manager

HTTP/FTPZIP Only

HTTP/FTPAll other

ESGHTML all other content inspector

SMTPOnly

ESMSMTP content inspector

Other protocols and Trusted HTTP traffic bypasses Content Inspectors (according to MIME type)

Internal Network


High capacity content security with radware cid1

High Capacity Content Security(With Radware CID)

LAN

Radware CSD-AV

FW

Potentially Malicious Content

EXE, ZIP, HTML

eSafe Content Security Farm

ESG3

ESM1

ESG2

ESG1

ESG1 – HTTP traffic, only HTMLs

ESG2 – HTTP/FTP traffic, only archive (zip) files

ESG3 – HTTP/FTP all other traffic

ESM1 – SMTP traffic


Http proxy environments

HTTP Proxy environments


Esg ni in a dmz with a firewall and a proxy

ESG NI in a DMZ with a Firewall and a Proxy

HTTP

DMZ

Mail Relay

ESM

SMTP

ESGall internal IPs are defined as Trusted Destinations

Only HTTP/FTP requests from the proxy are inspected

Proxy

Mail Server

Exchange Server

Internal Network


Esg nitroinspection with a switch and a proxy

ESG NitroInspection™with a switch and a Proxy

DMZ

ESM SMTP

SMTP

Proxy’s Default Gateway

Proxy

ESG NI

Mail Server

Exchange Server

Internal Network


Throughput

Throughput


Internet connection naming convention

Internet Connection Naming Convention

  • ISDN = 64Kbit/sec

  • USA:

    • DS1/T1 – 24 * ISDN = 1.544Mbit

    • DS2/T2 – 4 * T1 = 6.176Mbit

    • DS3/T3 – 28 * T1 = 44.736Mbit

  • Europe:

    • E1 = 2Mbit

    • E2 = 8Mbit

    • E3 = 34Mbit

  • OC1 = 55Mbit

  • OC3 = 155Mbit


Esafe gateway nitroinspection

eSafe Gateway (NitroInspection)

  • Load balancing is done using 3rd party device

  • High-capacity is done using Radware CSD


Esafe gateway cvp

eSafe Gateway CVP

* Load balancing for CRs is done using CVP


Esafe mail smtp

eSafe Mail / SMTP

  • One eSafe Mail is capable of processing on average:

    • 40,000 to 60,000 emails in one hour

    • 10,000 employees sending/receiving 50 email in one working day

  • Load balancing can be done:

    • Check Point CVP

    • DNS MX records

    • 3rd party load balancer (Radware, F5, CSS, Alteon etc.)


  • Login