Consolidating security at AppLabs
Managing multiple hardware and software solutions for enterprise
security adds to the complexity of an organisation's IT set-up. Policy-based
enterprise security needs were achieved by deploying UTM at AppLabs. Dominic
Managing enterprise security at an SMB is a challenge with constraints ranging
from floor space and technical expertise to human resources and cost. UTM (Unified
Threat Management) has proved to be a practical way to handle multiple threats
since it is bundled in a single hardware-based solution, and more so for the
AppLabs Technologies is a medium-scale enterprise that offers services in performance
and security testing, software product development and certification solutions.
AppLabs wanted a hardware platform that would be able to withstand the threats
of real-time intrusion detection and prevention, and maintain strong levels
of operational performance. The company had about a thousand users, and decided
to deploy a UTM security appliance with a deep packet inspection firewall and
Initially AppLabs used SonicWall PRO 200 Firewall from the United States. This
was about four years back. The solution was a VPN/firewall box for about a hundred
users. As the user base at AppLabs rose it began to consider an upgrade. The
decision was then taken to migrate to a SonicWall PRO 3060 UTM solution, and
finally to the PRO 5060.
The deployed solution, PRO 5060, offers high-speed gateway anti-virus, anti-spyware,
intrusion prevention, secure wireless LAN features, a deep packet inspection
firewall, and an IPSec VPN solution. The appliance also performs gigabit stateful
inspection, WAN redundancy, and load balancing. Texcel Infotech executed the
The deployment by Texcel included one year of gateway anti-virus, anti-spyware
and intrusion prevention services, along with premium content filtering services.
The deployed solution also included SonicWall viewpoint reporting tool along
with 2,000 VPN client licences.
To begin with, Texcel configured and tested the appliance offline for a week.
It was tested again on a live system. The total process took about 10 days,
after which the solution was fully functional at AppLabs.
The appliance can be now be managed remotely as part of a multi-firewall and
VPN environment. The management and monitoring is through a Web interface or
using SonicWalls Global Management System.
The key challenge for us was to
migrate from an older version of the firmware and deploy the newer version
in its place with the network and system architecture remaining the same
The deployed appliance was configured and included 256 NAT policies, and 10
site-to-site VPN tunnels which work along with other firewall vendors such as
Cisco, Netscreen and Checkpoint NG, to name a few. The configuration also included
allowing instant messaging-based services to be used during specific time intervals.
Recalls Ravinder Burju, Texcels Director of Operations, The key
challenge for us was to migrate from an older version of the firmware and deploy
the newer version in its place with the network and system architecture remaining
the same. The older version of the appliance was configured and administered
based on rules, while the newer version lets administrators manage policies
based on objects.
The PRO 5060 protects AppLabs against hybrid application-layer and content-based
attacks. Currently, the deployed solution handles data traffic from 10 site-to-site
tunnels and 150 client-to-site tunnels. It has shouldered an increase in the
number of users from 300 to more than 1,600. In spite of the user-base broadening,
the company hasnt had to buy additional user licences, something it might
have had to do with a software solution, unless, of course, it had gone in for
an unlimited or site licence.