WatchGuard Firebox III 1000 and Nokia IP130

WatchGuard Firebox III 1000 and Nokia IP130

Currently I have a WatchGuard Firebox III 1000.  What I need to do is drop a Nokia IP130 SSL VPN appliance into my network

I know someone is probably wondering why I am adding the Nokia VPN appliance when the WatchGuard Firebox offers a VPN solution.  Well the reason is that we are in health care so I need the most secure tunneling so I choose SSL over IPsec.

What I am hoping for is someone with either direct experience or just over all skills to give me some help; insight or direction has to how to do this.
dclimaAsked:
Who is Participating?
 
scdavisConnect With a Mentor Commented:
SSL via IPSec..?

Health care, finance or any other data-sensitive industry..  that seems like overkill to me.


If you're determined to do that -- just think through the connections and I suspect you'll answer your question for yourself.  

IPSec is generally site to site (office to office)  -- so something establishes an IPSec tunnel to your existing Firebox.  (be it either an application on the 'client' machine.. or another FireBox servicing an office, yes?)

IPSec encryption is generally "more than sufficient".  You've go to consider where the traffic originates from and where it is destined.  If you are using software on PCs -- and they land the session at your Fire 1000, you've got to physically secure all the ethernet BEHIND the firebox to make this effective.

Putting SSL into a strong encryption/authentication tunnel is redundant.

Sure, the defense in depth argument can be applied -- and if you have the time and money -- knock yourself out.

Just pay attention to where the traffic gets encrypted and de-crypted, eh?

-- Scott.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.