Nortel Switched Firewall 6624
Flexible and fast firewall system.
An incredibly fast unit, but the documentation needs work to make it easier to configure.
Nortel's whole approach to security is different to the other manufacturers on test, as this bundle incorporates two products: the 6600 Accelerator and the Director 5024 firewall.
The firewall itself is the same specification as the existing 5014, except that it features a VPN accelerator as standard.
As with Nokia's IP380, the 5024 uses Check Point's Firewall-1 NG to filter traffic. Again, this gives a neat differentiator between managing the hardware and software – some administrators can be given access to the web-based management for physical hardware management, while Check Point's console leaves security to other managers.
It features the excellent Firewall-1 security. With two copper and two fiber SX Gigabit Ethernet ports, this is a powerful firewall in its own right.
But it is the Accelerator 6600 that makes the real difference. Installation is very similar to the Director – we had to use the CLI before administering the hardware using the web interface. This is more difficult than it sounds, as the documentation is spartan and difficult to follow.
Once it has been configured, the Accelerator 6600 sits before the 5024 and accelerates traffic by offloading work from the firewall. It performs deep inspection on all incoming packets at wire speed, preventing attacks and unauthorized traffic. Up to 224 filtering rules can be put in place, denying traffic by application type, protocol and source/destination IP address. According to Nortel, this offloading leaves the firewall to deal with core security concerns and provides throughput of up to 7Gbps. And because six firewalls can be connected to two accelerators, this is a flexible product for increasing throughput, particularly for critical systems such as web applications.
But it does increase the burden of management, because you must manage an additional box and your existing firewall, and generate a new range of filtering tools. Also, the accelerator will only work with Nortel firewalls.
The confusing and bare documentation means it takes time to get used to. But once past that, this is a fast, modular solution that will be of particular use to those needing high throughput.