¶ Modernize Security with Zero Trust SASE
For over two decades, firewall devices have been essential for protecting internal networks from the Internet. However, software and cloud-based Zero Trust SASE solutions are now replacing legacy firewalls for two primary reasons:
- Firewalls cannot implement zero trust
- High upfront hardware CAPEX, licensing, and operational costs
Exium empowers customers to gradually modernize their security and network infrastructure for digital business by enhancing and eventually replacing firewalls with Exium's Cyber Gateway and Cybermesh, as illustrated in the figure below.
The table below outlines the capabilities provided by Exium (marked with a √) compared to the functionalities of the legacy firewall (available only during the transition phase). For a comprehensive comparison of the Cyber Gateway's functionality, performance, and cost against major firewall brands, please refer to our article, “Exium’s SASE Cyber Gateway - A Modern and Cost-effective Firewall Replacement.”
|
Security Controls |
Transition |
Modernize by migrating Firewall to the cloud |
|---|---|---|
| Comprehensive Web Security |
√ |
√ |
| DNS Security and support for Private DNS Servers |
√ |
√ |
| Network Segmentation (VLANs), LAN Zero Trust |
√ |
√ |
| Zero-Trust Secure Network Access (replaces VPN) |
√ |
√ |
| SD-WAN private network, app-aware routing |
√ |
√ |
| Port Forwarding |
√ |
√ |
| IoT Device Security |
√ |
√ |
| Threat Prevention |
√ |
√ |
| Reporting and logging |
√ |
√ |
| Inbound firewall rules (IP, port, protocol) |
Existing Firewall |
√ |
| Outbound firewall rules (IP, port, protocol) |
Existing Firewall |
√ |
| DHCP Server |
Existing Firewall |
√ |
| Intrusion Detection and Prevention (IDP) |
√ |
√ |
| Private DNS Server |
√ |
√ |
| Web proxy/ SSL decryption |
√ |
√ |
| Network Access Control (NAC) |
√ |
√ |
| LAN Vulnerability Scan |
√ |
√ |
¶ Traffic Routing in the Cyber Gateway
Exium ensures optimal network security and performance through intelligent traffic routing, as illustrated below. After passing through advanced security controls, internet-bound traffic to Web and SaaS applications exits locally to maximize user experience. Meanwhile, private network traffic meant for internal applications hosted elsewhere, such as data centers and public clouds, is routed securely through a tunnel via the CyberMesh.
¶ Cyber Gateway Deployment Recommendations
The table below summarizes the use cases, cyber gateway throughput, required resources to support that throughput, and recommended hardware. For deployment on a hardware box, click the instructions in the deployment column next to your selected hardware. Instructions for deploying on a Virtual Machine can be found here.
| Option |
Use Case |
LAN Throughput |
WAN Throughput |
Recommended Hardware |
Deployment |
Virtual Machine Specs (CPU / Memory/ SSD) |
|---|---|---|---|---|---|---|
|
Most Popular |
||||||
| A | 100 users location | 2.5Gb/s | 2.5Gb/s |
HUNSN RS41 provides 4x2.5 GbE For 6x2.5 GbE, you may consider HUNSN RJ04 |
4vCPUs/4GB/32GB |
|
| B | 50 users location | 2.5Gb/s | 1Gb/s |
|
2vCPUs/2GB/32GB |
|
|
1U Form Factor |
||||||
| C | 100 users location | 2.5Gb/s | 2.5Gb/s |
HUNSN RJ08. |
4vCPUs/4GB/32GB |
|
| D | Large office (100s users ) or data center | 10Gb/s | 10Gb/s |
HUNSN RJ16 |
16vCPUs/16GB/128GB |
|
|
Others (Less Common) |
||||||
| E | Very large office (1,000s users ) or large data center | 50Gb/s | 50Gb/s | PowerEdge R7515 Rack Server |
Same as above |
48vCPUs/48GB/256GB |
| F | Small Office/Home Office (SOHO) | 1Gb/s | 500 Mb/s |
|
1vCPU/1GB /32GB |
|
| G | Small, up to 25 users location | 1Gb/s | 1Gb/s |
(Model 432 or 832)
|
2vCPU/2GB/32GB |
|
To learn more about implementing SASE, XDR, IAM/ MFA, and GRC for your organization and explore tailored solutions that meet your unique requirements, contact Exium at partners@exium.net for a consultation or demonstration. If you are ready to get started, check out our testing and onboarding process.