Firewall devices, guarding internal networks from the Internet, have been a key element of network security for over two decades. However, more recently software and cloud-based Zero Trust SASE solutions started replacing legacy firewalls due to two main reasons:
Exium enables customers to gradually modernize their security and network infrastructure for the digital business by augmenting and eventually replacing firewalls by leveraging Exium's Cyber Gateway backed by our Cybermesh as outlined in the figure below.
Below Table summarizes the capabilities provided by Exium (marked with a √) and the functionality provided by the legacy firewall (during the transition phase).
Security Controls |
Transition |
Modernize by migrating Firewall to the cloud |
---|---|---|
Comprehensive Web Security |
√ |
√ |
DNS Security and support for Private DNS Servers |
√ |
√ |
Network Segmentation (VLANs), LAN Zero Trust |
√ |
√ |
Zero-Trust Secure Network Access (replaces VPN) |
√ |
√ |
SD-WAN private network, app-aware routing |
√ |
√ |
Port Forwarding |
√ |
√ |
IoT Device Security |
√ |
√ |
Threat Prevention |
√ |
√ |
Reporting and logging |
√ |
√ |
Inbound firewall rules (IP, port, protocol) |
Existing Firewall |
√ |
Outbound firewall rules (IP, port, protocol) |
Existing Firewall |
√ |
DHCP Server |
Existing Firewall |
√ |
On-Demand Features | ||
Intrusion Detection and Prevention (IDP) |
√ |
√ |
Private DNS Server |
√ |
√ |
Web proxy/ SSL decryption |
√ |
√ |
Network Access Control (NAC) |
√ |
√ |
LAN Vulnerability Scan |
√ |
√ |
Exium delivers the highest levels of network security and performance with smart traffic routing as depicted in the figure below. After going through the advanced security controls, Internet bound traffic to Web and SaaS apps exits locally to deliver highest user experience. Since the private network traffic is destined for internal applications hosted at other locations, data centers and public cloud, the traffic is routed inside a secure tunnel via the CyberMesh.
In cases where customers like to route the Internet bound traffic traffic via the Mesh as well, it can be done with a simple setting in the admin console. However, this may have an impact on the latency and throughput for the Web and SaaS apps dependent upon the distance of your location from your Exium preferred Cybernode.
Below Table summarizes the use case, cyber gateway throughput, the resources needed to support the throughput, and the recommended hardware. For the cyber gateway deployment on a hardware box, you can click on the instructions in the deployment column next to the hardware you selected. Instructions for deployment on a Virtual Machine are linked here.
Option |
Use Case |
LAN Throughput |
WAN Throughput |
Recommended Hardware |
Deployment |
Virtual Machine Specs (CPU / Memory/ SSD) |
---|---|---|---|---|---|---|
A | Small Office/Home Office (SOHO) | 1Gb/s | 500 Mb/s |
|
1vCPU/1GB /32GB |
|
NOTE: Orange Pi is recommended for only single-interface Cyber Gateway Deployment | ||||||
B | Small, up to 25 users location | 1Gb/s | 1Gb/s |
(Model 432 or 832)
|
2vCPU/2GB/32GB |
|
C | 50 users location | 2.5Gb/s | 1Gb/s |
|
2vCPUs/2GB/32GB |
|
D | 100 users location | 2.5Gb/s | 2.5Gb/s |
(HUNSN RS41)
|
4vCPUs/4GB/32GB |
|
E | Large office (100s users ) or data center | 10Gb/s | 10Gb/s | 1U Firewall Appliance |
16vCPUs/16GB/128GB |
|
F | Very large office (1,000s users ) or large data center | 50Gb/s | 50Gb/s | PowerEdge R7515 Rack Server |
Same as above |
48vCPUs/48GB/256GB |
Notes: Option D above offers 4x2.5 GbE, for 6x2.5 GbE, you may consider HUNSN RJ04 option. Another lower cost option for the 1U form factor is HUNSN RJ08.
To learn more about implementing SASE for your organization and explore tailored solutions that meet your unique requirements, contact Exium at partners@exium.net for a consultation or demonstration. If you are ready to get started, check out our testing and onboarding process.