Managed Dedicated Firewall

Firewalls are a core component of an overall network and information security strategy and architecture. An element of our Internet Access Services portfolio, Colt Managed Dedicated Firewall (MDF), protects your mission-critical networks and application services from compromise and helps prevent intrusions from hackers, viruses, worms and other web-borne threats.

MDF is provided as an optional service and includes a customer-dedicated firewall appliance on customer site, maintained and remotely managed by Colt. It comprises installation, operation and maintenance of hardware, software and policies.

Customers will be able to benefit from the management and monitoring performed by Colt Solution Management Centre (SMC) and Security Operations Centre (SOC) 24 hours a day, seven days a week. The Colt SOC uses vast security expertise from the Security Operations Centre’s Security Threat Intelligence programme thus securing customers’ business communications infrastructure.

In order to keep the firewall under control as a whole, easily accessible web-based reporting is provided. This covers the security policy deployed, statistics reports on the firewall activity, events viewer (Syslog) referred to a specific interval time of the customer’s choice and the health of the firewall’s performance.

The MDF is available in four different variants, with the option of configuring Active/Standby High Availability to get a higher level of reliability.

Benefits include:

  • Concentrate on your core business
  • Security expertise at hand
  • Reduced total cost of ownership
  • Keep pace with technology
  • Matching the most stringent needs
  • Single Point of Contact for both firewall and Internet service

A typical deployment of the MDF is when the MDF is delivered to the customer’s premises and sits behind the CPE router.

The MDF filters the traffic directed to the customer’s network: to either the private trusted network or to the demilitarized zone (DMZ). The DMZ usually exposes external services to the Internet such as web, servers, ftp and DNS. Because it is accessed from the Internet, the DMZ is intrinsically less trusted and needs to be separate from the private network.

For this reason, different rules can be set, depending on traffic destination (Private LAN or DMZ). These rules form the Firewall Security Policy, based on which the MDF decides whether to allow the traffic to pass through.

The MDF is managed by the SOC and can be proactively monitored by the SMC. It can be delivered in Active/Standby High Availability for increased reliability.

The main features include:

  • Security Policy management - The Security Policy is the set of rules on which MDF will base any decision; it is needed so that the MDF will perform correctly. The Colt presales team will work with customers to develop a security policy that meets their business needs.
  • Stateful inspection - The MDF performs stateful packet inspection (SPI). This means that MDF keeps track of the state of network connections (such as TCP streams and UDP communication) travelling across it.
  • Network/Port Address Translation (NAT/PAT) - NAT/PAT is a method of assigning single IP addresses to multiple clients using TCP port information. Any Network/Port Address Translation (NAT) that may be needed will be part of the initial configuration and captured in the Order Form.
  • DMZ - A demilitarized zone (DMZ) is a physical or logical sub network that contains and exposes Customer's external services to the Internet.
  • VLANs - The MDF is VLAN-aware. The definition of VLANs is captured through the Configuration Template.
  • Proactive monitoring - Proactive monitoring consists of Proactive monitoring as well as Proactive Notification
  • Enhanced resilience - The MDF can be provided in Active/Standby High Availability (HA) configuration; proactive monitoring is always included with HA.

 

Please choose your country