WedgeNetworks

Home Technology Common Policy

Common Policy Manager

  • Share
  • Print

With the Common Policy Manager module, the WedgeOS provides a common system and network configuration, security policy management and threat intelligence interface across all the hardware platforms. The streamlined security configuration management makes BeSecure the most cost effective Web Security Appliance available.

The Common Policy Manager provides security policy management, deployment mode configuration, high availability, and security event monitoring and reporting.

Security Policy Management

BeSecure provides a streamlined security policy management and threat intelligence interface for the following services:

  • Web Virus Filtering

  • Web Filtering

  • Email Virus Filtering

  • Email Spam Filtering

This policy management allows an administrator to tailor security services to the whole network, a subnet, or an individual node. It provides control to fine details such as time based policy configuration, security signature update frequency, etc.

Deployment Mode

BeSecure has several available options for deployment into a customer’s network:

  • Transparent Bridge: BeSecure is installed as a transparent bridge into the traffic path. No network reconfiguration is required.

  • Router Node: BeSecure acts as the gateway for all protected devices.

  • ICAP Server: BeSecure can scan HTTP traffic as an ICAP scanning service off-line from the data traffic

  • WCCP Client: BeSecure scanning can be added off-line from the data traffic by placing BeSecure in the network, and configuring it to register itself as a WCCP client offering a service

High Availability

Network appliances are mission critical. BeSecure provides the following mechanisms to provide the highest reliability to the network:

  • LAN BYPASS: with this enabled, any unexpected outages, such as power failure, etc, will not cause interruptions to the IP data flow.

  • RSTP for a cluster of bridged BeSecure systems: provides path redundancy. With the RSTP (IEEE 802.1W) ability of BeSecure systems, should the current path fail, the IP traffic will automatically flow to the other paths in less than 2 seconds.

  • Linux HA for a cluster of BeSecure systems operating in router mode. These clusters of BeSecures have one virtual IP address to provide redundancy. If the active BeSecure fails, within a couple of seconds, the network payload will be routed to another backup BeSecure system.

Security Event Monitoring and Reporting

BeSecure provide multiple means of monitoring and reporting any detected threats. All the security events are implemented as syslog events, SNMP MIBs and traps so that they can be monitored and reported with standard tools. Graphs, charts and tables of the events are provided via an easy to use web interface to make monitoring and reporting simple and straight forward.

The common policy manager uses the following management interfaces to make the deployment and on-going management of the device easier for administrators:

  • Web based management console

  • CLI

  • SNMP

  • XML over HTTP

 
- Gartner 2009 Report on Security

Related Content