Q1: What is Celestix MSA appliance?

A: Celestix MSA is a Firewall, VPN and Caching Appliance. The product is based on Microsoft Internet Security and Acceleration Server 2006 (ISA Server 2006) on top of a hardened Windows Server 2003 Standard Edition. Customers would prefer ISA Server 2006 based appliance because it saves them precious time and reduces the complexity associated with purchasing, installing, integrating and hardening their solution. Moreover, Celestix MSA is more secure because the product has been pre-qualified for this purpose.

Q2 : What does the Celestix MSA Firewall/VPN/Cache appliance offer?

A: The Celestix MSA Firewall/VPN/Cache appliance offers a Windows-based solution tightly integrated with Windows, Microsoft Exchange, IIS and RSA SecurID that enables you to quickly setup and improve network security and performance.

Specifically ISA Server 2006 gives you multiple functionalities for the price of one product:

• Multi-layer firewall for packet, circuit and application level filtering with deep content inspection and Exchange Server integration
• High performance Web proxy and caching for fast, secure Internet access
• Integrated firewall/VPN that offers a higher level of security than a standalone RAS VPN, including built-in IPSec tunnel mode and support for Windows quarantine
• SSL termination to publish secured sites, otherwise known as SSL VPN
• Firewall-level spam control with deep content inspection, along with IP, domain, and keyword filtering and attachment blocking
  

Q3: Why ISA Server 2006-based appliance?

A: Many applications such as web server, storage, firewall/VPN, Intrusion Detection Systems (IDS) are being sold as appliances. According to IDC, appliances will continue to be the primary avenue for security software delivery. Customer's benefits include:

• The customer does not have to plan, find, purchase, install and test components that address his specific scenario. Rather, he is looking and purchasing a product that specifically addresses his scenario based on our 7 different MSA appliances.
• The customer saves time and enjoys a much reduced complexity.
• The customer feels secure with factory-based hardening and does not have to go through the process of finding the knowledge or tools and going through the trial and error validation process of the resulting hardening.
• The customer does not have to test the integration or suffer from integration problems.
• The customer does not have to purchase the separate pieces of a Server PC, Windows, ISA Server 2006 and possibly additional software and hardware components.
• The customer refers to a single contact for any problem with his product.

Q4: What's unique and compelling about the ISA Server 2006-equipped appliance offering?

A: We offer seven hardware platforms: MSA2000i, MSA3000i, MSA4000i, MSA3000b, MSA4000b, MSA5000s and MSA5000e. Each appliance includes:

• Out of the box Firewall, VPN and caching solutions
• 6 GbE (PCI-Express) network ports for easy multinetting
• Jog dial for easy network configurations
• LCD display for at-a-glance status information
• 1 button rollback to factory default state in less than 15 minutes
• Hardware-based cryptographic acceleration included in MSA4000 and MSA5000
• Update services

From a software perspective, Celestix will include appliance software to:

• Run in a headless fashion (no keyboard, video, mouse required)
• Enable common appliance management through a web-based user interface
• Support common maintenance tasks such as software updates, etc.
• Lock down the server appliance (hardware/software system hardening)
  

Q5: What types of organisations and specific business needs are you targeting with your appliance?

A: Market segment is small/medium sized businesses. Business needs we are targeting:

• Gateway firewall for enterprise perimeter defense
• Caching/proxying for outbound Internet traffic
• VPN deployments (site to site and SSL)
• Application-layer inspection for SMTP & message screening
• Web publishing for internal websites (such as OWA, etc.)
  

Q6: What advantages will your customers gain from implementing an ISA Server 2006-equipped appliance compared to licensing and installing the ISA Server technology on an existing server?

A: Celestix MSA customers won't need to spend time purchasing hardware/software, installing software, and optimising/hardening the configuration. By purchasing a Celestix ISA appliance, this will all be prepackaged, pre-installed, and pre-configured. The MSA will actually be cheaper than the sum of its individual components. In addition, customers will have a single point of contact for support, hardware replacement, etc.

Q8: What is new in ISA Server 2006?
A: ISA Server 2006 includes many new features and improvements. These include:

• A new, simplified user interface
• Support for multiple networks
• Improved VPN support
• VPN quarantine capabilities
• Ability to create custom firewall user groups
• More extensive protocol support
• Customised protocol definitions
• OWA Publishing Wizard
• Improved support for FTP upload/download policy
• Improved Web publishing
• Port redirection for server publishing rules
• Improved cache rules for centralised object storage
• Path mapping for Web publishing rules
• RADIUS support for Web proxy client authentication
• Delegation of basic authentication
• SecureID authentication
• Firewall-generated forms (forms-based authentication)
• Improved SMTP Message Screener
• Improved HTTP filtering
• Link translation
• Improved monitoring and reporting
  

Q9: What does MSA stand for?

A: Multifunction Security Appliance.

Q10: How is software updates handled?

A: The web interface that is pre-installed on the VPN Appliance has a section called Maintenance. Under the Maintenance area is a link for Software Updates. From there, you just select a file to upload and install. Installed updates can also be uninstalled if need be.

Q11. What does Web Caching provide?

A: Web Caching provides dramatic increases in network performance by caching often visited websites and content downloaded off the Internet.

Q12. What reports are available?

A: ISA Server 2006 includes four distinct reporting areas: web, application (protocols), traffic and utilisation, security plus summary. All of these reports can be run automatically or manually and each report can be customised.

Q13. What is the maximum number of VPN connections the Celestix MSA Firewall/VPN/Cache appliance will handle?

A: The Celestix MSA Firewall/VPN/Cache appliance will handle a maximum of 1,000 VPN connections.

Q14. Will this server provide intrusion detection?

A: Yes. As part of ISA Server 2006, this server will protect against common network attacks and allows configuration of network attack alerts.

Q15. How will licensing work for the Celestix MSA Firewall/VPN/Cache appliance?

A: No additional client or server licensing is needed or required for this appliance.

Q16. Will I need to purchase user/client licenses for this appliance?

A: No additional user/client licenses are needed or required for this appliance.

Q17. How is this appliance different than anti-virus software?

A: Anti-virus software is designed to stop known viruses and worms from infecting the network. The Celestix MSA Firewall/VPN/Cache appliance is an advanced multi-layer firewall designed to inspect, filter, and prevent unauthorised access to the network.

Q18. Will I need anti-virus software if I have this server?

A: Absolutely. Anti-virus software and the Celestix MSA Firewall/VPN/Cache appliance work hand in hand to stop malicious code and network attacks.

Q19. How will this server work with my anti-virus software?

A: The Celestix MSA Firewall/VPN/Cache appliance will complement each other. Celestix recommends you add another server running or load on an existing server anti-virus software.

Q20. How does this appliance fit into my network?

A: The Celestix MSA Firewall/VPN/Cache appliance is most often located on the network perimeter or network edge as the server through which all network traffic flows before reaching your internal network. For networks with firewalls in place on the network edge, the Celestix MSA Firewall/VPN/Cache appliance should be placed in front of Windows, Exchange, or IIS servers receiving inbound network traffic before it reaches the internal network.

Q21. What other third party applications can I run on this server?

A: Yes. Microsoft has many certified third party applications and plug-ins that increase the performance, availability, functionality, and security of the Celestix MSA Firewall/VPN/Cache appliance. For a list of certified third party application and plug-in vendors visit http://www.microsoft.com/isaserver/partners/ .

Q22. What security certifications does Celestix appliance have?

A: ISA Server 2006 is in the process of obtaining the Common Criteria EAL4+ and ICSA government security certifications.

Q23. How will this server affect my network performance?

A: The network you are running plays a large role in determining network performance. Celestix offers 7 different MSA appliances that cater to your network traffic. If you are running a T-1 network the MSA4000 appliance will more than meet your needs.

Q25. How does this work with my existing firewall?

A. The Celestix MSA Firewall/VPN/Cache appliance operates as either a primary or secondary firewall. As an advanced application layer firewall, the Celestix MSA Firewall/VPN/Cache appliance goes beyond traditional firewalls to protect against the most sophisticated network attacks targeting applications.

Q26. Will this server replace my existing firewall?

A. No. The Celestix MSA Firewall/VPN/Cache appliance works hand in hand with other firewalls ideally suited as an application layer firewall protecting Exchange and IIS.

For more information call us on +44 (0)8707 520570 or email sales@thinstore.net