Alcatel-Lucent Security Management Server (SMS) Release 9.4 Technical Overview page 13

Alcatel-Lucent VPN Firewall Brick
The Rules-based routing feature expands the Brick's flexibility to monitor and filter
incoming and outgoing traffic with the following capabilities:
• Route based on any UDP or TCP port to any IP address
• Return route. Send to scan then return to Brick for additional routing and scanning
• Interface with any third party equipment
• Load balance over several proxies or WAN links
• Bypass scanning equipment for data that does not require scanning, thereby
reducing traffic bottlenecks
• Scan data to be passed onto the network or redirected back to the Brick for further
filtering and routing (data scanning and routing is transparent to users)
• Load balance forwarding and content filtering of traffic between multiple content
filters/hosts
• Preserve rules-based routes in the event of Brick hardware failure/failover
The Rules-based routing feature will work in tandem with any third party vendor, and
allows you to retain your existing proxy services for URL filtering and antivirus
applications, and load balance content filtering and URL checking processes across
multiple servers.
Brick-specific rules
In some cases, the security constraints for various types of traffic, even within the
same zone, may be different for each Brick and the related portion of the network
being protected. To allow for this contingency, a zone ruleset can be customized by
adding specific rules within a ruleset for a specific Brick or by modifying the
parameters of an existing rule in a zone for a specific Brick. In this way, a Brick zone
ruleset can be defined with generic rules that apply to all Bricks in a zone and
Brick-specific rules that only apply to a particular Brick in a zone.
Rule and ruleset maintenance
A full range of editing and maintenance functions is provided by the Alcatel-Lucent
Security Management Server (SMS) application to update rules and rulesets to keep
pace with ongoing changes in security requirements and traffic routing. These editing
and maintenance functions include the capability to:
• Modify rule parameters
• Activate/deactivate rules on demand or by day of the week/time of day
• Duplicate a rule within a ruleset and modify parameters in the duplicate rule
• Copy a rule or range of rules, and paste them in the same zone ruleset or another
ruleset, and modify the copied rules as needed, essentially creating a new rule or
set of rules
...................................................................................................................................................................................................................................
260-100-022R9.4
Issue 1, June 2009
™
Security Appliance Brick Policy Rules and Zone Rulesets
1-7