With Managed Firewall/VPN, you benefit from basic port handling and many other functions, such as dynamic routing, performance tuning, site-to-site and client-to-site VPN, packet shaping, Network Address Translation, zone-based policy, stateful inspection and virtual Local Area Network.
Network Address Translation changes the IP address information of packets at the firewall. This means that, during a session, the firewall is the only instance that receives all the address information.
Stateful inspection covers the areas of spoofing and packet filtering. Spoofing refers to methods that are used to suppress authentication and identity procedures if these are based on the use of trusted addresses or host names in network protocols.
Packet filtering is a dynamic filtering technique that assigns every data packet to a specific session. The packets are analysed and saved in dynamic condition tables. Packets that cannot be assigned to pre-defined contacts or may belong to a DoS attack are discarded.
With a zone-based policy, the source and destination addresses are checked and the provision of a source and a destination zone additionally requested. If a source is not in the assigned zone, the firewall discards the packet.
The two protocols IPSec and SSL-VPN ensure a secure connection between two sites (site-to-site) or between a user and a site (client-to-site).
A VLAN is a logical partial network within a physical network. With this, the data packets from the firewall, router and switches are forwarded to the relevant partial networks. VLAN interfaces are just as secure as physical interfaces.
With traffic shaping or packet shaping, you prioritise the network and specify the minimum and maximum bandwidth. These actions initiate applications or protocols on the basis of the selected packets. In addition, you have the option to determine transmission directions and time restrictions.
With performance tuning, you achieve the system’s maximum performance. For this, an optimal and current policy is required, as well as specific settings on the firewall.
Swisscom guarantees that health incidents are processed within the defined service level times. If a security device cannot be reached, Swisscom resolves the problem and informs you immediately.
The service collects events and generates security incidents based on the automatic threat analyses. These are divided into different classes: insufficient info, harmful attack, false positive, forensics and offline analysis. Insufficient info and harmful attacks are analysed by a specialist; all others are logged.
In the MSS-i dashboard you can compile extensive reports in accordance with your needs and call them up in real time or download them as PDF files.
Changes to security devices is part of the service. These can be initiated in the MSS-i dashboard at any time. For example, firewall rule changes (rules, NAT, objects, groups), firewall system adjustments (VLAN, interfaces, routing) and site-to-site or client-to-site adjustments (encryption domain, encryption algorithm).
Swisscom regularly tests manufacturers’ patches and releases and, following approval, implements them automatically.
Swisscom takes care of all current configurations and ensures that backups are stored securely and clearly. This allows older configurations to be restored at any time if required.
Swisscom uses only hardware and software that is state of the art.
You know that your firewall is always up to date.
You can integrated the service into your structure and supplement it with module at any time.
You benefit from real-time monitoring by renowned security experts.