Where are all the small FIPS certified IPSEC VPNs going?

[mtnbkr]

Nortel is dropping theirs, it looks like Cisco is doing the same.  Juniper nickels and dimes you to death if you want one of theirs.  Alcatel is gone, as are many other players.

All I want is a sub-$2000 device that will deliver 20+ tunnels at 10-20Mbps with AES encrypted IPSEC and is also FIPS 140-2 certified.  We buy 5-10 of these a year from Nortel (their Contivity 600 model).

Chris

[41magsnub]

Sonicwall will do it, there is a FIPS check box to lock it down to those standards.  The smallest one, the TZ-150, is not but everything larger is.

An SW NSA 240 Box might be what you are looking for, well under $2K, exceeds all the numbers you mentioned, and is FIPS compliant.

[mtnbkr]

Will check it out.  Thanks!

Chris

[AJ Dual]

Yes.

Sonicwall seems to be moving into the small/medium end of the market the others are vacating. It's what we have too.

[RevDisk]

Nortel is dropping theirs, it looks like Cisco is doing the same.  Juniper nickels and dimes you to death if you want one of theirs.  Alcatel is gone, as are many other players.

All I want is a sub-$2000 device that will deliver 20+ tunnels at 10-20Mbps with AES encrypted IPSEC and is also FIPS 140-2 certified.  We buy 5-10 of these a year from Nortel (their Contivity 600 model).

Chris

Shoot, there's usually half a dozen such devices in "Signal" magazine that's geared towards military commo gear.   I'll find ya a bunch once I get home.  Uh, you don't mind your boxes coming in OD, ACU grey, etc, right? 

[mtnbkr]

Pink is fine as long as it meets our needs. :)

Chris

[RevDisk]

Pink is fine as long as it meets our needs. :)

Chris

I shall inquire into the availability of that as well, then.

[mtnbkr]

If you find a pink one that meets our needs, then I shall lobby for it's adoption simply because...

Chris

[41magsnub]

If you find a pink one that meets our needs, then I shall lobby for it's adoption simply because...

Chris

There is always Krylon...

[RevDisk]

 

Sorry man, everyone uses repackaged Cisco or Nortel usual suspects.

Your only options for something name brand are a Netscreen off eBay, or a SSG 140.  Juniper is probably going to be your only bet if you want FIPS, brand name and new from OEM. 

You can try looking at Allied Telesis AT-AR750S, but I don't think it's FIPS.  Work looking into, tho.
http://www.alliedtelesyn.com/products/type.aspx?cid=10

There's other stuff, but probably not what you want.  SonicWall, TrendNet TW100-BRV324, etc etc.

[S. Williamson]

0_0

ihavenoideawhatyouretalkingabout

0_0

[RevDisk]

ihavenoideawhatyouretalkingabout

We're making up words to confuse you.  I would have thought that was obvious.   

[mtnbkr]

Juniper is probably going to be your only bet if you want FIPS, brand name and new from OEM. 

You can try looking at Allied Telesis AT-AR750S, but I don't think it's FIPS.  Work looking into, tho.
http://www.alliedtelesyn.com/products/type.aspx?cid=10

Thanks.  I'll check into the AT unit.  Juniper isn't a bad choice if we can get what we need for the price we're paying for a Nortel 600. FIPS is an absolute requirement though, which is what makes this so damn annoying.  Lots of non-FIPS choices out there...

Chris

[Firethorn]

FIPS is an absolute requirement though, which is what makes this so damn annoying.

You want fun?  I have people trying to find FIPS 140-2 compliant wireless keyboards...      

When it gets annoying is when they try to get ME to find them.

[Nitrogen]

Sonicwall or possibly Checkpoint.

[mtnbkr]

You want fun?  I have people trying to find FIPS 140-2 compliant wireless keyboards...     

Why?  If you need security in a keyboard, use a wired model. 

Chris

[AJ Dual]

0_0

ihavenoideawhatyouretalkingabout

0_0

It's really pretty simple. IEEE 4521.x standards dictate that any proposed device has bitstream conduits that deviate from the OSI seven-layer concept less than .005% of all cross-partnered packets. And that they all have have a factored checksum that falls within a Fibonacci sequence.

Many inexpensive devices do this, however, the expense is really in the certification. Although if you want one that can multipath sessions with indexed authentication using disposable one-time pads, now that'll cost you.

[mtnbkr]

It's really pretty simple. IEEE 4521.x standards dictate that any proposed device has bitstream conduits that deviate from the OSI seven-layer concept less than .005% of all cross-partnered packets. And that they all have have a factored checksum that falls within a Fibonacci sequence.

Many inexpensive devices do this, however, the expense is really in the certification. Although if you want one that can multipath sessions with indexed authentication using disposable one-time pads, now that'll cost you.

AJ, I'm not familiar with IEEE 4521.x.  I also can't find anything referring to it.  What exactly is it?

More about FIPS 140-1 (what I'm referring to when I merely say "FIPS"): http://en.wikipedia.org/wiki/FIPS_140-2

Chris

[AJ Dual]

AJ, I'm not familiar with IEEE 4521.x.  I also can't find anything referring to it.  What exactly is it?

More about FIPS 140-1 (what I'm referring to when I merely say "FIPS"): http://en.wikipedia.org/wiki/FIPS_140-2

Chris

IEEE 4521.x supplanted IEEE 4521.w sometime around 2003, IIRC. Mainly because RAMDAC's capable of less than a .00001% error rate with packet formulation have only cost pennies since the 90's. They also upped the session retry timeout for non-optical transmission, (copper pair etc.) for when there's solar storm activity etc.

You do, uh.. know I'm just making up completely random stuff as I go along, right? 

[mtnbkr]

You do, uh.. know I'm just making up completely random stuff as I go along, right? 

Who are you, Gene Roddenberry?

Chris

[RevDisk]

Many inexpensive devices do this, however, the expense is really in the certification. Although if you want one that can multipath sessions with indexed authentication using disposable one-time pads, now that'll cost you.

Dude, I swear to the Gods I was laughing so hard, my lady friend thought I was in danger of dying.  I was seeing spots and now my sides hurt. 

 

[Firethorn]

Why?  If you need security in a keyboard, use a wired model. 

That's what I tell them.  But by regulation there is no direct ban, so when I get full birds asking I need the 4-Star regs to override them.

[RevDisk]

That's what I tell them.  But by regulation there is no direct ban, so when I get full birds asking I need the 4-Star regs to override them.

Don't you have a facility security officer handy?   FSO's are supposed to be able to explain security regs exactly like this situation.

[Firethorn]

Don't you have a facility security officer handy?   FSO's are supposed to be able to explain security regs exactly like this situation.

My official title is a bit different, but that's basically what I am.