AT&T's Network-Based Firewall Service provides a fully-managed, secure, cost-effective solution that allows you to manage and control employee access to the Internet and prevent unauthorized access into your corporate AT&T network, without the expense of premises equipment. By placing firewall functionality into AT&T's network infrastructure, the service provides highly secure connections for AT&T Frame Relay, AT&T IP-Enabled Frame Relay, AT&T IP-Enabled ATM and AT&T VPN customers, fully managed by a highly specialized staff of AT&T security technicians who continuously screen applications and administer firewalls, intrusion detection signatures, filters, patches and servers.
AT&T's Network-Based Firewall is available in five service levels, ranging from simple outbound only security policy to extensive bi-directional policy with optional features, such as URL filtering and multiple DMZs. This service continuously inspects and treats inbound and outbound traffic according to your predefined security policies. You can also select your company's required bandwidth allocation for Internet access through the firewall.
The firewalls are actively managed and monitored 24x7 by AT&T's Security Network Operations Center (S/NOC), a highly secure, fully-redundant site equipped with emergency backup power. Secure procedures between you and the AT&T S/NOC are in place to provide configuration changes to your security policy and firewall.
Description/Diagram
All security functionality resides in the robust AT&T MPLS network. AT&T's Network-Based Firewall Service enforces traffic separation among customers by establishing a Private Virtual Circuit (PVC) from your private network to the service in order to filter the traffic coming in or going to the Internet. The type of PVC will vary based on your WAN architecture. Traffic separation is designed to occur without tunneling or encryption. This is enabled through a combination of Border Gateway Protocol (BGP), MPLS, and IP address resolution.
Features
- Custom Security Policy
- Reports via customer accessible website
- Static and many-to-one Network Address Translation (NAT)
- VPN tunneling through static NAT
- Hardened external DNS
- Separate unique DMZ policy
- Service from 1.55
- Mbps to 45Mbps (higher bandwidth available)
- Dynamic user authentication and URL filtering
- Virus screening and spam filtering
- Intrusion Detection
- Redundancy
Benefits
- Eliminates the need to install customer premises firewalls and dedicated internet connectivity at each of your locations
- Increases the security of your Internet, intranet, and extranet environments
- Offers you a fully managed end-to-end solution
- Reduces your capital investments, staffing and maintenance expenses
- Leverages your WAN investments
- Leverages highly redundant infrastructure in hardened AT&T data center facilities
- Provides the advantage of accessing the Internet via PVCs that are filtered and monitored via the AT&T Security Network Operations Center
- Provides central application of outbound or inbound/outbound security policies across your locations
- Allows easy upgrade of speeds and sites as your traffic grows
- Available globally
