The CEQURUX Firewall supports the use of Virtual Private Networks (VPNs). A VPN allows you to transparently access hosts in private networks located behind CEQURUX Firewall from other such private networks. This can be done by means of `IP tunnelling' between CEQURUX Firewalls or VPN Gateways or using the Internet IPSec standard packet encryption mechanisms. The tunnelled connections can be encrypted in real-time using any of a number of cryptographic ciphers, including DES, Triple-DES, Blowfish, and others. VPNs allow you to set up secure wide-area private networks which use the Internet as their WAN backbone.
To set up CEQURUX Technologies-proprietary VPNs, you need to define tunnel connections between your CEQURUX Firewall and then associate source/destination address mask pairs with tunnels. Packets which match a source and destination address mask pair will be relayed without modification via the associated tunnel to the remote firewall, from whence they will be relayed to the internal network on the remote side (and similarly for responses). If tunnel encryption is enabled, the packet will be encrypted before it is tunnelled, and the remote firewall will decrypt it before passing it on. For improving the utilisation of slow connections, and/or improving the security of the encryption by reducing the risk of statistical attacks, the packets can have their headers and/or payloads compressed before encryption. Header compression is done by a modified Van Jacobsen method, while payload compression (actually packet compression) is done using Lev Zimpel compression (commonly known as `zip' compression). The firewall includes a special DNS proxy server called `splitdns', which can route DNS requests to the appropriate internal, external or remote VPN nameservers, which allows you to do DNS lookups for the hosts in other parts of the VPN.
Setting up IPSec-based VPNs is done in a similar fashion. There are some advantages to using IPSec (such as host-to-firewall encryption), but the proprietary VPN capabilities of the CEQURUX Firewall offer more flexibility for access control as well as the ability to distribute the DNS information across the VPN.