Presents

Suggested Solution
Presented to

For providing network security

22 January 2012
Use/Disclosure Notice This document contains information proprietary of Click Software. It is provided for evaluation purposes only and shall not be copied or otherwise reproduced in whole or in part, used or disclosed in any manner or for any purpose not authorized in writing by Click Group except as retention may be so authorized it shall be returned to the corporation upon request. Egypt Post logo is owned by Egypt Post.

This document has been prepared by Click ITS for the sole use of EGYPT POST. The contents of this Document shall remain the confidential property of Click ITS and should not be communicated to any other party without the prior written approval of Click ITS. Click ITS warrants that to the best of its knowledge those who prepared this document have taken all reasonable care in preparing it, have made all reasonable enquiry's to establish the veracity of the statements contained in it and believes its contents to be true. Click ITS cannot however warrant the truth of matters outside of its control and accordingly does not warrant the truth of all statements set out in this document to the extent such statement derive from facts and matters supplied by other persons to Click ITS. The statements in this document are qualified accordingly. Response to this document should be addressed to:

Member of Click Group

Address Telephone

: :

27 Ezzat Salama St., Off Abass Al-Akkad, Nasr City, Cairo, Egypt. (+202) 2275 25 06-08 2670 66 29-49 (+202) 2273 76 31 security@click-group.com www.click-group.com

Fax E-mail Website

:
:

Use or disclosure of data contained on this sheet is subject to the restrictions on the title

Page 2 of 7

As per our last visit to your datacenter and our discussions with Eng. Mohamed Ramadan and Eng. Abdel-Aaty, we are recommending the following implementation scenarios using UTM to improve security strategy and simplifying the network structure and also administration and management with the most secured and latest security trends in the meantime and future. An introduction to UTM was provided in our last email. We chose not to include it again here for simplicity and avoiding boring. So, if you need to read more about UTM, Fortigate, and Click ITS please kindly request that or back to referred email. After discussing the suggested scenarios we are ready to implement a live demo to test the environment live and feel performance. This will be arranged through Click ITS as a Fortinet Partner, Mantrac as a Fortinet Distributor and Fortinet Egypt.

Use or disclosure of data contained on this sheet is subject to the restrictions on the title

Page 3 of 7

Implementation Scenarios Ramsis Data Center

In the current situation you have Bluecoat web filter appliance and the solution we suggest is to replace the Bluecoat appliance (which is off duty now) with one Enterprise-sized Fortigate appliance. In which it provides you with web filtration feature based on categories and also other UTM Features. Detailed comparison between Fortigate and Bluecoat is stated below. The implementation scenarios may expand to any level of security you want to implement according to your current infra structure in order to maintain it as far as we can to lower cost but in secure way. Dow here Fig. 1 is the scenario suggested to implement the above view.

Fig. 1 - Data Center

Use or disclosure of data contained on this sheet is subject to the restrictions on the title

Page 4 of 7

Remote Branches
In the current situation you have Cisco which is act as a firewall and VPN which may be suitable for this situation for transferring remittance data across the leased line or through VPN connection. We can add more network and security values to your current structure by adding a UTM device at each remote branch instead of or along with your current firewall and VPN appliance to enable that branch to connect to the datacenter via secured VPN connection (IPSEC or SSL, ) and utilize the two internet connection (leased line or 3G) to work together as load balancing or failover utilizing its Multi-Wan support feature. This also enable the users of that remote branch to connect to the internet with a completely control the traffic of the internet connection for each use. Dow here in Fig. 2 is the scenario suggested to implement the above view.

Fig. 2 - Remote Branch

Use or disclosure of data contained on this sheet is subject to the restrictions on the title

Page 5 of 7

Fortigate vs Bluecoat

Item
Router (static-Dynamic) Firewall Multi Wan Support Bandwidth control Route Based on User IP Route Based on Protocol GUI interface CLI interface HA support HA (active-active) HA (active-passive) DHCP service Statue Firewall Antivirus Antispam IPS DOS (Denial Of Service) Web Application Control DLP (Data loss prevention)

BlueCoat
No No No Yes No No Yes Yes Yes No Yes No No Yes (ProxyAV only) No No No Yes Yes (True File Type Check)

Fortigate
Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes (HTTP,POP3,SMTP,IM and File Finger Print Yes (Detect transferred Files with pre saved critical documents finger print) Yes Yes Yes Yes Yes Yes Yes Yes Yes

Document Finger Print Web Filtration Based on categories Block Phishing Sites Block/Allow Specific file types True file type checks Customizable Block Pages Override Rules Prevent P2P File Sharing Proxy avoidance blocking Web 2.0 threat protection

No

Yes Yes Yes Yes No No Yes Yes Yes

Use or disclosure of data contained on this sheet is subject to the restrictions on the title

Page 6 of 7

HTTPS(SSL) inspection Acceleration & optimization Transparent or Explicit deployment Full IPv6 implementation

Yes Yes Yes Yes Active Directory LDAP eDirectory 6+ million No No Per User No No No No Yes Yes No Yes No

Yes Yes Yes Yes RADIUS LDAP Active Directory eDirectory Local Database 25+ million * Yes Yes Per Period Yes Yes Yes Yes Yes Yes (Using FortiAnalyzer) Yes (Using FortiAanalyzer) Yes Yes

User Authentication

Rated Domains User Browsing Flexible Quota Based on Categories End Point Control License VPN (Site-Site) VPN (Client-Site) SSL VPN Web Mode SSL VPN Tunnel Mode Log and monitoring Reporting Full Network Activity Archiving Admin Notification Via Mail Admin Notification Via SMS

Use or disclosure of data contained on this sheet is subject to the restrictions on the title

Page 7 of 7