WAN Hardening

WAN hardening is an option that provides additional protection against unsafe connections from remote sites. When WAN hardening is enabled, only traffic arriving from a Silver Peak IPsec tunnels is allowed to enter.

When Silver Peak appliances are deployed in Router Mode, you have the option of hardening any WAN–side interface. This means: 

n	For traffic inbound from the WAN, the appliance only accepts encapsulated traffic arriving from another Silver Peak appliance, via an IPsec tunnel. All other connections are rejected.

n	For traffic outbound to the WAN, the appliance only allows IPsec tunnel packets and management traffic.

n	Any data from the internet that gets backhauled via a Silver Peak IPSec tunnel will reach its destination at the hardened sites. This allows for integration with other security tools, such as firewalls, at the data center.

n	Data sourced directly from the internet, or any other connection that doesn’t flow through a Silver Peak IPsec tunnel, is discarded when it hits the hardened interface. Only data from authenticated Silver Peak IPsec tunnels is allowed to pass across a hardened interface.

To enable or disable interface hardening, do one of the following:

n	On the Configuration > Deployment page, click the lock icon, or

n	On the Configuration > Interfaces page, select or deselect the checkboxin the Hardened Interfaces column.

Please send comments or suggestions regarding user documentation to techpubs@silver-peak.com.