Académique Documents
Professionnel Documents
Culture Documents
Internet Services
Overview...........................................................................11-2
SECTION 1 : Internet Access and Security....................................12-3
Introduction.......................................................................................................13-3
Shared Internet Access........................................................................................14-4
Firewall, Back up and Antivirus.............................................................................15-7
SECTION 2 : Proxy/Cache......................................................16-10
Embedded Proxy Server.....................................................................................17-10
Built-in Cache Server.........................................................................................18-11
10-1
Overview
The Alcatel-Lucent Office Communication Solutions, based on Premium Unit, offers Internet
solution including Internet Access & Firewall, Proxy and Cache server and Intranet & file
server.
Furthermore, the Extended Communication Server provides a feature rich & professional
Internet solutions. Refer to the chapter Extended Communication Server.
This chapter explains the Internet solution with an OmniPCX Office in a standalone mode.
Internet Access
Shared Internet access for all users on the LAN: the built-in Internet access router
allows all employees to access simultaneously the Internet by sharing a single
connection.
Security mechanisms for internet access and network /data protection: OmniPCX Office
embeds a certified firewall to protect company information and it supports also standard
internet authentication protocols.
Proxy/Cache
Access and usage control thanks to its embedded proxy server which defines user
access rights and provides detailed statistics on internet and application usage.
High speed optimized internet access using ISDN connection, ADSL or Leased Line and
web cache service which reduces information access and optimizes connection time.
Intranet Services
Virtual Private Networking which allows remote access for home workers and for multi
site networking using the internet network with secured standard protocols.
The e-mail server and the Web communication Services has been phase out with the
OmniPCX Office release 6.0 H1 2007.
10-2
The OmniPCX Office can be an Internet Access Router and support various type of
Internet access (ISDN, DSL, Leased linesfrom 64 Kbps up to 10 Mbps). Security is
guaranteed by a built-in stateful firewall. See the sections below.
Applications: Proxy, VPN, Intranet
OmniPCX Office
Router/firewall
Internet access
If the company already owns a secure Internet access, the OmniPCX Office can be
configured just as a LAN server.
Router/firewall
Internet access
10-3
lines
OmniPCX
Office
WAN Max WAN bandwidth
interface
WAN T0/T2 ISDN access
128Kbps
WAN Ethernet 10/100 BaseT 10Mbps
port to DSL modem
(FR,ATM, WAN Ethernet 10/100 BaseT 10Mbps
port to router
Using one single connection for many users, optimizes the resources and the traffic, while
increasing security.
Shared access
Single line
OmniPCX Office
LAN
Centralized security/control
10-4
Customer Premises
OmniPCX Office
T0/T2
IS
P
ISDN
LAN
OmniPCX Office ISDN Internet access
Configuration 2: DSL modem Internet access
The OmniPCX Office provides DSL Internet access using an external DSL modem or a cable modem
connected on the OmniPCX Office WAN Ethernet port. The OmniPCX Office implements the PPPoE or
WAN DHCP connection protocol. The maximum bandwidth on the WAN link is 10 Mbps.
Customer Premises
OmniPCX Office
DSL
DSL/CABLE
MODEM
LAN
IS
P
Operator
DSL Network
ISP Router
IS
P
LAN
OmniPCX Office Internet access using an external ISP router
The Alcatel-Lucent OmniPCX Office supports the following standard protocols to enable a
voice solution to be deployed efficiently over a data network.
Benefits:
10-6
Backup
The Alcatel-Lucent OmniPCX Office backup procedure contributes to a comprehensive secure
solution allowing to restore company critical data including all OmniPCX Office Voice and Internet
information. The OmniPCX Office backup can be easily implemented using any standard Microsoft
Windows or Linux server. The OmniPCX Office backup/restore procedure features:
10-7
Anti-virus solutions
The OmniPCX Office is fully compliant with leading edge anti-virus solutions from leading
suppliers such as Network Associates Mc Afee or Trend Micro protecting hosts as well as
Internet traffic such as e-mail, Web and file transfer. Theses solutions support anti-virus
automated signature updates.
INTERNET
ISDN, DSL, LL
Virus
SMTP,HTTP, FTP
Antivirus gateway
OmniPCX
Office
Firewall, Proxy/cache
E-mail server
VPN, File server,
Intranet server
Virus
Desktop antivirus
Benefits:
10-8
INTERNET
LAN
DHCP
OmniPCX Office DHCP manages dynamic addresses. Some devices can need a permanent
address in the LAN. OmniPCX Office allows to defined IP Addresses ranges for these devices:
Printers,
Application servers,
e-mail servers.
The installation and configuration are fast and easy.
Benefits:
DNS: Facilitates PC management on the LAN defining symbolic names and accelerates
Web access by Internet name resolution at the OmniPCX Office level.
DHCP: Easy and fast installation by automatic IP address configuration for PCs and IP
phones on the LAN
10-9
SECTION 2: Proxy/Cache
Embedded Proxy Server
Group based control policy
The OmniPCX Office allows to create group profiles. Each profile defines a consistent set of common
rights and control attributes for a complete range of users. There can be as many group profiles as
needed. Thus, it is very easy to create a company group-based control policy, specifying who has
access to applications like Internet, mail or VPN remote access, on what time, and according to
which filtering criteria.
Controlling access
Group-based control policy provides a comprehensive Internet access control using an embedded
proxy server. Access controls include:
User authentication;
Acting as an intermediary between users and the Internet, the proxy server guarantees that
only authorized users can access to the Internet providing their password/login
authentication;
Time ranges;
For each group of users the administrator can define date and time access restrictions to
limit traffic and control internet access for each day of the week (Monday to Sunday). In
addition to group based time ranges, the administrator can define global time ranges that
apply to all users;
WEB URL filtering;
For each group of users, , it is possible to specify URL lists defining which WEB sites are
authorized or forbidden for the group. The lists combine explicit URL address and regular
expression. URL lists can be automatically downloaded and updated from a WEB site.
Benefits:
Improve security by controlling internet access by protocol, user access rights, URL restriction,
authorized applications,
Control internet usage with comprehensive statistics,
Centralized user friendly administration interface,
Detailed statistics to improve resource management and usage control.
10-10
10-11
Mobile worker
Main office
ISDN
ISDN RAS
VPN
VPN
INTERNET
VPN
VPN
Anti-virus gateway
Other Site
Remote Office
Backup server
Features
Intranet Web server hosting compatible with standard Web publishing methods such
as FTP, Microsoft Network and Web DAV. Static page hosting only.
File server with individual and common folders, access rights.
Accessible locally on the LAN, or, remotely using VPN or ISDN RAS. Network backup.
Intranet hosting capacity : 200 Mbytes,
Benefits:
10-12
ISDN
Mobile/home worker
PSTN, ISDN, DSL
OmniPCX office
DSL,LL
INTERNET
DSL,LL
OmniPCX Office IPsec VPN
DSL
OmniPCX office
ISDN
Other site
10-13
Remote Office
Site 2
DATA
IPsec tunnel
H323/SIP VoIP
INTERNET
ISDN
10-14
ISDN
Remote Office
DATA
IPsec tunnel
IP Telephony
INTERNET
ISDN
OmniPCX Office Premium Edition solution
including Voice IP PBX, VPN and router
Options
Internat acceess instaed of the router
10-15
Specifications Summary
Client-to-site
Capacity
Supported Protocols
Supported Clients
50 tunnels
PPTP, IPsec/PKI
PPTP Windows 95/98/NT/Me/XP clients
L2TP/IPsec Windows 98/Me/NT/XP clients
Site-to-site
Capacity
Supported Protocols
50 tunnels
IPsec/PKI
PPTP Protocol
Authentication
Encryption
MS-CHAP-V2
Microsoft Point-to-Point Encryption (MPPE 40 128 bits)
IPsec Protocol
Key Management
Encryption
Integrity
Authentication
PKI
Authentication
Customer benefits:
10-16