User manual
Introduction
7
SG PCI Appliances (SG6xx Series)
Note
The SG PCI appliance range includes models SG630 and SG635.
The SG PCI appliance is a hardware based firewall and VPN
server embedded in a 10/100 Ethernet PCI network interface
card (NIC). It is installed into the host PC like a regular NIC,
providing a transparent firewall to shield the host PC from
malicious Internet traffic, and VPN services to allow secure
remote access to the host PC.
Unlike other SG gateway and rack mount appliances, a single SG PCI appliance is not
intended as a means for your entire office LAN to be connected to, and shielded from, the
Internet. Installing a SG PCI appliance in each network connected PC gives it its own
independently manageable, enterprise-grade VPN server and firewall, running in isolation
from the host operating system.
This approach offers an increased measure of protection against internal threats as well
as conventional Internet security concerns. You can update, configure and monitor the
firewall and VPN connectivity of a workstation or server from any web browser. In the
event of a breach, you have complete control over access to the host PC independent of
its operating system, even if the host PC has been subverted and is denying normal
administrator access.
All network filtering and CPU intensive cryptographic processing is handled entirely by
the SG unit. This has the advantage over the traditional approach of using a host-based
personal software firewall and VPN service by not taxing the host PC's resources.
Bridged mode
By default, the SG PCI appliance operates in bridged mode. This is distinctly different
from the masquerading behavior of SG gateway and rack mount appliances.
In bridged mode, the SG PCI appliance uses two IP addresses. Note that these
addresses are both in the same subnet as the LAN, as no masquerading is being
performed (refer to the Masquerading section of the chapter entitled Firewall for further
details).
One IP address is used to manage the SG unit via the web management console.