Atlas Group’s Firepipes security is a break-through in flexible network level security at less than 50% cost than proprietary vendor NAC technology. Firepipes security provides user and data authentication, encryption and confidentiality and access control between any wired and wireless network devices regardless of the path or media. Remote users, inter-network, perimeter, internal users and server farm security are all protected from the same management platform. This unified management platform greatly reduces complexity and therefore reduces cost and improves IT staff productivity. Security gateways can be Linux based firewall appliances at less than $1,000 each to high end firewalls/ routers.

Firepipes Dimension Control

There are no more “perimeters” in networks today. Access is fluid and geographically independent with mobile workers, PDA’s, teleworkers and wireless access.

Firepipes security is built around sessions to establish geographically independent relationships between users and resources. There is no geography and no sense of transmission media in Firepipes. Each session is protected by the following five factors across your network:

• User type (sales, IT, factory, staff, etc.)
• User name
• Originating device
• Destination application
• Route

Firepipes creates no IP address or NAT conflicts. Using access control, data encryption, data authentication, user authentication, routing, DHCP and Public Key Infrastructure, Firepipes provides:

• as needed access to network services
• prevention of escalation of privileges
• network compartmentalization, and,
• client-based security instead of perimeter security.

Firepipes currently employs X.509 certification and IP address authentication at the end points. X.509 based authentication uses passwords (on keys), key file and TLS authentication files for identification. The Firepipes architecture allows the security designer to select from the following five levels of sophistication:

Ø. Wide open – no Firepipes security.
1. Intersite IP address based security between elements.
2. Intersite X.509 based security between elements.
3. Intrasite and intersite IP address based security between elements.
4. Intrasite and intersite X.509 based security between elements.

Firepipes Architecture

The drawing below illustrates a typical Firepipes topology. Sessions can originate anywhere on or off the client wide area network. Firepipes is a management application that provides a GUI administrator interface and manages the complex rules on the network firewall appliances.


Firepipes is gateway vendor neutral, cross platform and open sourced licensed under GPL. Commercial licensing is available. It uses a three tier, concurrent use architecture – the Security Policy Manager (GUI console), the Database Distributor and the Policy Enforcement Point. Firepipes can scale to tens of thousands of elements per enterprise network. Benchmarks show a 90% reduction in complex IT security staff labor with a corresponding reduction in configuration errors and problems.

Atlas Group developed Firepipes to be a GUI based interface for firewall policy and rule management in complex networks. Intuitive, business, operational or process based policies are automatically applied to gateways. For instance, a policy might be, “sales has access to sales data” or “marketing, engineering and the outside advertising agency have access to the new product line data”. Once a user authenticated, that person and devices have the same network access profile regardless of the media or origination point. Extended credentials can be used throughout the WAN from a single gateway without resorting to spoofable IP address pools or application limiting proxies. A hacker who penetrated the end-point access could only connect to allowed applications for that user. Firepipes allows hundreds of thousands of rules to be applied based on a few point-and-click definitions.