NFG COI service is for non-DoD federal agencies and partners connections that connect directly into the Non-secure Internet Protocol Router Network (NIPRNet). Customers ordering this service will be connected to the DISN but will have their connection directed to the nearest NFE router. All traffic will go thru the NFE prior to accessing any DoD available networks.
NFG COI consists of implementation of Multiprotocol Label Switching (MPLS) VPN to move traffic across the DISN to the nearest NFE router using Virtual Routing and Forwarding (VRF's) and Virtual Firewalling techniques to terminate the COI connection at an enclave boundary.
The Department of Defense (DoD) has granted some non-DoD federal agencies and partners connections directly into the Non-secure Internet Protocol Router Network (NIPRNet). This introduces a potential threat to the NIPRNet due to the absence of any mechanisms for effectively controlling and monitoring traffic to/from these agencies. The path forward is to acquire and deploy NIPRNet Federated Gateways (NFG) at multiple Internet Access Point (IAP) locations to provide a secure and robust means for these agencies to connect to the NIPRNet. The benefit is that it will provide protection from and visibility into threats and events involving traffic to/from these agencies and partners. NFG shall support customers using physical/logical connections (described below as “External Customer Connecting Directly to NFE Router” and “External Customer on NIPRNet”). The system shall support logical traffic separation as traffic transits through NIPRNet.
Value to Our Mission Partners
This service provides for logical and physical isolation of Public Internet facing applications at the DoD CC/S/A/FA provided COI locations.