English

Logo

GPA 600 / GPA 600a

The GPA 600 model range is designed for medium-sized enterprises requiring multiple VPN connections.

The “Next Generation Firewall Appliances” from gateProtect are characterized by optimal scalability, security and performance. Thanks to a unique and patented eGUI® technology, gateProtect sets standards when it comes to the configuration of modern security systems.

gateProtect’s eGUI® technology raises operating security and efficiency to a previously unattained level. Furthermore, gateProtect is the only manufacturer worldwide to implement the ISO NORM 9241 standard.

GPA 600 Next Generation Firewall Appliances have extensive features including VLAN, Layer 8 technology, single sign-on, bridging, VPN SSL via x.509 certificates & VPN IPSec, IDS/ IPS, traffic shaping, antivirus, zero hour mail protection, web filtering and the very latest procedure-oriented eGUI® technology. VPN connection performance is greatly enhanced by the special ASIC Crypto accelerator chip.


Attachments:
Download this file (GPA600.pdf)GPA600.pdf[ ]1049 Kb
Download this file (GPA600_UK.pdf)GPA600_UK.pdf[ ]2507 Kb
 

Feature Highlight

  1. Layer-8 Technology

    Layer-8 Technology


    Control of the user-based security policy



    The “Layer-8 Technology” from gateProtect treats the user identity as the 8th layer
    of the OSI model.

    All gateProtect “Next Generation Firewall Appliances” offer security and productivity at
    all levels and across all services – from layer 2 to layer 8 with identity-based policies.



    Future-proof with high security

    Most modern firewall systems support proxy-based user authentication. This means that only those services which work with proxies such as HTTP or FTP can be issued to specific users.

    The gateProtect firewall has rule-based Extended User Authentication which allows any number of services to be assigned to one user or a group of users. These services can be provided with all the known additional options such as proxies or web filters.

    If a user logs on to the firewall from a computer, all the assigned services for the computer in question are enabled.


    gateProtect offers you two ways of logging onto the firewall:

    • Web browser/UA Client: logon is via an HTTPS connection.
    • Single sign-on: Kerberos automatically passes the log on to the domain to the firewall.



    The extended user-authentication of gateProtect captivates through

    • The release of as many as desired services for a person
    • Configuration of the services for groups
    • Configuration of the services for active directory groups
    • Approval of services also in the intranet
    • Guaranteed future, because of future services are also configurable.
    • Single sign-on by Kerberos during registration at the windows domain
    • Browser-Login for operating system independence

  2. eGUI technology

    eGUI® Technology

    Revolutionizes the operation of “Next Generation Firewall Appliances”

    The greatest security risk facing modern IT networks relates to the fact that increasingly complex security functions are required in order to effectively block attacks. This inevitably leads to systems that are extremely complex to operate, which, in turn, means the risk of user errors increases exponentially. As a result of this, operation and configuration errors in IT systems are the cause of around 98% of all security vulnerabilities in companies nowadays. This risk, together with the constantly increasing amount of work that is required to manage IT security systems, means a whole new approach to the operation of professional security solutions is required.

    The answer to these problems is the patented and unique eGUI® technology from gateProtect.

    The interface concepts of the gateProtect competitors follow a “function-oriented” approach. However, this approach does not include the interaction between humans and machines. gateProtect therefore developed the eGUI® technology, which utilizes a “process-oriented“ approach that includes the consequent implementation of the ISO Norm 9241 standard. The program also provides a consistent layout, which only displays the specific information that the user actually requires for the current activity, no matter which application is being used.

     

    Major advantages of the eGUI technology

    Enormous time-savings through a significant reduction in the number of rules.
    Compared to a „function-oriented“ approach you can reduce the number of rules by a factor of up to 100.

     

    Reduction in the number of user errors thanks to the visualization of the entire network
    The visualization of the entire network and active services remarkably reduces the risk of user errors.

     

    Reduced operating costs through active management
    The combination of active management, time-savings and reduction of error rates results in a significant cost reduction compared to the competitors interface.

     

     

    Major advantages of the eGUI® technology

    Only the integration of the eGUI® technology in Next Generation Firewalls can help the administration to adhere to security policies
    in the company network in an effective and secure way. The clear overview, active management, as well as the reduction of rules are
    the major advantages when compared to list based user interfaces.

    The eGUI® technology reduces significantly the time for the configuration of the firewall, as found during a 2009 study conducted
    amongst IT Security Experts throughout Europe.

     

  3. Extended User Authentication

    Extended User Authentication

    Future-proof with high security

    Most modern firewall systems support proxy-based user authentication. This means that only those services which work with proxies such as HTTP or FTP can be issued to specific users.

    The gateProtect firewall has rule-based Extended User Authentication which allows any number of services to be assigned to one user or a group of users. These services can be provided with all the known additional options such as proxies or web filters.

    If a user logs on to the firewall from a computer, all the assigned services for the computer in question are enabled.



    gateProtect offers you two ways of logging onto the firewall:

    • Web browser/UA Client: logon is via an HTTPS connection.
    • Single sign-on: Kerberos automatically passes the log on to the domain to the firewall.



    The extended user-authentication of gateProtect captivates through

    • The release as many as desired services for a person
    • Configuration of the services for groups
    • Configuration of the services for active directory groups
    • Approval of services also in the intranet
    • Guaranteed future, because of future services are also configurable.
    • Single sign-on by Kerberos during registration at the windows domain
    • Browser-Login for operating system independence

  4. Traffic shaping & QoS

    Traffic shaping & QoS

    Optimal bandwith-managment in one system


    Traffic Shaping up to user level

    The traffic shaping facility from gateProtect is one of the most comprehensive implementations on the market. Maximum and minimum bandwidth can be specified for each object on the configuration desktop (users, computers, groups etc). Based on this, it is possible to manipulate the traffic for each service. Bandwidth distribution can be configured at any level of detail.



    Quality of service within networks

    The quality of service function of the gateProtect systems allows the preferring of important enterprise-critical applications like ERP and CRM systems as well as Voice over IP services for telephone systems. This ensures smooth working for all compartments. The adjustment of the quality of service takes place extremely flexibly by setting so-called TOS flags, which marks those to prioritised data packets.

    Prioritisation of data packets in VPN tunnels

    Another special feature of the gateProtect solution is the prioritisation of data packets in the VPN tunnel with QoS. This is important for time-critical applications where a delay would not be desirable. For example, gateProtect makes it possible to use VoIP via a VPN tunnel for interference-free telephone calls, irrespective of the utilisation of the tunnel for RDP or data download, for instance.


  5. High availability

    High Availability

    as a backup

    The high availability of gateProtect firewall systems is based on an active/passive system where a secondary firewall is installed in parallel with the primary firewall. The secondary firewall synchronises itself constantly with the primary firewall using dedicated connections. It can therefore at any time take over the work of the primary firewall, should this fail, without any manual intervention.

    Furthermore, the status of the primary firewall is monitored by different systems. If any problems are detected in the firewall, it switches itself off. The secondary firewall enables the synchronised configuration and can continue operating in the place of the primary firewall immediately. Downtime is minimised and problems can be dealt with under less pressure.

  6. Load Balancing

    Load Balancing

    Flexible spreading of all services (protocol /ports) on different Internet connections.

    gateProtect load balancing distributes the data traffic with the Internet to different routes. The firewall then decides which way the Internet is accessed each time a connection is established.

    As a rule, this distribution is based on protocols. gateProtect also makes it possible to assign each individual connection to a route. This allows the utilisation of Internet connections to be planned in great detail and optimised.


    Technology
    For the load balancing in the Firewall the packets of the desired service will be selected in the package filter on the basis of source (IP address, user, VPN connection…), protocol (TCP, UDP, ICMP…) and if necessary further criteria (like e.g. TCP port) and added with one more unique mark.

    The decision, which Internet connection(s) should be used for the data stream, is defined in the routing-process (so-called “policy - routing”).

  7. Extended VPN

    Extended VPN

    Fast and secure connection to company network

    gateProtect offers the most commonly used forms of current site-to-site and Road Warrior VPN connections via IPSec and SSL. Wizards and the eGUI® technology help with the management and set up of these connections. In addition, the firewall generates external configuration files when the VPN connections are created. These files can be used for setting up single click connections and also for site-to-site connections when importing on the firewall at a remote site.

    Furthermore, gateProtect offers an IPSec and SSL site-to-site solution with X.509 certificates which can work in bridge mode as an option. For a normal bridge, two or more network cards are linked to form a logical network. gateProtect not only allows this for network cards but also for VPN-over-SSL connections. This makes it possible to treat remote computers as if they were in the local network.


  8. gateProtect Statistics

    gateProtect Statistics

    Extended group of users

    In interaction with the own statistics client it is possible for the managing director or for the department manager to analyse the data traffic from the complete network or to block websites fast and uncomplicated for individual co-workers and groups.

    {gallery}statistics:215:183:0:0{/gallery}
    All reporting can be broken down to groups of co-workers as well as individual co-workers:

    · Top lists
    - Internet sites, blocked url, services
    - IDS

    · Co-worker
    - Top lists (Internet sites, blocked URL, services)
    - Traffic

    · Defence
    - Overview
    - Defence

    · Traffic
    - All data
    - Internet, emails, Windows data