A measure of the quality of the gateProtect operator concept are the ergonomic principles governing human-machine interaction, as formulated in ISO 9241, part 110.

Some benefits of the eGUI®
- Visual feedback immediately supplied for each setting
- Self-explanatory functions
- Central overview of all active services
- Immediate overview of the whole network configuration
- Layer and zoom function for networks up to 10,000 users

.

Extended User Authentication (xUA):
Future-proof with high security

Most modern firewall systems support proxy-based user authentication. This means that only those services which work with proxies such as HTTP or FTP can be issued to specific users.

The gateProtect firewall has rule-based Extended User Authentication which allows any number of services to be assigned to one user or a group of users. These services can be provided with all the known additional options such as proxies or web filters.

If a user logs on to the firewall from a computer, all the assigned services for the computer in question are enabled.

gateProtect offers you two ways of logging onto the firewall:

• Web browser/UA Client: logon is via an HTTPS connection.
• Single sign-on: Kerberos automatically passes the log on to the domain to the firewall.

The extended user-authentication of gateProtect captivates through

• The release as many as desired services for a person
• Configuration of the services for groups
• Configuration of the services for active directory groups
• Approval of services also in the intranet
• Guaranteed future, because of future services are also configurable.
• Single sign-on by Kerberos during registration at the windows domain
• Browser-Login for operating system independence

Traffic Shaping & Quality of Service
Optimal bandwith-managment in one system

Traffic Shaping up to user level
The traffic shaping facility from gateProtect is one of the most comprehensive implementations on the market. Maximum and minimum bandwidth can be specified for each object on the configuration desktop (users, computers, groups etc). Based on this, it is possible to manipulate the traffic for each service. Bandwidth distribution can be configured at any level of detail.



Quality of service within networks
The quality of service function of the gateProtect systems allows the preferring of important enterprise-critical applications like ERP and CRM systems as well as Voice over IP services for telephone systems. Thus ensures smooth working for all compartments. The adjustment of the quality of service takes place extremely flexibly by setting so-called TOS flags, which marks those to prioritised data packets.

Prioritisation of data packets in VPN tunnels
Another special feature of the gateProtect solution is the prioritisation of data packets in the VPN tunnel with QoS. This is important for time-critical applications where a delay would not be desirable. For example, gateProtect makes it possible to use VoIP via a VPN tunnel for interference-free telephone calls, irrespective of the utilisation of the tunnel for RDP or data download, for instance.

High availability:
Security for the case of need

The high availability of gateProtect firewall systems is based on an active/passive system where a secondary firewall is installed in parallel with the primary firewall. The secondary firewall synchronises itself constantly with the primary firewall using dedicated connections. It can therefore at any time take over the work of the primary firewall, should this fail, without any manual intervention.

Furthermore, the status of the primary firewall is monitored by different systems. If any problems are detected in the firewall, it switches itself off. The secondary firewall enables the synchronised configuration and can continue operating in the place of the primary firewall immediately. Downtime is minimised and problems can be dealt with under less pressure.

Load Balancing:
Flexible spreading of all services (protocol /ports) on different Internet connections.

gateProtect load balancing distributes the data traffic with the Internet to different routes. The firewall then decides which way the Internet is accessed each time a connection is established.

As a rule, this distribution is based on protocols. gateProtect also makes it possible to assign each individual connection to a route. This allows the utilisation of Internet connections to be planned in great detail and optimised.


Technology
For the load balancing in the Firewall the packets of the desired service will be selected in the package filter on the basis of source (IP address, user, VPN connection…), protocol (TCP, UDP, ICMP…) and if necessary further criteria (like e.g. TCP port) and added with one more unique mark.

The decision, which Internet connection(s) should be used for the data stream, is defined in the routing-process (so-called “policy - routing”).

gateProtect extended VPN
Fast and secure connection to company network

gateProtect offers the most commonly used forms of current site-to-site and Road Warrior VPN connections via IPSec and SSL. Wizards and the eGUI® technology help with the management and set up of these connections. In addition, the firewall generates external configuration files when the VPN connections are created. These files can be used for setting up single click connections and also for site-to-site connections when importing on the firewall at a remote site.

Furthermore, gateProtect offers an IPSec and SSL site-to-site solution with X.509 certificates which can work in bridge mode as an option. For a normal bridge, two or more network cards are linked to form a logical network. gateProtect not only allows this for network cards but also for VPN-over-SSL connections. This makes it possible to treat remote computers as if they were in the local network.

gateProtect Antivirus:
Protection against unwanted intruders

The UTM firewall solutions of gateProtect contain a world-wide several distinguished scan engine. The newest generation of the anti-virus gateway scans for HTTP, ftp, POP3, SMTP and also HTTPS. For this files are loaded by a proxy from the Internet and scanned for virus on the firewall before they will be forwarded to the inquiring user. Our customers are protected before thus the daily threats by viruses in e-mails or in websites in the best way.

Web-Anti-Virus
If you open determined websites in the internet, there is the risk that your computer will be infected by viruses, which are installed by scripts contained on websites. In addition a dangerous object can be loaded on your computer. The Web-Anti-Virus was developed especially to prevent such situations. The scripts, which are on websites and which are risky, will be intercepted by this component and their execution becomes banned. Also the HTTP traffic is subject to strict control.

Mail-Anti-Virus
The email-correspondence is used more and more by aggressors for the spreading of harmful programs. It is one of the most important media for the spreading of worms. Therefore it is very important to control all email messages. The Mail-Anti-Virus is a component to the investigation all in and outgoing email messages of your computer. It analyzing emails for defective programs. An email is delivered only if it does not contain risky objects.

HTTPS Scan
It is not possible to scan HTTPS traffic on the firewall with the products from most other suppliers. Malware such as trojans and viruses exploit this open door to enter an internal network unhindered.

gateProtect is one of the few manufacturers to close this door with their xUTM appliances. gateProtect software can also scan encrypted HTTPS connections in the data traffic for viruses and other malware.
To do this, the data flow is decrypted at the firewall, analysed and, if no viruses are found, re-encrypted and sent on its way again.

gateProtect Anti-Spam:
terminating of annoying spam-mails

The spam-filter of the gateProtect UTM firewall scans email traffic and catches spam before the productivity of the co-workers is reduced.

The configuration makes it possible to define a flexible adjustment of the spam filter with the possibility of black and white lists.    

The False positive rate is extremely small with less than 1 in 1.5 million detected spam mails.

The high throughput rate of the gateProtect spam filter is a deciding factor for the choice of the suitable spam filter. This makes an almost delay-free delivering of e-mails possible. The real filtering proceeds externally that allows a very fast scan and avoids the efficiency of the resources.

Technology - real time detection
With insert of real-time-detection centres spam, virus or also Phishing attacks will be detected on the basis of characteristic samples when breaking out. This increases the effectiveness significantly and increases the detection rate explicitly. More than 97 % of the spam sender can be detected and intercepted before spreading.

The spam protection is extremely effective and protects before all forms of spam including image-based and double byte languages. It is not limited on formats and languages, but global applicable and offers protection of world-wide spam senders.

Web Filter:
Combination of URL and content filter

The UTM firewall solution of gateProtect contains a website content filter. With this website requests will automatically adjust with permitted categories. The categories in the gateProtect filter groups can be arranged individually from 60 filters categories. Thus ensures safe, precise and nevertheless manageable filtering.

For companies with very high HTTP appearance the web filter data base can be downloaded onto the firewall. In this case no hash-sign is sent to the web filter server, but the category will be defined directly (from the data base) on the firewall.

Optimal combination of URL and content Filtering
The content filter supplements the well-known gateProtect web blocking (URL filter) on ideal way. The settings are made over a common dialogue. All categories are coordinated directly, so that the configuration can take place fast and simply. The Black- and White-lists are valid for the URL and the content filter, so that a fast and effective handling of Internet security is ensured.