Smoothwall‎ > ‎

Advanced Firewall - blir UTM

Advanced Firewall - blir UTM


Högpresterade nätverkssäkerhet

Advanced Firewall ersätts av UTM software så läs mer här istället

För er som bara vill ha en brandvägg, så finns den möjligheten.

Då väljer man UTM som innehåller layer 7 m.m. men man väljer att inte lägga till Web Filter licenser.

För er som redan har Advanced Firewall kommer att få UTM utan Layer 7.

Smoothwalls brandvägg Advanced Firewall

Skydda och säkra nätverk, förhindra obehörig åtkomst och blockera spridningen av virus och annan skadlig kod
Smoothwalls brandvägg kombinerar funktionerna hos externa och interna brandväggar för att ge robust, avancerat och skalbart skydd. Utgående filtrering och en inbyggd VPN-gateway ger en flexibel och säker nivå av kontroll över hela nätet.

Smoothwall fungerar för alla klienter oavsett, om det är Windows, Mac OS X, Linux, iOS eller Andriod.

Advanced Firewall blir UTM men för er som bara vill ha en brandvägg, så finns den möjligheten kvar.


UTM kombinerar full funktionalitet för nätverkssäkerhet med Smoothwall Advanced Firewall, Guardian webbinnehålls filtrering, VIPRE virus skydd med anti-Malware, VPN, Mailshell anti-spam och en mängd andra funktioner som, lastbalansering och valfri QoS bandbreddshantering - alla utformade för att förbättra er nätverkssäkerhet och prestanda.

Advanced Firewall blir UTM









Produktöversikt

  • Attack Försvar - med Intrusion Detection System (IDS) och Intrusion Prevention System (IPS)
  • Internt segregerade nätverk - Skydda kritiska resurser, intern zonindelning och segregation
  • VPN Gateway - Hantera upp till 1000 säkra gateways över flera Internetanslutningar
  • Lastbalansering - Hantera effektivt inkommande och utgående trafik över flera Internetanslutningar inklusive fail-over funktion
  • Internet kontroll med användarverifiering för att ange vilka Internet-tjänster användare kan få tillgång till




Product Details


External Attack Defence

A variety of methods are used to protect private local networks and servers from external attack. All unauthorised traffic is blocked and incoming data is analysed for threats using a sophisticated Intrusion Detection System. Stateful Packet Inspection is used to ensure that all packets that are part of a complete legitimate sequence and Deep Packet Inspection technology ensures that the traffic patterns of port agile software, such as Peer-to-Peer networks, are detected and blocked, before they eat into your bandwidth.

Security through Segregation

Often ignored, the threat from within can be greater than from external hackers. Segregate local networks and DeMilitarised Zones (DMZs) into multiple physically separate zones to protect mission critical systems and confidential information from accidental access, inquisitive users or malicious interference.

Internet Access Control

Outbound (egress) filtering rules put you in control of exactly what Internet services and ports users can access, significantly decreasing the risk of external threats. Integration with User Authentication systems (such as Microsoft Active Directory®) also allows access to be controlled based on authenticated user identity rather than assumed identity derived from a computer’s IP address.

VPN Gateway

Site-to-site (inter office) VPN connectivity is supported, alongside SSL VPN and Secure Remote Access for mobile users, home workers and wireless (WiFi) connections. Several hundred VPN tunnels can be configured if necessary, distributed across multiple Internet connections.

Load Balancing*

Multiple Internet connections can be used more efficiently and resiliently by load-balancing both outgoing and incoming traffic across two or more connections. High priority traffic can be separated using protocol specific routing and in the event of an ISP/connection failure, all traffic is automatically re-routed to an alternate ISP/connection.

Unified Threat Management

Smoothwall firewalls can be extended to form full Unified Threat Management (UTM) solutions, which combine multiple security functions on a single UTM appliance at the network perimeter. Smoothwall offers both software and hardware-based UTM appliances; for further information please refer to the Unified Threat Management brochure.
Smoothwall firewalls are available in a range of software and hardware appliances. They can also be combined with other add-on modules (Web Content Filtering, Email Security, Anti-Spam & Bandwidth Management) to form a complete Unified Threat Management solution.

* Available as an option.

Technical Features


Firewall


Perimeter Firewall Block threats at the boundary - before they enter your network.

Stateful Packet Inspection Keeps out invalid traffic by ensuring all packets are part of a legitimate sequence.

Layer 7 application filtering Identify and block potentially problematic application traffic such as Skype, BitTorrent, TOR and Ultrasurf. Hundreds of protocols currently supported.

Single-step BYOD/Wi-Fi authentication Authenticate your mobile users for granular web filtering and reporting as soon as they log on to your wireless access points.

Intrusion Prevention System (IPS) Monitors and reacts to malicious activity and gives, through reporting, an overall view of the attacks occurring to your systems.

Outbound (egress) Filtering Rules Controls what Internet services and ports users can access, based on destination IP address as well as port, protocol, AD group and source IP address.

Port Grouping Group ports into types (e.g. web, email, remote access) to simplify configuration and deployment.

Port-Agile Traffic Blocking Detects & blocks file transfers/downloads (P2P traffic such as KaZaa, BitTorrent, etc

Multiple Rule Sets Increased flexibility with configuration options.

Dynamic NAT (DNAT) and Static NAT (SNAT) Operation Allowing a range of Internet accessible servers to be positioned on the internal network with multiple IPs supported.

Internal Firewall including DMZ, other zones & inter-zone bridges Segregate local networks into physically independent zones - useful for controlling inter-zone access & in the event of server compromise. (Also integrates with User Authentication systems)

Authentication


Authentication Features Integrate with User Authentication systems Control access based on authenticated identity as opposed to assumed identity derived from a computer’s IP address (supports Microsoft Active Directory®, Novell eDirectory, and other LDAP systems).

Multiple Filter Groups Different filter policies can be allocated to up to 100 different groups of users. Particular users can also be configured not to be subject to any filtering at all.

Transparent Proxy Mode System administration is simplified with support for NTLM authentication in transparent proxy mode; which avoids the need to configure proxy settings for each user computer.

Password-Protected Authentication The use of NTLM with password verification provides seamless single sign-on without the need for users to log in or enter their Windows ID/password again.

Ident Integration Ident (Windows User Identification) can be enforced so that any user that has not been identified from Ident information (ie their PC is not running an Ident client) will be not be allowed to browse the web.

Networking


Up to 20 interfaces (4 or 6 ports) Allows segregation not only of servers & clients, but different types of client (wireless laptop users, servers, critical servers, guest workstations, different departments, etc).

Multiple External Connections Allows load balancing between a number of Internet connections.

Ethernet, DSL, (PPPoA, PPPoE and PPTP) and Analogue Modem Support Allows failover to 'lower tech' connections when the main connection fails.

Auto Failover to a Standby Appliance Allows connectivity continuation in the event of hardware dropout.

Routing Protocol Support Facilitates integration into existing network infrastructures.

VLAN Trunking (802.1Q) Allows creation of VLANs for easier network management.

Proxies & Services


Caching Web Proxy Server Reduces page display times & bandwidth utilisation.

Reverse Proxy for HTTP/HTTPS Enables hosting of more than one website on a single public IP.

Transparent SIP Proxy Enhances VoIP.

DHCP Server with Static Address Allocation Facility Use an on-board DHCP server or relay.

DNS Proxy Speeds up DNS resolutions.

NTP Time Server Allows all servers & workstations on the network to set time from the firewall.

Logging, Reporting and Censoring of Instant Messaging Applications Control and monitor the use of Instant Messaging applications such as MSN, Yahoo, AOL and ICQ. File transfers/attachments can be logged or blocked and selected words or phrases can be censored and set to trigger alerts, with responses (e.g. your message has been censored/blocked). Encrypted Instant Messaging is also supported (e.g. Jabber/GoogleTalk)

VPN


Layer 2 Tunneling Protocol (L2TP) Secure connections for remote workers.

IPSec Compatible gateway for both site-to-site and laptop VPN connections.

SSL VPN Simplified access from laptop VPN connections. Able to cross network filters where L2TP or IPSec might fail, such as hotel room wireless. Support for Internal SSL VPN also allows VPN connections to be made inside the network.

Data Compression - IPComp (RFC 2393) To improve VPN throughput, supporting more VPN connections.

3DES Data Encryption (+ AES Rijndael, Twofish, Blowfish and CAST Encryption Algorithms) Prevents eavesdroppers reading confidential information & provides interoperability with other existing VPN products.

NAT Traversal (NAT-T) option Seamless operation even when the peer gateway or client is behind a NAT router.

Activation/deactivation of individual VPN tunnels Gives administrators full control over who is accessing the network.

Operation


Support for Browser Autoconfiguration Files Provides WPAD (Windows Proxy Auto-Detection) and PAC file support, for automatic configuration of proxy settings in client browsers.

Hardware Healthcare Alerts Notifications about system resource issues (eg low disk space, high memory use, high CPU loads, UPS failures).

Virtualisation Support Supports VMWare and Zen

Hardware and Software RAID RAID1 mirrored support for SCSI, SAS, SATA or IDE disks.

Default ‘Safe’ Configuration Install with a default ‘safe’ configuration with egress rules and filter policies pre-set.

Reporting


Built-in Report Templates Users can create, customise and save their own report templates and utilise an extensive range (300+) of report templates. Report options include site-specific reports (e.g. YouTube top viewed videos) and IM reporting (time spent messaging and chat friends per user).

Drill Down to a Single User or IP Reports include the user name and IP address of the user PC so AUP violators can be quickly identified. A drill-down facility allows data to be explored to a greater depth - e.g., from a list of blocked sites that users have attempted to access, drill-down to find out which users have been trying to access any particular site. It is possible to view the entire browsing history (including time spent browsing) of a single user.

Automated Reports User-specific reports can be automatically time-scheduled to run on a daily or weekly basis. Reports can also be automatically saved or distributed to recipient lists via email.

AJAX Real-time Logs & Traffic Graphs View web activity instantaneously, with the option to filter by user name, IP address, web site, category or group.

Export into PDF, HTML, Excel, Crystal Reports® Reports can be produced in a range of formats for ease of viewing (with pie charts/graphs) and to aid integration with existing systems.

User Portal Selected users (or groups of users) can be given access to a seperate Guardian interface specifically for viewing reports/logs, controlling temporary bans and downloading SSL VPN clients.

Incident Alerts Alert messages can be sent by both email and SMS text message to mobile/cell phones for issues requiring immediate attention.