Smoothwall‎ > ‎

Unified Threat Management

Unified Threat Management - UTM

Komplett skydd: Brandvägg och webbfilter. Enkel driftsättning.

Kombinera vår marknadsledande webb-filter med brandvägg, applikations kontroll, VPN, IPS och e-postsäkerhet.

Finns som mjukvara, hårdvara och virtuell maskin.


Kraftfull och bekväm nätverkssäkerhet med inbyggt webbinnehållsfiltrering.

UTM kombinerar full funktionalitet för nätverkssäkerhet med Smoothwall Advanced Firewall, Webbinnehålls filtrering, Bitdefender virus skydd med anti-Malware, VPN, Mailshell anti-spam och 
en mängd andra funktioner som, lastbalansering och valfri QoS bandbreddshantering - alla utformade för att förbättra er nätverkssäkerhet och prestanda.

Bekvämligheten med att konfigurera och underhålla en enda apparat ska aldrig innebära avkall på funktionalitet. 
Unified Threat Management kombinerar vår bäst i klassen webb åtkomstkontroll, med en brandvägg känd över hela världen.

och plötsligt ser ni på en flexibel lösning för en massa problem.

Om det låter för bra för att vara sant, ordna en utvärdering och vi låter Smoothwall UTM tala för sig själv.

Kontakt  Testlicens





    

Produktöversikt

  • Attack Försvar - med Intrusion Detection System (IDS) och Intrusion Prevention System (IPS)
  • Internt segregerade nätverk - Skydda kritiska resurser, intern zonindelning och segregation
  • VPN Gateway - Hantera upp till 1000 säkra gateways över flera Internetanslutningar
  • Lastbalansering - hantera effektivt inkommande och utgående trafik över flera Internet-anslutningar, inklusive fail-over funktion
  • Internet kontroll med användarverifiering, ange vilka Internet-tjänster användare kan få tillgång till



    UTM Datasheet - AIES











Product Details



 Enhanced Perimeter Security



Brandvägg som skyddar er från yttre hot, attacker, virus, spionprogram och skadlig programvara. Så att ni slipper detta i ert nätverk. 
Styr vilka Internettjänster användaren kan komma åt, utför den traditionella rollen av att blockera tillgången till ert nät för hackare och andra hot på Internet.


Guardian Web Security



The Guardian Web Security modulen ger web buren malware- och innehålls-filtrering (i motsats till enkla blockeringar baserad på enbart URL). 
Guardian analyserar dynamiskt, förstår och kategoriserar webbsidor, så att allt oönskat material och dolt innehåll (inklusive virus, skadlig kod, anonyma proxies och webbläsare ”exploits”) upptäcks och blockeras. 
Tidsbaserade kontroller, underlättar flexibel och användarvänlig filtrering. Avancerade rapporteringsverktyg hjälper ansvariga, att följa, förstå och tolka informationen.


Att tillåta mobila enheter att använda i er nät, ställer krav på ett säkrat och filtrerat internet. Detta blir allt viktigare för organisationer inom alla sektorer, då detta är ett arbetsredskap hos många. 
Vår BYOD stöd innebär att varje enhet, som är ansluten till Wi-Fi filtreras och skyddas, inklusive: iOS, Android, Blackberry och Windows.



För att säkerställa att affärskritiska tjänster och användarens webbupplevelse är tillräckliga, måste du göra det mesta av din bandbredd. 
Vår förmåga att begränsa bandbredd från policy, kan minimera effekterna av strömmande media, fildelning och liknande tjänster utan att behöva blockera direkt.


Email Security



Den integrerade e-post modulen skyddar era e-postservrar, samt användarnas inkorgar genom att upprätthålla e-postsäkerhet redan vid brandväggen, innan hoten når sina avsedda mål. 
Stöd för den högeffektiva Mailshell anti-spam motorn, innebär att oönskade e-postmeddelanden kan noggrant identifieras och elimineras.


VPN Gateway



UTM inkluderar en fullfjädrad VPN-gateway som stöder site-to-site (intern office) VPN-anslutning mellan Smoothwall och andra tillverkares system, samt klientlös Secure Remote Access för mobila användare, hemarbete och trådlösa anslutningar. (L2TP, IPSec och SSL)


IDS, IPS och layer 7



Intrusion Detection System - IDS och Intrusion Prevention System - IPS
Övervakar och förhindrar skadliga intrång, och aktivitet även på applikations nivå. 
Lager 7 filtreringen identifierar och blockerar potentiell problematisk trafik, som ej använder specifika portar som t.ex. Skype, BitTorrent, TOR och Ultrasurf. 
Hundratals protokoll stöds för närvarande.


Internal Firewall



Den interna brandväggen tillåter lokala nätverk och demilitariserade zoner (DMZ) att vara indelad i flera fysiska separata sektioner, med policybaserade användarregler med kontroll, av vem som kan komma åt, vilka system och tjänster i andra zoner. 
Sådan segregation skyddar verksamhetskritiska system och konfidentiell information, från oavsiktlig åtkomst, oaktsamma användare eller sabotageförsök.


Load Balancer



Både utgående och inkommande trafik kan vara lastbalanserad över två eller flera anslutningar, eller styr olika protokoll till separat nätverk med hög prioritet på en dedikerad anslutning. 
I händelse av en ISP/anslutningsfel, så omdirigeras den drabbade trafiken automatiskt till en annan anslutning för att sedan gå tillbaka när felet är åtgärdat.

 
  



Med Reverse proxy kan ni styra förfrågningar från Internet och vidarebefordra dem till servrar i ett internt nätverk.
Ger möjlighet att styra flera HTTP och HTTPS platser till var och en av era interna servrar.
Ökar prestandan på era webbservar genom SSL avlastning



Kontakt

Kontakta AIES 

För att få hjälp med att välja rätt hårdvara för er nätverksmiljö.


Tekniska Egenskaper




Guardian Web Filter


Dynamic Content Analysis™ Screens the content, context and construction of web pages in detail, accurately detecting and blocking all objectionable, inappropriate, hidden or malicious content (including anonymous proxies).

Search Engine Filtering Filter, monitor and report upon search terms used and force "safe search" on popular search engines.

Logging, Filtering and Censoring of Instant Messenger Applications Control and monitor the use of Instant 
Messaging applications. IM file transfers and attachments can be logged or blocked and selected words or phrases can be censored and set to trigger alerts with reponses sent direct to users' messaging clients. Encrypted Instant Messaging is also supported.

Block Advertising and Cookies Advertising and cookies can be automatically blocked.

Manage MIME, File Extension and Download Size Filtering policies can be set to manage specific file types, and limit download sizes.

Flash Filtering Screens actual SWF file code to accurately detect and block undesirable Flash content such as online games and video players.

SSL Interception Allows all unknown secure traffic to be decrypted and inspected (using Dynamic Content Analysis), so harmful HTTPS/SSL content (including SSL proxies) can be effectively blocked even in transparent proxy mode.

'Who, What, When, Where' Policy Tools True 'who, what, when, where' filtering with flexible user, group, time and location based controls.

Unified Policy Tools and Wizards Unified, easy to use policy setting tools with policy and configuration wizards. With unlimited groups and 'per user' policies and the ability to combine policies with multi-group membership.

Policy Based Controls Different filtering policies can be created and set for different groups of users, in accordance with organisation policy or the AUP.

Quick Block' and 'Quick Allow' Quick Block' and 'Quick Allow' buttons for fast one click fixes

Internet Watch Foundation Blocklists are updated daily with IWF data feeds.

YouTube.com/education Channel Support Allows access to youtube.com/education channel without removing restrictions on other YouTube content.

'Softblock' Option Instead of automatically blocking inappropriate content, users are issued warning messages about content and given options to either continue or cancel.

'Soft-blocking' per Content Category Delivering a better user browsing experience without compromising safety, security or control.

SWURL Devolved Personal Block/Allow  List Management SWURL allows specified users to manage their personal block/allow list via a portal - enabling miscategorised content to be accessed whilst being logged.

Advanced Categorisation Add-to-category functionality allows in-built categorisation to be adjusted with ease. Enhanced real-time categorisation - delivers higher accuracy, better reporting and fewer over-blocks

Customisable URL Blocklists Current, categorised and customisable URL blocklists control access to a pre-defined list of undesirable websites.

Outbound (web post) monitoring & blocking Monitors and blocks text posted on the web (i.e. inappropriate blog / forum / Social Networking / Twitter posts) using a keyword analysis system.

Whitelist mode Users can only access a customised list of 'allowed' sites.

Default 'Safe' Configuration Guardian can be installed with a default 'safe' configuration which filters out a standard range of illegal and objectionable content. Note: Guardian's default 'safe' configuration matches the requirements of CIPA and BECTA standards.

Temporary Bypass Controls Block page includes password protected options to bypass the filter on a temporary basis.

Temporary 'Banned User' List Ban selected users until a selected date or time and run reports with lists of 'banned users' and the duration of their bans.

Configurable 'Site Blocked' Page Site blocked' page can be customised to include a logo, message text, a reason for blocking, un-block buttons, IP address and username.

Flexible Request and Content Modification Modify web page requests and content 'on the fly' to enable neutralisation of malicious JavaScript and other web threats.

Stealth Mode Web pages are filtered and logged as normal, but are not blocked, allowing administrators to monitor activity without affecting users (useful when testing a new installation as it allows the filtering rules to be fine-tuned before 'going live').

Web Proxy Cache Reduce bandwidth utilisation by storing and retrieving frequently accessed web pages from local disk storage.

Mobile Device Filtering Smoothwall Connect (remote filtering) allows many devices (iOS,OSX,Windows) to be actively filtered and controlled according to the organization’s policies in or out of the home network.  
Android will be supported during 2014.

Guest Mobile Device Filtering Guest devices can be accomodated on the network and filtered according to the organization’s policies.

Bitdefender Anti-Malware


Bitdefender Anti-Malware Email Engine
Scans all SMTP and POP3 email for viruses and other malware. 

BitdefenderAnti-Malware Engine


Firewall


Perimeter Firewall Block threats at the boundary - before they enter your network.

Stateful Packet Inspection Keeps out invalid traffic by ensuring all packets are part of a legitimate sequence.

Layer 7 application filtering Identify and block potentially problematic application traffic such as Skype, BitTorrent, TOR and Ultrasurf. Hundreds of protocols currently supported.

Intrusion Prevention System (IPS) Monitors and reacts to malicious activity and gives, through reporting, an overall view of the attacks occurring to your systems.

Outbound (egress) Filtering Rules Controls what Internet services and ports users can access, based on destination IP address as well as port, protocol, AD group and source IP address.

Port Grouping Group ports into types (e.g. web, email, remote access) to simplify configuration and deployment.

Port-Agile Traffic Blocking Detects & blocks file transfers/downloads (P2P traffic such as KaZaa, BitTorrent, etc

Multiple Rule Sets Increased flexibility with configuration options.

Dynamic NAT (DNAT) and Static NAT (SNAT) Operation Allowing a range of Internet accessible servers to be positioned on the internal network with multiple IPs supported.

Internal Firewall including DMZ, other zones & inter-zone bridges Segregate local networks into physically independent zones - useful for controlling inter-zone access & in the event of server compromise. (Also integrates with User Authentication systems)

Authentication


Authentication Features Integrate with User Authentication systems Control access based on authenticated identity as opposed to assumed identity derived from a computer’s IP address (supports Microsoft Active Directory®, Novell eDirectory, and other LDAP systems).

Multiple Filter Groups Different filter policies can be allocated to up to 100 different groups of users. Particular users can also be configured not to be subject to any filtering at all.

Transparent Proxy Mode System administration is simplified with support for NTLM authentication in transparent proxy mode; which avoids the need to configure proxy settings for each user computer.

Password-Protected Authentication The use of NTLM with password verification provides seamless single sign-on without the need for users to log in or enter their Windows ID/password again.

Ident Integration Ident (Windows User Identification) can be enforced so that any user that has not been identified from Ident information (ie their PC is not running an Ident client) will be not be allowed to browse the web.

Networking


Up to 20 interfaces (4 or 6 ports) Allows segregation not only of servers & clients, but different types of client (wireless laptop users, servers, critical servers, guest workstations, different departments, etc).

Multiple External Connections Allows load balancing between a number of Internet connections.

Ethernet, DSL, (PPPoA, PPPoE and PPTP) and Analogue Modem Support Allows failover to 'lower tech' connections when the main connection fails.

Auto Failover to a Standby Appliance Allows connectivity continuation in the event of hardware dropout.

Routing Protocol Support Facilitates integration into existing network infrastructures.

VLAN Trunking (802.1Q) Allows creation of VLANs for easier network management.

Proxies & Services


Caching Web Proxy Server Reduces page display times & bandwidth utilisation.

Reverse Proxy for HTTP/HTTPS Enables hosting of more than one website on a single public IP.

Transparent SIP Proxy Enhances VoIP.

DHCP Server with Static Address Allocation Facility Use an on-board DHCP server or relay.

DNS Proxy Speeds up DNS resolutions.

NTP Time Server Allows all servers & workstations on the network to set time from the firewall.

DNS proxy Allows you to specify 'conditional forwarding' rules, enabling you to specify different DNS servers for different domains. DNS caching helps speed up response from slow or distant DNS servers.
 
Logging, Reporting and Censoring of Instant Messaging Applications Control and monitor the use of Instant Messaging applications such as MSN, Yahoo, AOL and ICQ. File transfers/attachments can be logged or blocked and selected words or phrases can be censored and set to trigger alerts, with responses (e.g. your message has been censored/blocked). Encrypted Instant Messaging is also supported (e.g. Jabber/GoogleTalk)

VPN


Layer 2 Tunneling Protocol (L2TP) Secure connections for remote workers.

IPSec Compatible gateway for both site-to-site and laptop VPN connections.

SSL VPN Simplified access from laptop VPN connections. Able to cross network filters where L2TP or IPSec might fail, such as hotel room wireless. Support for Internal SSL VPN also allows VPN connections to be made inside the network.

Data Compression - IPComp (RFC 2393) To improve VPN throughput, supporting more VPN connections.

3DES Data Encryption (+ AES Rijndael, Twofish, Blowfish and CAST Encryption Algorithms) Prevents eavesdroppers reading confidential information & provides interoperability with other existing VPN products.

NAT Traversal (NAT-T) option Seamless operation even when the peer gateway or client is behind a NAT router.

Activation/deactivation of individual VPN tunnels Gives administrators full control over who is accessing the network.

Operation


Optional Bridge Mode (Transparent Inline Proxy) S4, S8 and S12 Only Drop in' deployment - allows the appliance to be deployed inline between a switch and a perimeter firewall for ease of installation and configuration.

Rate Limiter by URL The speed or rate at which the proxy server can download information from the Internet can be limited. Bandwidth use can also be limited for specific URLs.

Support for Browser Autoconfiguration Files Provides WPAD (Windows Proxy Auto-Detection) and PAC file support, for automatic configuration of proxy settings in client browsers.

Hardware Healthcare Alerts Notifications about system resource issues (eg low disk space, high memory use, high CPU loads, UPS failures).

Reporting


Built-in Report Templates Users can create, customise and save their own report templates and utilise an extensive range (300+) of report templates. Report options include site-specific reports (e.g. YouTube top viewed videos) and IM reporting (time spent messaging and chat friends per user).

Drill Down to a Single User or IP Reports include the user name and IP address of the user PC so AUP violators can be quickly identified. A drill-down facility allows data to be explored to a greater depth - e.g., from a list of blocked sites that users have attempted to access, drill-down to find out which users have been trying to access any particular site. It is possible to view the entire browsing history (including time spent browsing) of a single user.

Automated Reports User-specific reports can be automatically time-scheduled to run on a daily or weekly basis. Reports can also be automatically saved or distributed to recipient lists via email.

AJAX Real-time Logs & Traffic Graphs View web activity instantaneously, with the option to filter by user name, IP address, web site, category or group.

Real-Time Search Terms Log Viewer Be able to see the search terms used, the user, the search engine used and whether the attempt was allowed or blocked.

Export into PDF, HTML, Excel, Crystal Reports® Reports can be produced in a range of formats for ease of viewing (with pie charts/graphs) and to aid integration with existing systems.

User Portal Selected users (or groups of users) can be given access to a seperate Guardian interface specifically for viewing reports/logs, controlling temporary bans and downloading SSL VPN clients.

Incident Alerts Alert messages can be sent by both email and SMS text message to mobile/cell phones for issues requiring immediate attention.

Email Security & Anti-Spam Optional Module


Content Analysis Using Mailshell 3.0 Spam Content, examines the content of messages in detail, including address fields, subject, headers, SMTP envelope content, email format, design and layout, image layout, hyperlinks, contact information, language and origin in order to identify and categorise spam email.

Reputation Checking Using Mailshell Spam Detection Network & Bayesian analysis, sender reputations are determined using comprehensive ‘real-time’ databases of IP addresses, domains and email addresses of known spammers. Bayesian analysis is used to combat attempts to hide sender identity.

Bulk Mail Detection Using Mailshell SpamBulk, identifies if a message or similar messages were sent in bulk by creating ‘fingerprints’ based on message elements that are the hardest for spammers to fake or change.

Phishing Protection Using Mailshell SpamTricks, identifies special formatting used to evade spam filters and for phishing attacks and economical bulk mailings (including image-only messages, HTML obfuscation and manipulation using relays). Analysis of the message header includes time stamps and the SMTP envelope.

SMTP Validity Checking Checks for malformed email (usually either spam or designed to attack mail server/client vulnerabilities).

Grey Listing Mail from unknown senders may be temporarily rejected. Genuine email servers (as opposed to zombies or botnets) usually resend after a short delay - if a second attempt is made, the sender is then automatically added to the list of known senders.

Remote Blackhole List (RBL) The option to utilise RBL services (maintained databases of IP addresses that are acting as open mail relays for bulk spamming).

Sender Domain Spoofing Rejects any incoming email that falsely uses an internal domain in the 'from' address.

User-configurable Spam Treatment Controls Users have the option to add email addresses to their own blacklists or whitelists and set automatic rules for changing subjects, replacing content or sending to a quarantine mailbox. Quarantines can be set up for individual email addresses with daily 'spam trapped' email reports sent to users so they can view and release emails.

Per User Quarantine Allows each email address to have a separate quarantine - as opposed to a single administrator having to monitor all mailboxes. Users receive a daily report of “spam-trapped” email which they can then use to view and release email.

Disclaimer Footers Ability to add standardised disclaimers to the footer of outgoing emails. Different disclaimers can be used for different domains.

Near Real-Time Updates The software is updated every 5 minutes with the latest email fingerprints and detection rules.

Attachment Removal Allows dangerous or unwanted attachments to be discarded based on type (e.g. executable files, documents and multimedia files).

Email Security Reporting & Logging


Email Reports Show the classification of every received email on a daily or monthly basis (spam, virus infected, blacklisted, etc) with charts to show relative proportions.

Email User Activity Reports Show the number and size of emails sent and received per user (daily/monthly).

Spam Reports Analysis of spam received (top recipients, top sender domains, spam scores etc).

Virus Reports Breakdown of viruses received by type, origin and recipient.

Email Real-time Log Viewer Displays instantaneous email activity including SMTP connection status.