Gateprotect Gpa 250: Designed For Small Enterprises
Gateprotect Gpa 250: Designed For Small Enterprises
Gateprotect Gpa 250: Designed For Small Enterprises
Layer 8
User authentication
Layer 7
Application
Layer 6
Presentation
Layer 5
Session
Layer 4
User
authentication
Transport
TCP, UDP
Layer 3
Application
Network
192.168.1.1
Layer 2
Presentation
Data Link
Layer 1
Session
Physical
Physical
Transport
Data Link
Network
Network
Data Link
Transport
Physical
Session
L2TP, PPTP
TCP, UDP
00-23-EE-4D-C5-E6
192.168.1.1
192.168.1.1
00-23-EE-4D-C5-E6
TCP, UDP
L2TP, PPTP
Clarity Perfection
Security ASCII, ICA, EBCDIC
Presentation
User authentication
The unique eGUI technology revolutionizes the operation of Next Generation UTM Appliances
The greatest security risk facing modern IT networks relates to the fact that increasingly complex security functions are required in order to effectively block attacks.
This inevitably leads to systems that are extremely complex to operate, which, in turn, means the risk of user errors increases exponentially. As a result of this, operation and configuration errors in IT systems are the cause of around 98% of all security vulnerabilities in companies nowadays. This risk, together with the constantly
increasing amount of work that is required to manage IT security systems, means a whole new approach to the operation of professional security solutions is required.
Initial configuration
Ongoing administration
Familiarization phase
gateProtect
70% Time-savings
Mitbewerber I
II
III
IV
gateProtect
Mitbewerber I
II
III
IV
80% Time-savings
gateProtect
95% Time-savings
Mitbewerber I
II
III
IV
Study from 2009, which compared the time required to configure firewalls from different providers
VIEW 1
Extended VPN
VIEW 2
VIEW 3
Bandwidth Management
Rear view
Firewall throughput
1 000 (800) Mbps
UTM throughput
150 (120) Mbps
Operating
Temperature
C 0~40
Network interfaces
4 Ports (4 Ports)
1 000 MBit: 4 (4)
Concurrent sessions
500 000
Hardware Specifications
Dimensions
DxWxH (mm)
270 x 440 x 44
Weight
Input Voltage
5,5 kg
AC 100-240
Consumption
(Full load)
35 W
Feature Specifications
Firewall with DPI
- Stateful inspection
- Connection-tracking TCP/UDP/ICMP
- SPI and proxy combinable
- Time controlled firewall rules,
content filter and internet connection
- IP-ranges, IP-groups
- Layer7-filter*
- Deep packet inspection* for application
based blacklists - over 600 apps supported
- Port-ranges
- Self- and predefined ports
- Supported protocols:
TCP, UDP, ICMP, GRE, ESP, AH
Management
- eGUI Technology
- ISO 9241 compliant
- immediate visual feedback for each setting
- self-explanatory functions
- overview of all active services
- overview of the whole network
- Layer and zoom function
- Languages: English, German, French,
Italian,Spanish, Turkish
- Role-based firewall administration
- Role-based statistic-client
- SSH-CLI
- Desktop configuration saved / restored
separately from backup
- CLI on serial line
- Object oriented firewall configuration
- Direct Client Update function
LAN / WAN-support
- Ethernet 10/100/1 000*/10 000* Mbit/s
- Twisted-Pair / Fibre-Optics
- MTU changeable (Ethernet/DSL)
- PPPoE
- ISDN
- PPP-PAP, PPP-CHAP authentication
- Inactivity timeout
- Forced disconnect time
- Cablemodem, xDSL
- Concurrent connections
- Backup-connections
- Connection availability check
- Loadbalancing
- Time controlled internet connections
- Manual and automatic DNS assignment
- Multiple dyn-DNS support
- Supports 8 different dyn-DNS-services
- Source based routing
- Routing protocols RIP, OSPF
User authentication
- Active Directory supported
- Active Directory groups integration
- OpenLDAP supported
- Local userdatabase
- Web-interface authentication
(port changeable)
- Windows-client authentication
- Authentication on domain login
- Single sign on with Kerberos
- Single- and multi login
- Web-Landing-Page
- Login and logoff auditing
- User- and group statistics
DHCP
- DHCP-relay
- DHCP-client
- DHCP-server (dynamic and fixed IP)
DMZ
- Port forwarding
- PAT
- Dedicated DMZ-links
- DMZ-wizard
- Proxy supported (SMTP)*
VLAN
- Max. 4094 VLAN per interface possible
- 802.1q ethernet header tagging
- Combinable with bridging
Bridge-mode
- OSI-layer 2 firewall-function
- Spanning tree (bride-ID, port-cost)
- Unlimited bridges
- Unlimited interfaces per bridge
- Combinable with VPN-SSL
Traffic shaping
- Up- and download shapeable
- Multiple internet connection separately
shapeable
- All services separately shapeable
- Maximum and guaranteed bandwidth
adjustable
- QoS with TOS-flags supported
- QoS inside VPN connection supported
High availability
- Active-passive HA
- Synchronisation on single / multiple
dedicated links
- Manually switch roles
Backup
- Remote backup creation
- Small backup files
- Remote backup restore
- Restore backup on installation
- Automatic and time based creation
of backups
- Automatic upload of backups on FTP or SCP-Server
- Auto-install-USB-stick with backup
integrated
SNMP
- SNMPv2c
- SNMP-traps
- Auditing of:
- CPU / Memory
- HDD / RAID
- Ethernet-interfaces
- Internet-connections
- VPN-tunnel
- Users
- Statistics, Updates
- DHCP
- HA
Proxies*
- HTTP (transparent or intransparent)
- HTTPS (available GPA 250 and higher)
- Support for Radius-server, AD-server,
local user-database
- FTP,POP3,SMTP,SIP
- Integrated URL-/ content-filter
- Integrated antivirus-filter
- Integrated spam-filter
- Time-controlled
Web-filter*
- URL-filter with safe search enforcement
- Content-filter
- Block rules up to user-level
- Black-/ white-lists
- Im- / export of URL-lists
- File-extension blocking
- Category-based website-blocking
- Self definable categories
- Scan-technology with online-database
- Transparent HTTP-proxy support
- Intransparent HTTP-proxy support
Antivirus*
- HTTP, HTTPS, FTP, POP3, SMTP
- Scans compressed data and archives
- Scans ISO 9660-files
- Exceptions definable
- Manual and automatic updates
Antispam*
- Online-scanner
- Scan-level adjustable
- Real-time-detection-center
- Black- / white-email-sender-lists
- Mail-filter
- Black- / white-email-recipients-lists
- Automatically reject emails
- Automatically delete emails
- AD-email-addresses import
IDS/IPS*
- Snort scan-engine
- 5000+ IDS-pattern
- Individual custom rules
- Security-level adjustable
- Rule groups selectable
- Exceptions definable
- Scanning of all interfaces
- Email on IDS events
- DoS, portscan protection
- Invalid network packet protection
VPN
- VPN-wizard
- Certificate-wizard
IPSec
- Site-to-site
- Client-to-Site (Road warrior)
- Tunnel-Mode
- IKEv1, IKEv2
- PSK
- X.509-certificates
- 3DES, AES (128, 192, 256)
Blowfish (128, 192, 256)
- DPD (Dead Peer Detection)
- NAT-T
- Compression
- PFS (Perfect Forward Secrecy)
- MD5, SHA1, SHA2 (256, 384, 512)
- Diffi Hellman group
(1, 2, 5, 14, 15, 16,17,18)
- export to One-Click-Connection
- XAUTH, L2TP
SSL
- Site-to-site
- Client-to-Site (Road warrior)
- Routing-Mode-VPN
- Bridge-Mode-VPN
- X.509-certificates
- TCP/UDP port changeable
- Compression
- specify WINS- and DNS-servers
- 3DES, AES (128, 192, 256)
CAST5, Blowfish
- Export to One-Click-Connection
PPTP
- Windows-PPTP compatible
- Specify WINS- and DNS-servers
- MSCHAPv2
X.509 certificates
- CRL
- OCSP
- Templates
- Multi CA support
- Multi host-cert. support
Monitoring*
- System-Info
- CPU- / memory usage
- Long-term-statistic
- HDD-status (partitions, usage, RAID)
- Network status (interfaces, routing, traffic,
errors)
- Process-monitoring
- VPN-monitoring
- User-authentication-monitoring
VPN-client
- IPSec-client
- SSL-client (OpenVPN)
- NAT-T
- AES (128, 192, 256), 3DES
CAST, Blowfish
- X.509 certificates
- PSK
- One-Click-Connection
- Log-export
Logging, Reporting*
- Email notification
- Logging to multiple syslog-servers
- Categorized messages
- Report in admin-client (with filter)
- Export report to CSV-files
Command Center
- eGUI Technology, ISO 9241 compliant
- Monitor 500+ firewalls
- Active configuration of 500+ firewalls
- VPN connections centrally creatable
- Single- and group-backup
- Plan automatic backup in groups
- Single- and group update & licensing
- Create and apply templates on multiple
firewalls
- Certificate based 4096 bit encrypted
connections to the firewalls
- Display settings of all firewalls
- Role based command center user
management
- VPN-monitoring
Statistics*
- IP and IP-group statistic
- Separate services
- Single user / groups
- TOP-lists (surfcontrol)
- IDS-statistics
- Traffic-statistics
- AppFilter traffic statistics
- Antivirus- / antispam-statistics
- Defence statistics
- Export statistic to CSV-files