|
|
 |
| Firewall
The
Astaro firewall manages inbound and outbound communications
traffic, as well as traffic between internal networks.
Administrators
can block or allow access, for each protocol, to
each internal network, server, service, and user
group.
The
firewall inspects both networking information (packet
headers) and application information (payloads)
to detect and block suspicious traffic.
|
Additional
Resources:
|
| 
(on-line
demo)
Application-Level
Deep Packet Filtering
Astaro’s
firewall provides both stateful packet inspection
and application-level deep packet filtering. Packet
headers are inspected, and ongoing connections are
monitored, to make sure that they conform to the
appropriate policies.
Application-level
proxies scan content (payloads) to ensure conformance
with rules specific to web traffic, email, DNS,
and other broad application types.
With
the easy-to-use WebAdmin graphical interface, administrators
can quickly set rules to block or allow traffic,
by protocol and by port, between pairs of source
and destination addresses.
|
|
Security
Proxies
A
comprehensive set of proxies are provided for HTTP
and HTTPS, SMTP, POP3, DNS, SIP and SOCKS.
These
proxies simplify management by allowing administrators
to quickly and easily enable and disable protocols
and features such as virus scanning, content filtering,
caching, whitelists and blacklists, file extension
filtering, and MIME error checking.
Web
and email proxies can be run in transparent mode,
so that each users’ packets can be redirected
to the proxy without having to reconfigure desktop
settings.
NAT,
Masquerading and DOS Protection
Dynamic
and static Network Address Translation (NAT) and
masquerading conceal internal IP addresses behind
a “public” IP address, to prevent hackers
from learning about internal networks, servers,
and users.
|
 |
Astaro’s
firewall protects against common Denial of Service
(DoS) and Distributed Denial of Service (DDoS) attacks
such as TCP SYN flood, ICMP flood, UDP flood, Smurf,
Trinoo, and IP spoofing.
Transparent
Firewall Mode
Packets
can traverse the firewall in transparent mode without
modifying any of the source or destination information
in the packet header. The firewall can be inserted
or removed from the network without needing to reconfigure
IP addresses.
Time-Based
Rules and Policy-Based Routing
Packet
filter rules can be set for specified time periods.
User groups can be granted access to networks and
servers at certain times of day and denied access
at others.
Astaro’s
firewall can forward and route packets based on
destination IP address, source IP address, source
port, and destination port. Traffic can be spread
over multiple Internet uplinks to improve application
performance, reduce bandwidth use, and control costs.
Traffic
Shaping and QoS
Administrators
can increase or decrease the priority of different
types of traffic between specific endpoints, providing
quality of service (QoS) for critical transactions.
Detailed
Reporting
Astaro
Security Gateway provides detailed reporting on
network traffic, connections, packet filter violations,
hardware utilization on the firewall system, and
other information for managing the firewall.
Accounting
reports provide detailed data on traffic to and
from network segments.
Detailed
logs can be stored and viewed in text format, or
exported to spreadsheets and reporting systems for
ad-hoc or specialized analysis.
|
|
|
