Professional Documents
Culture Documents
DIGIPASS BY VASCO
Contents
AXsGUARD Gatekeeper at a glance ______________________________________________________________________ 2 Overview __________________________________________________________________________________________ 1 software bundle 5 hardware platforms _________________________________________________________________ 1 hardware platform 4 software bundles _________________________________________________________________ Additional user licenses ______________________________________________________________________________ Recommended users ________________________________________________________________________________ Software bundles ____________________________________________________________________________________ aXsGUARD Gatekeeper basic ras _______________________________________________________________________ aXsGUARD Gatekeeper standard ras _____________________________________________________________________ aXsGUARD Gatekeeper enterprise ras ____________________________________________________________________ aXsGUARD Gatekeeper enterprise backup ras ______________________________________________________________ aXsGUARD Gatekeeper internet redundancy bundle __________________________________________________________ Content scanning ____________________________________________________________________________________ Content scanning: mail ______________________________________________________________________________ Content scanning: web ______________________________________________________________________________ Reporting & statistics ________________________________________________________________________________ 3 3 3 3 3 4 5 5 6 6 7 8 8 9 9
Authentication _____________________________________________________________________________________ 10 Hardware _________________________________________________________________________________________ 11 Hardware platforms ________________________________________________________________________________ 11 Hardware maintenance _____________________________________________________________________________ 11 Personal aXsGUARD _________________________________________________________________________________ 12 Secure and wireless connection to the corporate network _____________________________________________________ 12 Easy configuration and setup _________________________________________________________________________ 12 5 solutions with aXsGUARD Gatekeeper __________________________________________________________________ Solution 1: secure government infrastructure with limited resources ______________________________________________ Solution 2: aXsGUARD enables services for Value Added Resellers _______________________________________________ Solution 3: aXsGUARD Gatekeeper as an outstanding all-in-one security solution _____________________________________ Solution 4: business automation for secure remote assistance __________________________________________________ Solution 5: guarenteed business continuity for SMEs _________________________________________________________ 13 13 14 14 15 15
Technical specifications ______________________________________________________________________________ 16 Hardware specifications _____________________________________________________________________________ 16 Specifications personal aXsGUARD _____________________________________________________________________ 17 Software specifications ______________________________________________________________________________ Administration ___________________________________________________________________________________ Network ________________________________________________________________________________________ Monitoring and logging _____________________________________________________________________________ Authentication ____________________________________________________________________________________ Firewall ________________________________________________________________________________________ IPS and iDS _____________________________________________________________________________________ VPN server ______________________________________________________________________________________ Multiple internet gateways ___________________________________________________________________________ Bandwidth management ____________________________________________________________________________ Public dns ______________________________________________________________________________________ Application firewall ________________________________________________________________________________ Ssl-vpn webportal _________________________________________________________________________________ High availability ___________________________________________________________________________________ Content scanning: web traffic _________________________________________________________________________ Content scanning: mail traffic _________________________________________________________________________ Statistics _______________________________________________________________________________________ 18 18 18 19 19 19 19 20 20 20 20 21 21 21 22 22 22
aXsGUARD Gatekeeper
aXsGUARD Gatekeeper is part of VASCOs remote access product line and offers a complete solution for secure network connectivity. aXsGUARD Gatekeeper is a security appliance dedicated to the needs of the SME market. The solution is designed for administrators who want an all-in-one solution for Internet connectivity and security. 24 functional features are bundled together into four software packages with additional content scanning licenses. Each software bundle can run on one of the five available hardware models allowing organizations of any size to choose the most suitable combination of performance and features. aXsGUARD Gatekeeper works transparently with any other solution allowing organizations to activate only those features they really need. Additionally, aXsGUARD fits perfectly into any network environment, whether its a Microsoft, Linux, Mac or mixed environment.
SOHO
Bandwith Management with QoS Internet Redundancy
S P I C T F I R E W A L L I N T E R N E T
Road Warrior
Secure LAN
Remote Office
DMZ ZONE
aXsGUARD Gatekeeper
Overview
Recommended users
Each combination of hardware and software has a recommended number of users. The number of users is an indication of best performance and hardware maintenance for the appliance and surmises that all available features including the content scanning option have been activated. There is no user limit, however, when the number of users exceeds recommendations, system performance may be influenced. As expected, the number of users can be increased when fewer options have been selected.
AG2504
BASIC RAS STANDARD RAS ENTERPRISE RAS 25 10 10
AG3443
50 25 25
AG3604
250 100 100
AG5506
1000 500 500
AG7500
2000 1500 1500
Optional licenses
Basic Content Scanning Standard Content Scanning DIGIPASS
aXsGUARD Gatekeeper
Software bundles
Gatekeeper Core OS including authentication Firewall with IPS VPN Server Bandwith Management Multiple Internet Connections Public DNS Reverse proxy SSL VPN Web portal High Availability
BASIC
STANDARD
ENTERPRISE BACKUP
4
aXsGUARD Gatekeeper
ENTERPRISE
Software bundles
aXsGUARD Gatekeeper BASIC RAS
The Basic Remote Access Solution bundle allows your users to connect in a secure way to the local network. The bundle was designed for the SMB market, offering small and medium companies a simple solution to connect remote users while providing full protection by aXsGUARD Gatekeeper. The Gatekeeper Core OS includes all necessary networking and routing protocols to connect your network to the Internet. Complete logging and monitoring is available on the appliance itself but logging and monitoring reports can also be sent towards an external syslog server. The Directory Integration Services allow you to synchronize your users from any LDAP server to aXsGUARD Gatekeeper. Users and groups are directly managed in aXsGUARD Gatekeepers administration interface. Users can authenticate themselves using a DIGIPASS. DIGIPASS functionalities and management are incorporated in aXsGUARD Gatekeeper in which VASCOs core authentication platform VACMAN Controller is integrated. Should you prefer to work with certificates, a CA is incorporated. The network is protected from hacking attempts through the SPICT Firewall with IPS. Firewall rules can be determined and implemented on IP address, user or group level. User and group policies are added from a list of predefined rules. This allows an IT administrators to build a more secure setup of the network and perform better control and more efficient management through aXsGUARD Gatekeeper. Remote access can be achieved with any standard VPN client over pptp, l2tp and ssl-vpn. The VPN server supports access from Personal aXsGUARD, a remote VPN appliance dedicated for SOHO use. Includes software modules: Administration Network Monitoring and logging Authentication Firewall IPS and IDS VPN server
aXsGUARD Gatekeeper
Software bundles
aXsGUARD Gatekeeper ENTERPRISE RAS
The Enterprise Remote Access bundle offers secure web-based access to your network on top of the STANDARD Bundle. The bundle includes a Reverse Proxy which protects internal webservers from hacking attempts. To authenticate your users it can use the built in VACMAN Controller. This enables strong user authentication to protect any webserver without the need to adapt your website. For dedicated web applications, like Outlook Web Access and Citrix, it allows single sign-on features. The SSL VPN web portal allows a connection from any browser towards the local network. The default web portal page - protected with two-factor authentication - can be customized for each user according to his needs. Default applications are available, which will allow you to set up Remote Desktop Protocol (RDP) RDP sessions, browse internal web servers, access local file servers You can optionally extend the Enterprise RAS bundle with an active/ passive High Availability appliance.
aXsGUARD Gatekeeper
Software bundles
aXsGUARD Gatekeeper INTERNET REDUNDANCY bundle
How important is the internet for smes? Do you need the internet for the execution of your daily work? Do you place orders through the internet? Do you use online banking for your financial transactions? Do you receive your orders through the internet? Would you lose customers when your website is not available? How much would you lose when your internet connection fails? The internet has become indispensable in todays business world. A reliable internet connection is crucial for SMEs to ensure business continuity. Or to be prepared for cloud applications, such as online accounting, online banking, back-up or a remote mail server. Why would you choose this bundle? Your internet connection always fails at the worst possible time. When you urgently need to mail an offer, when your store is filled with customers or when you need to find something on the internet. To ensure the continuity and availability of your company and employees at all times, VASCO launches a tailor-made solution for SMEs. Continuity is always guaranteed even if a problem with your internet connection should occur. The solution? The aXsGUARD Gatekeeper Internet Redundancy bundle is a solution where a second internet line is deployed in addition to the line of your existing provider. By installing internet lines using different technologies (cable xDSL), connectivity is guaranteed and you can continue working without any problems even when the internet connection should fail. aXsGUARD Gatekeeper will immediately detect failures and automatically switch to another available line. Includes software modules: Administration Network Monitoring and logging Authentication Firewall Multiple Internet Gateways Public DNS
aXsGUARD Gatekeeper
Content scanning
aXsGUARD Gatekeeper can be extended with Content Scanning licenses providing secure mail and web traffic. Content scanning is available in combination with all aXsGUARD Gatekeeper software versions. It exists in two versions: 1. BASIC with default content scanning features and 2. STANDARD with additional features such as an Anti-Virus engine from Trend Micro and web-based content scanning
aXsGUARD Gatekeeper
Content scanning
Content Scanning: web
To avoid that users import all kinds of malware and to increase productivity, all web traffic should pass the proxy on aXsGUARD Gatekeeper. After authentication (web-based or SSO by using static passwords or 2-factor authentication), specific rules can be applied to each user or group of users. It doesnt matter which PC the user logs on to, he will always receive his specific web browsing rules. In order to create those rules aXsGUARD Gatekeeper first needs lists: A site list can exist out of a list of defined URLs or parts of URLs in wording. It can contain words and URLs that you want to block, or words and URLs that should pass. (E.g. the administrator might want to block URLs with the word sex, but would want to allow URLs with the word msexchange Predefined blacklists are available on aXsGUARD Gatekeeper, categorizing 3.5 million sites into 90 different categories such as, malicious web pages (spyware, phishing, virus infected,); adult related content (adult, porn, art nudes,); social networking (chat, blog, im, mail, ); gaming (gambling, online gaming,); whitelist (!) 100% suitable for kids; Since site lists never can provide a complete list of all malicious sites on the Internet (due to localizations and new sites popping up every day), the standard version of Content Scanning also includes web content scanning: every web page will be scanned and analyzed, based on the content of a page. Using content analysis, the content scanner tags particular words and phrases with a score and a category (e.g. the word breast would lead to give a negative score, but when the word cancer is found in the same page, it would give a better score). 30 different predefined wordlists (positive and negative) in multiple languages are provisioned in aXsGUARD Gatekeeper. Administrators can create their own additional wordlists to give an even better result. After content scanning, the total web page receives a certain score. These site lists and wordlists are then combined into categories, to create a complete list of rules. It avoids repetitive work and adds granularity to the access rights you want to give to different users. A category can be defined as an allowed list, a forbidden list and an exception list. The exception list is used to block URLs inside a webpage, without blocking the whole page. These categories are then added to access control lists (ACL). An ACL exist of categories of sites and the time when this ACL applies (e.g. during or outside working hours). It also adds virus scanning and blocking of specific extensions. In the ACL you also set the score for the web based content scanning, to decide which pages are shown or blocked. There is one general ACL, for all web traffic in the company, which can be overruled by ACLs which are applied for a specific IP address (e.g. printers, servers), a group of people or a specific user.
aXsGUARD Gatekeeper
Authentication
To provide secure remote access, VACMAN Controller is integrated in aXsGUARD Gatekeeper. This allows users to authenticate themselves with a DIGIPASS on their network. The administrator can decide which level of authentication is needed for a certain application. Strong user authentication can be added to access the tool, authenticate on the proxy, VPN access and connecting to webservers through the reverse proxy or SSL Web portal. If you have another Radius client, it can also authenticate its users on the aXsGUARD Gatekeeper. The Gatekeeper supports hardware DIGIPASS (GO-series and 2xx series) as well as the DIGIPASS for Mobile. Belgian citizens who want to authenticate with their e-ID card can also authenticate on the aXsGUARD Gatekeeper with the DIGIPASS 810 for e-ID.
DIGIPASS GO 6
DIGIPASS GO 7
DIGIPASS GO 100
DIGIPASS 270
aXsGUARD Gatekeeper
10
Hardware
AG2504
BASIC RAS STANDARD RAS Enterprise RAS 25 10 10
AG3443
50 25 25
AG3604
250 100 100
AG5506
1000 500 500
AG7500
2000 1500 1500
Hardware maintenance
Each aXsGUARD Gatekeeper bundle includes one year software and hardware maintenance (Standard Exchange). The hardware maintenance covers all defects of aXsGUARD including tear and wear of specific parts. Standard Exchange is a yearly renewable contract, with no end date. As long as an appliance is under Standard Exchange, VASCO guaranties it will work in normal operating conditions for the recommended number of users. If aXsGUARD Gatekeeper under Standard Exchange does suffer from underperformance and the normal operation conditions and recommended user settings have been followed, VASCO will replace it by a refurbished appliance with more performance. If an upgrade to more robust hardware is required, for example due to an increasing number of users or features, the new appliance can be purchased at a reduced price, almost covering the price difference between the new and old appliance. The new appliance will be shipped with the latest available back-up already preinstalled. The customer only needs to switch the hardware.
11
aXsGUARD Gatekeeper
Personal aXsGUARD
Remote parameters such as DHCP, WIFI settings and firewall policies are managed on the parent aXsGUARD Gatekeeper. Administrators can hence determine who can access the main site through VPN and who has direct access to Internet. The configuration allows administrators to route and monitor all network traffic on one central location while at the same time ensuring the highest security for remote or home offices with a minimum of effort. To achieve maximum uptime, multiple parent aXsGUARD Gatekeeper appliances can be defined in the configuration of Personal aXsGUARD. If for some reason Personal aXsGUARD is unable to connect to one parent appliance, a connection with another aXsGUARD Gatekeeper will automatically be set up.
aXsGUARD Gatekeeper
12
Information and network access security are of vital importance for local governments in order to prevent confidential information from falling into the wrong hands. VASCO has years of experience and a proven track record of successfully mitigating security vulnerabilities. With aXsGUARD Gatekeeper VASCO helps local municipalities and governmental organizations to implement complete IT security solutions to protect valuable information and assets. Access is provided through a secure, encrypted connection in order to protect the network from hackers. Users can authenticate themselves by generating an OTP using for instance their electronic identity card, By adding additional content scanning licenses, users are protected from malware and malicious sites can be blacklisted. The all-in-one concept allows the municipalitys IT department to organize and control its own security, without having to acquaint itself with different multiple systems and the complexity of making different appliances work together. If necessary, aXsGUARD Gatekeeper can be remotely managed by the IT partner helping local governments to stay ahead of the onslaught of IT threats at a fixed price.
aXsGUARD Gatekeeper provides several possibilities for secure remote access, making it easy to connect different sites of municipalities through aXsGUARD Gatekeepers e-tunnels with automatic failover. Smaller sites with only a couple of workplaces can be connected and centrally managed with a Personal aXsGUARD. Confidential documents are securely shared through the SSL web portal, protected with a DIGIPASS device.
Benefits
Complete solution, covering all aspects of network security Ideal for undermanned IT staff Full scale of remote access possibilities. Choose the best fit for each location and application Cost savings through centralization Enhanced confidentiality High-availability of services Increased transparency Guarantees privacy of employees surfing behavior, but allows control
13
aXsGUARD Gatekeeper
Benefits
Easy and complete solution One solution to secure all your customers Central management providing an overview of your customers Upgrade path Remote assistance from reseller to customer Assistance from the vendor for certified engineers End-customer gets offering high quality service
Benefits
All-in-one security solution Business continuity is guaranteed thanks to high availability and Internet redundancy (multiple Internet lines) All offices are connected through an easy to manage star network Secure network access using VPN tunnels Reduced complexity (one central appliance) Two-factor authentication integrated out-of-the-box Flexible solution, which can be integrated into any environment (Windows, Mac, Linux) Easy to manage Focus on your core business, while aXsGUARD takes care of your security
aXsGUARD Gatekeeper
14
Benefits
Secure remote access to remote sites and equipment Enhanced supportability aXsGUARD Gatekeeper can help companies to create an easily supported and consistent environment Helps companies to implement a fixed method of work flow Server and network automation Central administration Time- saving (instant remote access, no need to deploy people on remote site) Cost-efficient Overcomes network issues and policies at remote sites Flexibility Administrators can define different sets of policies and rules for different user types and a different number of environments
Benefits
Business continuity guaranteed for all incoming/outgoing traffic (e-mail, internal and external websites, VPN, ) Flexibility Connect multiple internet connections to your network and choose which type of internet traffic passes through which line (surfing, mailing, downloading files, ) Reliability Ample experience (>3500 installations) Robust hardware with the possibility of a lifetime warranty Speed Divide your internet traffic over your available Internet lines. This gives you the best speed according to your needs Easy maintenance with automatic software updates and remote configuration back-up Future proof solution: Ready for strong authentication via DIGIPASS-technology Easy to extend (software bundles, content scanning, DIGIPASS) Upgrade to more performing hardware against the price difference
15
aXsGUARD Gatekeeper
Technical specifications
Hardware specifications
AG2504
Operating System Chassis Form Factor Processor Type Gatekeeper Core OS 7.6 Desktop model Intel Atom N450 processor 1 GB 667 Mhz DDR2 SO-DIMM 1 x HDD/160 GB SATA 2.5 5400rpm 8MB No No 60W, 15V power adapter No 4 GbE NIC Web GUI SSH 182 x 150 x 40mm 7.1 x 5.9 x 1.65 0,8 kg (<1,8lbs) excl. adapter 1,1 kg (<2,4lbs) incl. adapter Safety UL, CE, ECC-EMC, LVD Desktop model 5C to 35C, 40F to 90F. Fanless 20 to 90% (non-condensing) 0C to 70C, 32F to 158F 5 to 95% (non-condensing)
AG3443
Gatekeeper Core OS 7.6 1U Rack Mount Intel Atom D510 processor 1GB 667MHz DDR2 SO-DIMM 1 x HDD/WD RE4/250GB SATA 7200rpm 64MB No No AC 100~240V, 50/60 Hz, 4-2 Amp Max 200W max No 3 GbE NIC Web GUI SSH
AG3604 r2
Gatekeeper Core OS 7.6 1U Rack Mount Intel Atom D525
AG5506
Gatekeeper Core OS 7.6 1U Rack Mount Intel Core 2 Duo E8400 3GHz 1333MHz 6MB LGA775 4GB 800MHz DDR2 ECC CL5 DIMM 1 x HDD/WD RE4/500GB SATA 7200rpm 64MB No No AC 100~240V, 50/60 Hz, 4-2 Amp Max 200W max No 6 GbE NIC Web GUI SSH
AG7500
Gatekeeper Core OS 7.6 2U Rack Mount Intel Xeon Proc. 5620/ 2.4GHz/ 5.86GTs 12MB 12GB 1066Mhz DDR3 ECC CL7 2 x HDD/WD RE4/500GB SATA 7200rpm 64MB YES RAID1 AC 100~240V, 50/60 Hz, 10-4 Amp Max 700W max Hot swappable 10 GbE NIC Web GUI SSH
4GB 800MHz DDR3 SO-DIMM 1 x HDD/WD RE4/500GB SATA 7200rpm 64MB No No AC 100~240V, 50/60 Hz, 4-2 Amp Max 200W max No 4 GbE NIC Web GUI SSH
Power Redundancy Network Ports Management Dimensions (W/H/D) Weight Compliance to standards Mounting Position Operating Temperature Operating Humidity Storage Temperature Storage Humidity
437mm x 43mm x 249mm 437mm x 43mm x 249mm 426mm x 43mm x 365mm 437mm x 89mm x 450mm 17.2 x 1.7 x 9.8 17.2 x 1.7 x 9.8 16.8 x 1.7 x 14 17.2 x 3.5 x 17.7 6,7 kg (<15lbs) 6,7 kg (<15lbs) 7.7 kg (<17 lbs) 17.6 kg (<38.8 lbs)
Safety UL, C-UL, CE EMC Safety UL, C-UL, CE EMC Safety UL, C-UL, CE EMC Safety UL, C-UL, CE EMC FCC, CE Environment RoHS FCC, CE Environment RoHS FCC, CE Environment RoHS FCC, CE Environment RoHS Horizontal orientation, 19 Rack, 1 U 10 to 35 C, 50 to 90 F 8 to 90% (non-condensing) -40 to +70 C, -40 to 158 F 5 to 95% (non-condensing) Horizontal orientation, 19 Rack, 1 U 10 to 35 C, 50 to 90 F 8 to 90% (non-condensing) -40 to +70 C, -40 to 158 F 5 to 95% (non-condensing) Horizontal orientation, 19 Rack, 1 U 10 to 35 C, 50 to 90 F 8 to 90% (non-condensing) -40 to +70 C, -40 to 158 F 5 to 95% (non-condensing) Horizontal orientation, 19 Rack, 2 U 10 to 35 C, 50 to 90 F 8 to 90% (non-condensing) -40 to +70 C, -40 to 158 F 5 to 95% (non-condensing)
aXsGUARD Gatekeeper
16
Technical specifications
Specifications Personal aXsGUARD
SPECIFICATIONS - Recommended for up to 5 unique IP devices
Model
Standards Internet port Ethernet LEDs Cabling Type RF Power (EIRP) in dBm Security Features One 10/100 RJ-45 Port
AG1296
IEEE 802.3, IEEE 802.3u, IEEE 802.11g, IEEE 802.11b Four 10/100 RJ-45 Switched Ports, WIFI Power, DMZ, WLAN, Ethernet (1, 2, 3, 4), Internet CAT 5 18 Statefull Packet Inspection Firewall, Internet Policy, Central management on corporate aXsGUARD Gatekeeper, PKI Certificates (can be generated by the CA of the central aXsGUARD), Custom NAT rules, routing, DHCP Server WEP, WPA-PSK-AES encryption, WPA-PSK-TKIP encryption DHCP Client, PPPoE with external xDSL modem, Static IP address Towards central aXsGUARD Gatekeeper through SSL VPN Automatic recovery of VPN connections Failover towards other aXsGUARD Gatekeeper appliances possible
aXsGUARD AG2504
aXsGUARD AG3443
aXsGUARD AG3604
aXsGUARD AG5506
aXsGUARD AG7500
17
aXsGUARD Gatekeeper
Software specifications
Administration
Basic Standard Enterprise Internet Redundancy bundle
Network
Basic Standard Enterprise Internet Redundancy bundle
Web-based GUI for appliance administration Clickable status overview and health monitor Automated configuration check Automated license upgrade tool Manual or automated upgrades, with pre-testing Automated online updating system Back-up options: remote back-ups of configuration at VASCO Service Center Back-up of configuration sent by e-mail Back-up of configuration, logs and mail on local file servers Group- and use- based configuration allowing easy and secure setup LDAP Synchronization (users/groups) from: Microsoft Active Directory Novell e-Directory Generic LDAP Predefined rules and policies allowingfast setup Layered access levels for admin tool
Complete set of network protocols: Routing tables NAT with helper for FTP, PPTP VPN, IRC, H.323, SIP, SNMP, TFTP, Amanda Portforwarding & redirection SNAT/DNAT Masquerading Internet connectivity: Static DHCP Client PPTP PPPoE DHCP server(s) NTP client and server DNS server VLAN support Bridging support Dynamic DNS support (DynDNS and EasyDNS) Ping and trace route tool
aXsGUARD Gatekeeper
18
Software specifications
Monitoring and logging
Basic Standard Enterprise Internet Redundancy bundle
Firewall
Basic Standard Enterprise Internet Redundancy bundle
Internal Logging Capacity Built- in hard disk Detailed Real Time monitoring Historical Reporting e-mail notification on viruses and attacks Syslog server delivery (local, network, relay) Local log files of all activities Log files kept during 2 months Graphics load Cpu usage memory all conifgured devices
Authentication
Basic Standard Enterprise Internet Redundancy bundle
Self-adaptive Firewall Statefull Packet Inspection (Connection Tracking) Denial-Of-Service attack blocking Distributed Denial-Of-Service attack blocking IP / Packet Filter Bad Packet Management Predefined rules and policies Policies based on device, type of traffic, or IP address/range Static/Dynamic/Advanced Policies Unlimited rules and policies Company Policies Group Policies (overrule Company) User Policies (overrule/append Group) Host Policies Separate RAS policies Authenticated port forwarding DMZ zone SPICT Firewall Performance 150 Mbps - 2Gbps Concurrent sessions 4000 - 600.000 New sessions/second 5.000 - 15.000
Radius Server Single Sign-on tool Ident server AD back-end authentication Built in strong user authentication for: Admin tool Radius clients Firewall and Web access VPN (PPtP, IPSec, OpenVPN) SSL-VPN web portal (Enterprise Edition) Application Firewall (Enterprise Edition) Imap/Webmail (Content Scanning) DIGIPASS clients supported (*) DIGIPASS GO 6 and GO 7 DIGIPASS 260 and 270 DIGIPASS for Mobile DIGIPASS 810 e-ID card reader Belgian e-ID card with DIGIPASS810 eID Card Reader delivery procedure Integrated PKI with Certificate Authority (CA)
Active System Attack monitoring Protocol Anomaly prevention & detection Customizable detection signature list DoS and DDoS Prevention Fragmented Packet Reassembly Malformed Packet Protection Analysis of all popular application protocols Detect network-level packet based attacks Detection of all types of port scans, including stealth types Automatic reconfiguration of firewall
19
aXsGUARD Gatekeeper
Software specifications
VPN server
Basic Standard Enterprise Internet Redundancy bundle
Bandwidth management
X
Basic Standard Enterprise Internet Redundancy bundle
PPtP Server Propose IP Address support for PPtP Server NAT helper for PPtP L2TP Support IPSEC Client to Gateway IPSEC NAT-Traversal IPSEC VPN Keep Alive IPSEC VPN Dead Peer Detection IPSec PSK (pre shared secret) IPSec RSA Key IPSec X.509 Integrated PKI Internal Certificate Authority Certificate creation / revocation handling Xauth support Encryption (DES/3DES/AES/BF) MD5 / DH2/ PFS/ SHA-1/CBC authentication IPSec Gateway to Gateway SSL-VPN Support with Open VPN client SSL VPN Fault tolerant VPN (e-tunnels) Simplified routing using e-tunnels Personal aXsGUARD support Max. number VPN tunnels: unlimited Max. number VPN users: unlimited
Quality of Service Internal Bandwidth management Full Policy based traffic shaping Static and Dynamic bandwidth shaping Time based policies Policies on protocol (TCP, UDP, ICMP, GRE, ESP, AH) Policies on source address and port/range Policies on destination address and port/range Bandwidth management inside VPN tunnels
Public DNS
Basic Standard Enterprise Internet Redundancy bundle
Publish public domain names and subdomain names on the Internet Primary and secondary zones Forward and Reverse DNS Allow multiple DNS servers Publish SOA, NS, PTR, A, CNAME, MX and SPF records Set Refresh, Retry, Expiry and Minimum time Set TTL Set Priorities Automatic failover allows to reroute your web servers and VPN tunnels instantly
Redundant Internet Connections Automatic failover Failover decision to dedicated Internet connection Option to drop traffic on failure of Internet connection Policy based routing Policies on protocol (TCP, UDP, ICMP, GRE, ESP, AH) Policies on source address and port/range Policies on destination address and port/range Load balancing
aXsGUARD Gatekeeper
20
Software specifications
Application Firewall
Basic Standard Enterprise Internet Redundancy bundle
High Availability
Basic Standard Enterprise Internet Redundancy bundle
Protects web servers in your LAN and DMZ Malicious URL filter URL Sanitizer Predefined rules for OWA and Citrix with Single Sign On FTP server protection https to http gateway Active Sync Compatible Multiple Webservers Routing based on hostname Routing based on port number Routing based on IP address Strong user authentication
Active/Passive Active/Active Automatic Configuration Synchronization Automatic Data Replication (e-mail, logs, website, ...) Session Synchronization for Firewall Device failure detection Internet Link monitoring Link failover
SSL-VPN Webportal
Basic Standard Enterprise Internet Redundancy bundle
Allows connection to all your applications through a java compatible web browser No additional client software needed Personalized web portals Single Sign-on with DIGIPASS Predefined applications: Terminal Server / Remote Desktop / VNC Citrix (ICA) Fileserver (Webbased/Webdav) Port forwarding, allowing fat clients Web forwards (Reverse proxy, Replacement proxy, Tunneled Web forward)
21
aXsGUARD Gatekeeper
Software specifications
Content Scanning: Mail traffic
Separate user/group/company web access policies E-mail attachment filter E-mail spam detection/quarantine delete Black and white list (e-mail, IP, text, dns) Pattern matching with points Customizable score threshold for object reject MIME header check File analysis (extension checker match) Files embedded in other files recognition and decoding (ZIP,RAR,TAR,LHA,...) File content control in attachment filter Recursive algorithm for embeddings (1000 levels) Blocks Java Applet, Cookies, Active X Y E-mail white & black list filters IP white & black list filters Text white & black list filters Multiple blacklist servers SPF support Quarantine blocked files and blocked due to black list Greylisting Pattern matching with regular expressions Pattern match results in points score Sender or site blocking sender <--> recipient relations allow/block mail sending/receiving allow/block attachments spam checking/e-mail security checks Embedded HTML or XML parser Preconfigured backlist Virus scanning Multiple Virus scanners (Standard version) SMTP Relay Server E-mail server POP3, IMAP4 mail server Unlimited number of mailboxes Distribution lists Outgoing e-mail disclaimer (ascii / html) Central address book Out of Office Mail forwarding Remote mailbox retrieval Group mailbox retrieving and dispatching Webmail (https to aXsGUARD mail server or external mail server Embedded Virus Scanner ClamAV Embedded Virus Scanner Trend Micro (Standard) Automatic Signature update Automatic Engine update Delay of update check every 15 minutes Auto unpack of attachments SMTP Scanning IMAP scanning POP3 scanning (remote mailbox retrieval) Encrypted VPN tunnel scanning Quarantine / delete infected messages Distributed Checksum Clearinghouse (DCC) Domainkeys (check signature on mailheader) Backscatter (check bounced mails sent from owned domain TLS encryption
Statistics
Graphical overview User based web traffic statistics Computer (IP) based web traffic statistics Site based statistics Time based statistics Overview of visited webpages Obfuscating users possible Sent e-mails Received e-mails Overview rejected mails
aXsGUARD Gatekeeper
22
About VASCO
VASCO is a leading supplier of strong authentication and e-signature solutions and services specializing in Internet Security applications and transactions. VASCO has positioned itself as global software company for Internet Security and designs, develops, markets and supports DIGIPASS, CertiID, VACMAN, IDENTIKEY and aXsGUARD authentication products. VASCOs prime markets are the financial sector, enterprise security, e-commerce and e-government.
www.vasco.com
I N T E R N AT I O N A L H Q - S w i t z e r l a n d phone: +41 43 555 35 00 email: info-europe@vasco.com C O R P O R AT E H Q - C h i c a g o phone: +1 630 932 8844 email: info-usa@vasco.com
Sales offices
A s i a - Pa c i f i c - S i n g a p o r e phone: +65 6323 09 06 email: info-asia@vasco.com A s i a - Pa c i f i c - J a p a n phone: +81 3 5532 7862 email: info-japan@vasco.com A s i a - Pa c i f i c - I n d i a phone: +91 22 4090 7112-14 email: info-india@vasco.com
Europe, Middle East, Africa - Austria phone: +43 1 9043132-0 email: info-europe@vasco.com
logo and the Copyright 2012 VASCO Data Security, Inc, VASCO Data Security International GmbH. All rights reserved. VASCO , CertiID, VACMAN, IDENTIKEY, aXsGUARD, DIGIPASS, the logo are registered or unregistered trademarks of VASCO Data Security, Inc. and/or VASCO Data Security International GmbH in the U.S. and other countries. VASCO Data Security, Inc. and/or VASCO Data Security International GmbH own or are licensed under all title, rights and interest in VASCO Products, updates and upgrades thereof, including copyrights, patent rights, trade secret rights, mask work rights, database rights and all other intellectual and industrial property rights in the U.S. and other countries. Other names may be trademarks of their respective owners. BR201202 - v1