aXsGUARD Gatekeeper

DIGIPASS BY VASCO

The worlds leading software company specializing in Internet Security

Contents

AXsGUARD Gatekeeper at a glance ______________________________________________________________________ 2 Overview __________________________________________________________________________________________ 1 software bundle 5 hardware platforms _________________________________________________________________ 1 hardware platform 4 software bundles _________________________________________________________________ Additional user licenses ______________________________________________________________________________ Recommended users ________________________________________________________________________________ Software bundles ____________________________________________________________________________________ aXsGUARD Gatekeeper basic ras _______________________________________________________________________ aXsGUARD Gatekeeper standard ras _____________________________________________________________________ aXsGUARD Gatekeeper enterprise ras ____________________________________________________________________ aXsGUARD Gatekeeper enterprise backup ras ______________________________________________________________ aXsGUARD Gatekeeper internet redundancy bundle __________________________________________________________ Content scanning ____________________________________________________________________________________ Content scanning: mail ______________________________________________________________________________ Content scanning: web ______________________________________________________________________________ Reporting & statistics ________________________________________________________________________________ 3 3 3 3 3 4 5 5 6 6 7 8 8 9 9

Authentication _____________________________________________________________________________________ 10 Hardware _________________________________________________________________________________________ 11 Hardware platforms ________________________________________________________________________________ 11 Hardware maintenance _____________________________________________________________________________ 11 Personal aXsGUARD _________________________________________________________________________________ 12 Secure and wireless connection to the corporate network _____________________________________________________ 12 Easy configuration and setup _________________________________________________________________________ 12 5 solutions with aXsGUARD Gatekeeper __________________________________________________________________ Solution 1: secure government infrastructure with limited resources ______________________________________________ Solution 2: aXsGUARD enables services for Value Added Resellers _______________________________________________ Solution 3: aXsGUARD Gatekeeper as an outstanding all-in-one security solution _____________________________________ Solution 4: business automation for secure remote assistance __________________________________________________ Solution 5: guarenteed business continuity for SMEs _________________________________________________________ 13 13 14 14 15 15

Technical specifications ______________________________________________________________________________ 16 Hardware specifications _____________________________________________________________________________ 16 Specifications personal aXsGUARD _____________________________________________________________________ 17 Software specifications ______________________________________________________________________________ Administration ___________________________________________________________________________________ Network ________________________________________________________________________________________ Monitoring and logging _____________________________________________________________________________ Authentication ____________________________________________________________________________________ Firewall ________________________________________________________________________________________ IPS and iDS _____________________________________________________________________________________ VPN server ______________________________________________________________________________________ Multiple internet gateways ___________________________________________________________________________ Bandwidth management ____________________________________________________________________________ Public dns ______________________________________________________________________________________ Application firewall ________________________________________________________________________________ Ssl-vpn webportal _________________________________________________________________________________ High availability ___________________________________________________________________________________ Content scanning: web traffic _________________________________________________________________________ Content scanning: mail traffic _________________________________________________________________________ Statistics _______________________________________________________________________________________ 18 18 18 19 19 19 19 20 20 20 20 21 21 21 22 22 22

aXsGUARD Gatekeeper

aXsGUARD Gatekeeper at a glance

A full-blown solution for remote Access

aXsGUARD Gatekeeper is part of VASCOs remote access product line and offers a complete solution for secure network connectivity. aXsGUARD Gatekeeper is a security appliance dedicated to the needs of the SME market. The solution is designed for administrators who want an all-in-one solution for Internet connectivity and security. 24 functional features are bundled together into four software packages with additional content scanning licenses. Each software bundle can run on one of the five available hardware models allowing organizations of any size to choose the most suitable combination of performance and features. aXsGUARD Gatekeeper works transparently with any other solution allowing organizations to activate only those features they really need. Additionally, aXsGUARD fits perfectly into any network environment, whether its a Microsoft, Linux, Mac or mixed environment.

MONITORING & REPORTING NETWORK PROTOCOLS

S T R O N G I D S A N D I P S U S E R A U T H E N T I C A T I O N VPN/RAS SERVER SSL VPN WEB PORTAL APPLICATION FIREWALL HTTP/HTTPS/FTP WEBMAIL SERVER PUBLIC DNS SMTP RELAY CONTENT SCANNING MALWARE PROTECTION PROXY SERVER CONTENT SCANNING MALWARE PROTECTION PKI CA RADIUS SERVER DMZ FIREWALL MAIL SERVER S T A T I S T I C S DIRECTORY SERVICE INTEGRATION S T R O N G U S E R A U T H E N T I C A T I O N S P I C T F I R E W A L L S E C U R E L A N

SOHO
Bandwith Management with QoS Internet Redundancy

S P I C T F I R E W A L L I N T E R N E T

Road Warrior

Secure LAN

Remote Office

COMMUNICATION REMOTE ACCESS SECURITY AUTHENTICATION AUDITING

DMZ ZONE

aXsGUARD Gatekeeper

Overview

aXsGuArD GAtekeeper Grows with your compAny

1 software bundle - 5 hardware platforms
Each aXsGUARD Gatekeeper software bundle is available on any hardware platform. The different hardware platforms only differ in performance and in the number of network connections available. Each appliance has the same functional features and user interface which makes administration of multiple devices a lot easier. The web-based GUI ensures intuitive administrator use for all aXsGUARD appliances, from large installations on multiple sites to a single appliance on a remote location.

ADDITIONAL user licenses

To offer complete protection for your network, aXsGUARD Gatekeeper comes with separate content scanning and authentication licenses. Content scanning exists in a basic and a standard version with yearly renewable licenses. The authentication feature can complement the Gatekeeper appliance by simply adding the VACMAN plugin and DIGIPASS authentication devices.

1 hardware platform - 4 software bundles

The four Remote Access Solution software bundles can operate on each available aXsGUARD Gatekeeper hardware platform. Should you require additional features, you simply can upgrade to another software bundle, even without switching the hardware appliance. An automated updating and licensing system will remotely push the new features to the appliance, avoiding lengthy upgrade or installation procedures as your current configuration will continue to run as before. Overview recommended users including Standard content scanning

Recommended users
Each combination of hardware and software has a recommended number of users. The number of users is an indication of best performance and hardware maintenance for the appliance and surmises that all available features including the content scanning option have been activated. There is no user limit, however, when the number of users exceeds recommendations, system performance may be influenced. As expected, the number of users can be increased when fewer options have been selected.

AG2504
BASIC RAS STANDARD RAS ENTERPRISE RAS 25 10 10

AG3443
50 25 25

AG3604
250 100 100

AG5506
1000 500 500

AG7500
2000 1500 1500

Optional licenses
Basic Content Scanning Standard Content Scanning DIGIPASS

aXsGUARD Gatekeeper

Software bundles

All the security you neeD bunDleD toGether

Software bundles
aXsGUARD Gatekeeper has four different software bundles to choose from, allowing you to select the most suitable solution to address your remote access challenges. Each bundle adds additional functionalities on top of the previous bundle, turning aXsGUARD Gatekeeper in a future proof solution that grows with your business needs. Depending on your requirements with regards to network connectivity, you can select the appropriate bundle.

Gatekeeper Core OS including authentication Firewall with IPS VPN Server Bandwith Management Multiple Internet Connections Public DNS Reverse proxy SSL VPN Web portal High Availability

BASIC

STANDARD

ENTERPRISE BACKUP
4

aXsGUARD Gatekeeper

ENTERPRISE

Software bundles
aXsGUARD Gatekeeper BASIC RAS
The Basic Remote Access Solution bundle allows your users to connect in a secure way to the local network. The bundle was designed for the SMB market, offering small and medium companies a simple solution to connect remote users while providing full protection by aXsGUARD Gatekeeper. The Gatekeeper Core OS includes all necessary networking and routing protocols to connect your network to the Internet. Complete logging and monitoring is available on the appliance itself but logging and monitoring reports can also be sent towards an external syslog server. The Directory Integration Services allow you to synchronize your users from any LDAP server to aXsGUARD Gatekeeper. Users and groups are directly managed in aXsGUARD Gatekeepers administration interface. Users can authenticate themselves using a DIGIPASS. DIGIPASS functionalities and management are incorporated in aXsGUARD Gatekeeper in which VASCOs core authentication platform VACMAN Controller is integrated. Should you prefer to work with certificates, a CA is incorporated. The network is protected from hacking attempts through the SPICT Firewall with IPS. Firewall rules can be determined and implemented on IP address, user or group level. User and group policies are added from a list of predefined rules. This allows an IT administrators to build a more secure setup of the network and perform better control and more efficient management through aXsGUARD Gatekeeper. Remote access can be achieved with any standard VPN client over pptp, l2tp and ssl-vpn. The VPN server supports access from Personal aXsGUARD, a remote VPN appliance dedicated for SOHO use. Includes software modules: Administration Network Monitoring and logging Authentication Firewall IPS and IDS VPN server

aXsGUARD Gatekeeper STANDARD RAS

The Standard Remote Access bundle offers additional network connectivity tools, on top of the Basic bundle. It allows you to add multiple Internet lines with automated failover and load balancing. IT administrators are able to determine whether internet traffic should be redirected over another line or be blocked in case of internet failure. When no rules are applied, traffic will be divided over all other available lines. The bundle also includes a bandwidth management module with QoS which will help you to use the available Internet capacity in an optimal way. Rules can be determined based on IP address or type of traffic per interface or inside a VPN tunnel Its an ideal option for enterprises using cloud applications or companies that have remote offices or are implementing a VoiP system with remote sites, using cloud applications Companies hosting their own web servers can benefit from the public DNS server module which will guarantee continuity of web services in case of Internet outage from a provider. The public DNS server allows you to publish your own public DNS names without the need of your ISP. In case your Internet line fails which has the public IP of your webservers assigned to it, the public DNS server will automatically detect the failure and publishes the IP address from your other Internet line to the DNS root servers on the Internet. This is ideal for enterprises offering webmail, citrix, rdp, vpn to their users. Includes software modules: Administration Network Monitoring and logging Authentication Firewall IPS and IDS VPN server Multiple Internet Gateways Bandwidth management Public DNS

aXsGUARD Gatekeeper

Software bundles
aXsGUARD Gatekeeper ENTERPRISE RAS
The Enterprise Remote Access bundle offers secure web-based access to your network on top of the STANDARD Bundle. The bundle includes a Reverse Proxy which protects internal webservers from hacking attempts. To authenticate your users it can use the built in VACMAN Controller. This enables strong user authentication to protect any webserver without the need to adapt your website. For dedicated web applications, like Outlook Web Access and Citrix, it allows single sign-on features. The SSL VPN web portal allows a connection from any browser towards the local network. The default web portal page - protected with two-factor authentication - can be customized for each user according to his needs. Default applications are available, which will allow you to set up Remote Desktop Protocol (RDP) RDP sessions, browse internal web servers, access local file servers You can optionally extend the Enterprise RAS bundle with an active/ passive High Availability appliance.

aXsGUARD Gatekeeper ENTERPRISE BACKUP RAS

Reliability of the aXsGUARD Gatekeeper hardware is among the highest in its category. Nevertheless, to allow 100% uptime, there is the possibility to have a second aXsGUARD in High availability mode. The active/passive high availability (HA) allows a full time continuity of your aXsGUARD Gatekeeper. Includes software modules: Administration Network Monitoring and logging Authentication Firewall IPS and IDS VPN server Multiple Internet Gateways Bandwidth management Public DNS Application Firewall SSL-VPN Webportal High Availability (optional)

aXsGUARD Gatekeeper

Software bundles
aXsGUARD Gatekeeper INTERNET REDUNDANCY bundle
How important is the internet for smes? Do you need the internet for the execution of your daily work? Do you place orders through the internet? Do you use online banking for your financial transactions? Do you receive your orders through the internet? Would you lose customers when your website is not available? How much would you lose when your internet connection fails? The internet has become indispensable in todays business world. A reliable internet connection is crucial for SMEs to ensure business continuity. Or to be prepared for cloud applications, such as online accounting, online banking, back-up or a remote mail server. Why would you choose this bundle? Your internet connection always fails at the worst possible time. When you urgently need to mail an offer, when your store is filled with customers or when you need to find something on the internet. To ensure the continuity and availability of your company and employees at all times, VASCO launches a tailor-made solution for SMEs. Continuity is always guaranteed even if a problem with your internet connection should occur. The solution? The aXsGUARD Gatekeeper Internet Redundancy bundle is a solution where a second internet line is deployed in addition to the line of your existing provider. By installing internet lines using different technologies (cable xDSL), connectivity is guaranteed and you can continue working without any problems even when the internet connection should fail. aXsGUARD Gatekeeper will immediately detect failures and automatically switch to another available line. Includes software modules: Administration Network Monitoring and logging Authentication Firewall Multiple Internet Gateways Public DNS

aXsGUARD Gatekeeper

Content scanning

internet without heADAches

aXsGUARD Gatekeeper can be extended with Content Scanning licenses providing secure mail and web traffic. Content scanning is available in combination with all aXsGUARD Gatekeeper software versions. It exists in two versions: 1. BASIC with default content scanning features and 2. STANDARD with additional features such as an Anti-Virus engine from Trend Micro and web-based content scanning

Content Scanning: mail

The content scanner supports the most common mail protocols. E-mails can be stored on aXsGUARD Gatekeepers mail server or can be delivered to an external mail server after scanning for spam and malware. To stop all unsolicited mails, the content scanner has a multilayered way of scanning e-mails. A first scan will take the custom configured rules of blacklisting and whitelisting into consideration. Secondly, all known malevolent mails will be blocked based on default blocking mechanisms such as header checks or a list of banned IP addresses. Optionally, greylisting can be activated. With this feature, aXsGUARD will bounce received mails a first time. An actual mail server will resend the mail which will be accepted by the aXsGUARD appliance which will then list the senders mail address as safe after a couple of successful mail deliveries. The reasoning behind this is that most spammers will not resend mails. In the standard version, DCC (Distributed Checksum Clearinghouse) will check with the central VASCO database to determine whether mail is spam. Mail virus scanning is also included: the Basic version uses Clamav; the Standard version additionally uses the Trend Micro engine. Each mail is scanned and scored based on its content. The administrator can then decide for each user or group if the mail should be blocked, delivered or marked as spam. The administrator can also decide what needs to be done with mail attachments, based on the mime type. Because spam can sometimes be very local and personalized, users can resend detected spam (or non-spam) mails back to aXsGUARD Gatekeeper, which will learn from these mails and as a result will adjust the spam scores.

aXsGUARD Gatekeeper

Content scanning
Content Scanning: web
To avoid that users import all kinds of malware and to increase productivity, all web traffic should pass the proxy on aXsGUARD Gatekeeper. After authentication (web-based or SSO by using static passwords or 2-factor authentication), specific rules can be applied to each user or group of users. It doesnt matter which PC the user logs on to, he will always receive his specific web browsing rules. In order to create those rules aXsGUARD Gatekeeper first needs lists: A site list can exist out of a list of defined URLs or parts of URLs in wording. It can contain words and URLs that you want to block, or words and URLs that should pass. (E.g. the administrator might want to block URLs with the word sex, but would want to allow URLs with the word msexchange Predefined blacklists are available on aXsGUARD Gatekeeper, categorizing 3.5 million sites into 90 different categories such as, malicious web pages (spyware, phishing, virus infected,); adult related content (adult, porn, art nudes,); social networking (chat, blog, im, mail, ); gaming (gambling, online gaming,); whitelist (!) 100% suitable for kids; Since site lists never can provide a complete list of all malicious sites on the Internet (due to localizations and new sites popping up every day), the standard version of Content Scanning also includes web content scanning: every web page will be scanned and analyzed, based on the content of a page. Using content analysis, the content scanner tags particular words and phrases with a score and a category (e.g. the word breast would lead to give a negative score, but when the word cancer is found in the same page, it would give a better score). 30 different predefined wordlists (positive and negative) in multiple languages are provisioned in aXsGUARD Gatekeeper. Administrators can create their own additional wordlists to give an even better result. After content scanning, the total web page receives a certain score. These site lists and wordlists are then combined into categories, to create a complete list of rules. It avoids repetitive work and adds granularity to the access rights you want to give to different users. A category can be defined as an allowed list, a forbidden list and an exception list. The exception list is used to block URLs inside a webpage, without blocking the whole page. These categories are then added to access control lists (ACL). An ACL exist of categories of sites and the time when this ACL applies (e.g. during or outside working hours). It also adds virus scanning and blocking of specific extensions. In the ACL you also set the score for the web based content scanning, to decide which pages are shown or blocked. There is one general ACL, for all web traffic in the company, which can be overruled by ACLs which are applied for a specific IP address (e.g. printers, servers), a group of people or a specific user.

Reporting & statistics

Every action through the proxy is logged on aXsGUARD Gatekeeper. Administrators can view and search through these reports during 2 months, or export them and use other analytic tools. A statistics tool is available as well which gives a complete overview of web and mail behavior. Statistics can be viewed per client, per website and per hour.

aXsGUARD Gatekeeper

Authentication

we AuthenticAte the worlD

To provide secure remote access, VACMAN Controller is integrated in aXsGUARD Gatekeeper. This allows users to authenticate themselves with a DIGIPASS on their network. The administrator can decide which level of authentication is needed for a certain application. Strong user authentication can be added to access the tool, authenticate on the proxy, VPN access and connecting to webservers through the reverse proxy or SSL Web portal. If you have another Radius client, it can also authenticate its users on the aXsGUARD Gatekeeper. The Gatekeeper supports hardware DIGIPASS (GO-series and 2xx series) as well as the DIGIPASS for Mobile. Belgian citizens who want to authenticate with their e-ID card can also authenticate on the aXsGUARD Gatekeeper with the DIGIPASS 810 for e-ID.

DIGIPASS GO 6

DIGIPASS GO 7

DIGIPASS GO 100

DIGIPASS for Mobile

DIGIPASS 270

DIGIPASS 810 eID

aXsGUARD Gatekeeper

10

Hardware

optimAl performAnce, AlwAys

Hardware platforms
aXsGUARD Gatekeeper comprises one software solution which can run on different hardware platforms. The hardware platforms only differ in performance and in the number of available network connections. aXsGUARD Gatekeeper hardware is meant to last. VASCO chooses industry hardware to run its aXsGUARD Gatekeeper software on. This ensures that aXsGUARD appliances have a longer lifetime than other comparable systems on the market. It also ensures the highest performance necessary for any environment. Every time aXsGUARD Gatekeeper connects to the VASCO Managed Service environment, the hardware status is sent over, so VASCO can take preemptive actions in case of imminent hardware failure.

AG2504
BASIC RAS STANDARD RAS Enterprise RAS 25 10 10

AG3443
50 25 25

AG3604
250 100 100

AG5506
1000 500 500

AG7500
2000 1500 1500

Hardware maintenance
Each aXsGUARD Gatekeeper bundle includes one year software and hardware maintenance (Standard Exchange). The hardware maintenance covers all defects of aXsGUARD including tear and wear of specific parts. Standard Exchange is a yearly renewable contract, with no end date. As long as an appliance is under Standard Exchange, VASCO guaranties it will work in normal operating conditions for the recommended number of users. If aXsGUARD Gatekeeper under Standard Exchange does suffer from underperformance and the normal operation conditions and recommended user settings have been followed, VASCO will replace it by a refurbished appliance with more performance. If an upgrade to more robust hardware is required, for example due to an increasing number of users or features, the new appliance can be purchased at a reduced price, almost covering the price difference between the new and old appliance. The new appliance will be shipped with the latest available back-up already preinstalled. The customer only needs to switch the hardware.

11

aXsGUARD Gatekeeper

Personal aXsGUARD

remote connections mADe eAsy

Personal aXsGUARD establishes secure network connections for home workers and branch offices to companies headquarters With mobile workforces increasing, companies face a growing number of security concerns. Whenever an employee remotely connects to the companys network it has to be done in a secure way. At the same time, security concerns must be balanced with the end-users needs ensuring a smooth and user friendly experience.

Secure and wireless connection to the corporate network

Personal aXsGUARD enables branch offices or home workers to connect in a straightforward and secure manner to the main aXsGUARD Gatekeeper appliance at the companys headquarters. Built upon proven VASCO GATEKEEPER core technology, aXsGUARD Gatekeeper offers a comprehensive solution for secure network connectivity. Personal aXsGUARD is centrally managed in aXsGUARD Gatekeeper and has a Wifi receiver, enabling the remote user to work wireless. The security of the wireless network is also centrally managed on the parent aXsGUARD Gatekeeper appliance.

Remote parameters such as DHCP, WIFI settings and firewall policies are managed on the parent aXsGUARD Gatekeeper. Administrators can hence determine who can access the main site through VPN and who has direct access to Internet. The configuration allows administrators to route and monitor all network traffic on one central location while at the same time ensuring the highest security for remote or home offices with a minimum of effort. To achieve maximum uptime, multiple parent aXsGUARD Gatekeeper appliances can be defined in the configuration of Personal aXsGUARD. If for some reason Personal aXsGUARD is unable to connect to one parent appliance, a connection with another aXsGUARD Gatekeeper will automatically be set up.

Easy configuration and setup

The configuration of Personal aXsGUARD is kept to a strict minimum. Only three parameters need to be defined: how to connect to the internet, the main aXsGUARD Gatekeeper and the Certificate of the main appliance. The Certificate contains the encryption keys to securely connect to the main site through VPN. All other security parameters are configured in the main aXsGUARD Gatekeeper appliance and are automatically pushed to Personal aXsGUARD. End-users only need to plug the Internet cable in the Personal aXsGUARD appliance to connect to the corporate network.

aXsGUARD Gatekeeper

12

5 solutions with aXsGUARD Gatekeeper

simple solutions for compleX problems

Solution 1: secure government infrastructure with limited resources

Information and network access security are of vital importance for local governments in order to prevent confidential information from falling into the wrong hands. VASCO has years of experience and a proven track record of successfully mitigating security vulnerabilities. With aXsGUARD Gatekeeper VASCO helps local municipalities and governmental organizations to implement complete IT security solutions to protect valuable information and assets. Access is provided through a secure, encrypted connection in order to protect the network from hackers. Users can authenticate themselves by generating an OTP using for instance their electronic identity card, By adding additional content scanning licenses, users are protected from malware and malicious sites can be blacklisted. The all-in-one concept allows the municipalitys IT department to organize and control its own security, without having to acquaint itself with different multiple systems and the complexity of making different appliances work together. If necessary, aXsGUARD Gatekeeper can be remotely managed by the IT partner helping local governments to stay ahead of the onslaught of IT threats at a fixed price.

aXsGUARD Gatekeeper provides several possibilities for secure remote access, making it easy to connect different sites of municipalities through aXsGUARD Gatekeepers e-tunnels with automatic failover. Smaller sites with only a couple of workplaces can be connected and centrally managed with a Personal aXsGUARD. Confidential documents are securely shared through the SSL web portal, protected with a DIGIPASS device.

Benefits
Complete solution, covering all aspects of network security Ideal for undermanned IT staff Full scale of remote access possibilities. Choose the best fit for each location and application Cost savings through centralization Enhanced confidentiality High-availability of services Increased transparency Guarantees privacy of employees surfing behavior, but allows control

13

aXsGUARD Gatekeeper

5 solutions with aXsGUARD Gatekeeper

Solution 2: aXsGUARD enables services for Value Added Resellers
aXsGUARD Gatekeeper RAS software is the same software suite which is deployed on each hardware platform. You only need to acquaint yourself with one solution to service all your customers, regardless of the size of their organization. An easy upgrade path allows you to expand the aXsGUARD Gatekeeper as the needs of your customer grow. Since the software remains the same only the hardware needs to be replaced. Every aXsGUARD connects to VASCO service center every 4 hours to back-up its configuration. In case of unexpected hardware failure, or when upgrading towards a stronger hardware system, the configuration can easily be restored from the service center backup system. Every customers infrastructure runs on the same version thank to automated updates Theres no need for patch management at the customers site as everything is automated and centrally managed. With VASCOs central management portal ,resellers get an overview of all the customers systems increasing upsell possibilities. Every aXsGUARD Gatekeeper reports his status back to this central platform, so you immediately get an overview of the managed systems. Furthermore, you can access every customers appliance remotely through a secure connection. Because of the completeness of the solution and the availability of servers for the complete SME market, theres no need to invest in training, support and spare parts of multiple different vendors. aXsGUARD Gatekeeper can easily be preconfigured in the setup you desire, and can be copied to every new system. The standard exchange warranty system allows you to give lifetime warranty on your customers environment, and allows upgrades at almost the price difference, guaranteeing the best ROI and TCO. All these unique points severely reduce the chance of mistakes and oversights meaning that your customers get a faster and better service. The SEAL training program allows your support staff to become certified engineers allowing you to better service your customers. aXsGUARD Gatekeeper and VASCO allow you to focus on new business while providing you with a time-saving, highquality solution.

Benefits
Easy and complete solution One solution to secure all your customers Central management providing an overview of your customers Upgrade path Remote assistance from reseller to customer Assistance from the vendor for certified engineers End-customer gets offering high quality service

Solution 3: aXsGUARD Gatekeeper as an outstanding all-in-one security solution

Organizations worldwide understand the need to secure their business-critical data and network from unauthorized access. At the same time they are also aware that anytime, anywhere access becomes overall important for a dispersed workforce and remote offices. Companies are looking for a one-stop shop to provide an overall security solution that can secure network, mail and web traffic; ensure secure access to the central network from remote sites and guarantees high availability to ensure productivity. VASCOs aXsGUARD Gatekeeper is an all-in-one security concept that offers secure remote access to your business-critical data through VPN tunnels. Depending on your needs, aXsGUARD offers out-of-the-box different site to site connections, as well as highly secured, personalized remote access solutions. Productivity is enhanced as downtime is eliminated with offered features such as high availability and Internet redundancy.

Benefits
All-in-one security solution Business continuity is guaranteed thanks to high availability and Internet redundancy (multiple Internet lines) All offices are connected through an easy to manage star network Secure network access using VPN tunnels Reduced complexity (one central appliance) Two-factor authentication integrated out-of-the-box Flexible solution, which can be integrated into any environment (Windows, Mac, Linux) Easy to manage Focus on your core business, while aXsGUARD takes care of your security

aXsGUARD Gatekeeper

14

5 solutions with aXsGUARD Gatekeeper

Solution 4: business automation for secure remote assistance
Remote assistance and support is a valuable asset for customer retention. Management and support at a customers site however, is not as evident as it seems. Organizations are confronted with different procedures and workflows, specific network implementations and rules, administration issues, the deployment of machinery, logistic hassles VASCO has developed a specific aXsGUARD Gatekeeper concept for business automation enabling remote assistance and management across the entire business ensuring service continuity and eliminating costly manual processes. . A solution ideally suited to meet the provisioning and configuration needs of large, heterogeneous, geographically distributed environments. aXsGUARD Gatekeeper is deployed at the main site and VASCOs Personal aXsGUARD is deployed at the customers site or built-in into your remote products and machinery, but managed on the central aXsGUARD Gatekeeper. The secure link between the main and remote site enables remote assistance and support, automatic software updates etc.

Benefits
Secure remote access to remote sites and equipment Enhanced supportability aXsGUARD Gatekeeper can help companies to create an easily supported and consistent environment Helps companies to implement a fixed method of work flow Server and network automation Central administration Time- saving (instant remote access, no need to deploy people on remote site) Cost-efficient Overcomes network issues and policies at remote sites Flexibility Administrators can define different sets of policies and rules for different user types and a different number of environments

Solution 5: guaranteed business continuity for SMEs

Internet has become indispensable in todays business world. A reliable internet connection is crucial for SMEs to ensure business continuity. To ensure the continuity and availability of your company and employees at all times, VASCO launches a tailor-made solution for SMEs. The aXsGUARD Gatekeeper Internet Redundancy bundle is a solution where a second internet line is deployed in addition to the line of your existing provider. By installing internet lines using different technologies (cable xDSL), connectivity is guaranteed and you can continue working without any problems even when the internet connection should fail. aXsGUARD Gatekeeper will immediately detect failures and automatically switch to another available line.

Benefits
Business continuity guaranteed for all incoming/outgoing traffic (e-mail, internal and external websites, VPN, ) Flexibility Connect multiple internet connections to your network and choose which type of internet traffic passes through which line (surfing, mailing, downloading files, ) Reliability Ample experience (>3500 installations) Robust hardware with the possibility of a lifetime warranty Speed Divide your internet traffic over your available Internet lines. This gives you the best speed according to your needs Easy maintenance with automatic software updates and remote configuration back-up Future proof solution: Ready for strong authentication via DIGIPASS-technology Easy to extend (software bundles, content scanning, DIGIPASS) Upgrade to more performing hardware against the price difference

15

aXsGUARD Gatekeeper

Technical specifications

unDer the hooD

Hardware specifications
AG2504
Operating System Chassis Form Factor Processor Type Gatekeeper Core OS 7.6 Desktop model Intel Atom N450 processor 1 GB 667 Mhz DDR2 SO-DIMM 1 x HDD/160 GB SATA 2.5 5400rpm 8MB No No 60W, 15V power adapter No 4 GbE NIC Web GUI SSH 182 x 150 x 40mm 7.1 x 5.9 x 1.65 0,8 kg (<1,8lbs) excl. adapter 1,1 kg (<2,4lbs) incl. adapter Safety UL, CE, ECC-EMC, LVD Desktop model 5C to 35C, 40F to 90F. Fanless 20 to 90% (non-condensing) 0C to 70C, 32F to 158F 5 to 95% (non-condensing)

AG3443
Gatekeeper Core OS 7.6 1U Rack Mount Intel Atom D510 processor 1GB 667MHz DDR2 SO-DIMM 1 x HDD/WD RE4/250GB SATA 7200rpm 64MB No No AC 100~240V, 50/60 Hz, 4-2 Amp Max 200W max No 3 GbE NIC Web GUI SSH

AG3604 r2
Gatekeeper Core OS 7.6 1U Rack Mount Intel Atom D525

AG5506
Gatekeeper Core OS 7.6 1U Rack Mount Intel Core 2 Duo E8400 3GHz 1333MHz 6MB LGA775 4GB 800MHz DDR2 ECC CL5 DIMM 1 x HDD/WD RE4/500GB SATA 7200rpm 64MB No No AC 100~240V, 50/60 Hz, 4-2 Amp Max 200W max No 6 GbE NIC Web GUI SSH

AG7500
Gatekeeper Core OS 7.6 2U Rack Mount Intel Xeon Proc. 5620/ 2.4GHz/ 5.86GTs 12MB 12GB 1066Mhz DDR3 ECC CL7 2 x HDD/WD RE4/500GB SATA 7200rpm 64MB YES RAID1 AC 100~240V, 50/60 Hz, 10-4 Amp Max 700W max Hot swappable 10 GbE NIC Web GUI SSH

Memory Disk n/size Hot Swappable Raid formatted Power Supply

4GB 800MHz DDR3 SO-DIMM 1 x HDD/WD RE4/500GB SATA 7200rpm 64MB No No AC 100~240V, 50/60 Hz, 4-2 Amp Max 200W max No 4 GbE NIC Web GUI SSH

Power Redundancy Network Ports Management Dimensions (W/H/D) Weight Compliance to standards Mounting Position Operating Temperature Operating Humidity Storage Temperature Storage Humidity

437mm x 43mm x 249mm 437mm x 43mm x 249mm 426mm x 43mm x 365mm 437mm x 89mm x 450mm 17.2 x 1.7 x 9.8 17.2 x 1.7 x 9.8 16.8 x 1.7 x 14 17.2 x 3.5 x 17.7 6,7 kg (<15lbs) 6,7 kg (<15lbs) 7.7 kg (<17 lbs) 17.6 kg (<38.8 lbs)

Safety UL, C-UL, CE EMC Safety UL, C-UL, CE EMC Safety UL, C-UL, CE EMC Safety UL, C-UL, CE EMC FCC, CE Environment RoHS FCC, CE Environment RoHS FCC, CE Environment RoHS FCC, CE Environment RoHS Horizontal orientation, 19 Rack, 1 U 10 to 35 C, 50 to 90 F 8 to 90% (non-condensing) -40 to +70 C, -40 to 158 F 5 to 95% (non-condensing) Horizontal orientation, 19 Rack, 1 U 10 to 35 C, 50 to 90 F 8 to 90% (non-condensing) -40 to +70 C, -40 to 158 F 5 to 95% (non-condensing) Horizontal orientation, 19 Rack, 1 U 10 to 35 C, 50 to 90 F 8 to 90% (non-condensing) -40 to +70 C, -40 to 158 F 5 to 95% (non-condensing) Horizontal orientation, 19 Rack, 2 U 10 to 35 C, 50 to 90 F 8 to 90% (non-condensing) -40 to +70 C, -40 to 158 F 5 to 95% (non-condensing)

aXsGUARD Gatekeeper

16

Technical specifications
Specifications Personal aXsGUARD
SPECIFICATIONS - Recommended for up to 5 unique IP devices

Model
Standards Internet port Ethernet LEDs Cabling Type RF Power (EIRP) in dBm Security Features One 10/100 RJ-45 Port

AG1296
IEEE 802.3, IEEE 802.3u, IEEE 802.11g, IEEE 802.11b Four 10/100 RJ-45 Switched Ports, WIFI Power, DMZ, WLAN, Ethernet (1, 2, 3, 4), Internet CAT 5 18 Statefull Packet Inspection Firewall, Internet Policy, Central management on corporate aXsGUARD Gatekeeper, PKI Certificates (can be generated by the CA of the central aXsGUARD), Custom NAT rules, routing, DHCP Server WEP, WPA-PSK-AES encryption, WPA-PSK-TKIP encryption DHCP Client, PPPoE with external xDSL modem, Static IP address Towards central aXsGUARD Gatekeeper through SSL VPN Automatic recovery of VPN connections Failover towards other aXsGUARD Gatekeeper appliances possible

Wireless Security Internet Connections Remote access

Personal aXsGUARD (AG1296)

aXsGUARD AG2504

aXsGUARD AG3443

aXsGUARD AG3604

aXsGUARD AG5506

aXsGUARD AG7500

17

aXsGUARD Gatekeeper

Software specifications

the bits AnD the bytes

Administration
Basic Standard Enterprise Internet Redundancy bundle

Network
Basic Standard Enterprise Internet Redundancy bundle

Web-based GUI for appliance administration Clickable status overview and health monitor Automated configuration check Automated license upgrade tool Manual or automated upgrades, with pre-testing Automated online updating system Back-up options: remote back-ups of configuration at VASCO Service Center Back-up of configuration sent by e-mail Back-up of configuration, logs and mail on local file servers Group- and use- based configuration allowing easy and secure setup LDAP Synchronization (users/groups) from: Microsoft Active Directory Novell e-Directory Generic LDAP Predefined rules and policies allowingfast setup Layered access levels for admin tool

Complete set of network protocols: Routing tables NAT with helper for FTP, PPTP VPN, IRC, H.323, SIP, SNMP, TFTP, Amanda Portforwarding & redirection SNAT/DNAT Masquerading Internet connectivity: Static DHCP Client PPTP PPPoE DHCP server(s) NTP client and server DNS server VLAN support Bridging support Dynamic DNS support (DynDNS and EasyDNS) Ping and trace route tool

aXsGUARD Gatekeeper

18

Software specifications
Monitoring and logging
Basic Standard Enterprise Internet Redundancy bundle

Firewall
Basic Standard Enterprise Internet Redundancy bundle

Internal Logging Capacity Built- in hard disk Detailed Real Time monitoring Historical Reporting e-mail notification on viruses and attacks Syslog server delivery (local, network, relay) Local log files of all activities Log files kept during 2 months Graphics load Cpu usage memory all conifgured devices

Authentication
Basic Standard Enterprise Internet Redundancy bundle

Self-adaptive Firewall Statefull Packet Inspection (Connection Tracking) Denial-Of-Service attack blocking Distributed Denial-Of-Service attack blocking IP / Packet Filter Bad Packet Management Predefined rules and policies Policies based on device, type of traffic, or IP address/range Static/Dynamic/Advanced Policies Unlimited rules and policies Company Policies Group Policies (overrule Company) User Policies (overrule/append Group) Host Policies Separate RAS policies Authenticated port forwarding DMZ zone SPICT Firewall Performance 150 Mbps - 2Gbps Concurrent sessions 4000 - 600.000 New sessions/second 5.000 - 15.000

Radius Server Single Sign-on tool Ident server AD back-end authentication Built in strong user authentication for: Admin tool Radius clients Firewall and Web access VPN (PPtP, IPSec, OpenVPN) SSL-VPN web portal (Enterprise Edition) Application Firewall (Enterprise Edition) Imap/Webmail (Content Scanning) DIGIPASS clients supported (*) DIGIPASS GO 6 and GO 7 DIGIPASS 260 and 270 DIGIPASS for Mobile DIGIPASS 810 e-ID card reader Belgian e-ID card with DIGIPASS810 eID Card Reader delivery procedure Integrated PKI with Certificate Authority (CA)

IPS and IDS

Basic Standard Enterprise Internet Redundancy bundle

Active System Attack monitoring Protocol Anomaly prevention & detection Customizable detection signature list DoS and DDoS Prevention Fragmented Packet Reassembly Malformed Packet Protection Analysis of all popular application protocols Detect network-level packet based attacks Detection of all types of port scans, including stealth types Automatic reconfiguration of firewall

19

aXsGUARD Gatekeeper

Software specifications
VPN server
Basic Standard Enterprise Internet Redundancy bundle

Bandwidth management
X
Basic Standard Enterprise Internet Redundancy bundle

PPtP Server Propose IP Address support for PPtP Server NAT helper for PPtP L2TP Support IPSEC Client to Gateway IPSEC NAT-Traversal IPSEC VPN Keep Alive IPSEC VPN Dead Peer Detection IPSec PSK (pre shared secret) IPSec RSA Key IPSec X.509 Integrated PKI Internal Certificate Authority Certificate creation / revocation handling Xauth support Encryption (DES/3DES/AES/BF) MD5 / DH2/ PFS/ SHA-1/CBC authentication IPSec Gateway to Gateway SSL-VPN Support with Open VPN client SSL VPN Fault tolerant VPN (e-tunnels) Simplified routing using e-tunnels Personal aXsGUARD support Max. number VPN tunnels: unlimited Max. number VPN users: unlimited

Quality of Service Internal Bandwidth management Full Policy based traffic shaping Static and Dynamic bandwidth shaping Time based policies Policies on protocol (TCP, UDP, ICMP, GRE, ESP, AH) Policies on source address and port/range Policies on destination address and port/range Bandwidth management inside VPN tunnels

Public DNS
Basic Standard Enterprise Internet Redundancy bundle

Publish public domain names and subdomain names on the Internet Primary and secondary zones Forward and Reverse DNS Allow multiple DNS servers Publish SOA, NS, PTR, A, CNAME, MX and SPF records Set Refresh, Retry, Expiry and Minimum time Set TTL Set Priorities Automatic failover allows to reroute your web servers and VPN tunnels instantly

Multiple Internet Gateways

Basic Standard Enterprise Internet Redundancy bundle

Redundant Internet Connections Automatic failover Failover decision to dedicated Internet connection Option to drop traffic on failure of Internet connection Policy based routing Policies on protocol (TCP, UDP, ICMP, GRE, ESP, AH) Policies on source address and port/range Policies on destination address and port/range Load balancing

aXsGUARD Gatekeeper

20

Software specifications
Application Firewall
Basic Standard Enterprise Internet Redundancy bundle

High Availability
Basic Standard Enterprise Internet Redundancy bundle

Protects web servers in your LAN and DMZ Malicious URL filter URL Sanitizer Predefined rules for OWA and Citrix with Single Sign On FTP server protection https to http gateway Active Sync Compatible Multiple Webservers Routing based on hostname Routing based on port number Routing based on IP address Strong user authentication

(when purchasing the Enterprise Backup bundle)

Active/Passive Active/Active Automatic Configuration Synchronization Automatic Data Replication (e-mail, logs, website, ...) Session Synchronization for Firewall Device failure detection Internet Link monitoring Link failover

SSL-VPN Webportal
Basic Standard Enterprise Internet Redundancy bundle

Allows connection to all your applications through a java compatible web browser No additional client software needed Personalized web portals Single Sign-on with DIGIPASS Predefined applications: Terminal Server / Remote Desktop / VNC Citrix (ICA) Fileserver (Webbased/Webdav) Port forwarding, allowing fat clients Web forwards (Reverse proxy, Replacement proxy, Tunneled Web forward)

21

aXsGUARD Gatekeeper

Software specifications
Content Scanning: Mail traffic
Separate user/group/company web access policies E-mail attachment filter E-mail spam detection/quarantine delete Black and white list (e-mail, IP, text, dns) Pattern matching with points Customizable score threshold for object reject MIME header check File analysis (extension checker match) Files embedded in other files recognition and decoding (ZIP,RAR,TAR,LHA,...) File content control in attachment filter Recursive algorithm for embeddings (1000 levels) Blocks Java Applet, Cookies, Active X Y E-mail white & black list filters IP white & black list filters Text white & black list filters Multiple blacklist servers SPF support Quarantine blocked files and blocked due to black list Greylisting Pattern matching with regular expressions Pattern match results in points score Sender or site blocking sender <--> recipient relations allow/block mail sending/receiving allow/block attachments spam checking/e-mail security checks Embedded HTML or XML parser Preconfigured backlist Virus scanning Multiple Virus scanners (Standard version) SMTP Relay Server E-mail server POP3, IMAP4 mail server Unlimited number of mailboxes Distribution lists Outgoing e-mail disclaimer (ascii / html) Central address book Out of Office Mail forwarding Remote mailbox retrieval Group mailbox retrieving and dispatching Webmail (https to aXsGUARD mail server or external mail server Embedded Virus Scanner ClamAV Embedded Virus Scanner Trend Micro (Standard) Automatic Signature update Automatic Engine update Delay of update check every 15 minutes Auto unpack of attachments SMTP Scanning IMAP scanning POP3 scanning (remote mailbox retrieval) Encrypted VPN tunnel scanning Quarantine / delete infected messages Distributed Checksum Clearinghouse (DCC) Domainkeys (check signature on mailheader) Backscatter (check bounced mails sent from owned domain TLS encryption

Content Scanning: Web traffic

Separate user/group/company e-mail policies Web proxy with adjustable cache Single Sign on for Domain and Workgroup client PC Additional authentication allowed for kiosk PCs HTTP URL filter HTTP extension filter Time-based URL filtering Policy-based URL filtering User defined Black and Whitelisting Predefined blacklists: Over 3 million sites Daily updates Predefined sitelists Customizable categories Web based content scanning: (standard version) Score based system 30 predefined wordlists multilingual Customizable categories Extension filtering Multi-layered Defense system Filter selection for statistics ClamAV virus and malware scanning with automated engine updates Trend Micro virus and malware scanning with automated engine updates (standard version) Ident authentication

Statistics
Graphical overview User based web traffic statistics Computer (IP) based web traffic statistics Site based statistics Time based statistics Overview of visited webpages Obfuscating users possible Sent e-mails Received e-mails Overview rejected mails

aXsGUARD Gatekeeper

22

About VASCO
VASCO is a leading supplier of strong authentication and e-signature solutions and services specializing in Internet Security applications and transactions. VASCO has positioned itself as global software company for Internet Security and designs, develops, markets and supports DIGIPASS, CertiID, VACMAN, IDENTIKEY and aXsGUARD authentication products. VASCOs prime markets are the financial sector, enterprise security, e-commerce and e-government.

VASCO Offices VASCO Sales Presence

www.vasco.com
I N T E R N AT I O N A L H Q - S w i t z e r l a n d phone: +41 43 555 35 00 email: info-europe@vasco.com C O R P O R AT E H Q - C h i c a g o phone: +1 630 932 8844 email: info-usa@vasco.com

Sales offices
A s i a - Pa c i f i c - S i n g a p o r e phone: +65 6323 09 06 email: info-asia@vasco.com A s i a - Pa c i f i c - J a p a n phone: +81 3 5532 7862 email: info-japan@vasco.com A s i a - Pa c i f i c - I n d i a phone: +91 22 4090 7112-14 email: info-india@vasco.com

Australia - Sydney phone: +61 2 8061 3700 email: info-australia@vasco.com

Europe, Middle East, Africa - Wemmel phone: +32.2.609.97.00 email: info-europe@vasco.com

Europe, Middle East, Africa - Austria phone: +43 1 9043132-0 email: info-europe@vasco.com

Latin America - Brazil phone: +5511 3443 7541 email: ES-brazil@vasco.com

USA - Boston phone: +1 508 366 3400 email: info-usa@vasco.com

USA - California phone: +1 650 378 1202 email: info-usa@vasco.com

logo and the Copyright 2012 VASCO Data Security, Inc, VASCO Data Security International GmbH. All rights reserved. VASCO , CertiID, VACMAN, IDENTIKEY, aXsGUARD, DIGIPASS, the logo are registered or unregistered trademarks of VASCO Data Security, Inc. and/or VASCO Data Security International GmbH in the U.S. and other countries. VASCO Data Security, Inc. and/or VASCO Data Security International GmbH own or are licensed under all title, rights and interest in VASCO Products, updates and upgrades thereof, including copyrights, patent rights, trade secret rights, mask work rights, database rights and all other intellectual and industrial property rights in the U.S. and other countries. Other names may be trademarks of their respective owners. BR201202 - v1