GateProtect GPX 800 Leaflet
The combination of high-performance hardware, VPN ASIC Crypto acceleration for a fast connection to branch of-
fices and/or field employees, and the comprehensive range of functions that gateProtect offers, makes the GPX 800
the ideal UTM appliance for any company with complex network structures and special IT security requirements:
- it is also the most user-friendly model on the market thanks to its patented, process-oriented eGUI
fices and/or field employees, and the comprehensive range of functions that gateProtect offers, makes the GPX 800
the ideal UTM appliance for any company with complex network structures and special IT security requirements:
- it is also the most user-friendly model on the market thanks to its patented, process-oriented eGUI
®
technology.
The GPX 800 is an X-series entry-level
model for typical enterprise networks
Firewall
_Layer function
_Zoom function
_Single Sign-On (xUA)
_Packet filter
_NAT
_DHCP Server
_DMZ
_Bridging
_VLAN
_Application Level
High Availability
_High Availability (active/passive)
Internet
_Failover
_Webblocking
_Mail filter
_Concurrent Connections
_Load Balancing
_Traffic Shaping
Interception
_Syslog
_SNMP (Traps)
_IDS
_Monitoring
_Reporting
_Statistics (Statistics-Client)
Optional (UTM products)
_Spam filter
_Virus filter
_Web filter
Features
GPX 800 / GPX 800a
X-Serie
Clarity · Perfection · Security
eGUI
®
-Technology
The new eGUI
®
technology from gateProtect is remarkable for its ergonomic ap-
proach to the processing operation. The display, even of sometimes very different
applications, is always consistent and delivers the information required by the
user for the current operation only. A measure of the quality of the gateProtect
operator concept are the principles governing the design of software dialogue, as
formulated in ISO 9241, part 110.
applications, is always consistent and delivers the information required by the
user for the current operation only. A measure of the quality of the gateProtect
operator concept are the principles governing the design of software dialogue, as
formulated in ISO 9241, part 110.
Extended User Authentication
Most modern firewall systems support proxy-based user authentication. This
means that only those services which work with proxies such as HTTP or FTP
can be issued to specific users. The gateProtect firewall has rule-based Exten-
ded User Authentication. This allows any number of services to be assigned
individually to one user or a group of users. These services can be provided with
all the known additional options such as proxies or web filters. If a user logs
on to the firewall from a computer, all the assigned services for the computer
in question are enabled.
means that only those services which work with proxies such as HTTP or FTP
can be issued to specific users. The gateProtect firewall has rule-based Exten-
ded User Authentication. This allows any number of services to be assigned
individually to one user or a group of users. These services can be provided with
all the known additional options such as proxies or web filters. If a user logs
on to the firewall from a computer, all the assigned services for the computer
in question are enabled.
1. Web browser/UA Client:
logon is via an HTTPS connection.
2. Single sign-on:
Kerberos automatically passes the log-on to the domain to the firewall.
VPN Gateway (SSL with X.509 Certificates + IPSec)
gateProtect offers the most commonly used forms of current site-to-site and Road
Warrior VPN connections via IPSec and SSL. Wizards and the eGUI® technology
help with the management and set up of these connections. In addition, the fire-
wall generates external configuration files when the VPN connections are created.
These files can be used for setting up single click connections and also for site-to-
site connections when importing on the firewall at a remote site.
Warrior VPN connections via IPSec and SSL. Wizards and the eGUI® technology
help with the management and set up of these connections. In addition, the fire-
wall generates external configuration files when the VPN connections are created.
These files can be used for setting up single click connections and also for site-to-
site connections when importing on the firewall at a remote site.
Furthermore, gateProtect offers an IPSec and SSL site-to-site solution with X.509
certificates which can work in bridge mode as an option. For a normal bridge, two
or more network cards are linked to form a logical network. gateProtect not only
allows this for network cards but also for VPN-over-SSL connections. This makes it
possible to treat remote computers exactly as if they were in the local network.
certificates which can work in bridge mode as an option. For a normal bridge, two
or more network cards are linked to form a logical network. gateProtect not only
allows this for network cards but also for VPN-over-SSL connections. This makes it
possible to treat remote computers exactly as if they were in the local network.
Traffic Shaping & QoS / Up- & Download
The traffic shaping facility from gateProtect is one of the most comprehensive
implementations on the market. Maximum and minimum bandwidth can be spe-
cified for each object on the desktop. Based on this, it is possible to manipulate
the traffic for each service. Bandwidth distribution can be configured at any level
of detail. Another special feature of the gateProtect solution is the prioritisation of
data packets in the VPN tunnel with QoS. This is important for time-critical appli-
cations where a delay would not be desirable. For example, gateProtect makes it
possible to use VoIP via a VPN tunnel for interference-free telephone calls, irre-
spective of the utilisation of the tunnel for RDP or data download, for instance.
implementations on the market. Maximum and minimum bandwidth can be spe-
cified for each object on the desktop. Based on this, it is possible to manipulate
the traffic for each service. Bandwidth distribution can be configured at any level
of detail. Another special feature of the gateProtect solution is the prioritisation of
data packets in the VPN tunnel with QoS. This is important for time-critical appli-
cations where a delay would not be desirable. For example, gateProtect makes it
possible to use VoIP via a VPN tunnel for interference-free telephone calls, irre-
spective of the utilisation of the tunnel for RDP or data download, for instance.
High Availability
The high availability of gateProtect firewall systems is based on an active/passive
system where a secondary firewall is installed in parallel with the primary fire-
wall. The secondary firewall synchronises itself constantly with the primary firewall
using dedicated connections. It can therefore at any time take over the work of the
primary firewall, should this fail, without any manual intervention.
Furthermore, the status of the primary firewall is monitored by different systems.
If any problems are detected in the firewall, it switches itself off. The secondary
firewall enables the synchronised configuration and can continue operating in the
place of the primary firewall immediately. Downtime is minimised and problems
can be dealt with under less pressure.
system where a secondary firewall is installed in parallel with the primary fire-
wall. The secondary firewall synchronises itself constantly with the primary firewall
using dedicated connections. It can therefore at any time take over the work of the
primary firewall, should this fail, without any manual intervention.
Furthermore, the status of the primary firewall is monitored by different systems.
If any problems are detected in the firewall, it switches itself off. The secondary
firewall enables the synchronised configuration and can continue operating in the
place of the primary firewall immediately. Downtime is minimised and problems
can be dealt with under less pressure.
HTTPS Scan
It is not possible to scan HTTPS traffic on the firewall with the products from most
other suppliers. Malware such as trojans and viruses exploit this open door to
enter an internal network unhindered.
gateProtect is one of the few manufacturers to close this door with their xUTM
appliances. gateProtect software can also scan encrypted HTTPS connections in
the data traffic for viruses and other malware.
To do this, the data flow is decrypted at the firewall, analysed and, if no viruses are
found, re-encrypted and sent on its way again.
other suppliers. Malware such as trojans and viruses exploit this open door to
enter an internal network unhindered.
gateProtect is one of the few manufacturers to close this door with their xUTM
appliances. gateProtect software can also scan encrypted HTTPS connections in
the data traffic for viruses and other malware.
To do this, the data flow is decrypted at the firewall, analysed and, if no viruses are
found, re-encrypted and sent on its way again.
Load Balancing
gateProtect load balancing distributes the data traffic with the Internet to different
routes. The firewall then decides which way the Internet is accessed each time a
connection is established.
As a rule, this distribution is based on protocols. gateProtect also makes it possible
to assign each individual connection to a route. This allows the utilisation of Inter-
net connections to be planned in great detail and optimised.
routes. The firewall then decides which way the Internet is accessed each time a
connection is established.
As a rule, this distribution is based on protocols. gateProtect also makes it possible
to assign each individual connection to a route. This allows the utilisation of Inter-
net connections to be planned in great detail and optimised.