GateProtect GPO 125 Leaflet
This xUTM appliance is a stand-alone device and can also be used outside the server cabinet.
Like gateProtect‘s larger solutions, the GPO 125 is equipped with cutting-edge eGUI® technology and can also be configured
to operate in tandem with the Command Center. You receive a full-scale, high-performance xUTM appliance incl. features like
HA, VLAN, xUA with single sign-on, bridging, VPN SSL with x.509 certificates + IPsec, anti-spam with real-time detection,
antivirus, intrusion detection, and web filtering.
Like gateProtect‘s larger solutions, the GPO 125 is equipped with cutting-edge eGUI® technology and can also be configured
to operate in tandem with the Command Center. You receive a full-scale, high-performance xUTM appliance incl. features like
HA, VLAN, xUA with single sign-on, bridging, VPN SSL with x.509 certificates + IPsec, anti-spam with real-time detection,
antivirus, intrusion detection, and web filtering.
The GPO 125 is designed for use in
small and remote offices.
GPO 125 / GPO 125a
eGUI
®
-Technology
The new eGUI® technology from gateProtect is remarkable for its ergonomic ap-
proach to the processing operation. The display, even of sometimes very different
applications, is always consistent and delivers the information required by the
user for the current operation only. A measure of the quality of the gateProtect
operator concept are the principles governing the design of software dialogue, as
formulated in ISO 9241, part 110.
proach to the processing operation. The display, even of sometimes very different
applications, is always consistent and delivers the information required by the
user for the current operation only. A measure of the quality of the gateProtect
operator concept are the principles governing the design of software dialogue, as
formulated in ISO 9241, part 110.
Extended User Authentication
Most modern firewall systems support proxy-based user authentication. This
means that only those services which work with proxies such as HTTP or FTP
can be issued to specific users. The gateProtect firewall has rule-based Extended
User Authentication. This allows any number of services to be assigned individu-
ally to one user or a group of users. These services can be provided with all the
known additional options such as proxies or web filters. If a user logs on to the
firewall from a computer, all the assigned services for the computer in question
are enabled.
means that only those services which work with proxies such as HTTP or FTP
can be issued to specific users. The gateProtect firewall has rule-based Extended
User Authentication. This allows any number of services to be assigned individu-
ally to one user or a group of users. These services can be provided with all the
known additional options such as proxies or web filters. If a user logs on to the
firewall from a computer, all the assigned services for the computer in question
are enabled.
1. Web browser/UA Client:
logon is via an HTTPs connection.
2. Single sign-on:
Kerberos automatically passes the log-on to the domain to the firewall.
VPN Gateway (SSL with X.509 Certificates + IPSec)
gateProtect offers the most commonly used forms of current site-to-site and Road
Warrior VPN connections via IPSec and SSL. Wizards and the eGUI® technology
help with the management and set up of these connections. In addition, the fire-
wall generates external configuration files when the VPN connections are created.
These files can be used for setting up single click connections and also for site-to-
site connections when importing on the firewall at a remote site.
Warrior VPN connections via IPSec and SSL. Wizards and the eGUI® technology
help with the management and set up of these connections. In addition, the fire-
wall generates external configuration files when the VPN connections are created.
These files can be used for setting up single click connections and also for site-to-
site connections when importing on the firewall at a remote site.
Furthermore, gateProtect offers an IPSec and SSL site-to-site solution with X.509
certificates which can work in bridge mode as an option. For a normal bridge, two
or more network cards are linked to form a logical network. gateProtect not only
allows this for network cards but also for VPN-over-SSL connections. This makes it
possible to treat remote computers as if they were in the local network.
certificates which can work in bridge mode as an option. For a normal bridge, two
or more network cards are linked to form a logical network. gateProtect not only
allows this for network cards but also for VPN-over-SSL connections. This makes it
possible to treat remote computers as if they were in the local network.
Proxies (HTTP, FTP, POP3,SMTP, SIP)
The gateProtect firewall offers proxies for HTTP, SMTP, POP3, FTP and SIP. All
the data conducted via these proxies is checked for viruses, spam, appropriate
content or non-permitted content and then passed on to the user. This prevents
unwanted data reaching the internal network via the permitted access routes.
the data conducted via these proxies is checked for viruses, spam, appropriate
content or non-permitted content and then passed on to the user. This prevents
unwanted data reaching the internal network via the permitted access routes.
Application Level (Deep Packet Inspection)
gateProtect allows application level filters to be installed in the data flow on the
firewall. These check the data passing through e.g. HTTP for correct syntax. If
the prescribed syntax is violated, the application level filter blocks the connection.
This ensures that the data flowing through permitted connections conforms to
rules and prevents an abuse of the enabled connection.
firewall. These check the data passing through e.g. HTTP for correct syntax. If
the prescribed syntax is violated, the application level filter blocks the connection.
This ensures that the data flowing through permitted connections conforms to
rules and prevents an abuse of the enabled connection.
VLAN
A virtual LAN allows several logical networks to be operated in a single physical
network. To do this, every data packet carries a flag on the basis of which it is
assigned to a VLAN. The gateProtect xUTM appliance recognises this assignment.
This means that rules can generated on the firewall for these virtual networks in
exactly the same way as for normal networks. gateProtect relieves the administra-
tor of any special management of these VLANS and improves efficiency.
network. To do this, every data packet carries a flag on the basis of which it is
assigned to a VLAN. The gateProtect xUTM appliance recognises this assignment.
This means that rules can generated on the firewall for these virtual networks in
exactly the same way as for normal networks. gateProtect relieves the administra-
tor of any special management of these VLANS and improves efficiency.
High Availability
The high availability of gateProtect firewall systems is based on an active/passive
system where a secondary firewall is installed in parallel with the primary fire-
wall. The secondary firewall synchronises itself constantly with the primary firewall
using dedicated connections. It can therefore at any time take over the work of the
primary firewall, should this fail, without any manual intervention.
Furthermore, the status of the primary firewall is monitored by different systems.
If any problems are detected in the firewall, it switches itself off. The secondary
firewall enables the synchronised configuration and can continue operating in the
place of the primary firewall immediately. Downtime is minimised and problems
can be dealt with under less pressure.
system where a secondary firewall is installed in parallel with the primary fire-
wall. The secondary firewall synchronises itself constantly with the primary firewall
using dedicated connections. It can therefore at any time take over the work of the
primary firewall, should this fail, without any manual intervention.
Furthermore, the status of the primary firewall is monitored by different systems.
If any problems are detected in the firewall, it switches itself off. The secondary
firewall enables the synchronised configuration and can continue operating in the
place of the primary firewall immediately. Downtime is minimised and problems
can be dealt with under less pressure.
Office-Serie
Clarity · Perfection · Security
Firewall
_Layer function
_Zoom function
_Single Sign-On (xUA)
_Packet filter
_NAT
_DHCP Server
_DMZ
_Bridging
_VLAN
_Application Level
High Availability
_High Availability (active/passive)
Internet
_Failover
_Webblocking
_Mail filter
_Concurrent Connections
_Load Balancing
_Traffic Shaping
Interception
_Syslog
_SNMP (Traps)
_IDS
_Monitoring
_Reporting
_Statistics (Statistics-Client)
Optional (UTM products)
_Spam filter
_Virus filter
_Web filter
Features