UTM (Firewall and more)

Continuous availability through failures.

• Two Astaro Security Gateways are deployed in Hot Standby (Active/Passive)
• No Single Point of Failure
  • Separate Physical Hardware
  • Separate Power Circuits
  • Separate Network Links
• Failover occurs in les than two seconds after a missing heartbeat is detected on the link
• VPN gateways do not need to re-establish tunnels after a failover

The backbone of a security system which blocks and allows traffic.

• Stateful Packet Filter
• Application-Level Deep Packet Filtering
• Network Address Translation

Identify and stop worms, exploits and other attacks.

• Identifies and Blocks Application and Protocol Related Probes and Attacks through Deep Packet Inspection
• Database of over 8,000 Patterns and Rules Including:
  • Probing, port scans, interrogations, host sweeps
  • Attacks on application vulnerabilities
  • Protocol exploitations
• Intrusion Detection and Prevention
• Powerful Management Interface

Protect your network against artificial traffic floods.

• DoS and DDoS (Distributed Denial of Service) / Flooding Protection
• Port-Scan Protection

Control how the internet is used at your company

• Outbound Dynamic Bandwidth Reservation (Guaranteed Minimum, Maximum Limit)
• Inbound Queuing Optimization
• Download Equalizer and Upload Optimizer

Secure access deployed by the user on any operating system.

• Fully Transparent Access to Network Resources without Requiring any "Webifier" for Each Application
• Supports Feature Rich SSL VPN Clients
• One-Click-uration via Astaro's UserPortal
• Automatic Split Tunneling
• Automatic Network uration Update
• IP Address Assignment via Virtual IP Pool
• VPN Traffic Compression

Connect separate sites together with an encrypted link.

• Supports IPsec and SSL Protocols
• Supports all Major Encryption and Many Authentication Methods
• Full Public Key Infrastructure (PKI) Support

Easy remote access for employees.

• L2TP (Layer-2-Tunneling Protocol) over IPSec
• PPTP (Point-To-Point Tunneling Protocol)

Give outside employees secure access to the network.

• Support of all Major IPSec Encryption and Many Authentication Methods
• Supported IPSec Clients:
  • Astaro Secure Client with integrated desktop firewall (runs on Windows XP, Windows Vista and Windows 7 based PCs)
  • Cisco IPSec client
• One-Click-uration via Astaro's UserPortal

Work with users and groups from an existing server.

• Comprehensive Authentication Methods: Active Directory, eDirectory, Radius, Tacacs+, LDAP Local
• Single Sign-On (SSO) Support for Transparent Authentication
• Active Directory
• eDirectory

A central place for users to manage mail and remote access.

• SMTP / POP3 Mail Quarantine
• Individual Mail Log
• Personal Whitelist
• POP3 Account Management
• Remote Access Package Download including VPN Client Software, Config Files and Certificates
• Comprehensive Language Support

Keep your inbox clean

• Identifies and Disposes Unsolicited SMTP and POP3 Emails
• Highest Detection Rate through Combination of Multiple Methods to Identify Spam
• Flexible Management
• Multilingual and Multinational Character and Pattern Sets are Supported
• Web-Based UserPortal and Daily Quarantine Reports about Blocked Emails Allow for User Self-Servicing Actions

Keep your email messages private

• En-/Decryption and Digital Signatures for SMTP Emails
• Completely Transparent to the Enduser
• Easy Setup
• Central Management of all Keys and Certificates
• Allows Content/Virus Scanning even for Encrypted SMTP Emails
• Allows Usage of Internal or External Certificate Authorities (CA)
• Fully Supports X.509 Standard for Digital Certificates

Stop viruses before they get in

• Dual Independent Virus Scanners with Multiple Detection Methods: Virus signatures, heuristic analysis
• Scans HTTP, HTTPS, FTP, SMTP and POP3 Traffic
• Scans Encrypted SMTP Traffic
• Huge Signature Database
  • more than 800,000 virus signatures
  • Frequent automatic updates
• Flexible Management

A central place for users to manage mail and remote access.

• SMTP / POP3 Mail Quarantine
• Individual Mail Log
• Personal Whitelist
• POP3 Account Management
• Remote Access Package Download including VPN Client Software, Files and Certificates
• Comprehensive Language Support

Control who can surf where.

• Comprehensive Up-to-Date Database with 35+ Million Websites Covering over 3.9 Billion Web Pages in 96 Categories
• Fast Response Times through Globally Distributed Database Replications
• Filter Might also Consider Global Reputation
• Whitelists and Blacklists to Tailor Access for Groups of Users
• Many User Authentication Options
  • IP Address, Active Directory SSO, eDirectory SSO, LDAP, RADIUS/TACACS+
  • Time-based access policies

Stop viruses before they get in.

• Dual Independent Virus Scanners with Multiple Detection Methods: Virus signatures, Heuristic analysis
• Scans HTTP, HTTPS, FTP, SMTP and POP3 Traffic
• Scans Encrypted SMTP Traffic
• Huge Signature Database
  • more than 800,000 virus signatures
  • Frequent automatic updates
• Flexible Management

Enforce rules about online chatting and file sharing.

• Manages the Use of Instant Messaging Clients
• Manages the Use of Peer-to-Peer Applications
• Provides Flexible Control
• Granular Bandwidth Control

Peer inside encrypted sessions for damaging contents.

• Transparent De-/Re-encryption of HTTPS Traffic via Trusted "Man-in-the-Middle" technique
• Complete Filtering of Encrypted HTTPS Sessions and their Contents via Astaro's Dual AV Scanners
• Stops Tunneling Programs from Abusing open HTTPS Ports
• URL Filtering for HTTPS Sites
• Automatic Validation of Server Certificates Prevents Users from (Un)intentionally Bypassing Certificate Warning Messages
• Full CA Management
• One-Click Deployment of Gateway Certificate
• Granular Tuning & Exceptions

Protect productivity by preventing spyware installation

• Blocks (Unintentional) Downloads of Spyware, Adware, and Other Malicious Software
• Prevents Infected Systems from Sending Information Back to the Spyware (Home) Servers
• Checks Against a Database of Known Spyware URLs
• Filters and Removes Active Content Such as Java, Active X, Flash, Cookies, VBScript or JavaScript

See where employees spend their time online and how they use email.

• Inline Reports
• Reporting Graphs
• Executive Reports
• Report Anonymization

Routing and session control over incoming visitors.

• HTTP & HTTPS routing and control
• HTTP/HTTPS Real Web Server automated discovery and definition
• Virtual Web Server aliasing using HTTP/HTTPS
• Customizable communication ports
• Host Header Passing
• HTML Rewriting

Use layered scanning engines to stop viruses.

• Dual Independent Virus Scanners with Multiple Detection Methods: Virus signatures, Heuristic analysis
• Scans HTTP, HTTPS, Traffic to and from Your Servers
• Huge Signature Database
  • more than 800,000 virus signatures
  • Frequent automatic updates
• Flexible Management

Tamper-proofs cookies by digitally signing and verifying them.

• Digitally signs each cookie
• Tampering with the cookie will invalidate the signature
• Cookies declared invalid by Astaro Web Application Security will not be handed to the web server for consumption
• Protects against cookie poisoning techniques and other creative attacks which exploit these common data points.

Validate and enforce a visitor's moves.

• Define and manage allowed entry URL's
• Prevent unwanted "deep-linking" to your site, and control entry points of visitors
• Inspect the objects returned from a server in response to a user request, and enforces that the next thing they request is on that list
• Prevent users from passing commands to your servers which can exploit or overwhelm them
• Keep visitors from accessing areas of the site not meant for them, like a /admin directory which has not been appropriately secured
• On-the-fly inspection and building of object and URL whitelist customizes the feature per-user.

Protection against the latest attack types.

• Over 350 patterns dedicated to this single area of protection
• Live-updated in real time using Astaro Up2Date technology
• Can be ured by any administrator, no special training is required
• Support for multiple profiles which can be applied to different servers separately
• No complex regular expressions to master
• Reduces the risk of data theft and site tampering.