Internet connectivity is at the heart of your business. Many businesses have multiple Internet connectivity (multi wan). Enterprises rely on the Internet to run their mission-critical business applications which drive their productivity and profits. It is expected that Internet connectivity to be highly reliable and always available. If the physical connection or the ISP goes down, organisations vital link to the Internet also goes down which affects business.
Revenue, customer satisfaction, partner relationships and employee productivity, all are at stake when internet link goes down. Internet outages impact an organisations email, websites, applications or VPN traffic. 

GajShield’s ISP Failover & Load Balancing allows enterprises to control and distribute traffic across multiple internet links. 

GajShield policy-based Failover & Load Balancing enables enterprises to distribute important applications over more robust internet links and less important applications over broadband connections as well as provide redundancy in case one more internet links are down.

Multi-Wan - ISP Link Redundancy – Failover

GajShield Multi wan or ISP Failover manages the traffic while providing valuable failover capabilities. That way if an internet link fails, GajShield senses the disturbance and redirects traffic to one of the working internet links. 

GajShield checks the health of the available internet connections, continuously checks the status of all the internet links, detecting failures in real-time and automatically redirects the traffic to the operational internet links to guarantee full availability. 

Customer can choose a granular option to define the primary internet link and multiple secondary internet links for each different service. For example for email the primary link could be ISP1, the secondary could be ISP2 and third link could be ISP3, while for FTP the primary could be ISP2, the secondary could ISP3 and third, could be ISP1.

Multi-Wan - ISP Load Balancing  

GajShield Multi wan or ISP Load Balancing weighted round-robin method and hence it distributes the traffic across multiple internet links and provides the flexibility of utilizing the total bandwidth of all the internet links preventing bandwidth bottlenecks while minimizing the cost of inefficient bandwidth utilization. At the same time, GajShield detects any failure of the internet link and dynamically load balances the traffic over the available or Live internet link.

Integrated reporting and Alerts

GajShield reporting provides current, daily, monthly and yearly reports and trend analysis of ISP utilization, what applications are being used through the ISP’s and which user is using the ISP. Enterprises can determine misuse or abuse of internet links by applications and users to effectively utilize the internet links available and to make informed decisions related to bandwidth purchase and management. GajShield Alerting mechanism sends email alerts to administrators keeping them informed on the link outages facilitating rapid troubleshooting.

Features of GajShield Multi-Wan Management:

• Service-based ISP load balancing or failover.
• Both Failover and Load Balancing can be set up simultaneously.
• Load balances traffic based on weighted round-robin distribution.
• ISP Failover automatically shifts traffic from a failed link to a working link.
• Automatic traffic tailback when failed ISP comes. up
• Zone-based failover.
• Customized NAT on failover.
• ISP failover and tailback notifications on email.

Guest visitors to an enterprise, hotel, colleges or even public hotspots might need access to the internet during their stay. The challenge faced by IT Managers is how to control and limit internet access of guest users without having to configure the guest’s desktop and yet have a solution which is cost-effective and easy to manage. IT Managers would need a solution which would provide a positive visitor experience without compromising the security of an enterprise. 

In providing internet access which could be for a day or even weeks during the stay of a guest, another challenge IT Managers face is creating temporary user IDs for guests. Maintaining such a large changing list of users is a tedious job for an admin. It is also difficult to apply access restrictions to these users, as users database is frequently changing/getting updated.

Solution

GajShield’s SECURE GUEST INTERNET MANAGEMENT SYSTEM fulfils all the above requirements, yet it is simple to manage, scalable and cost-effective too. The system helps to manage guest users, whether wired, wireless or even using mobile for internet access. Its auto expiry feature makes it easy to manage large sets of guest users. Its reporting system gives in-depth usage information and helps to identify any misuse by these users.

With this system, the IT Administrator can create guest users manually or provide an option to guests for self-registration. GajShield's Data Security Firewall provides user credentials via SMS which expires after a pre-configured / pre-defined time. Security policies can either be set for the guest group or can be defined for an individual user.

By terminating the guest network on a separate port of GajShield Firewall, enterprises can also control and limit guest users access to a corporate network.

Prerequisites

SMS Gateway

User credentials can be either sent via email or using SMS. To send Username and Password via SMS, the organisation will have to be registered with an SMS Gateway service provider. GajShield Firewalls come with pre-configured API parameters for various service providers. For service providers not listed in GajShield, the API parameters would have to be obtained and configured on GajShield Firewalls.

Features:

GajShield Guest Management System simplifies administration of guest users, a tremendous benefit for IT staff that will have a very limited workload in the daily operation.

Guest login portal

This is the interface used by guests and gives the very important first impression of a company. This portal is customized according to the organization and is a powerful branding as well as an information delivery tool. Guests connecting their laptop or smartphone to the internet will immediately be redirected to this portal. They will then log in to access the Internet. 

One of the more popular guest provisionings flows is guest self-registration with SMS activation:

1. The guest registers and enters his/her mobile number at the guest login portal.
2. A one-time access code/ username and password is delivered to the mobile phone via SMS (Short Message Service).
3. The guest activates the guest account using a provided username and password.

The use of activation through the mobile number enables traceability of the guest’s activity in the network as the identity of the guest will be automatically validated through the mobile subscription.

Guest Administration

This works as a control centre for IT staff. The Firewall Management System helps in configuring security policies for guest users along with configuring SMS gateway, guest portal and registration. It also provides a detailed reporting system built with intelligence to identify anomalies and misuse of policies.

Along with the above features, GajShield solution also provides:

• Create Guest Users Manually or User can register themselves through the Registration process
• Add Guest Users in bulk (through CSV upload)
• Delete Multiple Guest Users manually or enable Auto-Delete (automatically deletes user on expiry of validity)
• View Guest User Registration and Auto-Delete Logs
• Option to resend Guest User Credentials on SMS
• Create Group(s) of Guest Users
• Apply Security Policies (like URL, DLP, Application Filter Policies) based on Guest User(s) and/or Group(s) of Guest Users
• Apply Bandwidth Capping/Queue on Guest User(s) and/or Group(s) of Guest Users
• Apply UserSense Sessions and Authentication Schedule (Time Schedule) based on Guest User(s) and/or Group(s) of Guest Users
• Apply Bandwidth and/or Time Quota on Guest User(s) and/or Group(s) of Guest Users
• Can route traffic of Guest User(s)/ Group(s) of Guest Users through different ISP(s)
• Can apply BYOD restriction on Guest User(s) and/or Group(s) of Guest Users

The speed of business continues to accelerate. Competition is fiercer than ever; customer expectations are higher than ever. Today’s businesses run on applications and rely on connectivity, and when you’re opening up new sites or branches, time is money. 

Geographically distributed organizations often have hundreds or even thousands of branch offices connected to a hub or headquarters’ sites. For security reasons, cloud-based application traffic is often backhauled from the branch across expensive WAN/MPLS links to a hub site before being handed off to the Internet. Not only is this expensive, but performance is often compromised due to WAN bandwidth constraints at the branch and added latency from backhauling connections. 
A solution is to use direct Internet connection that provides simpler and consistent performance to cloud-based applications. With GajShield Data Security Firewalls, Internet connections become secure and reliable, it helps in augmenting or even replacing the traditional MPLS connections and lower WAN costs.

GajShield GS-Branch: 
Distributed enterprise branches transitioning to a digital business model have a significant impact on their network. With enterprise users both remote and local directly accessing the internet for cloud and Security-as-a-Service (SaaS) applications, the WAN and access edges are getting more complicated than ever and introduce new vulnerabilities for attackers to exploit. GajShield Firewalls enables customers to converge their security and network access, extending the benefits to their distributed branches. GajShield security device is comprised of GajShield Data Security Firewall, Secure Access using VPN, Anti Malware with Advance Threat Protection to deliver consolidation of branch services for network edge and device edge protection.

Features:

• Centralised policy management
• Easy operations with minimum learning curve
• Flexible deployment
• Consolidated Network and threat visibility
• Allows grouping of security appliances
• Complete threat protection including firewall, gateway anti malware, DLP, application control, intrusion prevention system and URL filtering
• Re-usable policy templates.

Centralized Management System

Quick Deployment:
GajShield’s simplified and easy deployment capabilities allow enterprises to ship unconfigured GajShield Data Security Firewall appliances to each remote site. When plugged in, the appliance automatically connects to the service in Centralized Management Service Server. Within seconds, the server authenticates the remote device and connects it to a Central Management System. The GajShield Centralised Management System is a dedicated network security management appliance, that enables network admin to manage distributed network of GajShield Firewalls, like managing all aspects of device configuration, push global policies, view all firewall traffic, and generate reports — all from one central location using a single console. Multi-path technology can automatically failover to the best available link when the primary WAN path degrades. This automation is built into the GajShield’s Multi-WAN management, which reduces complexity for end-users while improving their experience and productivity.

Benefits

• Lower Cost or Setup and Operation
  

  With the help of Centralised GajShield Security Management Architecture, enterprises can deploy and manage multiple Internet links, you can now augment or even replace MPLS connections with broadband internet services to connect users to applications and lower WAN costs by up to 90%. The ROI is dramatic and immediate.

• Better Performance

  GajShield Security Architecture is powered by multi-core architecture which provides faster application steering and unrivalled application identification performance. This includes deep secure sockets layer (SSL)/transport layer security (TLS) inspection with the lowest possible performance degradation. 
  GajShield’s MultiWAN management helps in routing applications and users over the most efficient WAN connection at any point in time. To ensure optimal application performance, it identifies a broad range of applications and applies routing policies at a very granular level for better end-user productivity. 
  GajShield’s application engine uses an application control database with the signatures to identify various applications (plus regular updates from GajShield threat Lab). GajShield identifies and classifies applications, even encrypted cloud application traffic, from the very first packet. This can be set to recognize applications by business criticality. Unique policies can be applied at a deeper level for sub-applications. This deep and broad application-level visibility into traffic patterns and utilization offers a better position to allocate WAN resources according to business needs.

• Highly Available
  

  One of the goals of high availability is to eliminate single points of failure in your infrastructure. A single point of failure is a component of your technology stack that would cause a service interruption if it became unavailable. As such, any component that is a requisite for the proper functionality of your application that does not have redundancy is considered to be a single point of failure. 
  High availability is an important subset of reliability engineering, focused towards assuring that a system or component has a high level of operational performance in a given period of time. At the first glance, its implementation might seem quite complex; however, with GajShield it becomes much simpler and it can bring tremendous benefits for systems that require increased reliability.

Better Security

• Data Leak Prevention
  

  DLP identifies, monitors and protects the data in motion on your network through deep content inspection and contextual security analysis of transactions, DLP systems act as enforcers of data security policies. They provide a centralized management framework designed to detect and prevent the unauthorized use and transmission of your confidential information. DLP protects against mistakes that lead to data leaks and intentional misuse by insiders, as well as external attacks on your information infrastructure.

• Contextual Intelligence Engine
  

  Contextual Intelligence Engine is a technology that allows to gain advanced visibility of data transaction over applications that uses network. Context-based security approach is a step ahead from traditional firewall capabilities. Using deep inspection at Different Levels for advanced security, Contextual Intelligence Engine understands the application and its data context. It allows to create a context of Saas applications and understand its usage, much deeper than just the application. Combined with Machine Learning, the contextual intelligent engine helps in finding anomalies.

• Intelligent Sandboxing

  An Intelligent Network Sandbox solution that has anti-evasion capability for protection against malware that understands and detects a virtual environment. With the ability to sandbox various file types and embedded URLs, our intelligent sandbox inspects content that a traditional signature-based antivirus cannot identify as malicious and categories accordingly.

• GajShield Threat Lab
  

  Proactive virus detection, Robust and inherent immune system that integrates Zero-Hour (Zero-Day) Virus Outbreak Protection to shield enterprises in the earliest moments of malware outbreaks, and right through as new variants emerge. By proactively scanning the Internet and identifying massive virus outbreaks as soon as they emerge, proactive virus blocking is effective and signature independent. At the Threat Lab, a database of real-time spam outbreaks is collected and compiled and maintained, through consultation with global Internet Service Providers. Patterns are analyzed, categorized, and cross-matched using algorithms, run to optimize the detection of repeating patterns and their sources. This database, containing approximately over six million signatures, is continuously updated with more than 30,000 new unique signatures added hourly.

Gateway Anti-Malware

• Powerful and Real-Time protection from Virus outbreaks
• Scans HTTP, HTTPS, FTP, POP3, SMTP & SMTPS traffic
• Detects and removes viruses, worms and all kinds of malware
• Instant identification of virus-infected users
• ZERO Hour Virus protection
• Spyware, Malware, Phishing protection
• Automatic real-time Virus update
• Complete protection of traffic over all protocols
• Last virus update definition
• Complete report

Security-Driven Networking

GajShield enables best-of-breed software-driven networking that is both high-performance and protected. GajShield Data Security Firewall featuring multi-core architecture to deliver faster network management with extreme security performance. GajShield has robust threat protection, including Layer 3 through Layer 7 security controls and data-level visibility. Featuring Complete threat protection, including firewall, antivirus, intrusion prevention system (IPS), and application control High-throughput SSL inspection with minimal performance degradation, ensuring that organizations do not sacrifice throughput for complete threat protection against zero-day threat. Web filtering to enforce internet security and Highly scalable & throughput overlay VPN tunnels to ensure that confidential traffic is always encrypted.

Download Brochure