GajShield Network Security Firewall - Overview

Product Overview

GajShield's extensive portfolio of Next Generation Firewall (NGFW) Appliances provides complete visibility into various threats and performance inhibitors allowing organisation to make informed and proactive security measure. GajShield firewall appliances provide powerful & integrated protection, enhance user productivity, granular policy definition, zero day protection providing pro-active security to networks and delivers real-time protection against fast moving threats like spyware, phishing, masked applications like Malware, Adware, P2P, Instant Messaging. With its Context Sensitive Data Leak Prevention, GajShield firewall appliances not only protect you from external threats, but also secure your data too. GajShield firewall appliances are complimented with Cloud Security which protect your devices even when they are out of your network in an insecure networks.

GajShield has a range of firewall appliances to protect SOHO offices to Large Enterprises. GajShield firewalls are ICSA Labs certified and provide complete protection against todays and tomorrows threat vector. With a simple management interface, firewalls are easy to deploy and manage. 

Next Generation Firewall Appliance (NGFW) Range

GajShield FirewallGajShield firewall ICSALabs Certification

GajShield Next Generation firewall (NGFW) appliances range from GS 15nu to GS 1360nu providing security to SOHO, SME and large enterprises. GajShield firewall appliances are enterprise-class appliances delivering highest levels of performance and security. GajShield firewalls are architected to provide high Firewall and UTM throughputs (UTM throughput is inclusive of Firewall + Application Filtering (AVC) + AntiVirus + AntiSpam). Each next-generation firewall is evaluated against and has passed ICSA Labs Modular Firewall Product Certification Criteria version 4.1x for general purpose network firewalls, corporate category. Not only does GajShield appliances detect applications independent of port use, it also understands context of data flow with many web-based cloud (SaaS) applications (CASB). This empowers an enterprise to inspect data and prevent data leaks. GajShield firewall appliances have industries most powerful Deep Inspection Engine which accurately classifies network application in real time. Each firewall appliance is capable of being configured in Active-Active or Active-Passive High Availability mode. Multiple firewalls can be easily managed using GajShield's Centralised Management System.


Context Sensitive Data Leak Prevention Firewall

GajShield’s context sensitive Data Leak Prevention system understand web application by creating context which helps an enterprise to setup policies based on the web application instead of IPs, Usernames which have no relevance to the above application.

For Example

  • You can create policies based on the ‘From’, ‘To’, ‘Subject’, ‘Email Data’, ‘Attachments’ of web based email applications like Google, Yahoo etc.
  • Reduces false positives with greater control over data leaks.
  • Provides better data leak prevention than simple regex matching.
  • Policy based engine with pre configured templates to implement data leak prevention out of the box.
  • Indepth reporting provides visibility to outbound data helps enterprises to setup policies to prevent data leaks.

Click here for more details.....


Cloud Security

Web 2.0 applications, such as social and business networking, create both opportunities and challenges. They help create communities of interest for marketing, but also create risks when users inadvertently download malicious content, or create liability when employees publish inappropriate or confidential content on blogs and social networks. Road warriors and smartphone users further exacerbate this problem—their access to the Internet often bypasses all security controls.

GajShield enriches user experience for Internet access, while providing risk mitigation and policy enforcement for CEOs and CISOs through its in-the-cloud service. Organizations do not need to purchase, deploy, or manage countless point products. Companies simply define their corporate security, control, and compliance policy by accessing the GajShield service.

Click here for more details.... 

Application Filtering

Firewall filtering based on port numbers can not longer provide security to an enterprise. Many applications use standard ports like 443 to camouflage its application traffic. The strength of a firewall in classifying these application forms the basis of your security. 

GajShield's Application filter is the industry’s most powerful Deep Packet Inspection (DPI) engine, providing real-time, Layer-7 classification of all network application traffic. It is designed for fast, trouble-free classification of more than 2500+ applications. With its smart classification technology, it creates zero impact on the network throughput and provides wire speed capabilities.

GajShield reporting system provides indepth know-how of the applications used by your organisation, which forms the first step towards security. Using this knowledge Security officers can then block applications for users or groups. With its recent launch of BYOD features, applications can now also be blocked based on whether the traffic has orginated from a mobile device too.

Click here for more details...


BYOD - Bring Your Own Device management

GajShield's BYOD feature allows to identify and create policies for  BYOD devices. This feature enhances the UserSense engine  to inspect, detect and monitor the traffic and control devices used by employees. It can identify whether the traffic has come from a mobile device or desktop device. Based on this information, enterprises can set up different BYOD policies limiting the access to internet or mobile applications.

More than often employees are allowed to bring in devices which are not controlled by the enterprise. Many of these devices have varied OS, with malicious apps getting downloaded. These devices can compromise enterprise network with unaccounted traffic. Using the GajShield Object Oriented Policy Security Management, enterprises can do the following

  • Block access to critical servers in DMZ to BYOD devices
  • Setup Data Leak Prevention policies which monitor and block all upload from these BYOD devices
  • Block risky applications which can lead to data leak from  BYOD devices
  • Setup policies to limit access to internet from these devices
  • Control and limit the bandwidth used by these devices
  • Limit access to internet based on time. (Education institutes do not want students to have access to internet during class hours)
  • Redirect the BYOD devices to non-critical internet link so business applications are not affected

Click here for more details...


GajShield Object Oriented Policy Security

Child policies provide specialized behaviors from the basis of common elements provided by the parent class. Through the use of inheritance, security managers can reuse parent policies many times. Object oriented policy management improves the security implementation in an enterprise by reducing the number of policies and creating common abstract policies which are inherited by other policies.

Object Oriented Policy helps enterprise to create complex policies in a very easy and quick way. Time, user or group based exception can be easily created without having to disturb the default policies. It gives power to the security team to implement practical security policies without creating large number of rulesets.

GajShield Virtual Private Network (VPN)

GajShield provides Industry Standard IPSec, L2TP and PPTP VPN along with High Availability for IPSec. GajShield incorporates Strong Authentication with RSA SecureID, VASCO tokens, Radius, LDAP and Active Directory to avoid any kind of interception in the network and the communication. Besides this, a lot of emphasize is given on the Encryption of the data and Authentication of the users aiming to access or transfer the data. GajShield uses DES, 3DES, AES encryption and Hash Algorithms like MD5, SHA1 and SHA2 for encryption purposes and Pre-shared key and Digital Certificates for secured Authentication. Gajshield also supports Internet Key Exchange that is, IKEv1 or IKEv2, (depending on the version) which is the protocol used to setup a security association (SA) in IPSec protocol suite

Click here for more details....

GajShield SecureLabs

GajShield Distributed Network Behavioral Analysis (DNA) incorporates a worldwide network of sensors, customer input, and industry alliances working in conjunction with GajShield.s SecureLabs Team to provide the fastest, most reliable and scalable security infrastructure in the industry. The result is a proven system that guarantees every GajShield customer is protected at the highest level possible, all the time.

Unique Gateway Architecture

GajShield's Unique Gateway Architecture offers policy based Multi-WAN Failover, Load Balancing and traffic management options. Gateway Failover & Load Balancing supports any number of Internet connections over multiple physical interfaces and Bandwidth management assures maximum efficiency of Internet service. These flexible gateway Failover and Load Balancing features provide business continuity by assuring network up-time.

Unique Performance Management

GajShield's smart engine correlates the information provided by security engine, network monitoring engine, deep inspection stream analyzer, wan availability, behavior analysis engine to provide real-time knowledge into the network. This comprehensive approach stops threats from the internet, eliminates unintentional user sabotage and gives business-critical applications highest priority increasing user and application productivity.