Next Generation Firewall Feature Summary
GajShield Next Generation Firewall's layered network security platforms are designed to provide in depth protection against various attacks by tightly integrating key security functions and to securely connect remote offices and partners. GajShield Network Security Appliances combines ICSA Certified Firewall appliances, Data Leak Prevention, Cloud Security, IPS, VPN, URL Filtering, Virus screening and Bandwidth Management in a single appliance to provide in depth protection at the network edge. A unified management platform makes it a breeze to deploy, administer, and manage GajShield Network Security Appliances.
- ICSA Labs Certified Firewalls
- IPv4 & IPv6 support
- IPv6 NAT64/DNS64 support
- User based rules
- Dynamic Stateful Inspection
- DoS, DDos, Syn attack prevention
- Traffic normalization
- Protocol decodes
- Flexible Addressing Mode
- Multiple Network Zone
- Built-in Firewall Logging
- Group Policies
- Virtual Firewall
- DHCPv4/DHCPv6 Server
- RIP v1, RIP v2 and OSPF, OSPFv2, OSPFv3, BGP, BGP v6 Support
- NTP, SNMP
- Context Sensitive Data Leak Prevention
- SSL VPN/Cloud Security (Remote Filtering)
- Object Oriented Policy Security Management
- User/Group based Policy management
- Application Security
Stateful Inspection technology monitors every incoming and outgoing packet, providing utmost network protection. Policies can be set for entire group- not required for each user, service, port- allowing both efficiency and flexibility. Flexible addressing mode such as NAT, PAT, one-to-one nat, many-to-one nat allows GajShield to be seamlessly integrated into most network environments. Supports advanced routing and networking features like RIP, OSPF, VLAN etc. providing granular configuration option.
Security devices are not meant to only secure network infrastructure, but more importantly have to secure confidential data. This data could be leaked intentionally or unintentionally by employees who have greater access to your network. Many recent leaks by unhappy employees have not only caused embarrassment to an organisation but have led to loss of reputation and financial damages. GajShield’s context sensitive Data Leak Prevention system understand web application by creating context which helps an enterprise to setup policies based on the web application instead of IPs, Usernames which have no relevance to the above application.
- You can create policies based on the ‘From’, ‘To’, ‘Subject’, ‘Email Data’, ‘Attachments’ of web based email applications like Google, Yahoo etc.
- Reduces false positives with greater control over data leaks.
- Provides better data leak prevention than simple regex matching.
- Policy based engine with pre configured templates to implement data leak prevention out of the box.
- Indepth reporting provides visibility to outbound data helps enterprises to setup policies to prevent data leaks.
The GajShield advance Application Visibility and Control solution provides application-level classification, monitoring, and traffic control, to:
- Improve security and prevent data leak by controlling rogue applications
- Enhance business-critical application performance by limiting bandwidth for non-business traffic
- Indepth visibility on network traffic which helps in capacity management and planning
- Saves bandwidth and reduces infrastructure costs
The Application filtering solution helps you:
- Identify and classify over 2500+ applications
- Set different quality of service (QoS) priorities and limit bandwidth based on application category
- Indepth reporting of application use based on users,groups and ip addresses
- Object oriented policy management to re-user application filtering policies with ease of implementation
- Two Factor Authentication support for WebUI, CLI or Console with OTP
- Manage through a browser, ssh and terminal
- Single window policy management
- Role based Administration
- On Appliance Analytics
- User based firewall policies
- Policy inheritance (Oops)
- Remote Syslog and SNMP support
- Administration activity logs for auditing
Familiar Management interfaces allow device and network management from virtually any location. Assign multiple role to administrators for flexible management.
- Database of over 6000 signatures
- Prevents exploits, intrusion attempts, malicious code, backdoor activity and network-based blended threats
- Anomaly Detection System mitigate evolving and internal threats
- High performance security with real-time attack, malicious code and hybrid threat blocking
- Automatic updates for new threats
- Notification via email
- Report of source IP from where the intrusion has been originated
Intrusion Prevention System monitors every incoming and outgoing packet and detects attack patterns based on IPS signatures and Anomaly Detection.
- Debug network using ping, traceroute and ARP
- Real time packet capture utility and can forward captured packets to a different host for futher analysis.
- URL filter check to identify which policy is used to allow / block an URL for an user or IP
- Utility to check the web cetagory of an URL
- Firewall live log to check network traffic is allowed or blocked with firewall policy rule number