GajShield Network Security Firewall Features

Next Generation Firewall Feature Summary

GajShield Next Generation Firewall's layered network security platforms are designed to provide in depth protection against various attacks by tightly integrating key security functions and to securely connect remote offices and partners. GajShield Network Security Appliances combines ICSA Certified Firewall appliances, Data Leak Prevention, Cloud Security, IPS, VPN, URL Filtering, Virus screening and Bandwidth Management in a single appliance to provide in depth protection at the network edge. A unified management platform makes it a breeze to deploy, administer, and manage GajShield Network Security Appliances.

GajShield recognized in Gartner’s 2018 Asia/Pacific Context: ‘Magic Quadrant for Enterprise Network Firewalls’

Firewall

  • ICSA Labs Certified Firewalls
  • IPv4 & IPv6 support
  • IPv6 NAT64/DNS64 support
  • User based rules
  • Dynamic Stateful Inspection
  • DoS, DDos, Syn attack prevention
  • Traffic normalization
  • Protocol decodes
  • Flexible Addressing Mode
  • Multiple Network Zone
  • Built-in Firewall Logging
  • Group Policies
  • Virtual Firewall
  • DHCPv4/DHCPv6 Server
  • RIP v1, RIP v2 and OSPF, OSPFv2, OSPFv3, BGP, BGP v6 Support
  • NTP, SNMP
  • Context Sensitive Data Leak Prevention
  • SSL VPN/Cloud Security (Remote Filtering)
  • Object Oriented Policy Security Management
  • User/Group based Policy management
  • Application Security

Next Generation Firewall

Stateful Inspection technology monitors every incoming and outgoing packet, providing utmost network protection. Policies can be set for entire group- not required for each user, service, port- allowing both efficiency and flexibility. Flexible addressing mode such as NAT, PAT, one-to-one nat, many-to-one nat allows GajShield to be seamlessly integrated into most network environments. Supports advanced routing and networking features like RIP, OSPF, VLAN etc. providing granular configuration option. 


Context Sensitive Data Leak Prevention Firewall

Security devices are not meant to only secure network infrastructure, but more importantly have to secure confidential data. This data could be leaked intentionally or unintentionally by employees who have greater access to your network. Many recent leaks by unhappy employees have not only caused embarrassment to an organisation but have led to loss of reputation and financial damages. GajShield’s context sensitive Data Leak Prevention system understand web application by creating context which helps an enterprise to setup policies based on the web application instead of IPs, Usernames which have no relevance to the above application.

For Example

  • You can create policies based on the ‘From’, ‘To’, ‘Subject’, ‘Email Data’, ‘Attachments’ of web based email applications like Google, Yahoo etc.
  • Reduces false positives with greater control over data leaks.
  • Provides better data leak prevention than simple regex matching.
  • Policy based engine with pre configured templates to implement data leak prevention out of the box.
  • Indepth reporting provides visibility to outbound data helps enterprises to setup policies to prevent data leaks.

More Details....

Remote Filtering and Cloud Security

Web 2.0 applications, such as social and business networking, create both opportunities and challenges. They help create communities of interest for marketing, but also create risks when users inadvertently download malicious content, or create liability when employees publish inappropriate or confidential content on blogs and social networks. Road warriors and smartphone users further exacerbate this problem—their access to the Internet often bypasses all security controls.

Road Warriors access the internet through insecure service providers or even unsafe Wifi hotspots. This leads to these devices being vulnerable to attacks which could lead to a compromised device. When this device connects back to the enterprise network, it could compromise other devices, infect other systems or be used for data leaks. GajShield's Remote Filtering and Cloud Security secures road warriors even in the most insecure networks leading to a secure enterprise.

More Details... 

BYOD Policy Management

Bring Your Own Device - BYOD

GajShield's BYOD feature allows to identify and create policies for  BYOD devices. This feature enhances the UserSense engine  to inspect, detect and monitor the traffic and control devices used by employees. It can identify whether the traffic has come from a mobile device or desktop device. Based on this information, enterprises can set up different BYOD policies limiting the access to internet or mobile applications.

More than often employees are allowed to bring in devices which are not controlled by the enterprise. Many of these devices have varied OS, with malicious apps getting downloaded. These devices can compromise enterprise network with unaccounted traffic. Using the GajShield Object Oriented Policy Security Management, enterprises can do the following:

Key Features:

  • Block access to critical servers in DMZ to BYOD devices
  • Setup Data Leak Prevention policies which monitor and block all upload from these BYOD devices
  • Block risky applications which can lead to data leak from  BYOD devices
  • Setup policies to limit access to internet from these devices
  • Control and limit the bandwidth used by these devices
  • Limit access to internet based on time. (Education institutes do not want students to have access to internet during class hours)
  • Redirect the BYOD devices to non-critical internet link so business applications are not affected

More Details....

URL Filtering

URL Filtering is basically done by maintaining a highly categorized database of most of the websites in the internet and either allowing access to them or dis-allowing access to the internet users of an organization either at all times or during certain times of a day. The policies of which categories of sites is to be allowed/dis-allowed to the users of an organization could be set by the Enterprise through a web-based interface provided by URL filters. So, there is a local hardware appliance or software application running on a server that connects to a central database of the URL filtering vendors which enable to block individual websites.

Key Features:

  • Group based Block access to specific URL
  • Group based allow access to specific URL
  • Category based URL Blocking
  • Group based Allow attachment downloading
  • Group based Block attachment uploading
  • Group based time scheduling

More Details....

Application Visibility and Control

The GajShield advance Application Visibility and Control solution provides application-level classification, monitoring, and traffic control, to:
  • Improve security and prevent data leak by controlling rogue applications
  • Enhance business-critical application performance by limiting bandwidth for non-business traffic
  • Indepth visibility on network traffic which helps in capacity management and planning
  • Saves bandwidth and reduces infrastructure costs

The Application filtering solution helps you:

  • Identify and classify over 2500+ applications
  • Set different quality of service (QoS) priorities and limit bandwidth based on application category
  • Indepth reporting of application use based on users,groups and ip addresses
  • Object oriented policy management to re-user application filtering policies with ease of implementation

More Details....

Virtual Private Network (VPN)

VPNs are extremely beneficial to organizations that are especially situated across multiple geographical locations. VPNs also allow employees to securely access a corporate intranet while they are located outside the office. This feature could be extremely beneficial to Road-warriors who are always moving. Additionally, VPNs are used to securely connect geographically separated offices of an organization, to create one cohesive network.

Key Features:

  • Industry standard: IPSec, L2TP & PPTP VPN
  • VPN High Availability for IPSec
  • Strong authentication : RSA SecureID, VASCO tokens, Radius, LDAP & Active Directory
  • Encryption : DES, 3DES, AES encryption & Hash 
    Algorithms : MD5, SHA1, SHA2
  • Authentication : Pre-shared key, Digital Certificates
  • IPSec NAT Traversal, Dead Peer Detection and PFS support
  • IPSec VPN tunnel up/down logs
  • Active VPN user logs

More Details.... 

Traffic Shaping - Bandwidth Management

Bandwidth Management

  • Policy based Routing, Bandwidth Management & Queuing
  • SLA monitoring for static routes
  • Hierarchy based Bandwidth Management
  • Committed on the fly bandwidth borrow
  • Time Quota and Bandwidth Quota
  • Bandwidth policy for browsing
  • Bandwidth utilization chart based on Bandwidth Queues

More Details....

High Availability

The need for efficient and dependable infrastructures has become very important in order to serve critical systems and the demand for such infrastructures is continuously increasing. It has become important that the system is able to handle increasing load and at the same time, is able to decrease downtime and eliminate single points of failure. As a result of this, High availability as a quality of infrastructure design has gained extreme importance.

  • Active / Passive and Active / Active with State synchronization
  • Stateful Failover
  • Non-stop forwarding during HA with graceful restart
  • Email Alerts on HA Status
  • Auto synchronization of entire configuration made on Master firewall to Backup firewall
  • Email notification when firewall state change from Master to Backup and vice versa

More Details....

System Management

Key Features:

  • Two Factor Authentication support for WebUI, CLI or Console with OTP
  • Manage through a browser, ssh and terminal
  • Single window policy management
  • Role based Administration
  • On Appliance Analytics
  • User based firewall policies
  • Policy inheritance (Oops)
  • Remote Syslog and SNMP support
  • Administration activity logs for auditing

Familiar Management interfaces allow device and network management from virtually any location. Assign multiple role to administrators for flexible management.

Networking

Key Features:

  • Static IP Address, PPPoE, DHCP
  • Policy based Multi-WAN Failover & Load balancing
  • WRR based Load Balancing
  • Policy based Routing
  • Multicast forwarding
  • Dynamic Routing (RIP v1 & 2, OSPF)
  • DHCP server support on multiple interfaces
  • Support for dynamic DNS

Gateway Anti-Spam

AntiSpam

Key Features:

  • Scans SMTP, POP3 traffic for spam
  • Detects, tags or quarantines spam mail
  • Content-agnostic spam protection including Image-spam
  • Preemptively stops sophisticated threats like phishing, pharming, zombie attacks & supports RBL lists
  • Enforces black and white lists
  • Real-Time protection from emerging threats
  • Language, content and format independent spam prevention
  • Detects phishing URL in emails
  • Quarantine Spam Mails
  • Mail Archiving

Gateway Anti-Malware

Key Features:

  • Multiple Engine – uses cloud based sandboxing
  • Powerful and Real-Time protection from Virus outbreaks
  • Scans HTTP, HTTPS, FTP, POP3, SMTP & SMTPS traffic
  • Detects and removes viruses, worms and all kinds of malware
  • Instant identification of virus infected users
  • ZERO Hour Virus protection
  • Spyware, Malware, Phishing protection
  • Automatic real-time Virus update
  • Complete protection of traffic over all protocols
  • Last virus update definition
  • Complete report of viruses caught

Appliance based Security Analytics

Key Features:

  • Complete reporting on appliance
  • User, Application specific reporting
  • Daily Internet activity user/group wise report on e-mail
  • Real time reports, automated alerts, historical reporting
  • Security reports include Firewall, IPS & VPN
  • Real time reporting of bandwidth and users
  • Policy violation alert on E-mail & Reporting
  • Virus filtering reporting
  • Guest user authentication activity logs

Intrusion Prevention Service (IPS)

Key Features:

  • Database of over 6000 signatures
  • Prevents exploits, intrusion attempts, malicious code, backdoor activity and network-based blended threats
  • Anomaly Detection System mitigate evolving and internal threats
  • High performance security with real-time attack, malicious code and hybrid threat blocking
  • Automatic updates for new threats
  • Notification via email
  • Report of source IP from where the intrusion has been originated

Intrusion Prevention System monitors every incoming and outgoing packet and detects attack patterns based on IPS signatures and Anomaly Detection.

Logging and Reporting

Key Features:

Firewall Reporting

  • Security log records network attacks
  • Event log records all configuration changes
  • Browsing log records all browsing traffic
  • Virus log shows the viruses
  • Analysis and Graphing of network traffic
  • Automatic email notification of attacks

GajShield provides a wide range of tools and diagnostics (including Ping, Trace route) to track and analyze traffic and network activity. Also provides remote Syslog and SNMP support.

Adaptive ISP Failover & Load Balancing

Key Features:

  • Service based ISP Load Balancing or Failover
  • Both Failover and Load Balancing can be set up simultaneously
  • Load balances traffic based on weighted round robin distribution
  • ISP Failover automatically shifts traffic from a failed link to a working link
  • Automatic traffic fallback when failed ISP comes up
  • Zone based failover
  • Customized NAT on failover
  • ISP failover and fallback notifications on email

Bandwidth Management

Key Features:

  • Policy based Bandwidth Management & Queuing
  • Hierarchy based Bandwidth Management
  • Committed on the fly bandwidth borrow
  • Time Quota and Bandwidth Quota
  • Bandwidth policy for browsing
  • Bandwidth utilization chart based on Bandwidth Queues

Diagnosis

Key Features:

  • Debug network using ping, traceroute and ARP
  • Real time packet capture utility and can forward captured packets to a different host for futher analysis.
  • URL filter check to identify which policy is used to allow / block an URL for an user or IP
  • Utility to check the web cetagory of an URL
  • Firewall live log to check network traffic is allowed or blocked with firewall policy rule number