„The eGUI is a pleasure to work with [...]“ Dave Mitchell, SC Magazine - UTM Review 2009 „We must applaud the brilliant arrangement and pedagogic approach.” Lars Dobos, Tech World - UTM Review 2010 Clarity · Perfection · Security The advantages of the unique eGUI® interface concept are recognized and acclaimed worldwide The unique eGUI® technology revolutionizes the operation of “Next Generation Firewall Appliances” * The evaluation of the test results were made by gateProtect The risk of configuration and operation errors together with the constantly increasing amount of work that is required to manage IT security systems, means a whole new approach to the operation of professional security solutions is required. Customers and references The greatest security risk facing modern IT networks relates to the fact that increasingly complex security functions are required in order to block attacks effectively. This inevitably leads to systems that are extremely complex to operate, which, in turn, means the risk of user errors increases exponentially. As a result of this, operation and configuration errors in IT systems are the cause of around 98% of all security vulnerabilities in companies nowadays. The answer is the patented eGUI® technology from gateProtect The interface concepts from the competition follow a “function-oriented” approach. However, this methodology does not take into account the way in which humans and machines interact naturally. To solve this problem gateProtect developed the eGUI® technology, which utilizes a “process-oriented” approach that meets the implementation guidelines of the ISO Norm 9241 standard. The program also provides a consistent layout, which only displays the specific information that the user actually requires for the current activity, no matter which application is being used, while at the same time unifying all cutting-edge security features in a “Next Generation Firewall Appliance”. Clarity · Perfection · Security Major advantages of the eGUI® technology The new user interface is remarkable for its ergonomic approach to the processing operation. The display, even of sometimes very different applications, is always consistent and delivers only the information required by the user for the current operation. A measure of the quality of the gateProtect operator concept are the ergonomic principles governing human-machine interaction, as formulated in ISO 9241, part 110. The eGUI® technology significantly reduces the amount of time required for configuration Only the integration of the eGUI® technology in Next Generation Firewalls can help the administration to adhere to security policies in the company network in an effective and secure way. The clear overview, active management, as well as the reduction of rules are the major advantages when compared to command line based user interfaces. The eGUI® technology reduces significantly the time for the configuration of the firewall, as found during a 2009 study conducted amongst IT Security Experts throughout Europe. Initial configuration (Firewall configuration, import and creation of users etc.) gateProtect Benefits of the eGUI® technology Competitor I _Visual feedback immediately supplied for each setting Competitor II _Self-explanatory functions Competitor III Competitor IV _Central overview of all active services _Immediate overview of the whole network configuration Ongoing administration (Configuration or changing of rules, creation of new users, UTM adjustments) _Layer and zoom function for networks up to 10,000 users gateProtect Competitor I _Enormous time-savings through a significant reduction in the number of rules Compared to a “function-oriented” approach you can easily reduce the number of rules by a factor of up to 100. Competitor II Competitor III Competitor IV _Reduction in the number of user errors thanks to the visualization of the entire network The visualization of the entire network and active services remarkably reduces the risk of user errors. Familiarization phase (Familiarization of new administrators or deputies, in charge of configuring the firewall) _Reduced operating costs through active management The combination of active management, time-savings and reduction of error rates results in a significant gateProtect cost reduction compared to a command line based interface. Competitor I Competitor II Competitor III Competitor IV Study from 2009, which compared the time required to configure firewalls from different providers „We must applaud the brilliant arrangement and pedagogic approach.” Lars Dobos, Tech World - UTM Review 2010 Clarity · Perfection · Security “Layer-8 technology” - Extended User Authentication Next Generation Firewall Appliances Control of user-based security policies The Next Generation Firewall Appliances from gateProtect offer a very high level of flexibility. There are suitable products available for use in a wide range of different networks and they offer all current security features. The “Layer-8 technology” from gateProtect treats the user identity as the 8th layer of the OSI model. All gateProtect Firewall Appliances employ cutting edge security technology, without sacrificing ease of use on a daily basis. All of this thanks to the process-oriented operator navigation system, which offers a very high level of clarity into the overall network and services distribution. All “Next Generation Firewall Appliances” offer security and productivity at all levels and across all services – from layer 2 to layer 8 with identity-based policies. Layer 8 User authentication Layer 7 Application Layer 6 Presentation Layer 5 Session Layer 4 User authentication Transport TCP, UDP Layer 3 Application Network 192.168.1.1 Layer 2 Presentation Data Link ASCII, ICA, EBCDIC 00-23-EE-4D-C5-E6 User authentication ASCII, ICA, EBCDIC L2TP, PPTP Session L2TP, PPTP Physical Physical Transport TCP, UDP Data Link 00-23-EE-4D-C5-E6 Network 192.168.1.1 Network 192.168.1.1 Data Link 00-23-EE-4D-C5-E6 Transport TCP, UDP Physical The benefits of the gateProtect Extended User Authentication Session L2TP, PPTP Layer 1 _enables services at user level Presentation ASCII, ICA, EBCDIC _future-proof, allowing configuration of future services _individual configuration of services at user level Application _Single sign-on via Kerberos upon login to the Windows domain User authentication _Browser login allows independence from the operating system _configuration of services for users and active directory groups _enables services in an intranet Security and productivity at all levels and across all services Clarity · Perfection · Security gateProtect Managed Security Platform Central administration and monitoring of worldwide distributed Firewall systems The server based Command Center® allows up to 500 gateProtect xUTM appliances or firewall systems to be simultaneously managed, configured and monitored. All gateProtect appliances, from the GPO 75 to the GPZ 2500, can be managed and configured from the central Command Center®. This is particularly important for companies which use several firewall systems or are planning rollouts on a large scale. The Command Center® effectively achieves an orders of magnitude improvement in overall network security, as well as in the efficiency of routine maintenance tasks, significantly reducing operation costs. gateProtect Command Center® The gateProtect Command Center® supplies MSS providers and corporate IT departments with the broad range of features they need for the global management of IT security systems. An overview of the most important functions _Active administration of up to 500 gateProtect Appliances gateProtect _Monitoring of all VPN connections _Central configuration of new installations with VPN _Central overview of all firewall systems Command Center® _Central import of: _Central monitoring of functional status and utilisation of all firewall systems · updates of any number of firewall systems _Direct and immediate access to each firewall · licence keys and their management _Automatic and central backup Monitoring (Dash board view) VPN Large-scaled IT network rollouts present administrators with a special challenge. The gateProtect Command Center® is a professional solution that makes their lives much easier. Pre-fabricated standard configurations (to any depth of detail) can be distributed and installed immediately from the central administration point. - - - - - - - - - - Centrally creatable VPN connections Configuration Central reporting system / monitoring _Central notification and categorization of alerts Rollout management fast and efficiently A corporate wide standard for all firewalls can therefore be created and uploaded within a very short space of time. Naturally, the configurations created for individual firewalls can also be adapted when the need arises. This is a key factor to minimize costs and accelerate rollouts. Map view with VPN connections · standard configurations of some firewall systems (for larger-scale rollouts) - - - Display settings of all firewalls Active configuration of 500+ firewalls with standard configurations Create and apply templates on multiple firewalls - - - - - eGUI® technology inside - ISO 9241 oriented - self-explaining functions - overview of the entire network Zoomable world map Custom background maps supported Role based command center user management Object oriented firewall configuration Monitoring 500+ firewalls System information CPU- / memory usage Long term statistics HDD status (partitions, usage, RAID) Network status (interfaces, routing, traffic, errors) Process monitoring VPN monitoring User authentication monitoring Centralized work stages - Single- and group-backup - Remote backup creation - Automatic and time based creation of backups - Automatic upload of backups on FTP or SCP Server on multiple firewalls - Automatic backup management for groups - Small backup files (kb) - Single- and group update - Single- and group licensing - Central certificate management Security - Certificate based 4096 bit encrypted connections to the firewalls IPSec - - - - - - - - - - - - Site-to-Site Client-to-Site (Road warrior) Tunnel Mode IKEv1, IKEv2 PSK X.509 certificates 3DES, AES (128, 192, 256) Blowfish (128, 192, 256) DPD (Dead Peer Detection) Compression PFS (Perfect Forward Secrecy) MD5, SHA1, SHA2 (256, 384, 512) Diffi Hellman group (1, 2, 5, 14, 15, 16,17,18) SSL - Site-to-Site - Client-to-Site (Road warrior) - Routing Mode VPN - Bridge Mode VPN - X.509 certificates - TCP/UDP port changeable - Compression - Specify WINS- and DNS servers - 3DES, AES (128, 192, 256) CAST5, Blowfish Clarity · Perfection · Security “Next Generation Firewall Appliances” Cutting-edge security features The “Next Generation Firewall Appliances” from gateProtect are characterized by optimal scalability, security and performance. Thanks to the unique and patented eGUI® technology, gateProtect sets standards when it comes to the configuration of modern security systems. gateProtect’s eGUI® technology raises operating security and efficiency to a previously unattained level. Furthermore, gateProtect is the only manufacturer worldwide to implement the ISO NORM 9241 standard. Overview of the Next Generation Firewall Appliances SoHo / RoBo SoHo - Mid Small enterprises GPO 75 GPO 125 GPA 250 GPA 400 Medium enterprises GPA 600 Interfaces 10/100 Ethernet Ports 4 4 - - - 10/100/1000 Ethernet Ports - - 4 6 8 SFP / SFP+ (Mini GBIC) Ports - - - - - VPN - Crypto acceleration chip - - - - Yes System Performance* Firewall throughput (Mbps) 200 200 800 1 400 1 800 VPN IPSec throughput (Mbps) 50 70 120 190 500 UTM throughput (Mbps) - 35 90 140 200 IDS/IPS throughput (Mbps) - 90 160 320 520 Concurrent sessions 50 000 150 000 300 000 500 000 600 000 New sessions per second 1 500 2 500 5 000 8 000 10 000 Enterprises GPX 800 Large enterprises GPX 1000 GPZ 2500 GPZ 5000 Interfaces 10/100 Ethernet Ports - - - - 10/100/1 000 Ethernet Ports 8 10 12 10 2/0 6/0 4/2 Yes Yes Yes Yes Redundant - HDD (Raid) - Yes Yes Yes Redundant - Power supply - Yes Yes Yes SFP / SFP+ (Mini GBIC) Ports VPN - Crypto acceleration chip System Performance* Firewall throughput (Mbps) 3 500 5 000 9 000 18 000 VPN IPSec throughput (Mbps) 1 000 1 500 2 500 2 500 UTM throughput (Mbps) 500 700 1 100 1 200 IDS/IPS throughput (Mbps) 830 1 200 2 500 2 500 1 000 000 1 300 000 2 500 000 3 500 000 16 000 20 000 30 000 35 000 Concurrent sessions New sessions per second The changing network security requirements of the market mean that companies demand the next generation of security systems to meet the challenge. gateProtect combines a wide range of the most modern and innovative security functions in a single system, the gateProtect “Next Generation Firewall Appliances”. Firewall - Stateful inspection - Connection-tracking TCP/UDP/ICMP - SPI and proxy combinable - Time controlled firewall rules, content filter and internet connection - IP-ranges, IP-groups - Layer7-filter - Port-ranges - Self- and predefined ports - Supported protocols: TCP, UDP, ICMP, GRE, ESP, AH Management - eGUI Technology - ISO 9241 certified - visual feedback immediately supplied for each setting - self-explanatory functions - overview of all active services - overview of the whole network - Layer and zoom function - Languages: English, German, French, Italian Spanish, Turkish - Role-based firewall administration - Role-based statistic-client - SSH-CLI - Desktop configuration saved / restored separately from backup - CLI on serial line - Object oriented firewall configuration - Direct Client Update function LAN / WAN-support - Ethernet 10/100/1 000*/10 000* Mbit/s - Twisted-Pair / Fibre-Optics - MTU changeable (Ethernet/DSL) - PPPoE, PPTPoE - ISDN - PPP-PAP, PPP-CHAP authentication - Inactivity timeout - Forced disconnect time - Cablemodem, xDSL - Concurrent connections - Backup-connections - Connection availability check - Loadbalancing - Time controlled internet connections - Manual and automatic DNS assignment - Multiple dyn-DNS support - Supports 8 different dyn-DNS-services - Source based routing - Routing protocols RIP, OSPF User authentication - Active Directory supported - Active Directory groups integration - OpenLDAP supported - Local userdatabase - Web-interface authentication (port changeable) - Windows-client authentication - Authentication on domain login - Single sign on with Kerberos - Single- and multi login - Web-Landing-Page - Login and logoff auditing - User- and group statistics DHCP - DHCP-relay - DHCP-client - DHCP-server (dynamic and fixed IP) DMZ - Port forwarding - PAT - Dedicated DMZ-links - DMZ-wizard - Proxy supported (SMTP)* VLAN - Max. 4094 VLAN per interface possible - 802.1q ethernet header tagging - Combinable with bridging Bridge-mode - OSI-layer 2 firewall-function - Spanning tree (bride-ID, port-cost) - Unlimited bridges - Unlimited interfaces per bridge - Combinable with VPN-SSL Traffic shaping - Up- and download shapeable - Multiple internet connection separately shapeable - All services separately shapeable - Maximum and guaranteed bandwidth adjustable - QoS with TOS-flags supported - QoS inside VPN connection supported High availability - Active-passive HA - Synchronisation on single / multiple dedicated links - Manually switch roles IDS/IPS* - Snort scan-engine - 5000+ IDS-pattern - Individual custom rules - Security-level adjustable - Rule groups selectable - Exceptions definable - Scanning of all interfaces - Email on IDS events - DoS, DDoS, portscan protection - Invalid network packet protection Backup - Remote backup creation - Small backup files (kb) - Remote backup restore - Restore backup on installation - Automatic and time based creation of backups - Automatic upload of backups on FTP or SCP-Server - Auto-install-USB-stick with backup integrated Proxies* - HTTP (transparent or intransparent) - Support for Radius-server, AD-server, local user-database - HTTPS, FTP,POP3,SMTP,SIP - Integrated URL-/ content-filter - Integrated antivirus-filter - Integrated spam-filter - Time-controlled Monitoring* - System-Info - CPU- / memory usage - Long-term-statistic - HDD-status (partitions, usage, RAID) - Network status (interfaces, routing, traffic, errors) - Process-monitoring - VPN-monitoring - User-authentication-monitoring Antivirus* - HTTP, HTTPS, FTP, POP3, SMTP - Scans compressed data and archives - Scans ISO 9660-files - Exceptions definable - Manual and automatic updates Logging, Reporting* - Email notification - Logging to multiple syslog-servers - Categorized messages - Report in admin-client (with filter) - Export report to CSV-files Web-filter* - URL-filter - Content-filter - Block rules up to user-level - Black-/ white-lists - Im- / export of URL-lists - File-extension blocking - Category-based website-blocking - Self definable categories - Scan-technology with online-database - Transparent HTTP-proxy support - Intransparent HTTP-proxy support SNMP - SNMPv2c - SNMP-traps - Auditing of: - CPU / Memory - HDD / RAID - Ethernet-interfaces - Internet-connections - VPN-tunnel - Users - Statistics, Updates - DHCP - HA Antispam* - Online-scanner - Scan-level adjustable - Real-time-detection-center - Black- / white-email-sender-lists - Mail-filter - Black- / white-email-recipients-lists - Automatically reject emails - Automatically delete emails - AD-email-addresses import Statistics* - IP and IP-group statistic - Separate services - Single user / groups - TOP-lists (surfcontrol) - IDS-statistics - Traffic-statistics - Antivirus- / antispam-statistics - Defence statistics - Export statistic to CSV-files VPN - VPN-wizard - Certificate-wizard IPSec - Site-to-site - Client-to-Site (Road warrior) - Tunnel-Mode - IKEv1, IKEv2 - PSK - X.509-certificates - 3DES, AES (128, 192, 256) Blowfish (128, 192, 256) - DPD (Dead Peer Detection) - NAT-T - Compression - PFS (Perfect Forward Secrecy) - MD5, SHA1, SHA2 (256, 384, 512) - Diffi Hellman group (1, 2, 5, 14, 15, 16,17,18) - export to One-Click-Connection - XAUTH, L2TP SSL - Site-to-site - Client-to-Site (Road warrior) - Routing-Mode-VPN - Bridge-Mode-VPN - X.509-certificates - TCP/UDP port changeable - Compression - specify WINS- and DNS-servers - 3DES, AES (128, 192, 256) CAST5, Blowfish - Export to One-Click-Connection PPTP - Windows-PPTP compatible - Specify WINS- and DNS-servers - MSCHAPv2 X.509 certificates - CRL - OCSP - Templates - Multi CA support - Multi host-cert. support VPN-client - IPSec-client - SSL-client (OpenVPN) - NAT-T - AES (128, 192, 256), 3DES CAST, Blowfish - X.509 certificates - PSK - One-Click-Connection - Log-export Command Center - eGUI Technology, ISO 9241 certified - Monitor 500+ firewalls - Active configuration of 500+ firewalls - VPN connections centrally creatable - Single- and group-backup - Plan automatic backup in groups - Single- and group update & licensing - Create and apply templates on multiple firewalls - Certificate based 4096 bit encrypted connections to the firewalls - Display settings of all firewalls - Role based command center user management - VPN-monitoring * Not available in the GPO75/GPO75a High performance Firewall Appliances What can we do for you? www.gateprotect.com
© Copyright 2026 Paperzz