차세대 방화벽 – 특장점

AXGATE Series’ next generation firewall

Secure with the Pride
AXGATE Series

The AXGATE Series’ next generation firewall is one that provides diverse security functions such as VPN (IPsec/SSL), IPS, Anti-DDos and Anti-Virus, etc. It achieves high performance in a stable manner with multi core distribution processing technology while minimizing performance degradation even in the event of handling large capacity network traffics. Our various product lineup allows you to adopt a perfect next generation firewall that suits each corporate’s needs.

제품소개

특장점

주요기능

제품사양

Special strengths

High performance realized by multi-core parallel processing

Performance degradation is minimized at the time of simultaneous driving for various functions (firewall, IPS, DDoS, VPN, and application control, etc.) by parallel processing for each module.
Design optimized for multi core enables maximum performance with CPU Core utilized without IDLE of the multi core dispersed algorithm.
The first packet undertakes analytical process to process slow path which determines whichever security module to execute, whereas the second packet and onwards take reference of the previously executed packet processing to process fast path (offload) to materialize a performance close to wired speed.

User based access control

Access is controlled via the user account (ID + Password) information in addition to the IP address and security policy is differentiated and applied by user group and individual.
Without the need to install agent in the user terminal separately, integrated security authentication is supported for web, and statistics such as traffic in use by user, and type of attach, etc. is supported.
For access control via a reliable 3rd party authentication, link of LDAP, AD, MS-SQL, ORACLE, and Local DB, etc., is supported.
Together with a static IP environment, even in an environment where dynamic IP is used, user based access control is possible.

Main features

User based security policy developed (firewall, contents filtering, IPS, and QoS)
Convenience of management is provided by reflecting user authentication information in the Log and statistics
Link of LDAP, AD, MS-SQL, ORACLE, and Local DB, etc., is supported for access control via a reliable 3rd party authentication
Access authorization acquired via user authentication without restrictions against user terminal
Burden of Mac information control is resolved for each terminal
Weaknesses supplemented for the Layer 2 based NAC solution

Security zone based security policy

Security zone is not a simple IP Address Group but a combination of the interfaces that bind the actual interfaces, allocating interfaces to the zone defined in advance and confers identity.
Setting policy by each security zone allows for the addition / deletion / revision of security rules, and the application of unnecessary security module helps to prevent performance drops.

Individual policy / log / statistics by security zone
Security modules such as contents filter, IPS, Anti-DDoS, and firewall, etc., are applied by each security zone
Applying unnecessary security module helps to prevent performance drops
Setting detailed policy in between zones strengthens security

Logical virtualization function

Firewall and VPN are logically virtualized to provide independent firewall and VPN services for each Virtual Domain for the unit of use with a single unit of AXGATE equipment.
Accordingly, application is made feasible without any change in the existing internal network environment, making it useful for securing expandability, increasing availability, convenience of control, and cost savings.

Not limited to firewall and VPN functions, but all other functions of AXGATE as well, such as IPS, NAT, Routing, QoS, and Contents Filter, etc.
A maximum of 250 domains are provided with a single unit of physical device
Super User account can set, revise and delete all domains
Each Domain administrator can access / change setting / delete with a different domain excluding his or her own domain
Virtualized control is made feasible by CLI and GUI

IPS

With both signature based rule provided and user defined rule supported, active response is taken against diversifying attacks, detects and blocks intrusion attacks from the outside given their increasingly intelligent, diversified nature, and preempts attack patterns via PCRE.

More than 5,000 signature based rules are provided
Evasion attack detected
User defined rule supported
Snort based Worm / Virus and Spyware and Malware blocking signature via Web
Outside attacks of diversified forms blocked via PCRE
Filtering supported via Black / White List
Most updated signature maintained with automatic / manual update
VoIP security function supported (SIP Traffic Attack)

Application control

Not a simple Port block, it detects / controls / blocks at the application level.
In addition, Traffic and Packet, and Session are enabled for the applications of lower significance for work.

Harmful websites disseminating malignant codes and warms, etc., are blocked by blocking the access to unnecessary websites for work
Upload and download for FTP and Telnet are controlled
Access control, encrypted communication block, login control, mail control, file transfer block and QoS coverage are provided for P2P and webhard, etc.

Web URL filtering

Harmful websites disseminating malignant codes and warms, etc., are blocked by blocking the access to unnecessary websites for work.
Korea Communications Commission’s Safenet DB : harmful website DB linked website filtering provided
PICS (Platform for Internet Content Selection) : as per grading of details included in the HTML meta tag
Customized Category : User defined URL Group filtering provided as per website characteristics

Web Editor Filtering (WEF)

A specialized function of WEF is used to block actions such as reply / email / file upload, etc., for web browser, website and SNS.
It is a function that restricts actions that upload comments or leave replies on the community bulletin boards of all types and strengthens work concentration by restricting activities other than work.
In the case of public institutions, it controls and restricts public servants’ community and SNS reply writing, thereby preventing actions that violate the duty of political neutrality.

Prevents outside disclosure of company’s inside information by restricting web mail writing
Efficient security applied in the simultaneous event of file upload block and execution
ebsite enabling community block
- Top 500 websites in Korea are blocked
- Alexa (http://www.alexa.com/topsites/countries/KR)
- Rankey.com (http://www.rankey.com/rank/rank_site_all.php)

IPsec VPN

dCube technology, which is AXGATE’s patented proprietary technology, strengthens security via the IPsec encryption with the WAN Channel Bonding Algorithm providing encrypted channel of high bandwidth of stability in connection with IPsec VPN.

Benefits

Low cost

-	Use of multiple low speed xDSL line increases line speed for low cost and better coverages

High availability

-	VPN Tunnel consists of multiple lines, so fail over will activated in the event of line failure
-	Session maintenance is assured in the event of line fail over

Special Features

Bandwidth-based
Load-balancing

-	Bandwidth of line is automatically detected and traffic’s load is dynamically processed to execute control

Loss Control

-	A technology which resends loss packet to correct communication delay and error

SSL VPN

ID / Password system
MAC Address static function
Connection policy is set by each VPN GW user
VPN Client account based session log
Connection status check, alarm function
Automatic reconnection in the event of connection failure (user defined)
Installation file disseminated, web based dissemination
Supports all various environments such as Windows / iOS / Android, etc.
iOS dedicated client program app store registered