AXGATE Series’ next generation firewall

AXGATE Series

High performance realized by multi-core parallel processing
Performance degradation is minimized at the time of simultaneous driving for various functions (firewall, IPS, DDoS, VPN, and application control, etc.) by parallel processing for each module.
Design optimized for multi core enables maximum performance with CPU Core utilized without IDLE of the multi core dispersed algorithm.
The first packet undertakes analytical process to process slow path which determines whichever security module to execute, whereas the second packet and onwards take reference of the previously executed packet processing to process fast path (offload) to materialize a performance close to wired speed.

User based access control
Access is controlled via the user account (ID + Password) information in addition to the IP address and security policy is differentiated and applied by user group and individual.
Without the need to install agent in the user terminal separately, integrated security authentication is supported for web, and statistics such as traffic in use by user, and type of attach, etc. is supported.
For access control via a reliable 3rd party authentication, link of LDAP, AD, MS-SQL, ORACLE, and Local DB, etc., is supported.
Together with a static IP environment, even in an environment where dynamic IP is used, user based access control is possible.

- User based security policy developed (firewall, contents filtering, IPS, and QoS)
- Convenience of management is provided by reflecting user authentication information in the Log and statistics
- Link of LDAP, AD, MS-SQL, ORACLE, and Local DB, etc., is supported for access control via a reliable 3rd party authentication
- Access authorization acquired via user authentication without restrictions against user terminal
- Burden of Mac information control is resolved for each terminal
- Weaknesses supplemented for the Layer 2 based NAC solution

Security zone based security policy
Security zone is not a simple IP Address Group but a combination of the interfaces that bind the actual interfaces, allocating interfaces to the zone defined in advance and confers identity.
Setting policy by each security zone allows for the addition / deletion / revision of security rules, and the application of unnecessary security module helps to prevent performance drops.
- Individual policy / log / statistics by security zone
- Security modules such as contents filter, IPS, Anti-DDoS, and firewall, etc., are applied by each security zone
- Applying unnecessary security module helps to prevent performance drops
- Setting detailed policy in between zones strengthens security

Logical virtualization function
Accordingly, application is made feasible without any change in the existing internal network environment, making it useful for securing expandability, increasing availability, convenience of control, and cost savings.

- Not limited to firewall and VPN functions, but all other functions of AXGATE as well, such as IPS, NAT, Routing, QoS, and Contents Filter, etc.
- A maximum of 250 domains are provided with a single unit of physical device
- Super User account can set, revise and delete all domains
- Each Domain administrator can access / change setting / delete with a different domain excluding his or her own domain
- Virtualized control is made feasible by CLI and GUI

IPS

- More than 5,000 signature based rules are provided
- Evasion attack detected
- User defined rule supported
- Snort based Worm / Virus and Spyware and Malware blocking signature via Web
- Outside attacks of diversified forms blocked via PCRE
- Filtering supported via Black / White List
- Most updated signature maintained with automatic / manual update
- VoIP security function supported (SIP Traffic Attack)
Application control
Not a simple Port block, it detects / controls / blocks at the application level.
In addition, Traffic and Packet, and Session are enabled for the applications of lower significance for work.

- Harmful websites disseminating malignant codes and warms, etc., are blocked by blocking the access to unnecessary websites for work
- Upload and download for FTP and Telnet are controlled
- Access control, encrypted communication block, login control, mail control, file transfer block and QoS coverage are provided for P2P and webhard, etc.
Web URL filtering
- Harmful websites disseminating malignant codes and warms, etc., are blocked by blocking the access to unnecessary websites for work.
- Korea Communications Commission’s Safenet DB : harmful website DB linked website filtering provided
- PICS (Platform for Internet Content Selection) : as per grading of details included in the HTML meta tag
- Customized Category : User defined URL Group filtering provided as per website characteristics
Web Editor Filtering (WEF)
A specialized function of WEF is used to block actions such as reply / email / file upload, etc., for web browser, website and SNS.It is a function that restricts actions that upload comments or leave replies on the community bulletin boards of all types and strengthens work concentration by restricting activities other than work.
In the case of public institutions, it controls and restricts public servants’ community and SNS reply writing, thereby preventing actions that violate the duty of political neutrality.
- Prevents outside disclosure of company’s inside information by restricting web mail writing
- Efficient security applied in the simultaneous event of file upload block and execution
- ebsite enabling community block
- Top 500 websites in Korea are blocked
- Alexa (http://www.alexa.com/topsites/countries/KR)
- Rankey.com (http://www.rankey.com/rank/rank_site_all.php)
IPsec VPN

Benefits | Low cost |
|
|||
High availability |
|
||||
Special Features | Bandwidth-based Load-balancing |
|
|||
Loss Control |
|
SSL VPN
- ID / Password system
- MAC Address static function
- Connection policy is set by each VPN GW user
- VPN Client account based session log
- Connection status check, alarm function
- Automatic reconnection in the event of connection failure (user defined)
- Installation file disseminated, web based dissemination
- Supports all various environments such as Windows / iOS / Android, etc.
- iOS dedicated client program app store registered


Inquire on product purchase : +82 70-4034-6410, sales@axgate.com / Technical support center : +82 70-4034-6442, tech-noc@axgate.com
Security control center : +82 70-4034-6437, tech-noc@axgate.com