Firewall

The backbone of a security system which blocks and allows traffic.

A good firewall can stop costly events that lead to data loss or theft, infected workstations, and other productivity-sapping incidents. Used to determine what traffic is allowed to flow both in to and out of the network, a properly configured firewall can keep much of your operation protected from the scanners, bots, attacks and other dangerous exploits which threaten the security of your business.

Description & Screenshots

Astaro’s firewall uses an object-based approach. Simply define an object like a workstation or company web server, and then re-use this information all through the configuration. Astaro’s firewall is intuitive, easy to use, and removes the confusing interfaces found in many UTM’s today by offering an open, visual layout that allows administrators to be as broad or detailed as they need. Astaro’s packet filter includes a time-saving feature that pushes any change made to an object to all URLs that use it. For example, if you have a web server at an internal address with dozens of rules that govern access to and from this resource and need to make a change to the address, you need only change it once and all rules that contain "web server" as an object will instantly be updated. This can save hours of time vs. manually adding each rule and reduces the chance for human error.

The packet filter is a deny-by-default tool, which means only traffic that administrators specifically allow will occur. This eliminates the need for administrators to spend time learning and "locking down" the product right out of the box. Since no permissions exist by default, there is no chance that traffic which is unwanted will be allowed through the firewall by accident.

Technical Information

The Astaro Firewall includes a combination of many powerful tools and features for controlling data flows that are allowed to pass from the Internet to the internal LAN and vice versa:

Stateful Packet Filter
Security Proxies to Simplify Management
- HTTP/S, FTP, FTP-over-HTTP, POP3, SMTP, DNS, Socks, Ident , NTP, generic
- Transparent mode eases administration

Application-Level Deep Packet Filtering
- Scans packet payloads to enforce protocol-specific rules

Flexible Rules Management
- Can include hosts, networks, groups or vpn users
- Automatic rule generation for application proxies and internal services
- Time-based activation
- Policy-based routing
- Interface based rules

Network Address Translation
- SNAT/DNAT
- Masquerading

Available Platforms
	Astaro Security Gateway Hardware Appliances Our hardware appliances are purpose built, high-performance security devices. They integrate Astaro's security applications with a hardened Operating System on optimized Intel-compatible server systems that cater to every business size. This section details the series of Astaro Security Gateway hardware models available. Learn More..
	Astaro Security Gateway Software Appliance Our software appliances include the operating system and all security applications bundled within a single software image. While offering the same capabilities as the hardware platform, they can be easily installed on your hardware of choice - maximizing deployment flexibility. The Astaro Security Gateway software appliances are much easier and faster to set-up than software applications that require the installation of an operating system in advance.This section details the security applications available, technical information and deployment scenarios. Learn More..
	Astaro Security Gateway Virtual Appliance for VMware Our virtual appliances include a software appliance which has already been pre-installed and pre-configured for VMware environments. Being the first unified threat management product that has been certified as “VMware Ready”, it allows for the secure and easy deployment of an "all-in-one" security solution within a virtual environment. This section details the security applications available, technical information and deployment scenarios. Learn More..