This xUTM appliance is a stand-alone device and can also be used outside the server cabinet. Like gateProtect's larger solutions, the GPO 125 is equipped with cutting-edge eGUI® technology and can also be configured to operate in tandem with the Command Center. You receive a full-scale, high-performance xUTM appliance incl. features like HA, VLAN, xUA with single sign-on, bridging, VPN SSL with x.509 certificates + IPsec, anti-spam with real-time detection, antivirus, intrusion detection, and web filtering.

eGUI®-Technology

The new eGUI® technology from gateProtect is remarkable for its ergonomic approach to the processing operation. The display, even of sometimes very different applications, is always consistent and delivers the information required by the user for the current operation only. A measure of the quality of the gateProtect operator concept are the principles governing the design of software dialogue, as formulated in ISO 9241, part 110.

Extended User Authentication

Most modern firewall systems support proxy-based user authentication. This means that only those services which work with proxies such as HTTP or FTP can be issued to specific users. The gateProtect firewall has rule-based Extended User Authentication. This allows any number of services to be assigned individually to one user or a group of users. If a user logs on to the firewall from a computer, all the assigned services for the computer in question are enabled.

1. Web browser/UA Client: logon is via an HTTPs connection.
2. Single sign-on: Kerberos automatically passes the log-on to the domain to the firewall.

VPN Gateway (SSL with X.509 Certificates + IPSec)

gateProtect offers the most commonly used forms of current site-to-site and Road Warrior VPN connections via IPSec and SSL. Wizards and the eGUI® technology help with the management and set up of these connections. In addition, the firewall generates external configuration files when the VPN connections are created. These files can be used for setting up single click connections and also for site-tosite connections when importing on the firewall at a remote site.

Furthermore, gateProtect offers an IPSec and SSL site-to-site solution with X.509 certificates which can work in bridge mode as an option. For a normal bridge, two or more network cards are linked to form a logical network. gateProtect not only allows this for network cards but also for VPN-over-SSL connections. This makes it possible to treat remote computers as if they were in the local network.

Traffic Shaping & QoS / Up- & Download

The traffic shaping facility from gateProtect is one of the most comprehensive implementations on the market. Maximum and minimum bandwidth can be specified for each object on the desktop. Based on this, it is possible to manipulate the traffic for each service. Bandwidth distribution can be configured at any level of detail. Another special feature of the gateProtect solution is the prioritization of data packets in the VPN tunnel with QoS. This is important for time-critical applications where a delay would not be desirable. For example, gateProtect makes it possible to use VoIP via a VPN tunnel for interference-free telephone calls, irrespective of the utilization of the tunnel for RDP or data download, for instance.

High Availability

The high availability of gateProtect firewall systems is based on an active/passive system where a secondary firewall is installed in parallel with the primary firewall. The secondary firewall synchronizes itself constantly with the primary firewall using dedicated connections. It can therefore at any time take over the work of the primary firewall, should this fail, without any manual intervention.

Furthermore, the status of the primary firewall is monitored by different systems. If any problems are detected in the firewall, it switches itself off. The secondary firewall enables the synchronized configuration and can continue operating in the place of the primary firewall immediately. Downtime is minimized and problems can be dealt with under less pressure.

HTTPS Scan

It is not possible to scan HTTPS traffic on the firewall with the products from most other suppliers. Malware such as trojans and viruses exploit this open door to enter an internal network unhindered.

gateProtect is one of the few manufacturers to close this door with their xUTM appliances. gateProtect software can also scan encrypted HTTPS connections in the data traffic for viruses and other malware.

To do this, the data flow is decrypted at the firewall, analyzed and, if no viruses are found, re-encrypted and sent on its way again.

Load Balancing

gateProtect load balancing distributes the data traffic with the Internet to different routes. The firewall then decides which way the Internet is accessed each time a connection is established.

As a rule, this distribution is based on protocols. gateProtect also makes it possible to assign each individual connection to a route. This allows the utilization of Internet connections to be planned in great detail and optimized.