 |
 |
| Business Solutions |
| Hospitality- |
| Firewall VPN- |
| Hotspot ISP- |
| Business Wireless- |
| SOHO Telecommuter- |
| Latest News |
| Products |
| Design Win Center |
| VAR Opportunities |
| VAR Application |
| Partners |
|
|||
| BroadGuard® offers key performance attributes in network security previously available only in Enterprise level router systems. | |||
|
Now, advanced Firewall and VPN are combined in an affordable solution designed specifically for the Small to Medium Business market. BroadGuard® is a turnkey Firewall and VPN solution, with no license scheme nor additional software required at additional cost. BroadGuard® is ideal for small businesses that need a truly scalable solution, allowing limited network IT staff to manage not only the main office but all branch networks of the business from one management station. Through VPN connections, the entire business network becomes one secure Intranet, improving communications among corporate staff and dramatically simplifying IT overhead. |
|
||
A VPN enabled Intranet answers the question, “…how to maintain the high level of communications efficiency a growing small business has as a single office, while continuing to grow into distributed offices?” The key is having instant access to network resources, and securely sharing critical corporate information and ideas as if all staff members are located in the same office. For SMB organizations, a VPN tunneling network between office gateways is the ideal way to achieve maximum security and scalability for growth, and BroadGuard® makes it happen.
Firewall BroadGuard® includes a comprehensive software solution that combines stateful inspection (SPI), access policies, application content filtering, NAT (which includes basic NAT, Enhanced NAT, Service NAT, Reverse NAT, and over 30 ALGs), protection from internal cyber attacks, web traffic redirection and administration support. The Firewall is seamlessly integrated into key security features such as VPN, dynamic routing, QoS, Load Balancing, and other gateway functions. |
|||
|
Cyber-defense Engine: BroadGuard® utilizes a unique cyber-defense Engine that protects internal and DMZ networks from known Internet attack patterns. It provides a built-in defensive maneuver to protect against denial-of-service attacks by finding weaknesses in the attack model, disrupting and counteracting the attacks before they occur.
|
|||
|
Stateful Inspection Engine: The Firewall is Stateful Packet Inspection (SPI) that operates in a highly efficient single module to maximize throughput performance. The Firewall maintains connection information providing a performance advantage over conventional SOHO targeted SPI Firewall implementations. Packet inspection is based on security policy prior to processing in the higher protocol layers, which eliminates the need for packets to be copied from the operating system into the user space.
Network Address Translation: BroadGuard®’s NAT supports over 40 Application Layer Gateways (ALGs) that make it easy to log and control all incoming and outgoing traffic. As a result, BroadGuard® supports more business applications automatically within the NAT itself, resulting in a more intelligent and secure network gateway that maintains the Firewall undisturbed. Application Content Filtering:BroadGuard® includes active content filtering on certain application protocols selected within the administrative page, including: HTTP, FTP, SMTP, and RPC. Access Policies: Access Policies are the rules to access network services through BroadGuard®’s Firewall. These Firewall access policies can be configured based on various parameters including services, source and destination IP address, range or subnet IP address and time window. Network administrators can also segregate the user community in different user groups and define access policies on per group basis.Administration Management: BroadGuard® provides the ability to administer and manage the firewall using a Web-based user interface, including such functions as remote management, configuration of alerts and logs, provision for statistics, and password administration. VPN The VPN suite for BroadGuard® is an embedded software solution that provides businesses a means to secure communications between separate networks, creating a private encapsulated network service that runs over a public network like the Internet. For the Small and Medium Business market, point-to-point and point-to-multipoint VPN tunnels between distributed Enterprise networks are more cost effectively supported with BroadGuard® than by having to rely on third-party providers for leased lines. Supporting MD5 and SHA-1 for authentication, and 3DES (168bit) and DES (56bit) with explicit IV for encryption, BroadGuard® defines encryption, authentication and key management to create a virtual private network tunnel.
IPSec Engine: The IPSec engine combines a suite of protocols to provide security services to unsecured IP datagrams. The suite includes the Authentication Header (AH), which addresses authentication for IP traffic, and the Encapsulating Security Payload (ESP), which defines encryption for IP data. The Authentication Header defines the parameters that will be used for authenticating the originator, checks integrity and protects the session from protocol replay when enabled with automatic key. The ESP header specifies encryption methods including the encryption and authentication keys and time frame for key validation, with lifetime support for both seconds and Kbytes. Policy Manager: BroadGuard®’s Web-based and CLI configuration interfaces provide a flexible tool to configure VPN policies including multiple alternative security proposals and standard data security algorithms. IKE Engine: The IKE engine implements the IKE protocol for automatic key management and authentication. During session negotiation, it is important that you know with whom you are negotiating. To authenticate negotiating parties, BroadGuard®’s IKE engine supports, Shared Key, DSS or RSA digital signatures. It supports both main and aggressive modes in phase one negotiations and PFS for keys in phase two negotiations. IKE uses a hashing technique to ensure that only the system / person possessing the same key can send the IKE packets. Public-key digital-signature cryptography is used to verify that each party is in fact who they claim to be. Interoperability: BroadGuard®’s IPSec system is both VPNC and ICSA 1.1 certified for interoperability and performance. This provides maximum flexibility in establishing cross platform VPN tunnels, as between branch offices and corporate VPN concentrators in a headquarters network where interoperability is essential in growing corporate security strategies. In addition, BroadGuard® hosts support for registered certificates used to authenticate the IPSec session with interoperability for major Certificate Authorities, such as VeriSign.
|
|||
|
|
|||
Privacy
Policy
© Copyright
2002 SOHOware,
Inc. All rights reserved worldwide.