Astaro firewall software manages all communications traffic between the Internet and internal networks to block unauthorised access.

The Astaro firewall manages inbound and outbound communications traffic, as well as traffic between internal networks. Administrators can block or allow access. for each protocol, to each internal network, server, service, and user group. The firewall inspects both networking information (packet headers) and application information (payloads) to detect and block suspicious traffic.

Application-Level Deep Packet Filtering

Astaro’s firewall provides both stateful packet inspection and application-level deep packet filtering. Packet headers are inspected, and ongoing connections are monitored, to make sure that they conform to the appropriate policies. Application-level proxies scan content (payloads) to ensure conformance with rules specific to web traffic, email, DNS, and other broad application types.

With an easy-to-use WebAdmin graphical interface,
administrators can quickly set rules to block or allow traffic, by protocol and by port, between pairs of source and destination addresses.

Security proxies

Astaro Security Gateway Software examines individual packet headers to make sure that they conform to the rules of the appropriate protocol (packet filtering), and tracks the sequence of events during ongoing connections to detect violations of normal processes (stateful packet inspection).

Application-Level Deep Packet Filtering

The Astaro Security Gateway Software firewall utilises application-level proxies to scan the application-related content of communications packets (payloads) to ensure conformance with rules specific to web traffic, email, DNS, and other broad application types.

The optional Astaro Security Gateway Software Intrusion Protection detects additional threats related to specific applications and protocols.

Security Proxies

Astaro Security Gateway Software provides comprehensive proxies for a variety of protocols, including:

• HTTP
• SMTP
• POP3
• DNS
• SIP
• SOCKS

These proxies simplify management by allowing administrators to quickly and easily enable and disable protocols and features such as content filtering, caching, whitelists and blacklists, file extension filtering, and MIME error checking. Web and email proxies can be run in transparent mode, so that each users’ packets can be redirected to the proxy without having to reconfigure desktop settings.

NAT and Masquerading and DoS Protection

Dynamic and static Network Address Translation (NAT) and masquerading conceal internal IP addresses behind a “public” IP address, to prevent hackers from learning about internal networks, servers, and users.

Astaro’s firewall protects against common Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks such as TCP SYN flood, ICMP flood, UDP flood, Smurf, Trinoo, and IP spoofing.

Transparent Firewall Mode

Packets can traverse the firewall in transparent mode without modifying any of the source or destination information in the packet header. The firewall can be inserted or removed from the network without needing to reconfigure IP addresses.

Time-Based Rules and Policy-Based Routing

Packet filter rules can be set for specified time periods. User groups can be granted access to networks and servers at certain times of day and denied access at others.

Astaro’s firewall can forward and route packets based on destination IP address, source IP address, source port, and destination port. Traffic can be spread over multiple Internet uplinks to improve application performance, reduce bandwidth use, and control costs.

Traffic Shaping and QoS

Administrators can increase or decrease the priority of different types of traffic between specific endpoints, providing quality of service (QoS) for critical transactions.

Detailed Reporting

Astaro Security Gateway Software provides detailed reporting on network traffic, connections, packet filter violations, hardware utilisation on the firewall system, and other information for managing the firewall.

Accounting reports provide detailed data on traffic to and from network segments.

Detailed logs can be stored and viewed in text format, or exported to spreadsheets and reporting systems for ad-hoc or specialised analysis.

• Astaro network security (545 KB)
• Astaro overview (370 KB)