axs guard - vasco | delivering trust to the digital world · access challenges. each bundle adds...

A global leader in authentication, electronic signatures, and identity management

AXS GUARD

AXS GUARD AXS GUARD1

AXS GUARD at a glance _______________________________________________________________________________ 2

Overview __________________________________________________________________________________________ 3

1 hardware platform – 5 software bundles _________________________________________________________________ 3

1 software solution performance based appliances ___________________________________________________________ 3

Performance or user based licenses _____________________________________________________________________ 3

Software bundles ____________________________________________________________________________________ 4

Overview ________________________________________________________________________________________ 5

AXS GUARD Core __________________________________________________________________________________ 6

AXS GUARD RAS and Web protection ____________________________________________________________________ 6

AXS GUARD RAS Basic ______________________________________________________________________________ 7

AXS GUARD Standard RAS ___________________________________________________________________________ 8

AXS GUARD Enterprise RAS __________________________________________________________________________ 10

Content scanning ___________________________________________________________________________________ 11

Content scanning: mail _____________________________________________________________________________ 11

Content scanning: web _____________________________________________________________________________ 12

Reporting & statistics _______________________________________________________________________________ 12

Authentication _____________________________________________________________________________________ 13

Personal AXS GUARD ________________________________________________________________________________ 14

Secure and wireless connection to the corporate network _____________________________________________________ 14

Easy configuration and setup _________________________________________________________________________ 14

Hardware specifications _____________________________________________________________________________ 15

Hardware sprecifications ____________________________________________________________________________ 15

Hardware platforms ________________________________________________________________________________ 16

Virtualized Platforms _______________________________________________________________________________ 16

Licenses _______________________________________________________________________________________ 16

Outstanding all-in-one security solution __________________________________________________________________ 17

AXS GUARD: an outstanding all-in-one security solution ______________________________________________________ 17

AXS GUARD enables services for Value Added Resellers ______________________________________________________ 18

Business automation for secure remote assistance __________________________________________________________ 19

A secure network for local governments _________________________________________________________________ 20

Internet redundancy ________________________________________________________________________________ 21

Secureing your website _____________________________________________________________________________ 22

Contents

AXS GUARD AXS GUARD 2

AXS GUARD is a security appliance dedicated to the needs of the SME market. The solution is designed for administrators who want an all-in-one solution for Internet connectivity and security. 27 functional features are bundled together into 5 software packages with additional content scanning licenses. Each software bundle can run on any available physical or virtual AXS GUARD platform, allowing organizations of any size to choose the most suitable combination of performance and features. AXS GUARD works transparently with any other solution allowing organizations to activate only those features they really need. Additionally, AXS GUARD fits perfectly into any network environment, whether it’s a Microsoft, Linux, Mac or mixed environment.

Secure LAN

DMZ ZONE

Bandwith Management

with QoS

Internet Redundancy

APPLICATION

CONTROL

SPICT

FIREWALL

INTERNET

IDS

AND

IPS

STATISTICS

STRONG

USER

AUTHENTICATION

SPICT

FIREWALL

SECURE LAN

STRONG

USER

AUTHENTICATION

DIRECTORY

SERVICE

INTEGRATION

NETWORK PROTOCOLS

DMZ FIREWALL

RADIUS SERVER

PKI CA

WEBMAIL SERVER

MAIL SERVER

APPLICATION FIREWALL HTTP/HTTPS/FTP

SSL VPN WEB PORTAL

VPN/RAS SERVER

PROXY SERVER

SMTP RELAY

LIVE MONITORING & REPORTING

CONTENT SCANNING

MALWARE PROTECTION

CONTENT SCANNING

MALWARE PROTECTION

Remote Office

Road Warrior

PUBLIC DNS

COMMUNICATION

REMOTE ACCESS

SECURITY

AUTHENTICATION

AUDITING

SOHO

A FULL-BLOWN SOLUTION

FOR REMOTE ACCESS

AXS GUARD at a glance

1 hardware platform - 5 software bundles

The five Remote Access Solution software bundles can operate on each available physical or virtual AXS GUARD platform. Should you require additional features, simply upgrade to another software bundle, no switching of the hardware appliance required. An automated updating and licensing system will remotely push the new features to AXS GUARD, avoiding lengthy upgrade or installation procedures. Your current configuration will continue to run as before.

1 software solution - performance based appliances

Each AXS GUARD software bundle is available on any physical or virtual hardware platform. The software bundle can run as a virtual appliance which works with every major virtualization software. Two versions are available for the virtual appliance: user based licenses without hardware limit or performance based licenses without user limit.

The software license can also run on an AXS GUARD hardware platform. These appliances differ only in performance and in the number of network connections available. Each appliance has the same functional features and user interface which makes administration of multiple devices a lot easier. The web-based GUI ensures intuitive administrator use for all AXS GUARD appliances, from large installations on multiple sites to a single appliance at a remote location. Through a hosted central management system multiple appliances can be managed simultaneously.

Performance or user based licenses

Each combination of hardware and software has a recommended number of users. The number of users is an indication of the best performance and hardware maintenance for the appliance and assures that all available features – including the content scanning option – have been activated.

For the appliances themselves, there is no user limit. However, when the number of users exceeds recommendations, system performance may be impacted. As expected, the number of users can be increased when fewer options have been selected. The recommended number of users applies to a normal working environment. In some setups it is recommended to purchase more performance-based hardware in order to optimize your high speed internet connection.

To offer complete protection for your network, AXS GUARD comes with separate content scanning and authentication licenses. Content scanning exists in a basic and a standard version with yearly renewable licenses.

Authentication features, which can complement the AXS GUARD appliance, are available by simply adding the VACMAN plugin license and DIGIPASS authenticators.


Overview

AXS GUARD GROWS WITH

YOUR COMPANY

Software bundles

AXS GUARD has five different software bundles to choose from, allowing you to select the most suitable solution to address your remote access challenges. Each bundle adds functionalities to the previous bundle, turning AXS GUARD in a future proof solution that grows with your business. Depending on your needs and network connectivity you can select the appropriate bundle.

We created two different lines of these features. One allows AXS GUARD to work in conjunction with other security vendors, focusing on specific needs like authentication. The other can serve as the main security focus of the company.

Content Scanning LicensesMalware (SPAM, Antiphishing, Antivirus,...) on proxy and mailMAIL Server with webmail

Trend Micro LicensesTrend Micro Malware on Proxy and MailWeb content scanning

DIGIPASS licensesOne Time One time password with DIGIPASS hardwareOne time password with DIGIPASS for Mobile

AXS GUARD RAS Basic AXS GUARD Core +FirewallIDS/IPSVPN

AXS GUARD Core AXS GUARD CoreDIGIPASS Authentication (Radius)SIEM Agent

AXS GUARD RAS Standaard AXS GUARD RAS Basic +Advanced Networking (MIC/QoS/Pub DNS)Web Traffic Control NGFW + Proxy

AXS GUARD RAS Enterprise AXS GUARD RAS Standard +Reverse ProxySSL Web PortalHigh Availability

AXS GUARD RASWeb Protection AXS GUARD Core +Reverse ProxySSL Web portal

VPNPublic DNS

Access Security

Enterprise Security

Content Scanning

StrongAuthentication

ALL THE SECURITY YOU

NEED BUNDLED TOGETHER


Software bundles


Software bundles

Authentication solutions

Two bundles have been created to offer specific authentication solutions:

AXS GUARD CoreFocuses on two-factor authentication through RADIUS, as well as the ability to connect to SUMOLOGIC’s SIEM solution.

AXS GUARD RAS & Web ProtectionAdds additional authentication to websites and remote desktop solutions while providing protection to these websites. It also offers remote connectivity solutions for websites and internal applications.

Full security solutions

AXS GUARD RAS BasicAXS GUARD RAS BASIC is a solution for small SMEs, offering internet connectivity and security.

AXS GUARD RAS StandardThe AXS GUARD RAS STANDARD bundle supplements internet connectivity: both outgoing as well as incoming traffic is made redundant. Further, the AXS GUARD application firewall is added to filter traffic on Layer 7. This is an ideal solution for the medium-sized SME.

AXS GUARD RAS EnterpriseWith AXS GUARD RAS ENTERPISE you can protect your websites and duplicate your AXS GUARD for 24/7 connectivity.


Software bundles

AXS GUARD Core

The AXS GUARD CORE Software solution is tailor made for

companies that already have an infrastructure in place and want

to extend it using two-factor authentication, or for companies that

want to simplify the connectivity to the SUMOLOGIC SIEM platform.

Authentication

To provide secure remote access, VACMAN Controller is integrated

into AXS GUARD. This allows users to authenticate themselves

with a DIGIPASS on their network. AXS GUARD supports two-

factor authentication with hardware clients (one-button or pin pad-

protected) and software clients that run on iOS, Android, Windows

and Blackberry.

Any RADIUS client (such as a VPN appliance or Wi-Fi access point)

can connect to the AXS GUARD for two-factor authentication. The

user enters the one-time password generated by a DIGIPASS and

the AXS GUARD authenticates the user to the RADIUS client.

Additional authentication services are offered in the AXS GUARD

RAS and WEB PROTECTION bundle.

SIEM agent for SUMOLOGIC

AXS GUARD Core is integrated into the SUMOLOGIC SIEM agent.

This allows all AXS GUARD events to be sent to the SUMOLOGIC

cloud solution. It can also forward other events from other

appliances or software, which simplifies the setup of this solution.

There is no longer a need to open dedicated internet connections

for each device that needs to be monitored. All devices will send

their events and log files to the AXS GUARD, securely relaying the

messages to SUMOLOGIC.

Includes software modules

• Administration

• Network

• Monitoring and logging

• SIEM AGENT

• Authentication

• Firewall

AXS GUARD RAS and Web Protection

The AXS GUARD RAS and WEB PROTECTION bundle offers two-

factor authentication to other resources such as websites, remote

desktop environments and other applications. The bundle includes

a Reverse Proxy which protects internal webservers from hacking

attempts. It includes SSL offloading to simplify configuration on

your webserver.

Users can be authenticated via the built-in VACMAN Controller,

enabling strong user authentication to protect any webserver

without the need to adapt a website. For dedicated web applications,

such as Outlook Web Access and Citrix, it also provides single sign-

on features.

Additional connectivity modules like multiple internet connections

and public DNS to do your own DNS resolving can be obtained by

upgrading to the Enterprise bundle. The SSL VPN web portal allows

a connection from any browser to the local network. The default

web portal page — protected with two-factor authentication —

can be customized for each user according to his needs. Default

applications are available, which will allow you to set up Remote

Desktop Protocol (RDP) RDP sessions, browse internal web servers,

access local file servers.

Full remote access can be achieved with any standard VPN client

over L2tP, IPSec and PPTP. To allow client server connection over

SSL, the bundle includes a free Open VPN client, available for any

OS, including mobile systems such as android and iOS. The VPN

server supports access from Personal AXS GUARD, a remote VPN

appliance dedicated for SOHO use.


• Administration

• Network


• SIEM AGENT

• Authentication

• Firewall

• VPN server

• Reverse Proxy

• SSL-VPN web portal

• Public DNS


Software bundles

AXS GUARD RAS Basic

The Basic Remote Access Solution bundle allows your users to securely connect to the local network. The bundle was designed for the SME market, offering small and medium companies a simple solution to connect remote users while providing full protection by AXS GUARD.

The AXS GUARD Core OS includes all necessary networking and routing protocols to connect your network to the Internet. Complete logging and monitoring is available on the appliance itself but logging and monitoring reports can also be sent towards an external syslog server. The network can be monitored at any given moment thanks to the live flow viewer.

The Directory Integration Services allow you to synchronize your users from any LDAP server to AXS GUARD. Users and groups are directly managed in AXS GUARD’s administration interface.

Users can authenticate themselves using a DIGIPASS. DIGIPASS functionalities and management are incorporated in AXS GUARD in which VASCO’s core authentication platform VACMAN Controller is integrated. Should you prefer to work with certificates, a CA is incorporated.

The network is protected from hacking attempts through the SPICT Firewall with IPS. Firewall rules can be determined and implemented on IP address, user or group level. User and group policies are added from a list of predefined rules. This allows an IT administrator to build a more secure setup of the network and perform better control and more efficient management through AXS GUARD.

Remote access can be achieved with any standard VPN client over SSL VPN, L2tP, IPSec and PPTP. The VPN server supports access from Personal AXS GUARD, a remote VPN appliance dedicated for SOHO use.

Included software modules

• Administration• Network• Monitoring and logging• SIEM AGENT• Authentication• Firewall• IPS and IDS• VPN server


Software bundles

The Standard Remote Access bundle offers web traffic control

and additional network connectivity tools, augmenting the Basic

bundle.

Web Traffic Control

To manage and control internet access of your employees, AXS

GUARD uses a SPICT Firewall and a web proxy to safely connect

your users to the internet. The firewall allows you to control which

traffic is allowed based on IP address and ports.

The AXS GUARD RAS Standard version also includes a web Proxy.

After authentication (Kerberos, web-based or SSO by using static

passwords or two-factor authentication), specific rules can be

applied to each user or group of users. It does not matter which

PC users log on to; they will always receive their own specific

(and unique) web browsing rules.

In order to create those rules, AXS GUARD first needs lists. A

site list can exist out of a list of defined URLs or parts of URLs in

wording. It can contain words and URLs that you want to block,

or words and URLs that should pass. (e.g. the administrator might

want to block URLs with the word sex, but would want to allow

URLs with the word MSExchange.)

Predefined blacklists are available on AXS GUARD, categorizing

3.5 million sites into 90 different categories such as; adult related

content (adult, porn, art nudes,…); social networking (chat, blog,

mail, …); gaming (gambling, online gaming,…); whitelist (!)

100% suitable for kids;…etc.

Additional lists, anti-malware protection and web-based content

scanning are available in separate, user based Content Scanning

licenses.

The web proxy is used to control web traffic over ports 80 and

443, and allows you to control who can browse which websites

at any given moment. It also scans webpages on content, and

detects and blocks malware from suspicious sites. However, the

internet’s revolving applications, many using different techniques,

cannot always be blocked with a firewall or web proxy alone. For

example, torrent applications try to bypass the proxy server by

accessing the internet on any free port.

Deep Packet Inspection (DPI) enables IT administrators and

security officials to set policies and enforce them at all layers,

including the application and user layer to help combat those

threats.

AXS GUARD provides an Intrusion Prevention System to

supplement the SPICT Firewall Service. This system helps to

protect the corporate network from any malicious intrusions or

other hazards from outer networks, as well as to enforce certain

security policies and offer protection to known vulnerabilities on

all network traffic, from the network to the application layer (layer

7).

This remains a key part of DPI provided by AXS GUARD, but is

now complemented with Application Control service, which

allows administrators to control applications and protocols that

are used on or accessed from the corporate network. The service,

an extension of the firewall, detects any new connection seen by

the system as quickly and as accurately as possible and labels

it with a known application name. Afterwards, the Application

Control policy set by the administrator is enforced, which will

allow or deny the connection to continue once the associated

application is determined.

Advanced Networking

Advanced Networking allows you to add multiple Internet lines

with automated failover and load balancing. IT administrators are

able to determine whether internet traffic should be redirected

over another line or be blocked in case of internet failure. When

no rules are applied, traffic will be divided over all other available

lines.

The bundle also includes a bandwidth management module with

QoS which will help you to use the available Internet capacity in

an optimal way. Rules can be determined based on IP address or

type of traffic per interface or inside a VPN tunnel. It is an ideal

option for enterprises using cloud applications, companies that

have remote offices, or those implementing a VoiP system with

remote sites using cloud applications.

AXS GUARD Standard RAS


Software bundles

Companies hosting their own web servers can benefit from the

public DNS server module which guarantees continuity of web

services in case of an unexpected connectivity (Internet) outage.

The public DNS server allows you to publish your own public DNS

names without the help of your ISP. In case your Internet line fails

— which, incidentally, already has the public IP of your webservers

assigned to it — the public DNS server will automatically detect the

failure and publishes the IP address from your other Internet line

to the DNS root servers on the Internet. This is ideal for enterprises

offering webmail, Citrix, RDP, and VPN to their users.


• Administration

• Network


• SIEM Agent

• Authentication

• Firewall

• IPS and IDS

• VPN server

• Web Traffic filtering (check licenses)

• Multiple Internet Gateways

• Bandwidth management

• Public DNS


AXS GUARD Enterprise RAS

The Enterprise Remote Access bundle offers secure web-based

access to your network, supplementing the STANDARD Bundle.

The bundle includes a Reverse Proxy which protects internal

webservers from hacking attempts. To authenticate your users

it can use the built-in VACMAN Controller, enabling strong user

authentication to protect any webserver without the need to adapt

your website. For dedicated web applications like Outlook Web

Access and Citrix, it allows single sign-on features.

The SSL VPN web portal allows a connection from any browser

to the local network. The default web portal page — protected

with two-factor authentication — can be customized for each user

according to his needs. Default applications are available, which will

allow you to set up Remote Desktop Protocol (RDP) RDP sessions,

browse internal web servers and access local file servers.

Optionally, you can extend the Enterprise RAS bundle with an

active/passive High Availability appliance.

Reliability of the AXS GUARD hardware is among the highest in its

category. Nevertheless, to allow 100% uptime, there is the option

to have a second AXS GUARD in High availability mode. The active/

passive high availability (HA) allows a full time continuity of your

AXS GUARD. The second system is available through the AXS

GUARD RAS Enterprise Backup bundle.


• Administration

• Network


• SIEM AGENT

• Authentication

• Firewall

• IPS and iDS

• VPN server

• Web traffic filtering

• Multiple internet gateways

• Bandwidth management

• Public DNS

• Application firewall

• SSL-VPN web portal

• High availability (Enterprise Backup)

Enterprise RAS

AXS GUARD AXS GUARD

The content scanner supports the most common mail protocols. E-mails can be stored on AXS GUARD’s mail server or can be delivered to an external mail server after scanning for spam and malware.

To stop all unsolicited mails, the content scanner has a multi-layered way of scanning e-mails. A first scan will take the custom configured rules of blacklisting and whitelisting into consideration. Secondly, all known malevolent mails will be blocked based on default blocking mechanisms such as header checks or a list of banned IP addresses.

Attachments can be blocked based on their extension. The AXS GUARD will not just look at the name of the extension, but effectively match the extension with the document properties. Zip files will be opened and scanned to the actual included document. It’s possible, for example, to allow regular office documents yet block those that contain macros to stop more advanced malware such as ransomware.

Optionally, greylisting can be activated. With this feature, AXS GUARD will bounce received mails a first time. An actual mail server will resend the mail which will be accepted by the AXS

GUARD appliance. In turn, it will then list the sender’s mail address as ‘safe’ after a couple of successful mail attempt deliveries. The reasoning behind this is that most spammers will not resend mails.In the standard version, DCC (Distributed Checksum Clearinghouse) will check the central VASCO database to determine whether mail is spam. Mail virus scanning is also included: the Basic version uses ClamAV; the Standard version additionally uses the Trend Micro engine.

Each mail is scanned and scored based on its content. The administrator can then decide for each user or group if the mail should be blocked, delivered or marked as spam. The administrator can also decide what needs to be done with mail attachments, based on the mime type.

Because spam can sometimes be very local and personalized, users can resend detected spam (or non-spam) mails back to AXS GUARD, which will learn from these mails and as a result will adjust the spam scores.

AXS GUARD can be extended with Content Scanning licenses providing secure mail and web traffic. Content scanning is available in combination with all AXS GUARD software versions. In addition to standard Content Scanning, which also includes the mail server with webmail, you can add Trend Micro licenses for an additional anti-virus engine and web-based content scanning features.

Content Scanning: mail

INTERNET WITHOUT

HEADACHES

Content scanning

11

AXS GUARD AXS GUARD

To avoid users importing all kinds of malware and to increase productivity, all web traffic should pass the proxy on AXS GUARD. After authentication (web-based or SSO by using static passwords or two-factor authentication), specific rules can be applied to each user or group of users. It does not matter which PC users log on to; they will always receive their own specific (and unique) web browsing rules.

In order to create those rules AXS GUARD first needs lists. A site list can exist out of a list of defined URLs or parts of URLs in wording. It can contain words and URLs that you want to block, or words and URLs that should pass. (e.g. the administrator might want to block URLs with the word sex, but would want to allow URLs with the word MSExchange.)

Predefined blacklists are available on AXS GUARD, categorizing 3.5 million sites into 90 different categories such as, malicious web pages (spyware, phishing, virus infected,…); adult related content (adult, porn, art nudes,…); social networking (chat, blog, mail,…); gaming (gambling, online gaming,…); whitelist (!) 100% suitable for kids;…etc.

Since site lists can never provide a complete list of all malicious sites on the Internet (due to localizations and new sites popping up every day), the standard version of Content Scanning also includes web content scanning: every web page will be scanned and analyzed, based on the content of a page.

Using content analysis, the content scanner tags particular words and phrases with a score and a category (e.g. the word breast would lead to give a negative score, but when the word cancer is found in the same page, it would give a better score). Thirty different predefined wordlists (positive and negative) in multiple languages are provisioned in AXS GUARD. Administrators can create their own additional wordlists to ensure an even better result. After content scanning, the total web page receives a certain score.

These site lists and wordlists are then combined into categories to create a complete list of rules. It avoids repetitive work and adds granularity to the access rights you want to enable to different users. A category can be defined as an allowed list, a forbidden list and an exception list. The exception list is used to block URLs inside a webpage, without blocking the entire page.

These categories are then added to access control lists (ACL). An ACL exists of categories of sites and the time when this ACL applies (e.g. during or outside working hours). It also adds virus scanning and blocking of specific extensions. In the ACL, you also set the score for the web-based content scanning to decide which pages are shown or blocked.

There is one general ACL for all web traffic in the company. In turn this can be overruled by ACLs which are applied to a specific IP address (e.g. printers, servers), a group of people or a specific user.

Reporting & statistics

Every action through the proxy is logged on AXS GUARD. Administrators can view and search through these reports during 2 months, or export them and use other analytic tools. A statistics tool is also available which provides a complete overview of web and mail behavior. Statistics can be viewed per client, per website and per hour.

Content scanning

Content Scanning: web

12


To provide secure remote access VACMAN Controller is integrated in every AXS GUARD bundle. This allows users to authenticate themselves with a DIGIPASS on their network. The administrator can decide which level of authentication is needed for a certain application. Strong user authentication can be added to access the tool, authenticate on the proxy, VPN access and connecting to webservers through the reverse proxy or SSL web portal.

If you have another RADIUS client, it can also authenticate its users on the AXS GUARD. AXS GUARD also allows RADIUS back-end authentication to other RADIUS servers.

AXS GUARD supports hardware DIGIPASS (GO-series and 2xx series) as well as the DIGIPASS for Mobile, which is available for iOS, Android, Windows and Blackberry.

Authentication

DIGIPASS 270

DIGIPASS for Mobile

DIGIPASS GO 7

DIGIPASS GO 6

WE AUTHENTICATE THE WORLD


Secure and wireless connection to the corporate network

Personal AXS GUARD enables branch offices or home workers to connect in a straightforward and secure manner to the main AXS GUARD appliance at the company’s headquarters.

Built upon proven VASCO AXS GUARD core technology, AXS GUARD offers a comprehensive solution for secure network connectivity.Personal AXS GUARD is centrally managed in AXS GUARD and has a Wi-Fi receiver, enabling the remote user to work wirelessly. The security of the wireless network is also centrally managed on the parent AXS GUARD appliance.

Easy configuration and setup

The configuration of Personal AXS GUARD is kept to a strict minimum. Only three parameters need to be defined: how to connect to the internet, the main AXS GUARD and the Certificate of the main appliance. The Certificate contains the encryption keys to securely connect to the main site through VPN. All other security parameters are configured in the main AXS GUARD appliance and are automatically pushed to Personal AXS GUARD. End-users only need to plug the Internet cable in the Personal AXS GUARD appliance to connect to the corporate network.

Remote parameters such as DHCP, Wi-Fi settings and firewall policies are managed on the parent AXS GUARD. Administrators can then determine who can access the main site through VPN and who has direct access to Internet. The configuration allows administrators to route and monitor all network traffic on one central location while simultaneously ensuring the highest security for remote or home offices with a minimum amount of effort. To achieve maximum uptime, multiple parent AXS GUARD appliances can be defined in the configuration of Personal AXS GUARD. If for some reason Personal AXS GUARD is unable to connect to one parent appliance, a connection with another AXS GUARD will automatically be set up.

Personal AXS GUARD establishes secure network connections for home workers and branch offices to companies’ headquarters. With the mobile workforce increasing, companies face a growing number of security concerns. Whenever an employee remotely connects to the company’s network, it has to be done securely. At the same time, security concerns must be balanced with the end-user’s needs to ensure a smooth and user friendly experience.

REMOTE CONNECTIONS

MADE EASY

Personal AXS GUARD


UNDER THE HOOD

Hardware specifications

For an overview of all technical specifications, please visit www.vasco.com/AXS GUARD.

AXS GUARD AG2504

AXS GUARD AG3443

Personal AXS GUARD (AG1497)

AXS GUARD AG5506 AXS GUARD AG7500

AXS GUARD AG3604

Hardware specifications


Optimising performance

Hardware platforms

AXS GUARD comprises one software solution which can run on

different hardware platforms. The hardware platforms differ only in

performance and in the number of available network connections.

VASCO has chosen proven industry hardware on which to run its

AXS GUARD software. This ensures that AXS GUARD appliances

have a longer lifetime than comparable systems on the market.

It also ensures the highest performance necessary for any

environment. Every time AXS GUARD connects to the VASCO

Managed Service environment, the hardware status is transmitted

so VASCO can take preemptive actions in case of imminent

hardware failure.

Virtualized Platforms

AXS GUARD can also run as a virtual appliance on a virtualization

server, to accommodate environments where virtualization is

common. In perpetual licenses, the Virtual Appliance is limited to

the number of CPU cores and RAM that can be dedicated to a

virtual machine.

The virtual appliance supports the following virtualization platforms:

• VMware ESX: Using paravirtualized disks

• Citrix (Xen): Commercial (6.1) and Open Source version

• Hyper-V (Windows Server Virtualization)

• KVM (Linux based Virtualization software)

AXS GUARD software can be purchased as a perpetual license.

You can choose between different software licenses, which can run

virtually, or choose a hardware platform to go with the software

license. Each license is for one end-user at one location.

You can also opt for user-based term licenses. If you choose term

licensing, you can add multiple hardware or virtualized platforms for

one customer on multiple locations.

For Managed Service Providers, a user-based term licensing is also

available.

On our website you can download the virtual AXS GUARD after filling

in your details in the form below. The virtual AXS GUARD appliance

will work for 45 days with all functionalities activated.

Hardware maintenance

Each AXS GUARD bundle includes one year software and hardware

maintenance (Standard Exchange). The hardware maintenance

covers all defects of AXS GUARD including tear and wear of specific

parts. Standard Exchange is a yearly renewable contract, with no

end date. As long as an appliance is under Standard Exchange,

VASCO guarantees it will work in normal operating conditions for

the recommended number of users. If AXS GUARD under Standard

Exchange does suffer from underperformance and normal operation

conditions and recommended user settings have been followed,

VASCO will replace it with a refurbished, higher performing

appliance.

If an upgrade to more robust hardware is required, (for example due

to an increasing number of users or features), the new appliance

can be purchased at a reduced price, mostly covering the price

difference between the new and old appliance. The new appliance

will be shipped with the latest available back-up already preinstalled.

The customer only needs to switch out the hardware.

Licenses

AXS GUARD AXS GUARD

AXS GUARD: an outstanding all-in-one security solution

Outstanding all-in-one security solution

Organizations worldwide understand the need to secure their business-critical data and network from unauthorized access. In parallel they are also aware that anytime, anywhere access is critical for a dispersed, remotely based workforce. Companies are looking for a one-stop shop to provide an overall security solution that can secure network, mail and web traffic; ensure secure access to the central network from remote sites; and guarantees high availability to ensure productivity.

VASCO’s AXS GUARD is an all-in-one security concept that offers secure remote access to your business-critical data through VPN tunnels. Depending on your needs, AXS GUARD offers out-of-the-box different site to site connections, as well as highly secured, personalized remote access solutions.

Productivity is enhanced as downtime is eliminated with offered features such as high availability and Internet redundancy.

Benefits• An all-in-one security solution• Guaranteed business continuity thanks to high availability and

Internet redundancy (multiple Internet lines)• Powerful VPN e-tunnels and central management to easily

manage all your sites• Secure network access protected with integrated two-factor

authentication out-of-the-box.• Reduced complexity (one central appliance)• Two-factor authentication integrated out-of-the-box• Flexible solution that grows with your needs and which can be

integrated into any environment (Windows, Mac, Linux)• Easy to manage with first class support• Focus on your core business, while AXS GUARD takes care of

your security

17

SIMPLE SOLUTIONS FOR

COMPLEX PROBLEMS


Outstanding all-in-one security solution

AXS GUARD RAS software is the same software suite which is deployed on each hardware or virtual platform. You need only to acquaint yourself with one solution to service all your customers, regardless of the size of their organization. An easy upgrade path allows you to expand the AXS GUARD as the needs of your customer grow. Since the software remains the same, only the hardware needs to be replaced. Every AXS GUARD connects to VASCO’ service center every four hours to back-up its configuration. In case of unexpected hardware failure, or when upgrading towards a more robust hardware system, the configuration can easily be restored from the service center back-up system.

Every customer’s infrastructure runs on the same version. Thanks to automated updates there is no need for patch management at the customer’s site as everything is automated and centrally managed. With VASCO’s central management portal, resellers get an overview of all the customers’ systems simplifying support tasks and increasing upsell possibilities. Every AXS GUARD reports his status back to this central platform, so you immediately get an overview of the managed systems. Furthermore, you can access every customer’s appliance remotely through a secure connection from the Central Management portal.

Because of the completeness of the solution and the availability of servers for the complete SME market, there’s no need to invest in training, support and spare parts of multiple different vendors. AXS GUARD can easily be preconfigured in the setup you desire, and can be copied to every new system.

The standard exchange warranty system allows you to offer a lifetime warranty for your customer’s environment, and allows modestly priced upgrades to guarantee optimum ROI and TCO. All these unique points severely reduce the chance of mistakes or oversights, meaning that your customers get a faster and better service. The SEAL training program allows your support staff to become certified engineers allowing you to better service your customers. AXS GUARD and VASCO allow you to focus on new business while providing you with a time-saving, high-quality solution.

Benefits

• Easy and complete solution• One solution to secure all your customers• Central management providing a complete status overview of

your customers• Upgrade path• Remote assistance from reseller to customer• Assistance from the vendor for certified engineers• End-customers get high quality service

AXS GUARD enables services for Value Added Resellers

AXS GUARD AXS GUARD

Business automation

19

Business automation for secure remote assistance

Remote assistance and support is a valuable asset for customer retention. Management and support at a customer’s site, however, is not as evident as it seems. Organizations are confronted with different procedures and workflows, specific network implementations and rules, administration issues, the deployment of machinery, logistic hassles, etc.

VASCO has developed a specific AXS GUARD concept for business automation that enables remote assistance and management across the entire business while ensuring service continuity and eliminating costly manual processes. A solution ideally suited to meet the provisioning and configuration needs of large, heterogeneous, geographically distributed environments, AXS GUARD is deployed at the main site and VASCO’s Personal AXS GUARD is deployed at the customer’s site or built-in into your remote products and machinery, but managed on the central AXS GUARD.

The secure link between the main and remote site enables remote assistance and support, automatic software updates etc.

Benefits• Secure remote access to remote sites and equipment• Enhanced supportability — AXS GUARD can help companies

to create an easily supported and consistent environment• Helps companies to implement a fixed method of work flow• Server and network automation• Central administration• Time-saving (instant remote access, no need to deploy people

to remote sites)• Cost-efficient• Overcomes network issues and policies at remote sites• Flexibility — administrators can define different sets of

policies and rules for different user types and a different number of environments


A secure network for local governments

A secure network is a necessity. A crash or loss of data is impermissible. Also, permanent connectivity is important. Municipalities operate constantly on the network for a wide range of tasks: providing premiums, benefits and environmental certificates, complementing electoral and population registers, preparing a variety of certificates, and more. If the broadband connection stops functioning or if the network has security gaps, there will be problems.

Within companies a firewall protects incoming and outgoing data traffic. With AXS GUARD, VASCO offers a modular solution that not only presents itself as a gateway between the corporate network and the Internet, but also as an antivirus and antispam solution to achieve total protection of the network. AXS GUARD reduces the risk to an absolute minimum.

AXS GUARD is more than just a security appliance. To ensure the connectivity of the municipality at all times, AXS GUARD performs load balancing. By splitting the networks correctly and distributing the work over different lines, AXS GUARD provides a reliable and secure way of operating. This reduces the necessary processing time, which keeps networks from becoming saturated and leads to optimal use.

If against all odds something does go wrong, then there is the automatic backup function of AXS GUARD. If there is a problem in

one location, such as the failure of the Internet, then a second AXS GUARD device at another location takes over the tasks seamlessly. In this way the network’s uptime is guaranteed for both inbound and outbound traffic.

AXS GUARD ensures that the network is secure and online at all times.

Benefits

• Modular packages with a clear focus on local governments• Scalable in a simple and inexpensive way• Comprehensive on-site warranty• Focus on supporting the IT administrator• Fast service via phone or e-mail

A secure network for local governments


Internet redundancy

Internet redundancy

Companies are becoming increasingly dependent on the Internet. Internet failure has an impact on your business activities, because it leads to lower productivity and even a loss of income. Think of the cloud that becomes inaccessible, unable to reach OWA, Citrix, ERP, CRM or payment systems that no longer function. Unavailable Internet and email can lead to chaos.

Internet providers offer cheap Internet lines with a minimum service, or expensive Internet lines with limited bandwidth services. To get the best of both worlds at a minimum price point, VASCO’s AXS GUARD combines Internet networks from different providers, so you can decide when to use which line. VPN traffic between businesses could, for example, run over a more expensive business subscription and regular surfing via a cheaper line, helping to limit bandwidth usage and reduce costs.

If the Internet from one of the providers fails, you are automatically switched to another line while a VPN e-tunnel ensures a failover of the most critical data traffic. The bandwidth management module allows you to configure QoS (Quality of Service) to make a distinction between key data traffic and less important data traffic, such as, for example, Facebook.

By working this way, the ROI of the various networks is optimised while providing an automatic back-up of outgoing Internet traffic. Obviously, incoming traffic (e.g. mail, VPN networks or remote desktops) also plays a role.

Incoming traffic

The public DNS module of AXS GUARD provides complete control over your domain names. This is important because mail, VPN networks and incoming traffic are almost always combined into a single IP address. If the Internet of that IP address fails, you become inaccessible to the outside world. AXS GUARD notes such problems because it uses DNS names instead of IP addresses. AXS GUARD even gives you the solution by sharing an updated IP address with the outside world. This is done within seconds: no one will notice the temporary delay. When the original Internet connection is re-established, the public DNS publishes the correct IP address on the Internet.

If AXS GUARD itself experiences a problem, this is solved with another AXS GUARD. Although AXS GUARD is resilient as well as reliable, (larger) companies are advised to use several AXS GUARD devices. All appliances are monitored in VASCO’s data center. If a potential hazard is detected, the hardware is preventively swapped. If you wish to consider such alternatives in your own data center, you can also deploy the virtual appliance of AXS GUARD. By doing so you save on hardware costs and are able to maintain and manage your cloud services by yourself.

Benefits• Automatic failover and recovery• Add as many different internet connectivity points as you need• Redundancy incoming traffic such as mail or hosted web

services• Shape your traffic upon your needs• Scalable in a simple and inexpensive way


Securing your websites

RAS Web Protection Bundle

Today, decentralised work has become the norm. Companies are totally won over to working from home while continuing to offer their employees full access to the internal network. A VPN connection initially seems the most logical solution; still, it is not the most appropriate solution for everyone. For example, some employees just want access to certain web applications such as e-mail and extranet, while others want total remote control over their computer.

Moreover, ordinary VPN connections are not always well protected. Passwords are increasingly being cracked, enabling a hacker to easily take over an employee’s account, with all the consequences and fallout this entails. Additionally, external parties such as customers and suppliers need increasingly greater access to web applications, with at least some peace of mind expected that their privacy is protected. Moreover, there are emerging European Union guidelines on data protection with which companies must increasingly comply.

The AXS GUARD RAS Web Protection Bundle (Remote Access and Security with Web protection) combines security with ease of setup for the administrator.

Benefits

• Two-factor authentication in the core• User-centric approach• All typical remote access solutions available

• VPN• Websites• SSL Portal

• Secures and improves performance of your websites • Out-of-the-box templates available for specific sites

• Outlook Web Access• Microsoft Dynamics• Microsoft RDP• Citrix• …

A global leader in authentication, electronic signatures, and identity managementCopyright © 2016 VASCO Data Security, Inc, VASCO Data Security International GmbH. All rights reserved. VASCO®, CertiID™, VACMAN®, IDENTIKEY®, AXS GUARD®, DIGIPASS® and the ® logo are registered or unregistered trademarks of VASCO Data Security, Inc. and/or VASCO Data Security International GmbH in the U.S. and other countries. VASCO Data Security, Inc. and/or VASCO Data Security International GmbH own or are licensed under all title, rights and interest in VASCO Products, updates and upgrades thereof, including copyrights, patent rights, trade secret rights, mask work rights, database rights and all other intellectual and industrial property rights in the U.S. and other countries. Other names may be trademarks of their respective owners.

About VASCO

VASCO Offices

VASCO Sales Presence

Eur ope , M i dd le Eas t , A f r i ca - Wemmelpho ne : +32 . 2 . 60 9 .9 7 .0 0e ma i l : i n f o - e u r ope@vasco . c om

US A - Bos tonpho ne : +1 508 3 6 6 3 4 0 0e ma i l : i n f o - u sa@vasco . c om

USA - Ca l i f o rn iaphone : +1 6 5 0 3 7 8 1 2 0 2ema i l : i n f o - u sa@vasco . c om

www.vasco.com

CORP ORATE HQ - Ch icagopho ne : +1 630 9 3 2 8 8 4 4e ma i l : i n f o - u sa@vasco . c om

INTERNAT IO N A L H Q - Sw i t ze r l andphone : +41 43 555 35 00em a i l : i n f o - eu r ope@ vas c o . c om

BR201605-v3

Aus t ra l i a - Syd ne yphone : +61 2 8061 3700em a i l : i n f o - aus t r a l i a@ v as c o . c o m

La t in Am e r i c a - B ra z i lphone : +5511 3443 7541em a i l : ES -b r a z i l@ v as c o . c om

As ia - Pac i f i c - S inga porephone : +65 6323 09 06em a i l : i n f o - a s i a@ v as c o . c om

As i a - Pac i f i c - Japanpho ne : +81 3 5 5 3 2 7 8 6 2e ma i l : i n f o - j a pan@vasco . c om

As ia - Pac i f i c - I nd iaphone : +9 1 2 2 4 0 9 0 7 1 1 2 -1 4ema i l : i n f o - i n d i a@vasco . c om

Euro pe , M idd le Eas t , A f r i ca - Aus t r i aphone : +4 3 1 9 0 4 3 1 3 2 -0ema i l : i n f o - eu r ope@vasco . c om

Sales offices

VASCO is a leading supplier of strong authentication and e-signature solutions and services specializing in Internet security applications and transactions. VASCO has positioned itself as global software company for Internet security and designs, develops, markets and supports DIGIPASS®, CertiID™, VACMAN®, IDENTIKEY® and AXS GUARD® authentication products. VASCO’s prime markets are the financial sector, enterprise security, e-commerce and e-government.

axs guard - vasco | delivering trust to the digital world · access challenges. each bundle adds...

Documents