axsguard gatekeeper

The world’s leading software company specializing in Internet Security

aXsGUARD Gatekeeper

DIGIPASS® BY VASCO

aXsGUARD Gatekeeper aXsGUARD Gatekeeper 1

AXsGUARD Gatekeeper at a glance ______________________________________________________________________ 2

Overview __________________________________________________________________________________________ 3 1 software bundle – 5 hardware platforms _________________________________________________________________ 3 1 hardware platform – 4 software bundles _________________________________________________________________ 3 Additional user licenses ______________________________________________________________________________ 3 Recommended users ________________________________________________________________________________ 3

Software bundles ____________________________________________________________________________________ 4 aXsGUARD Gatekeeper basic ras _______________________________________________________________________ 5 aXsGUARD Gatekeeper standard ras _____________________________________________________________________ 5 aXsGUARD Gatekeeper enterprise ras ____________________________________________________________________ 6 aXsGUARD Gatekeeper enterprise backup ras ______________________________________________________________ 6 aXsGUARD Gatekeeper internet redundancy bundle __________________________________________________________ 7

Content scanning ____________________________________________________________________________________ 8 Content scanning: mail ______________________________________________________________________________ 8 Content scanning: web ______________________________________________________________________________ 9 Reporting & statistics ________________________________________________________________________________ 9

Authentication _____________________________________________________________________________________ 10

Hardware _________________________________________________________________________________________ 11 Hardware platforms ________________________________________________________________________________ 11 Hardware maintenance _____________________________________________________________________________ 11

Personal aXsGUARD _________________________________________________________________________________ 12 Secure and wireless connection to the corporate network _____________________________________________________ 12 Easy configuration and setup _________________________________________________________________________ 12

5 solutions with aXsGUARD Gatekeeper __________________________________________________________________ 13 Solution 1: secure government infrastructure with limited resources ______________________________________________ 13 Solution 2: aXsGUARD enables services for Value Added Resellers _______________________________________________ 14 Solution 3: aXsGUARD Gatekeeper as an outstanding all-in-one security solution _____________________________________ 14 Solution 4: business automation for secure remote assistance __________________________________________________ 15 Solution 5: guarenteed business continuity for SMEs _________________________________________________________ 15

Technical specifications ______________________________________________________________________________ 16 Hardware specifications _____________________________________________________________________________ 16 Specifications personal aXsGUARD _____________________________________________________________________ 17

Software specifications ______________________________________________________________________________ 18 Administration ___________________________________________________________________________________ 18 Network ________________________________________________________________________________________ 18 Monitoring and logging _____________________________________________________________________________ 19 Authentication ____________________________________________________________________________________ 19 Firewall ________________________________________________________________________________________ 19 IPS and iDS _____________________________________________________________________________________ 19 VPN server ______________________________________________________________________________________ 20 Multiple internet gateways ___________________________________________________________________________ 20 Bandwidth management ____________________________________________________________________________ 20 Public dns ______________________________________________________________________________________ 20 Application firewall ________________________________________________________________________________ 21 Ssl-vpn webportal _________________________________________________________________________________ 21 High availability ___________________________________________________________________________________ 21 Content scanning: web traffic _________________________________________________________________________ 22 Content scanning: mail traffic _________________________________________________________________________ 22 Statistics _______________________________________________________________________________________ 22

Contents


aXsGUARD Gatekeeper is part of VASCO’s remote access product line and offers a complete solution for secure network connectivity.

aXsGUARD Gatekeeper is a security appliance dedicated to the needs of the SME market. The solution is designed for administrators who want an all-in-one solution for Internet connectivity and security. 24 functional features are bundled together into four software packages with additional content scanning licenses. Each software bundle can run on one of the five available hardware models allowing organizations of any size to choose the most suitable combination of performance and features. aXsGUARD Gatekeeper works transparently with any other solution allowing organizations to activate only those features they really need. Additionally, aXsGUARD fits perfectly into any network environment, whether it’s a Microsoft, Linux, Mac or mixed environment.

Secure LAN

DMZ ZONE

Bandwith Management

with QoS

Internet Redundancy

SPICT

FIREWALL

INTERNET

IDS

AND

IPS

STATISTICS

STRONG

USER

AUTHENTICATION

SPICT

FIREWALL

SECURE LAN

STRONG

USER

AUTHENTICATION

NETWORK PROTOCOLS

DMZ FIREWALL

RADIUS SERVER

PKI CA

WEBMAIL SERVER

MAIL SERVER

DIRECTORYSERVICE

INTEGRATIONAPPLICATION FIREWALL HTTP/HTTPS/FTP

SSL VPN WEB PORTAL

VPN/RAS SERVER

PROXY SERVER

SMTP RELAY

MONITORING & REPORTING

CONTENT SCANNING

MALWARE PROTECTION

CONTENT SCANNING

MALWARE PROTECTION

Remote Office

SOHO

Road Warrior

PUBLIC DNS

COMMUNICATION

REMOTE ACCESS

SECURITY

AUTHENTICATION

AUDITING

A full-blown solution

for remote Access

aXsGUARD Gatekeeper at a glance

1 software bundle - 5 hardware platforms Each aXsGUARD Gatekeeper software bundle is available on any hardware platform. The different hardware platforms only differ in performance and in the number of network connections available. Each appliance has the same functional features and user interface which makes administration of multiple devices a lot easier. The web-based GUI ensures intuitive administrator use for all aXsGUARD appliances, from large installations on multiple sites to a single appliance on a remote location.

1 hardware platform - 4 software bundles

The four Remote Access Solution software bundles can operate on each available aXsGUARD Gatekeeper hardware platform. Should you require additional features, you simply can upgrade to another software bundle, even without switching the hardware appliance. An automated updating and licensing system will remotely push the new features to the appliance, avoiding lengthy upgrade or installation procedures as your current configuration will continue to run as before.

ADDITIONAL user licenses

To offer complete protection for your network, aXsGUARD Gatekeeper comes with separate content scanning and authentication licenses. Content scanning exists in a basic and a standard version with yearly renewable licenses. The authentication feature can complement the Gatekeeper appliance by simply adding the VACMAN plugin and DIGIPASS authentication devices.

Recommended users

Each combination of hardware and software has a recommended number of users. The number of users is an indication of best performance and hardware maintenance for the appliance and surmises that all available features – including the content scanning option – have been activated. There is no user limit, however, when the number of users exceeds recommendations, system performance may be influenced. As expected, the number of users can be increased when fewer options have been selected.

Overview recommended users including Standard content scanning

AG2504 AG3443 AG3604 AG5506 AG7500

BASIC RAS 25 50 250 1000 2000

STANDARD RAS 10 25 100 500 1500

ENTERPRISE RAS 10 25 100 500 1500

Optional licenses

Basic Content Scanning √ √ √ √ √

Standard Content Scanning √ √ √ √ √

DIGIPASS √ √ √ √ √


Overview

aXsGuArD GAtekeeper

Grows with your compAny

Software bundles

aXsGUARD Gatekeeper has four different software bundles to choose from, allowing you to select the most suitable solution to address your remote access challenges. Each bundle adds additional functionalities on top of the previous bundle, turning aXsGUARD Gatekeeper in a future proof solution that grows with your business needs. Depending on your requirements with regards to network connectivity, you can select the appropriate bundle.

Gatekeeper Core OS including authentication Firewall with IPSVPN Server

Bandwith ManagementMultiple Internet ConnectionsPublic DNS

Reverse proxySSL VPN Web portal

High Availability

BASIC STANDARD

ENTERPRISE

ENTERPRISE BACKUP

All the security you

neeD bunDleD toGether


Software bundles


aXsGUARD Gatekeeper STANDARD RAS

The Standard Remote Access bundle offers additional network

connectivity tools, on top of the Basic bundle.

It allows you to add multiple Internet lines with automated failover

and load balancing. IT administrators are able to determine whether

internet traffic should be redirected over another line or be blocked

in case of internet failure. When no rules are applied, traffic will be

divided over all other available lines.

The bundle also includes a bandwidth management module with

QoS which will help you to use the available Internet capacity in an

optimal way. Rules can be determined based on IP address or type

of traffic per interface or inside a VPN tunnel… It’s an ideal option

for enterprises using cloud applications or companies that have

remote offices or are implementing a VoiP system with remote

sites, using cloud applications…

Companies hosting their own web servers can benefit from the

public DNS server module which will guarantee continuity of web

services in case of Internet outage from a provider.

The public DNS server allows you to publish your own public DNS

names without the need of your ISP. In case your Internet line fails

which has the public IP of your webservers assigned to it, the public

DNS server will automatically detect the failure and publishes the

IP address from your other Internet line to the DNS root servers on

the Internet. This is ideal for enterprises offering webmail, citrix,

rdp, vpn… to their users.

Includes software modules:

• Administration

• Network

• Monitoringandlogging

• Authentication

• Firewall

• IPSandIDS

• VPNserver

• MultipleInternetGateways

• Bandwidthmanagement

• PublicDNS

Software bundles

aXsGUARD Gatekeeper BASIC RAS

The Basic Remote Access Solution bundle allows your users to connect in a secure way to the local network. The bundle was designed for the SMB market, offering small and medium companies a simple solution to connect remote users while providing full protection by aXsGUARD Gatekeeper.

The Gatekeeper Core OS includes all necessary networking and routing protocols to connect your network to the Internet. Complete logging and monitoring is available on the appliance itself but logging and monitoring reports can also be sent towards an external syslog server.

The Directory Integration Services allow you to synchronize your users from any LDAP server to aXsGUARD Gatekeeper. Users and groups are directly managed in aXsGUARD Gatekeeper’s administration interface.

Users can authenticate themselves using a DIGIPASS. DIGIPASS functionalities and management are incorporated in aXsGUARD Gatekeeper in which VASCO’s core authentication platform VACMAN Controller is integrated. Should you prefer to work with certificates, a CA is incorporated.

The network is protected from hacking attempts through the SPICT Firewall with IPS. Firewall rules can be determined and implemented on IP address, user or group level. User and group policies are added from a list of predefined rules. This allows an IT administrators to build a more secure setup of the network and perform better control and more efficient management through aXsGUARD Gatekeeper. Remote access can be achieved with any standard VPN client over pptp, l2tp and ssl-vpn. The VPN server supports access from Personal aXsGUARD, a remote VPN appliance dedicated for SOHO use.

Includes software modules:• Administration• Network• Monitoringandlogging• Authentication• Firewall• IPSandIDS• VPNserver


Software bundles

aXsGUARD Gatekeeper ENTERPRISE RAS

The Enterprise Remote Access bundle offers secure web-based

access to your network on top of the STANDARD Bundle.

The bundle includes a Reverse Proxy which protects internal

webservers from hacking attempts. To authenticate your users it

can use the built in VACMAN Controller. This enables strong user

authentication to protect any webserver without the need to adapt

your website. For dedicated web applications, like Outlook Web

Access and Citrix, it allows single sign-on features.

The SSL VPN web portal allows a connection from any browser

towards the local network. The default web portal page - protected

with two-factor authentication - can be customized for each user

according to his needs. Default applications are available, which

will allow you to set up Remote Desktop Protocol (RDP) RDP

sessions, browse internal web servers, access local file servers…

You can optionally extend the Enterprise RAS bundle with an active/

passive High Availability appliance.

aXsGUARD Gatekeeper ENTERPRISE BACKUP RAS

Reliability of the aXsGUARD Gatekeeper hardware is among the

highest in its category. Nevertheless, to allow 100% uptime, there

is the possibility to have a second aXsGUARD in High availability

mode. The active/passive high availability (HA) allows a full time

continuity of your aXsGUARD Gatekeeper.


• Administration

• Network


• Authentication

• Firewall

• IPSandIDS

• VPNserver


• Bandwidthmanagement

• PublicDNS

• ApplicationFirewall

• SSL-VPNWebportal

• HighAvailability(optional)


Software bundles

aXsGUARD Gatekeeper INTERNET REDUNDANCY bundle

How important is the internet for sme’s?Do you need the internet for the execution of your daily work? Do

you place orders through the internet? Do you use online banking

for your financial transactions? Do you receive your orders through

the internet? Would you lose customers when your website is not

available? How much would you lose when your internet connection

fails? The internet has become indispensable in today’s business

world. A reliable internet connection is crucial for SME’s to ensure

business continuity. Or to be prepared for cloud applications, such

as online accounting, online banking, back-up or a remote mail

server.

Why would you choose this bundle?Your internet connection always fails at the worst possible time.

When you urgently need to mail an offer, when your store is

filled with customers or when you need to find something on the

internet. To ensure the continuity and availability of your company

and employees at all times, VASCO launches a tailor-made solution

for SME’s. Continuity is always guaranteed even if a problem with

your internet connection should occur.

The solution?The aXsGUARD Gatekeeper Internet Redundancy bundle is a

solution where a second internet line is deployed in addition to

the line of your existing provider. By installing internet lines using

different technologies (cable – xDSL), connectivity is guaranteed

and you can continue working without any problems even when

the internet connection should fail. aXsGUARD Gatekeeper will

immediately detect failures and automatically switch to another

available line.


• Administration

• Network


• Authentication

• Firewall


• PublicDNS


Content Scanning: mail

The content scanner supports the most common mail protocols. E-mails can be stored on aXsGUARD Gatekeeper’s mail server or can be delivered to an external mail server after scanning for spam and malware.

To stop all unsolicited mails, the content scanner has a multi-layered way of scanning e-mails. A first scan will take the custom configured rules of blacklisting and whitelisting into consideration. Secondly, all known malevolent mails will be blocked based on default blocking mechanisms such as header checks or a list of banned IP addresses.

Optionally, greylisting can be activated. With this feature, aXsGUARD will bounce received mails a first time. An actual mail server will resend the mail which will be accepted by the aXsGUARD appliance which will then list the sender’s mail address as ‘safe’ after a couple of successful mail deliveries. The reasoning behind this is that most spammers will not resend mails.

In the standard version, DCC (Distributed Checksum Clearinghouse) will check with the central VASCO database to determine whether mail is spam. Mail virus scanning is also included: the Basic version uses Clamav; the Standard version additionally uses the Trend Micro engine.

Each mail is scanned and scored based on its’ content. The administrator can then decide for each user or group if the mail should be blocked, delivered or marked as spam. The administrator can also decide what needs to be done with mail attachments, based on the mime type.

Because spam can sometimes be very local and personalized, users can resend detected spam (or non-spam) mails back to aXsGUARD Gatekeeper, which will learn from these mails and as a result will adjust the spam scores.

aXsGUARD Gatekeeper can be extended with Content Scanning licenses providing secure mail and web traffic. Content scanning is available in combination with all aXsGUARD Gatekeeper software versions. It exists in two versions:

1. BASIC with default content scanning features and2. STANDARD with additional features such as an Anti-Virus engine from Trend Micro© and web-based content scanning

Content scanning

internet without

heADAches


Content Scanning: web

To avoid that users import all kinds of malware and to increase productivity, all web traffic should pass the proxy on aXsGUARD Gatekeeper. After authentication (web-based or SSO by using static passwords or 2-factor authentication), specific rules can be applied to each user or group of users. It doesn’t matter which PC the user logs on to, he will always receive his specific web browsing rules.

In order to create those rules aXsGUARD Gatekeeper first needs lists: A site list can exist out of a list of defined URLs or parts of URLs in wording. It can contain words and URLs that you want to block, or words and URLs that should pass. (E.g. the administrator might want to block URLs with the word sex, but would want to allow URLs with the word msexchange

Predefined blacklists are available on aXsGUARD Gatekeeper, categorizing 3.5 million sites into 90 different categories such as, malicious web pages (spyware, phishing, virus infected,…); adult related content (adult, porn, art nudes,…); social networking (chat, blog, im, mail, …); gaming (gambling, online gaming,…); whitelist (!) 100% suitable for kids;…

Since site lists never can provide a complete list of all malicious sites on the Internet (due to localizations and new sites popping up every day), the standard version of Content Scanning also includes web content scanning: every web page will be scanned and analyzed, based on the content of a page.

Using content analysis, the content scanner tags particular words and phrases with a score and a category (e.g. the word breast would lead to give a negative score, but when the word cancer is found in the same page, it would give a better score). 30 different predefined wordlists (positive and negative) in multiple languages are provisioned in aXsGUARD Gatekeeper. Administrators can create their own additional wordlists to give an even better result. After content scanning, the total web page receives a certain score.

These site lists and wordlists are then combined into categories, to create a complete list of rules. It avoids repetitive work and adds granularity to the access rights you want to give to different users.A category can be defined as an allowed list, a forbidden list and an exception list. The exception list is used to block URLs inside a webpage, without blocking the whole page.

These categories are then added to access control lists (ACL). An ACL exist of categories of sites and the time when this ACL applies (e.g. during or outside working hours). It also adds virus scanning and blocking of specific extensions. In the ACL you also set the score for the web based content scanning, to decide which pages are shown or blocked.

There is one general ACL, for all web traffic in the company, which can be overruled by ACLs which are applied for a specific IP address (e.g. printers, servers…), a group of people or a specific user.

Reporting & statistics

Every action through the proxy is logged on aXsGUARD Gatekeeper. Administrators can view and search through these reports during 2 months, or export them and use other analytic tools. A statistics tool is available as well which gives a complete overview of web and mail behavior. Statistics can be viewed per client, per website and per hour.

Content scanning


To provide secure remote access, VACMAN Controller is integrated in aXsGUARD Gatekeeper. This allows users to authenticate themselves with a DIGIPASS on their network. The administrator can decide which level of authentication is needed for a certain application. Strong user authentication can be added to access the tool, authenticate on the proxy, VPN access and connecting to webservers through the reverse proxy or SSL Web portal.

If you have another Radius client, it can also authenticate it’s users on the aXsGUARD Gatekeeper. The Gatekeeper supports hardware DIGIPASS (GO-series and 2xx series) as well as the DIGIPASS for Mobile. Belgian citizens who want to authenticate with their e-ID card can also authenticate on the aXsGUARD Gatekeeper with the DIGIPASS 810 for e-ID.

Authentication

DIGIPASS 270

DIGIPASS for Mobile

DIGIPASS GO 7

DIGIPASS GO 6

DIGIPASS GO 100

DIGIPASS 810 eID

we AuthenticAte the worlD


Hardware platforms

aXsGUARD Gatekeeper comprises one software solution which can run on different hardware platforms. The hardware platforms only differ in performance and in the number of available network connections. aXsGUARD Gatekeeper hardware is meant to last. VASCO chooses industry hardware to run its aXsGUARD Gatekeeper software on. This ensures that aXsGUARD appliances have a longer lifetime than other comparable systems on the market.

It also ensures the highest performance necessary for any environment. Every time aXsGUARD Gatekeeper connects to the VASCO Managed Service environment, the hardware status is sent over, so VASCO can take preemptive actions in case of imminent hardware failure.

Hardware maintenance

Each aXsGUARD Gatekeeper bundle includes one year software and hardware maintenance (Standard Exchange). The hardware maintenance covers all defects of aXsGUARD including tear and wear of specific parts. Standard Exchange is a yearly renewable contract, with no end date. As long as an appliance is under Standard Exchange, VASCO guaranties it will work in normal operating conditions for the recommended number of users. If aXsGUARD Gatekeeper under Standard Exchange does suffer from underperformance and the normal operation conditions and recommended user settings have been followed, VASCO will replace it by a refurbished appliance with more performance.

If an upgrade to more robust hardware is required, for example due to an increasing number of users or features, the new appliance can be purchased at a reduced price, almost covering the price difference between the new and old appliance. The new appliance will be shipped with the latest available back-up already preinstalled. The customer only needs to switch the hardware.

AG2504 AG3443 AG3604 AG5506 AG7500

BASIC RAS 25 50 250 1000 2000

STANDARD RAS 10 25 100 500 1500

Enterprise RAS 10 25 100 500 1500

Hardware

optimAl performAnce,

AlwAys

Secure and wireless connection to the corporate network

Personal aXsGUARD enables branch offices or home workers to connect in a straightforward and secure manner to the main aXsGUARD Gatekeeper appliance at the company’s headquarters. Built upon proven VASCO GATEKEEPER core technology, aXsGUARD Gatekeeper offers a comprehensive solution for secure network connectivity.

Personal aXsGUARD is centrally managed in aXsGUARD Gatekeeper and has a Wifi receiver, enabling the remote user to work wireless. The security of the wireless network is also centrally managed on the parent aXsGUARD Gatekeeper appliance.

Easy configuration and setup

The configuration of Personal aXsGUARD is kept to a strict minimum. Only three parameters need to be defined: how to connect to the internet, the main aXsGUARD Gatekeeper and the Certificate of the main appliance. The Certificate contains the encryption keys to securely connect to the main site through VPN. All other security parameters are configured in the main aXsGUARD Gatekeeper appliance and are automatically pushed to Personal aXsGUARD. End-users only need to plug the Internet cable in the Personal aXsGUARD appliance to connect to the corporate network.

Remote parameters such as DHCP, WIFI settings and firewall policies are managed on the parent aXsGUARD Gatekeeper. Administrators can hence determine who can access the main site through VPN and who has direct access to Internet. The configuration allows administrators to route and monitor all network traffic on one central location while at the same time ensuring the highest security for remote or home offices with a minimum of effort. To achieve maximum uptime, multiple parent aXsGUARD Gatekeeper appliances can be defined in the configuration of Personal aXsGUARD. If for some reason Personal aXsGUARD is unable to connect to one parent appliance, a connection with another aXsGUARD Gatekeeper will automatically be set up.

Personal aXsGUARD establishes secure network connections for home workers and branch offices to companies’ headquarters With mobile workforces increasing, companies face a growing number of security concerns. Whenever an employee remotely connects to the company’s network it has to be done in a secure way. At the same time, security concerns must be balanced with the end-user’s needs ensuring a smooth and user friendly experience.


Personal aXsGUARD

remote connections

mADe eAsy

aXsGUARD Gatekeeper aXsGUARD Gatekeeper

5 solutions with aXsGUARD Gatekeeper

Information and network access security are of vital importance for

local governments in order to prevent confidential information from

falling into the wrong hands.

VASCO has years of experience and a proven track record of

successfully mitigating security vulnerabilities. With aXsGUARD

Gatekeeper VASCO helps local municipalities and governmental

organizations to implement complete IT security solutions to protect

valuable information and assets. Access is provided through a

secure, encrypted connection in order to protect the network from

hackers. Users can authenticate themselves by generating an OTP

using for instance their electronic identity card, By adding additional

content scanning licenses, users are protected from malware and

malicious sites can be blacklisted.

The all-in-one concept allows the municipality’s IT department to

organize and control its own security, without having to acquaint

itself with different multiple systems and the complexity of making

different appliances work together.

If necessary, aXsGUARD Gatekeeper can be remotely managed

by the IT partner helping local governments to stay ahead of the

onslaught of IT threats at a fixed price.

aXsGUARD Gatekeeper provides several possibilities for secure

remote access, making it easy to connect different sites of

municipalities through aXsGUARD Gatekeeper’s e-tunnels with

automatic failover. Smaller sites with only a couple of workplaces

can be connected and centrally managed with a Personal

aXsGUARD. Confidential documents are securely shared through

the SSL web portal, protected with a DIGIPASS device.

Benefits

• Complete solution, covering all aspects of network security • Ideal for undermanned IT staff• Full scale of remote access possibilities. Choose the best fit

for each location and application• Cost savings through centralization• Enhanced confidentiality• High-availability of services• Increased transparency• Guarantees privacy of employees surfing behavior, but allows

control

simple solutions for

compleX problems

Solution 1: secure government infrastructure with limited resources

13



aXsGUARD Gatekeeper RAS software is the same software suite which is deployed on each hardware platform. You only need to acquaint yourself with one solution to service all your customers, regardless of the size of their organization.

An easy upgrade path allows you to expand the aXsGUARD Gatekeeper as the needs of your customer grow. Since the software remains the same only the hardware needs to be replaced. Every aXsGUARD connects to VASCO’ service center every 4 hours to back-up its configuration. In case of unexpected hardware failure, or when upgrading towards a stronger hardware system, the configuration can easily be restored from the service center back-up system.

Every customer’s infrastructure runs on the same version thank to automated updates There’s no need for patch management at the customer’s site as everything is automated and centrally managed.

With VASCO’s central management portal ,resellers get an overview of all the customers’ systems increasing upsell possibilities. Every aXsGUARD Gatekeeper reports his status back to this central platform, so you immediately get an overview of the managed systems. Furthermore, you can access every customer’s appliance remotely through a secure connection.

Because of the completeness of the solution and the availability of servers for the complete SME market, there’s no need to invest in training, support and spare parts of multiple different vendors. aXsGUARD Gatekeeper can easily be preconfigured in the setup you desire, and can be copied to every new system.

The standard exchange warranty system allows you to give lifetime warranty on your customer’s environment, and allows upgrades at almost the price difference, guaranteeing the best ROI and TCO.

All these unique points severely reduce the chance of mistakes and oversights meaning that your customers get a faster and better service. The SEAL training program allows your support staff to become certified engineers allowing you to better service your customers. aXsGUARD Gatekeeper and VASCO allow you to focus on new business while providing you with a time-saving, high-quality solution.

Benefits

• Easy and complete solution• One solution to secure all your customers• Central management providing an overview of your customers• Upgrade path• Remote assistance from reseller to customer• Assistance from the vendor for certified engineers• End-customer gets offering high quality service

Solution 2: aXsGUARD enables services for Value Added Resellers

Organizations worldwide understand the need to secure their business-critical data and network from unauthorized access. At the same time they are also aware that anytime, anywhere access becomes overall important for a dispersed workforce and remote offices. Companies are looking for a one-stop shop to provide an overall security solution that can secure network, mail and web traffic; ensure secure access to the central network from remote sites and guarantees high availability to ensure productivity.

VASCO’s aXsGUARD Gatekeeper is an all-in-one security concept that offers secure remote access to your business-critical data through VPN tunnels. Depending on your needs, aXsGUARD offers out-of-the-box different site to site connections, as well as highly secured, personalized remote access solutions.

Productivity is enhanced as downtime is eliminated with offered features such as high availability and Internet redundancy.

Benefits

• All-in-one security solution• Business continuity is guaranteed thanks to high availability

and Internet redundancy (multiple Internet lines)• All offices are connected through an easy to manage star

network• Secure network access using VPN tunnels• Reduced complexity (one central appliance)• Two-factor authentication integrated out-of-the-box• Flexible solution, which can be integrated into any

environment (Windows, Mac, Linux)• Easy to manage• Focus on your core business, while aXsGUARD takes care of

your security

Solution 3: aXsGUARD Gatekeeper as an outstanding all-in-one security solution



Remote assistance and support is a valuable asset for customer retention. Management and support at a customer’s site however, is not as evident as it seems. Organizations are confronted with different procedures and workflows, specific network implementations and rules, administration issues, the deployment of machinery, logistic hassles…

VASCO has developed a specific aXsGUARD Gatekeeper concept for business automation enabling remote assistance and management across the entire business ensuring service continuity and eliminating costly manual processes. . A solution ideally suited to meet the provisioning and configuration needs of large, heterogeneous, geographically distributed environments. aXsGUARD Gatekeeper is deployed at the main site and VASCO’s Personal aXsGUARD is deployed at the customer’s site or built-in into your remote products and machinery, but managed on the central aXsGUARD Gatekeeper.

The secure link between the main and remote site enables remote assistance and support, automatic software updates etc.

Benefits

• Secure remote access to remote sites and equipment• Enhanced supportability

• aXsGUARD Gatekeeper can help companies to create an easily supported and consistent environment

• Helps companies to implement a fixed method of work flow • Server and network automation• Central administration• Time- saving (instant remote access, no need to deploy

people on remote site)• Cost-efficient• Overcomes network issues and policies at remote sites• Flexibility

• Administrators can define different sets of policies and rules for different user types and a different number of environments

Solution 4: business automation for secure remote assistance

Internet has become indispensable in today’s business world. A reliable internet connection is crucial for SME’s to ensure business continuity. To ensure the continuity and availability of your company and employees at all times, VASCO launches a tailor-made solution for SMEs.

The aXsGUARD Gatekeeper Internet Redundancy bundle is a solution where a second internet line is deployed in addition to the line of your existing provider. By installing internet lines using different technologies (cable – xDSL), connectivity is guaranteed and you can continue working without any problems even when the internet connection should fail. aXsGUARD Gatekeeper will immediately detect failures and automatically switch to another available line.

Benefits

• Business continuity guaranteed for all incoming/outgoing traffic (e-mail, internal and external websites, VPN, …)

• Flexibility • Connect multiple internet connections to your network and

choose which type of internet traffic passes through which line (surfing, mailing, downloading files, …)

• Reliability• Ample experience (>3500 installations)• Robust hardware with the possibility of a lifetime warranty

• Speed• Divide your internet traffic over your available Internet lines.

This gives you the best speed according to your needs• Easy maintenance with automatic software updates and

remote configuration back-up• Future proof solution:• Ready for strong authentication via DIGIPASS-technology• Easy to extend (software bundles, content scanning,

DIGIPASS)• Upgrade to more performing hardware against the price

difference

Solution 5: guaranteed business continuity for SMEs

aXsGUARD Gatekeeper aXsGUARD Gatekeeper

Technical specifications

16

unDer the hooD

Hardware specifications

AG2504 AG3443 AG3604 r2 AG5506 AG7500 Operating System Gatekeeper Core OS 7.6 Gatekeeper Core OS 7.6 Gatekeeper Core OS 7.6 Gatekeeper Core OS 7.6 Gatekeeper Core OS 7.6

Chassis Form Factor Desktop model 1U Rack Mount 1U Rack Mount 1U Rack Mount 2U Rack Mount

Processor Type Intel® Atom™ N450 processor

Intel® Atom™ D510 processor

Intel® Atom™ D525 Intel® Core™ 2 Duo E8400 3GHz 1333MHz 6MB LGA775

Intel® Xeon Proc. 5620/ 2.4GHz/ 5.86GTs 12MB

Memory 1 GB 667 Mhz DDR2 SO-DIMM

1GB 667MHz DDR2 SO-DIMM

4GB 800MHz DDR3 SO-DIMM

4GB 800MHz DDR2 ECC CL5 DIMM

12GB 1066Mhz DDR3 ECC CL7

Disk n/size 1 x HDD/160 GB SATA 2.5” 5400rpm 8MB

1 x HDD/WD RE4/250GB SATA 7200rpm 64MB




Hot Swappable No No No No YES

Raid formatted No No No No RAID1

Power Supply 60W, 15V power adapter

AC 100~240V, 50/60 Hz, 4-2 Amp Max 200W max




Power Redundancy No No No No Hot swappable

Network Ports 4 GbE NIC 3 GbE NIC 4 GbE NIC 6 GbE NIC 10 GbE NIC

Management Web GUI SSH

Web GUI SSH

Web GUI SSH

Web GUI SSH

Web GUI SSH

Dimensions (W/H/D) 182 x 150 x 40mm7.1” x 5.9” x 1.65”

437mm x 43mm x 249mm 17.2” x 1.7” x 9.8”

437mm x 43mm x 249mm 17.2” x 1.7” x 9.8”

426mm x 43mm x 365mm 16.8” x 1.7” x 14”

437mm x 89mm x 450mm 17.2” x 3.5” x 17.7”

Weight 0,8 kg (<1,8lbs) excl. adapter

1,1 kg (<2,4lbs) incl. adapter

6,7 kg (<15lbs) 6,7 kg (<15lbs) 7.7 kg (<17 lbs) 17.6 kg (<38.8 lbs)

Compliance to standards

Safety UL, CE, ECC-EMC, LVD

Safety UL, C-UL, CE EMC FCC, CE Environment RoHS




Mounting Position Desktop model Horizontal orientation,19” Rack, 1 U

Horizontal orientation,19” Rack, 1 U

Horizontal orientation, 19” Rack, 1 U

Horizontal orientation,19” Rack, 2 U

Operating Temperature

5°C to 35°C, 40°F to 90°F. Fanless

10 to 35 °C, 50 to 90 °F 10 to 35 °C, 50 to 90 °F 10 to 35 °C, 50 to 90 °F 10 to 35 °C, 50 to 90 °F

Operating Humidity 20 to 90% (non-condensing)

8 to 90% (non-condensing)




Storage Temperature 0°C to 70°C, 32°F to 158°F

-40 to +70 °C, -40 to 158 °F

-40 to +70 °C, -40 to 158 °F

-40 to +70 °C, -40 to 158 °F

-40 to +70 °C, -40 to 158 °F

Storage Humidity 5 to 95% (non-condensing)






Technical specifications

aXsGUARD AG2504

aXsGUARD AG3443

Personal aXsGUARD (AG1296)

aXsGUARD AG5506 aXsGUARD AG7500

Specifications Personal aXsGUARD

SPECIFICATIONS - Recommended for up to 5 unique IP devices

Model AG1296 Standards IEEE 802.3, IEEE 802.3u, IEEE 802.11g, IEEE 802.11b

Internet port One 10/100 RJ-45 Port

Ethernet Four 10/100 RJ-45 Switched Ports, WIFI

LEDs Power, DMZ, WLAN, Ethernet (1, 2, 3, 4), Internet

Cabling Type CAT 5

RF Power (EIRP) in dBm 18

Security Features Statefull Packet Inspection Firewall, Internet Policy, Central management on corporate aXsGUARD Gatekeeper, PKI Certificates (can be generated by the CA of the central aXsGUARD), Custom NAT rules, routing, DHCP Server

Wireless Security WEP, WPA-PSK-AES encryption, WPA-PSK-TKIP encryption

Internet Connections DHCP Client, PPPoE with external xDSL modem, Static IP address

Remote access •TowardscentralaXsGUARDGatekeeperthroughSSLVPN•AutomaticrecoveryofVPNconnections•FailovertowardsotheraXsGUARDGatekeeperappliancespossible

aXsGUARD AG3604


Software specifications

Administration

Basic Standard Enterprise Internet Redundancy bundle

√ √ √ √

• Web-based GUI for appliance administration

• Clickable status overview and health monitor

• Automated configuration check

• Automated license upgrade tool

• Manual or automated upgrades, with pre-testing

• Automated online updating system

• Back-up options:

• remote back-ups of configuration at VASCO Service

Center

• Back-up of configuration sent by e-mail

• Back-up of configuration, logs and mail on local file

servers

• Group- and use- based configuration allowing easy and

secure setup

• LDAP Synchronization (users/groups) from:

• Microsoft Active Directory

• Novell e-Directory

• Generic LDAP

• Predefined rules and policies allowingfast setup

• Layered access levels for admin tool

Network


√ √ √ √

• Complete set of network protocols:

• Routing tables

• NAT with helper for FTP, PPTP VPN, IRC, H.323, SIP,

SNMP, TFTP, Amanda

• Portforwarding & redirection

• SNAT/DNAT

• Masquerading

• Internet connectivity:

• Static

• DHCP Client

• PPTP

• PPPoE

• DHCP server(s)

• NTP client and server

• DNS server

• VLAN support

• Bridging support

• Dynamic DNS support (DynDNS and EasyDNS)

• Ping and trace route tool

the bits AnD the bytes



Monitoring and logging


√ √ √ √

• Internal Logging Capacity• Built- in hard disk• Detailed Real Time monitoring• Historical Reporting• e-mail notification on viruses and attacks• Syslog server delivery (local, network, relay)• Local log files of all activities• Log files kept during 2 months• Graphics

• load• Cpu usage• memory• all conifgured devices

Authentication


√ √ √ √

• Radius Server• Single Sign-on tool• Ident server• AD back-end authentication • Built in strong user authentication for:

• Admin tool• Radius clients• Firewall and Web access• VPN (PPtP, IPSec, OpenVPN)• SSL-VPN web portal (Enterprise Edition)• Application Firewall (Enterprise Edition)• Imap/Webmail (Content Scanning)

• DIGIPASS clients supported (*)• DIGIPASS GO 6 and GO 7• DIGIPASS 260 and 270• DIGIPASS for Mobile• DIGIPASS 810 e-ID card reader

• Belgian e-ID card with DIGIPASS810 eID Card Reader delivery procedure

• Integrated PKI with Certificate Authority (CA)

Firewall


√ √ √ √

• Self-adaptive Firewall• Statefull Packet Inspection (Connection Tracking)• Denial-Of-Service attack blocking• Distributed Denial-Of-Service attack blocking• IP / Packet Filter• Bad Packet Management• Predefined rules and policies • Policies based on device, type of traffic, or IP address/range• Static/Dynamic/Advanced Policies• Unlimited rules and policies• Company Policies• Group Policies (overrule Company)• User Policies (overrule/append Group)• Host Policies• Separate RAS policies• Authenticated port forwarding• DMZ zone• SPICT Firewall Performance 150 Mbps - 2Gbps• Concurrent sessions 4000 - 600.000• New sessions/second 5.000 - 15.000

IPS and IDS


√ √ √ X

• Active System Attack monitoring• Protocol Anomaly prevention & detection• Customizable detection signature list• DoS and DDoS Prevention• Fragmented Packet Reassembly• Malformed Packet Protection• Analysis of all popular application protocols• Detect network-level packet based attacks• Detection of all types of port scans, including stealth types• Automatic reconfiguration of firewall



VPN server


√ √ √ X

• PPtP Server• Propose IP Address support for PPtP Server • NAT helper for PPtP• L2TP Support• IPSEC Client to Gateway• IPSEC NAT-Traversal• IPSEC VPN Keep Alive• IPSEC VPN Dead Peer Detection• IPSec PSK (pre shared secret)• IPSec RSA Key• IPSec X.509• Integrated PKI• Internal Certificate Authority

• Certificate creation / revocation handling• Xauth support• Encryption (DES/3DES/AES/BF)• MD5 / DH2/ PFS/ SHA-1/CBC authentication• IPSec Gateway to Gateway• SSL-VPN Support with Open VPN client• SSL VPN • Fault tolerant VPN (e-tunnels)• Simplified routing using e-tunnels• Personal aXsGUARD support• Max. number VPN tunnels: unlimited• Max. number VPN users: unlimited

Multiple Internet Gateways


X √ √ √

• Redundant Internet Connections • Automatic failover• Failover decision to dedicated Internet connection• Option to drop traffic on failure of Internet connection• Policy based routing• Policies on protocol (TCP, UDP, ICMP, GRE, ESP, AH)• Policies on source address and port/range• Policies on destination address and port/range• Load balancing

Bandwidth management


X √ √ X

• Quality of Service• Internal Bandwidth management• Full Policy based traffic shaping• Static and Dynamic bandwidth shaping• Time based policies• Policies on protocol (TCP, UDP, ICMP, GRE, ESP, AH)• Policies on source address and port/range• Policies on destination address and port/range• Bandwidth management inside VPN tunnels

Public DNS


X √ √ √

• Publish public domain names and subdomain names on the Internet

• Primary and secondary zones• Forward and Reverse DNS• Allow multiple DNS servers• Publish SOA, NS, PTR, A, CNAME, MX and SPF records• Set Refresh, Retry, Expiry and Minimum time• Set TTL• Set Priorities• Automatic failover allows to reroute your web servers and VPN

tunnels instantly



Application Firewall


X X √ X

• Protects web servers in your LAN and DMZ• Malicious URL filter• URL Sanitizer• Predefined rules for OWA and Citrix with Single Sign On• FTP server protection• https to http gateway• Active Sync Compatible• Multiple Webservers• Routing based on hostname• Routing based on port number• Routing based on IP address• Strong user authentication

SSL-VPN Webportal


X X √ X

• Allows connection to all your applications through a java

compatible web browser• No additional client software needed• Personalized web portals• Single Sign-on with DIGIPASS• Predefined applications:• Terminal Server / Remote Desktop / VNC• Citrix (ICA)• Fileserver (Webbased/Webdav)• Port forwarding, allowing fat clients• Web forwards (Reverse proxy, Replacement proxy, Tunneled

Web forward)

High Availability


X X √ X

(when purchasing the Enterprise Backup bundle)

• Active/Passive• Active/Active• Automatic Configuration Synchronization• Automatic Data Replication (e-mail, logs, website, ...)• Session Synchronization for Firewall• Device failure detection • Internet Link monitoring• Link failover



Content Scanning: Mail traffic

• Separate user/group/company web access policies• E-mail attachment filter• E-mail spam detection/quarantine delete• Black and white list (e-mail, IP, text, dns)• Pattern matching with points• Customizable score threshold for object reject• MIME header check• File analysis (extension checker match)• Files embedded in other files recognition and decoding

(ZIP,RAR,TAR,LHA,...)• File content control in attachment filter• Recursive algorithm for embeddings (1000 levels)• Blocks Java Applet, Cookies, Active X Y• E-mail white & black list filters• IP white & black list filters• Text white & black list filters• Multiple blacklist servers• SPF support• Quarantine blocked files and blocked due to black list• Greylisting• Pattern matching with regular expressions• Pattern match results in points score• Sender or site blocking• sender <--> recipient relations• allow/block mail sending/receiving• allow/block attachments• spam checking/e-mail security checks• Embedded HTML or XML parser• Preconfigured backlist• Virus scanning• Multiple Virus scanners (Standard version)• SMTP Relay Server• E-mail server• POP3, IMAP4 mail server• Unlimited number of mailboxes• Distribution lists• Outgoing e-mail disclaimer (ascii / html)• Central address book• Out of Office• Mail forwarding• Remote mailbox retrieval• Group mailbox retrieving and dispatching• Webmail (https to aXsGUARD mail server or external mail server• Embedded Virus Scanner ClamAV• Embedded Virus Scanner Trend Micro (Standard)• Automatic Signature update• Automatic Engine update• Delay of update check every 15 minutes• Auto unpack of attachments

• SMTP Scanning• IMAP scanning• POP3 scanning (remote mailbox retrieval)• Encrypted VPN tunnel scanning• Quarantine / delete infected messages• Distributed Checksum Clearinghouse (DCC)• Domainkeys (check signature on mailheader)• Backscatter (check bounced mails sent from owned domain• TLS encryption

Content Scanning: Web traffic

• Separate user/group/company e-mail policies• Web proxy with adjustable cache• Single Sign on for Domain and Workgroup client PC• Additional authentication allowed for kiosk PCs• HTTP URL filter• HTTP extension filter• Time-based URL filtering• Policy-based URL filtering• User defined Black and Whitelisting• Predefined blacklists:

• Over 3 million sites• Daily updates• Predefined sitelists• Customizable categories

• Web based content scanning: (standard version)• Score based system• 30 predefined wordlists• multilingual• Customizable categories

• Extension filtering• Multi-layered Defense system• Filter selection for statistics• ClamAV virus and malware scanning with automated engine

updates• Trend Micro virus and malware scanning with automated engine

updates (standard version)• Ident authentication

Statistics

• Graphical overview• User based web traffic statistics• Computer (IP) based web traffic statistics• Site based statistics• Time based statistics• Overview of visited webpages• Obfuscating users possible• Sent e-mails• Received e-mails• Overview rejected mails

The world’s leading software company specializing in Internet Security

About VASCO

VASCO Offices

VASCO Sales Presence

Eur ope , M i dd le Eas t , A f r i ca - Wemmelpho ne : +32 . 2 . 60 9 .9 7 .0 0e ma i l : i n f o - e u r ope@vasco . c om

US A - Bos tonpho ne : +1 508 3 6 6 3 4 0 0e ma i l : i n f o - u sa@vasco . c om

USA - Ca l i f o rn iaphone : +1 6 5 0 3 7 8 1 2 0 2ema i l : i n f o - u sa@vasco . c om

www.vasco.com

CORP ORATE HQ - Ch icagopho ne : +1 630 9 3 2 8 8 4 4e ma i l : i n f o - u sa@vasco . c om

INTERNAT IO N A L H Q - Sw i t ze r l andphone : +41 43 555 35 00em a i l : i n f o - eu r ope@ vas c o . c om

Copyright © 2012 VASCO Data Security, Inc, VASCO Data Security International GmbH. All rights reserved. VASCO®, CertiID™, VACMAN®, IDENTIKEY®, aXsGUARD®, DIGIPASS®, the ® logo and the ™ logo are registered or unregistered trademarks of VASCO Data Security, Inc. and/or VASCO Data Security International GmbH in the U.S. and other countries. VASCO Data Security, Inc. and/or VASCO Data Security International GmbH own or are licensed under all title, rights and interest in VASCO Products, updates and upgrades thereof, including copyrights, patent rights, trade secret rights, mask work rights, database rights and all other intellectual and industrial property rights in the U.S. and other countries. Other names may be trademarks of their respective owners.

VASCO is a leading supplier of strong authentication and e-signature solutions and services specializing in Internet Security applications and transactions. VASCO has positioned itself as global software company for Internet Security and designs, develops, markets and supports DIGIPASS®, CertiID™, VACMAN®, IDENTIKEY® and aXsGUARD® authentication products. VASCO’s prime markets are the financial sector, enterprise security, e-commerce and e-government.

BR201202 - v1

Aus t ra l i a - Syd ne yphone : +61 2 8061 3700em a i l : i n f o - aus t r a l i a@ v as c o . c o m

La t in Am e r i c a - B ra z i lphone : +5511 3443 7541em a i l : ES -b r a z i l@ v as c o . c om

As ia - Pac i f i c - S inga porephone : +65 6323 09 06em a i l : i n f o - a s i a@ v as c o . c om

As i a - Pac i f i c - Japanpho ne : +81 3 5 5 3 2 7 8 6 2e ma i l : i n f o - j a pan@vasco . c om

As ia - Pac i f i c - I nd iaphone : +9 1 2 2 4 0 9 0 7 1 1 2 -1 4ema i l : i n f o - i n d i a@vasco . c om

Euro pe , M idd le Eas t , A f r i ca - Aus t r i aphone : +4 3 1 9 0 4 3 1 3 2 -0ema i l : i n f o - eu r ope@vasco . c om

Sales offices

axsguard gatekeeper

Technology