Genugate Feature Sheet

Security first.

GeNUGate Feature Sheet

Application Level Gateway (ALG) Additional Relay Features

Application Level Proxies FTP

FTP relay File Transfer Protocol Client passive mode + HTTP relay Web services (HTTP, HTTPS) Reverse DNS lookups + NNTP relay Network News Transfer Protocol PING relay Ping (ICMP) HTTP

POP3 relay Receive email URL filter (raw/decoded) + SIP relay VoIP (GeNUGate 6.1) SMTP relay Email communication NNTP

Telnet relay Telnet services News group filter + WWW relay Proxy for filtering/scanning web content SMTP Circuit Level Proxies Maximum size + Generic IP relay + File extension ACL + Generic TCP relay + MIME type ACL + Generic UDP relay + Relay protection + Available services SSH, IPsec, LDAP, NTP, IMAP, SNMP, Validate sender MX/IP + RDP and many more Sender ACL + Recipients ACL + Stateful Filtering Pattern blocking + Network Address Translation (NAT) + Sender Policy Framework (SPF) + Quality of Service (QoS) + Queuing (traffic shaping) + Telnet Port forwarding + Reverse DNS lookups + Filter criteria IP address, protocol, port, operating system, Session logging + flags and state Filter action Pass, drop and log WWW TCP handshake offloading + URL ACL + Spoofing protection + Domain ACL + DDoS protection + MIME type ACL + Packet normalization + Fast weeding + Policy filtering + Weeding domain ACL + Load balancing + Cookie filter + Auto configuration + Cookie ACL + Stop animated GIF +

* optional Relay Settings

Relay Connection Settings FTP HTTP IP NNTP Ping POP3 SMTP TCP Telnet UDP WWW

Interface selection + + + + + + + + + + + Listening port + + – + – + + + + + + Timeout + + + + + + + + + + + Destination address + + + + – + – + + + + Destination port + + – + – + – + + + + Port ranges + + + + + + + + + + + SSL / TLS – + – – – – + – – – + Transparent relay – + + + – + – + – + + Destination transparent relay + + – + – + + + + + + Source transparent relay – + – + + + – + – + + Extended ACL – + + + + + + + – + + Address range for outgoing connection – + + + + + – + – + + Macros + + + + + + + + + + +

Access Control List (ACL) FTP HTTP IP NNTP Ping POP3 SMTP TCP Telnet UDP WWW

Source address + + + + + + + + + + + Destination address + + + + + + + + + + + Group authentication + + + + + + + + + + + Weekday + + – – – – – – – – + Time + + + + + + + + + + + Macros + + + + + + + + + + +

Authentication FTP HTTP IP NNTP Ping POP3 SMTP TCP Telnet UDP WWW

Tokencard (Cryptocard) + – – – – – – – + – + Kerberos + – – – – – – – – – + LDAP / LDAP group + – – – – – – – + – + Password + – – – – – – – + – + Radius + – – – – – – – + – + S/Key + – – – – – – – + – – Sidechannel (incl. time frame) – – – – – – – + – – –

Logging FTP HTTP IP NNTP Ping POP3 SMTP TCP Telnet UDP WWW

Client connection attempts + + – + – + + + + – + Server connection + + + + + + + + + + + Closing connection + + + + + + + + + + + Client request logging + – – + – + + – – – + Binary accounting + + + + + + + + + + + RRD statistics + + + + + + + + + + +

Virus Scanning* FTP HTTP IP NNTP Ping POP3 SMTP TCP Telnet UDP WWW

Virus scanning + – – + – + + – – – + MIME type ACL + – – + – + + – – – + URL ACL – – – – – – – – – – + Content type ACL – – – – – – – – – – + Transfer status – – – – – – – – – – +

Content Filter FTP HTTP IP NNTP Ping POP3 SMTP TCP Telnet UDP WWW

Active content filter – – – + – + + – – – + Java – – – + – + + – – – + JavaScript – – – + – + + – – – + ActiveX – – – + – + + – – – + Selectable programs (e.g. Flash) – – – + – + + – – – + Request method filter + – – – – + – – – – + Info message – – – + – + + – – – +

* optional Virus Scanning * URL Filter – GeNUBlock*

Scan engines Avira AntiVir for GeNUGate, Update blacklists automaticly + Sophos Anti-Virus for GeNUGate Define additional domains/URIs + Virus pattern update (automatic/manual) + Redirect blocked requests + External scan server* + Block by categories + Supported relays FTP, NNTP, POP3, SMTP, WWW (e.g. gambling, online auctions) Compressed file types ARJ, BZ, BZ2, CAB, GZ, JAR, LHA, RAR, External proxy + TAR, TGZ, UUD, UUE, ZIP Recursive scan +

High Availability (HA)*

Email OSPF support + Automatic configuration distribution + General Watchdog (system monitoring) + File synchronization + Modes Server/Forwarder Distributed command execution + Smarthost + Load sharing (active-active) + Mail masquerading + Maximum nodes 32 Delivery Status Notification (DSN) + Relay protection (sender check/blacklist) + Mail aliases + Autocrypt emails +

Error Handling

Error types Blocked content, no sending permissi on, bad MIME type, blocked extension, virus, encryption failed Individual error message + Notification introduction + Greeting text + Packet Filter (PFL)

Reactions Notify sender/recipient, only notify Stateful packet filter + internal user, quarantine, bounce, alert Network Address Translation (NAT) + Quality of Service (QoS) + Spam Protection Queuing (traffic shaping) + Rating ≥ 80 predefined pattern, additional own Port forwarding + pattern, change pattern rating Filter criteria IP address, protocol, port, Greylisting + operating system, flags and state Real-time Blackhole List (RBL) + Filter action Pass, drop and log TCP handshake offloading + Spoofing protection + DDoS protection + Web Caching Packet normalization + Policy filtering + Multiple caches + Load balancing + Force authentication + Auto configuration + Domain whitelist for authentication + Configuration monitoring + ACL + Boot media Floppy / USB External proxy + GUI configuration Via ALG ICAP interface + Logging To the ALG

* optional Security first.

Logging and Events System Management

Log sectors Configuration, relay, cages, authentication, Supported languages English, german local services, kernel, backup Time support Timezones, NTP Log reactions Alert log, email notification, email digest, down all console message, execute programs/scripts, shut User Management

network interfaces, halt system, trigger event User profiles + Event reactions Email notification, execute programs/scripts, Granular permission FTP, email, login, WWW, administration shutdown network interfaces, single user mode, rights, remote access halt system, SNMP trap, close connections, User groups + stop accepting new connections Authentication Password, Cryptocard, S/Key Logfile GUI + Administrator profiles + Download logfiles GUI, scp Granular administrative rights External syslog server + for each action Read only, change

Administration

Graphical User Interface (GUI) + Access Web (HTTPS, 128 Bit SSL/TLS), console, SSH

Reporting Patches

Management summary + Get system / virus updates by GUI, console Automatic virus updates +

Backup

Configuration backup by GUI, SSH, floppy, USB stick Statistics System backup Mirror disk*, SSH Automated backups + Recording period Up to one year Refresh period 5 minutes

Hardware Sensors CPU, hard disk, swap, memory, temperatures, Central Management with GeNUCenter fan speed Configuration + Network Monitoring + Sensors Interface traffic, relay requests, Logging + network statistics (netstat) Software (patches / updates) + Rollout management + Mail

Sensors Mail queues, blocked emails

Virus scanning

Sensor Virus count*

* optional

GeNUA, Gesellschaft für Netzwerk- und Unix-Administration mbH www.genua.eu Domagkstrasse 7, 85551 Kirchheim, Germany, phone +49 (89) 99 19 50-0 GG-FS-0710-4-E