System and management

• specially hardened OS kernel based on Debian Linux.
• ReadOnly boot media: USB, CD-ROM
• Classic boot media: CompactFlash, Festplatte
• Language support: German, English
• Management: remote via web based configuration tool (SSL) or remote login (SSH)
• Easy configuration management
• User administration: LDAP (local and external), Active Directory
• Automatic software-update-service
• High-Availability: hot standby
• Detailed logging and interactive reporting

Interfaces

• Arbitrary number of network interfaces
• Arbitrary number of IP addresses per network interface
• Ethernet 10/100/1000 MBit/s: static or dynamic IP addresses
• ADSL (PPTP, PPPoATM, PPPoE), ISDN
• VLAN
• Bridging
• Graphical traffic reporting

Firewall and packet filter

• Stateful Packet Inspection firewall
• Support of all popular network protocols (Protocol pass through: PPTP, FTP, H.323, IRC)
• Flexible packet filter: interface, MAC Adresse, IP address, port, service, …
• Protection from DoS/Flood attacks
• Restriction of Peer-2-Peer Diensten (P2P)
• Dynamic and static address translation: Network Address Translation (NAT), Port Address Translation (PAT)
• Load-Balancing
• Transparent layer 2 firewalling (Bridged Mode)
• Randomized IP Sequencing
• TTL manipulation

Webfilter

• Proxy server (transparent)
• Caching proxy
• Authentification: LDAP (local and external), Active Directory
• Blocking of websites with dynamic categorization (content inspection)
• User defined and server based block lists for URLs and domains.
• Check for dangerous content (Cookies, ActiveX, JavaScript)
• Detailed logging and interactive reporting

Email filter

• Virus filter: protocols SMTP and POP3
• Spam filter: protocols SMTP and POP3
• Filtering of unwanted emails attachments
• Graphical reporting
• PDF and image recognition
• Deletion, identification and isolation of Spam emails
• Recognition of Phishing emails
• SMTP email encryption (TLS)
• Self learning and adaptive filter (Bayes-Filter)
• Sender Policy Framework (SPF)
• Black lists (RBL) and hash checks (Razor, DCC)
• Rule based analysis (SpamAssassin)
• Check for RFC conformity
• Deceleration of bulk emails (Teergrube)

Virtual Private Networks Gateway (VPN)

• Site-to-Site VPN: IPSec
• Client-VPN: IPSec, OpenVPN, L2TP, PPTP
• VPN client for NT/98/2000/XP/2003
• Clientless SSL VPN: Windows 2000/XP, MAC OS, Linux
• Unlimited number of tunnels and clients
• NAT traversal
• IPSec encryption: AES, 3DES, Blowfish, Twofish, CAST, Serpent
• IPSec authentification: PSK und X.509 Zertifikate
• Perfect Forward Secrecy (PFS)
• Certificate management 

Traffic shaping and bandwidth management

• Incoming and outgoing traffic 
• Predefined and user defined traffic classes: eg: VOIP, Citrix, RDP..
• Minimal guaranteed and maximal bandwidth per class
• VPN bandwidth management (over IPSec)
• Splitting of total bandwidth: IP addresses and networks 
• Graphical reports 

Captive Portal

• Browser based authentification for (WLAN) hotspots
• Automatic redirect to login form
• Authentification: LDAP (local and external), Active Directory, external RADIUS server
• Concurrent allocation of public and private network services
• Detailed logging of volumes and online times
• Flexible rights management
• Web and E-Mail reports 

Anonymisation

• Anonymisation of network traffic
• Supports anonymous web surfing
• JAP anonymisation proxy
• TOR anonymity network
• Freenet http portal

Additional services

• Dynamic DNS
• DHCP server
• Secure DNS resolver
• SSL wrapper for arbitrary services