|
|
All Clavister Security Gateway products are fully IPsec compliant, which makes the products accomplished VPN gateways with maximum flexibility.
Thanks to the close-knit integration where each VPN connection is treated as a logical interface in the firewall, filtering, logging, monitoring and bandwidth management can be performed on VPN connections as precise as on regular ethernet interfaces.
Both LAN-to-LAN solutions and roaming clients are supported, and the number of simultaneous VPN connections can be up to several thousand, depending on your product model. Clavister Security Gateway may also be used to route and filter traffic between remote networks, which makes it possible to design complex VPN networks with a minimum of administrative effort.
For authentication, both Pre-Shared Keys (PSKs) and X.509 certificates can be used. In addition, unique user identification lists for access control can be specified per VPN connection.
This, combined with VPN Clients, which often includes support for hardware tokens, such as certificates stored on smart cards, makes Clavister products ideal components in any larger PKI solution.
Clavister Security Gateway supports a large number of encryption algorithms, including AES, 3DES, Blowfish, Twofish, CAST-128 and DES. Strong authentication is supported using SHA-1 and MD5.
All IPsec parameters and encryption proposals are accessible, which dramatically simplifies interoperability with other IPsec compliant products.
Clavister Security Gateway supports DHCP over IPsec, which is a method of letting VPN clients acquire a "virtual IP address" from the private network. VPN clients will then use this virtual IP address when communicating with the private network, which helps making VPN clients integrate more seamlessly to the private network.
Clavister Security Gateway also supports NAT traversal, which allows IPsec protected traffic to be used in scenarios where one of the VPN endpoints are behind NAT. The NAT traversal functionality is completely transparent from the user. Clavister Security Gateway automatically detects the presence of NAT, and enables NAT traversal if necessary.
Clavister Security Gateway is capable of routing through VPN tunnels. This allows you to, for instance, use policy-based routing to select which VPN tunnel certain traffic should be sent through.
With the keep-alive feature, Clavister Security Gateway can make sure that any established VPN tunnel stays active. It also automatically detects "black hole" scenarios, where the other VPN gateway has removed its security association without notifying the peer. Should this happen, the VPN tunnel is automatically reestablished.
Clavister products are ideal components in any VPN solution.
|
|
|
|
|
