We Optimized Your Assets

Essential Network Firewall

June 28th, 2013 by

Essential Network Firewall

A good firewall can prevent exploits that lead to data loss or theft, infected computers, and other incidents that cost you time and money. The protective features in our Essential Network Firewall are designed for simplicity. We make it easy to control incoming and outgoing traffic. So you can be assured that you are configured for complete protection.

The firewall in our UTM appliance is easy to use. With an open, visual layout you can be as broad or as detailed as you need.

We make firewall configuration simple with an object-based approach. You define an object like a workstation, file server or web server, and re-use it as needed.

The packet filter is configured to deny-by-default. Only traffic that you specifically allow will pass through. This reduces the amount of time administrators spend learning and configuring the firewall. It also ensures that no unwanted traffic will be allowed through the firewall by accident.

The Sophos firewall includes a variety of tools and features for controlling data flows that are allowed to pass from the Internet to the internal LAN and vice versa:

  • Stateful packet filter
  • Application-level deep packet filtering
  • Controls network access for specific protocols and applications
  • Flexible rules management
  • Can include hosts, networks, groups or VPN users
  • Automatic rule generation for application proxies and internal services
  • Time-based activation
  • Policy-based routing
  • Interface-based rules
  • Network Address Translation
  • SNAT/DNAT, 1-to-1 NAT
  • Masquerading

Native Windows Remote Access
Sophos acts as a receiver for the native Windows VPN. So users can create tunnels quickly and easily.

Native Windows Remote Access is a budget-friendly VPN. It is designed for organizations that need secure remote access that is easy to deploy and easy to use. Using the client tools in Windows, employees can authenticate and build a secure tunnel to any Sophos installation in moments. And you control access by group, individuals or a combination of both.

  • PPTP (Point-To-Point Tunneling Protocol)
  • Supports strong encryption (128-bit)
  • Local or RADIUS based user authentication
  • Authentication protocols: MSCHAPv2
  • IP Address assignment via pool network or DHCP server
  • Supports native Windows and Apple iPhone client
  • L2TP (Layer-2-Tunneling Protocol) over IPSec
  • Authentication via pre-shared key or X.509 certificate
  • Local or RADIUS based user authentication
  • Authentication protocols: PAP, CHAP, MSCHAP, MSCHAPv2
  • IP Address assignment via pool network or DHCP server
  • Supports native Windows and Apple iPhone client

IPv6 Support
Sophos UTM lets you migrate step-by-step to the new world of IPv6.

By supporting a set of different tunneling and translation techniques you can easily connect IPv6 “islands” over your existing IPv4 infrastructure or even run IPv6 and IPv4 at the same time, across the same networks. We are fully certified as “IPv6 Ready” and have one of the most complete implementations of IPv6 support.

Sophos UTM includes the first IPv6 ready packet filter with CC EAL4+ certification.

  • Tunnel Broker
  • SixXs
  • Freenet
  • Teredo
  • Dual Stack
  • 6to4 Mapping

Amazon Virtual Private Cloud Connector (VPC)
In addition to support for running UTM inside the Amazon Cloud itself, you can use UTM to access a dedicated private piece just for you using their dedicated and scalable hosting infrastructure. Sophos UTM is one of just three select providers to offer a secure connector to the Amazon VPC.

Virtual Private Cloud Hardware Connector
A purpose-built connection utility to VPC to access all your hosted servers with the strongest level of security Amazon supports.

Knowledge Free
Amazon VPC uses BGP routing across multiple tunnels to provide the utmost in security and reliability. With UTM, you don’t have to study all the technical details, you can link your UTM to VPC in seconds.

Link your UTM to Amazon VPC using your Amazon account to have an encrypted connection to redundant Amazon gateways built automatically, or choose to download the configuration from your Amazon account and simply upload the file into UTM.