Firewalls are the cornerstone of network security – and at its most basic level – controls traffic flow between a trusted network – like a corporate LAN – and an untrusted public network – like the internet. Due to the growing number of applications on the network, coupled with the threat challenges and compliance issues that define today’s network security, the need for a better firewall is more important than ever.
The VergX Next-Generation Firewall (NGFW) solution combines application awareness, user role integration and Deep Packet Inspection (DPI) to give resellers more control over their customers’ applications and the network infrastructure. The NGFW provides granular policy control based on factors like user ID, application, URL category, group membership and time of day. Application Level Gateways (ALG)s are also supported for a variety of protocols ensuring firewall and Network Address Translations (NAT) functionalities are seamlessly supported for all applications.
URL Categorization, Filtering and Control
Virtual Customer Premise Equipment (vCPE) / SD-Security solution provides a rich set of URL Categorization and Filtering Capabilities to screen web traffic to see if it poses a security risk, is out of compliance with company policies, if it needs to be filtered for parental control, or if it needs to be authenticated / authorized further for access or for another purpose.
This solution comes with more than 80 predefined URL categories that allow resellers to quickly manage customer URLs by category, trustworthiness, confidence level, etc. In addition to predefined classes, VergX also provides user-defined / custom classes that can be created and managed as needed.
These capabilities are key to providing safe and compliant network services to enterprises. With the added benefit of granularity of users and user-groups – different actions can be taken on top of the URL like, allow, alert, drop session/packet, reject, ask, justify, block and override.
L7 Access Control
The Application Access Control feature provides the ability to manage and secure application traffic flows using a very rich set of application traffic policies. The VergX solution recognizes traffic flows of more than 2,600 applications and maps them to major and sub-classes helping manage flows of each application.
Application Access Control capabilities include allow, deny, restrict access, redirection, captive portal based application access management, logging, and other advanced actions like scripting. Combined with User and Group Level Access Control, Application Access Control gives tremendously powerful capabilities to network operators.
URL & IP Reputation Feeds
The NGFW includes a market leading integrated URL and IP Reputation solution that provides an effective management of traffic destined to URL or IP Destinations based on systematically collected opinions of a world-wide community of users.
When used in combination with URL Filtering, URL and IP Reputation ensures that traffic – using the community of user’s experiences – does not visit questionable or out of compliance sites. The URL & IP Reputation feeds are updated periodically to reflect changes in the Internet environment and community of users. This feature is also very effective in suppressing C&C virus or malware traffic that could be planted in user’s machines or within their content.
User/Group Access Control
The VergX NaaS solution has built-in User and Group Based Control capabilities, enabling a whole new dimension of security and policy control based on user and user-group credentials. The NaaS solution integrates with Active Directory through LDAP and Kerberos mechanisms, gets the user and group information and applies security, and access.
User & group focused security and control policies also allow the creation and execution of user & group specific services like, parental guidance, enforcement of company compliance, access & authorization policies, and policies tailored for specialized users such as executives, guests, contractors and more.
With this policy dimension, SD-Security & SD-WAN extend out to cover industry leading multi-dimensional policy based decisions like routing policies, application policies and URL & IP reputation with user & group information, which allows the most extensive and powerful set of policies to be defined and executed on the user’s traffic