Services are software modules running on the service layer of the firewall. Each service provides a piece of network functionality. Depending on which service you start, it might require additional services or be limited to one service per virtual server or device. The following services are available on stand-alone and managed firewalls.
Access Control Service
The access control service defines security policies for network users (e.g., VPN clients) and provides a range of features, such as registry checks and repairs on a client. Create access control objects with policy rulesets specifying the required system and service settings to let the CloudGen Firewall F perform identity and health checks on connecting clients and groups.
For more information, see Access Control Service.
The DHCP service automatically assigns IP addresses to clients in the same network. For clients requiring special DHCP options, combine the DHCP server with the DHCP relay service to share a DHCP server across multiple network segments.
For more information, see DHCP.
The CloudGen Firewall can act as an authoritative DNS server. The DNS service returns definitive answers to DNS queries for domain names and IP addresses. Use split DNS to return different answers depending on the source IP of the DNS query. This allows you to redirect internal clients to an internal IP address of a server.
For more information, see DNS.
Dynamic Routing Protocols (OSPF/RIP/BGP)
Dynamic routing enables the CloudGen Firewall to learn and select the optimal route to a destination IP address, detects changes to the network topology, and advertises these changes to other neighboring routers. Three dynamic routing protocols are supported - OSPF, RIP (V1 and V2), and BGP.
For more information, see Dynamic Routing Protocols (OSPF/RIP/BGP).
The forwarding firewall handles all traffic for which the destination does not match with a listening socket on the firewall - in other words, all traffic passing through the CloudGen Firewall. The firewall service includes all Application Control features such as virus scanning, mail security, or file content filtering.
For more information, see Firewall.
The FTP gateway service of the CloudGen Firewall acts as a proxy for an internal FTP server. Policies including authentication settings, permissions, and restrictions for server access and file handling are defined per gateway. You can also create user-specific and group-specific profiles.
For more information, see FTP Gateway.
The HTTP proxy service provides content filtering and caching, antivirus and malware protection, and access control. You can configure the HTTP proxy in forward, reverse and transparent mode.
For more information, see HTTP Proxy.
The mail gateway service handles mail traffic according to delivery policies and scans incoming and outgoing mail for viruses and malware. The mail gateway service also supports extended domains, POP3 scanning, and group patterns for recipient verification. The mail gateway interface displays the mail queue from where you can perform operations such as showing processes, logfiles etc.
For more information, see Mail Gateway.
The SSH proxy service allows regulating SSH connections. Based on OpenSSH, the SSH proxy service provides DoS protection, public key support, and configurable SSH protocol support for accessing target systems.
For more information, see SSH Proxy.
The SIP proxy server allows the CloudGen Firewall to act as a (transparent) proxy for SIP and RTP connections.
For more information, see SIP Proxy.
The CloudGen Firewall spam filter service identifies spam by using mechanisms such as text analysis, DNS blacklists, and collaborative filtering databases. The spam filter examines the mail header and body against a configured ruleset and a Bayesian filter. To improve the filter mechanisms, the mail filter also regularly collects and processes mail from configured training environments.
For more information, see Spam Filter.
The CloudGen Firewall offers the choice between two different web filter engines: the Barracuda Web Filter (URL Filter) or the Barracuda NG Web Filter. Both engines can be used by the HTTP proxy service, but only the URL Filter can be used in combination with application control. URLs are categorized according to content.
For more information, see URL Filter.
The virus scanner service provides virus protection, archive scanning, malware detection, and HTTP multimedia streaming. The virus scanner service can be configured using the integrated Avira or ClamAV virus scanning engine. Using the virus scanner service requires a subscription that can be renewed annually.
For more information, see Virus Scanner.
The VPN service supports site-to-site, client-to-site, and SSL-VPN VPN connections. CloudGen Firewalls support multiple encryption methods, traffic intelligence, and WAN optimization when using the TINA protocol.
For more information, see VPN.
For administration of Wi-Fi networks, the Wi-Fi service provides configuration settings for the local access point. The service also supports user authentication in large networks via RADIUS and EAP.
For more information, see Wi-Fi.