Document Actions

System Modules

Filtering Mechanisms (firewall function) The Eurotux Firewall is able to filter application layer (layer 7) packets, thus making monitoring, control and filtering of data traffic more efficient and secure.

Routing between internal, external and DMZ networks

The Eurotux Firewall isolates the internal network from the external network, blocking access to the internal network for external machines. However, the Eurotux Firewall features a DMZ (demilitarized zone) that allows some external machines access (with a few restrictions) to the internal network. Permissions granting internal machines access to the external network are provided by the administrator.

NAT between internal networks and the outside

The Eurotux Firewall allows for NAT between internal networks and the outside, thus assigning a public address for a computer (or group of computers) within a private network. The main use of NAT is to limit the number of public IP addresses that an organization or company should use, for the purpose of safety and economy.

Remote access for web Administration

The Eurotux Firewall features a web interface for administration that can be accessed remotely and allows for complete management of the solution.

SNMP Access for monitoring and sending system logs to monitoring server

For the proposed solution to bring added value, the existence of a monitoring platform (for example, Nagios, OpenView, etc.) that would receive information from the Eurotux Firewall and generate reports and/or alarms, would be desirable. With that in mind, the Eurotux Firewall includes the capacity for information gathering (SNMP, NRPE) as well as for sending system logs to a monitoring platform.

Alarm generation tools

This module has the ability to send alarms by e-mail, regarding a few parameters directly related to the usage of the Eurotux Firewall system and the hardware platform it’s installed on (for example, memory usage, occupied hard drive space, etc.).

Primary DNS Service

The Eurotux Firewall is able to block web access to domains or contents as the administrator so desires. The granularity of this access-barring may be set to users (in the case of being embedded in an active directory), IP, or MAC address.

DHCP Server

Automatically assigns different IP addresses for computers at the moment they request connection to the network. IP addresses are distributed according to a previously configured interval on the Eurotux Firewall’s DHCP service. Whenever a machine disconnects, it’s IP address is freed to be used by another.

DNS-caching Service

Stores information from accessed websites, allowing for future access to websites for which information has been previously stored on the  Eurotux Firewall to be quicker.

IPsec, and OpenVPN support for VPNs

The VPN service permits the establishing of secure connections from outside of the client’s facilities to the local network. The services and/or resources that users will have access to will depend on their profile, with access being provided as if being physically on the local network, in a secure method (having access to all or only a specified set of resources).

The authentication of VPN’s established by OpenVPN may resort to a local file, a RADIUS service or an Active Directory service. VPN through IPsec enables authentication via local file.

Traffic Shapping

The Eurotux Firewall allows bandwidth management for Internet connections, thus making it possible, for example, to prevent the congestion of vital services.

Advanced Routing

The Eurotux Firewall enables the management of several Internet connections. This feature provides the capacity to route different services through different accesses. One of the most useful features is the detection of connectivity failure and allowing Internet access to be automatically re-established through an alternate link, so that network users can carry-on working without interruption.

Traffic Monitoring

The Traffic Monitoring service enables the analysis of the origin and type of traffic that uses Internet access. This allows for the analysis of the occurrence of bottlenecks and potential problem sources that harm the solution’s functionality.

Proxy Service with content filtering

The primary aim of this service is to: increase the access performance to HTTP service (using a cache mechanism) and implement a comprehensive and flexible mechanism that allows for access management (restrictions, statistics, etc.).

Load Balancing

This module enables the implementation of three types of features:

  • HTTP load balancing for several internal servers;
  • SSL Acceleration;
  • Using on IP address for multiple websites.
AAA - Authentication, Authorization and Accounting

The term AAA is a reference to the protocols related to the procedures for authentication, authorization and accounting. The authentication verifies the digital identity of the system user, the authorization guarantees that an authenticated user gains access only to authorized resources, and lastly, the accounting refers to the gathering of information regarding the use of system resources by their users.