LOG IN | Register |

0 item(s) in your shopping cart, USD

WinGate Screenshots

Home > Products > WinGate

Screenshots

The activity screen in GateKeeper allows you to view what is going on in WinGate <B>in real time</b>. You can also perform administrative tasks, such as deleting (terminating) a session, banning a user, black-holing an IP address etc.

Activity screen

WinGate can bypass system routing when it makes outbound connections. This allows you to define which available internet gateways will be used on a per-service basis, and the way that multiple connections can be used (e.g. failover, or round-robin for bandwidth aggregation). WinGate monitors gateway availability (if enabled), and automatically applies the policies you define to the list of available gateways to select which gateway to use on a connection-by-connection basis.

Gateway usage

WinGate's bandwidth control allows you to define restrictions that will be applied to specified types of traffic. This includes restrictions about absolute bandwidth use, or percentage of available (unused and non-reserved) bandwidth used.

Bandwidth Control: Restrictions

Transparent proxying is the interception of connections by a proxy. This allows you to enforce a single policy on all traffic of a certain type, regardless of whether your users are configured to connect to a proxy, bypass proxy by using Network Address Translation (NAT), or whether they are using WinGate's SOCKS server or the WinGate Internet Client.

Transparent proxying

WinGate keeps track of data and time resources used on a per-user basis. This can be used to determine how much data users are using. The current account balance is available to policies as well, so policies can be created which require users to have a positive account balance in order to gain access.

User accounting

The bandwidth control rules are used to determine the type of traffic that has restrictions applied to it. This allows you to specify source and destination IPs and ports, and protocol type to apply to a specific restriction. For example by setting the destination port to 80, you would be creating a rule which matched HTTP. If you wanted to only restrict certain users, you could enter their IPs. So in this way control is available on a per-user, per-service, per time-of-day basis.

Bandwidth Control: Rules

WinGate can redirect incoming connections on a given range of ports to a predetermined internal (or external) host. WinGate allows you to override the port number as well. A variety of other security-related options are also available.

Port redirection

Using the remote command shell feature in WinGate, you can execute console commands on the WinGate server remotely. This allows you to do things like ping hosts, change the route table, run scripts, reboot servers etc.

Remote Command Shell

The firewall screen shows packets that have been blocked by the system, or packets that match port range settings which are configured to notify WinGate on access. Packets may be blocked for a variety of reasons, depending on WinGate's configuration.

Firewall screen

WinGate's bandwidth control allows a selection of scheduling mechanisms depending on the user requirements. The priority levels are used to allow some lower priority traffic to still be sent even under high loading.

Bandwidth Control: Scheduling

The Email Queue Management pane in GateKeeper allows you to view currently pending email deliveries on a per-domain basis. From this panel, you can force a retry of selected domain delivery jobs, preview, bounce or delete individual messages, and a variety of other email queue management tasks.

Email queue management

You can monitor the amount of data going in and out of a particular adapter, by right-clicking on the adapter in the network tab in GateKeeper, and selecting <B>Properties</B> then the performance tab.

Adapter: Performance

WinGate's HTTP cache allows you to specify sophisticated rules about what requests will be cached. Additionally there are a number of built-in rules to prevent WinGate from caching things that it shouldn't (i.e. secured content, or the results of form postings).

HTTP cache configuration

WinGate needs a user database in order to be able to provide user-level security etc. In cases where the operating system that WinGate is installed on does not have a user database, WinGate has its own one. Alternatively if the OS WinGate is installed on does have a user database, or is part of a domain or Active Directory, then WinGate can synchronise and authenticate against that OS user database. This saves system administrators the pain of replicating the existing user databases on the network.

User database options

Similar to port redirection, but running as a proxy, the TCP and UDP mapping proxies allow you to map incoming connections through to pre-determined locations. The mapping proxies also allow you to specify per-user mappings, and also mappings that depend which dialup connection you are currently connected to.

TCP mapping proxies

WinGate can provide individual user credentials even when multiple users are connecting to WinGate from a Terminal Server.

Terminal services users

Kaspersky AntiVirus for WinGate allows the user to scan incoming and outgoing Web, FTP, POP3, and SMTP traffic for known viruses. The plugin also integrates with WinGate's scheduler service to obtain regular virus signature updates.

AntiVirus settings

Adapters in the system can be configured for how they will be treated by WinGate. This allows the administrator to mark an interface as internal, external, or DMZ. Alternatively WinGate can automatically determine the most likely usage. This allows very flexible network configuration, and allows WinGate to adapt to changes in networks (i.e. if you unplug an adapter from one network and plug it into another, the usage may change).

Adapter usage configuration

WinGate's cache configuration allows you to also specify sophisticated rules about what files will be removed from the cache when a purge is performed. This allows you to keep the most useful files in the cache.

HTTP cache purge configuration

WinGate's own DNS resolver was written to provide advanced resolution capability that was not available in the OS. This also includes a fully implemented DNS cache. DNS caching can greatly improve the response time for DNS lookups.

DNS resolver cache

The DHCP server is capable of running in a fully, semi-automatic or fully manual mode. This relates to the auto-creation of configuration information (scopes) when DHCP requests are received. In most cases, no user configuration of the DHCP server is required (unlike many other DHCP servers), however if required, the user still has the ability to override default settings (i.e. specify a different DNS server or default gateway to use).

DHCP Server: Mode

This is where you configure which machines on your network are terminal servers (i.e. running MS Terminal Services, or Citrix, or even another proxy server). By entering an IP address in this list, the credentials are no longer inherited between sessions from this machine, which means each session has to establish its own credentials. This allows for individual user-level control in a terminal-services environment.

Multi-user machines

WinGate has a number of available options for SMTP message reception. These include various limits, as well as extra checks made for mail received from untrusted sources (i.e. unauthenticated, or received on an untrusted interface). The Open Relay Detection uses ORBS-style DNS RBL requests to verify sending servers. Spoofed-address blocking uses a DNS-based mechanism to determine whether the sending server is legitimately entitled to be delivering mail from the domain it claims to be. This allows for a great reduction in the amount of received unsolicited email (SPAM).

Email reception options

The DHCP server settings are the database of scopes and options associated with them. This is also where DHCP reservations are created, and global system options are set.

DHCP Server: Settings

WinGate allows you to specify additional restrictions on a per-email address basis, including message limits, attachment blocking, and copying of messages.

Per-address email restrictions

several WinGate services support WinGate plugins (including Kaspersky AntiVirus for WinGate, or PureSight for WinGate). These services are: SMTP server, POP3 Proxy, WWW Proxy, FTP proxy.

Service support for plugins

Normally a proxy request made by a client contains information about the end-server that the proxy must connect to. Requests that are typically made to a server do not contain this information, and are called Server Requests. WinGate can handle server requests in a variety of ways, including blocking it, or piping it through to a predetermined server. This can be used to host a WWW server behind your firewall, and still apply proxy rules to requests made to it from the Internet.

Server request handling

WinGate may block email reception for a number of reasons. This image shows a number of these reasons, including: message contained an unacceptable attachment, sender domain was invalid, policy denial etc.

History showing blocked emails

When a DHCP lease is assigned to a DHCP client, various options may be set. Options are able to be set on a global, or per-scope, or per-reservation level allowing a great deal of flexibility.

DHCP Server: Lease options

Data that fails scanning by a WinGate plugin is typically quarantined. The quarantine panel in GateKeeper allows the administrator to view quarantined files, and optionally release or delete them.

Quarantine

Services in WinGate can now be bound to any number of ports and interfaces, and support SSL connections, and TLS (where supported by the protocol). This allows the administrator to easily configure secure networks with encrypted connections. Additionally since the binding is based on policy, it reacts to changes in the network. The administrator no longer needs to change service configuration when their IP address changes (e.g. ADSL DHCP lease renewal), or when interfaces become available and unavailable (i.e. wireless networks).

Service bindings

WinGate can periodically poll any number of POP3 accounts and download any mail on them, sort it, and deliver it locally or remotely. The POP3 client supports a number of authentication mechanisms, and TLS connections.

POP3 email collection

WinGate allows you to centrally administer WinGate Client configuration. This means that a network using the WinGate client can be easily administered. The central configuration allows the administrator to specify on a per-user and per-application basis what will be allowed.

Central WGIC configuration

WinGate supports TLS connections to its SMTP and POP3 servers, and also for its POP3 collection client. Additionally WinGate supports a number of authentication mechanisms, allowing the administrator to easily secure their mail networks.

Email security options

WinGate parses all received emails for content, and allows you to specify file extensions which will be blocked by the system. This is useful to stop certain types of files which are commonly associated with email-borne viruses.

Email attachment blocking

WinGate's SMTP delivery mechanism allows you to override default delivery settings on a server-by-server basis. This allows you to specify authentication requirements for delivery to specific servers.

Delivery per-server configuration