LOG IN | Register |

0 item(s) in your shopping cart, USD

Download and try the latest WinGate 7 free for 30 days.

Home > Products > WinGate

Screenshots

The activity screen in GateKeeper allows you to view what is going on in WinGate <B>in real time</b>. You can also perform administrative tasks, such as deleting (terminating) a session, banning a user, black-holing an IP address etc.

Activity screen

WinGate can bypass system routing when it makes outbound connections. This allows you to define which available internet gateways will be used on a per-service basis, and the way that multiple connections can be used (e.g. failover, or round-robin for bandwidth aggregation). WinGate monitors gateway availability (if enabled), and automatically applies the policies you define to the list of available gateways to select which gateway to use on a connection-by-connection basis.

Gateway usage

WinGate's bandwidth control allows you to define restrictions that will be applied to specified types of traffic. This includes restrictions about absolute bandwidth use, or percentage of available (unused and non-reserved) bandwidth used.

Bandwidth Control: Restrictions

Transparent proxying is the interception of connections by a proxy. This allows you to enforce a single policy on all traffic of a certain type, regardless of whether your users are configured to connect to a proxy, bypass proxy by using Network Address Translation (NAT), or whether they are using WinGate's SOCKS server or the WinGate Internet Client.

Transparent proxying

The bandwidth control rules are used to determine the type of traffic that has restrictions applied to it. This allows you to specify source and destination IPs and ports, and protocol type to apply to a specific restriction. For example by setting the destination port to 80, you would be creating a rule which matched HTTP. If you wanted to only restrict certain users, you could enter their IPs. So in this way control is available on a per-user, per-service, per time-of-day basis.

Bandwidth Control: Rules

WinGate can redirect incoming connections on a given range of ports to a predetermined internal (or external) host. WinGate allows you to override the port number as well. A variety of other security-related options are also available.

Port redirection

Using the remote command shell feature in WinGate, you can execute console commands on the WinGate server remotely. This allows you to do things like ping hosts, change the route table, run scripts, reboot servers etc.

Remote Command Shell

WinGate's bandwidth control allows a selection of scheduling mechanisms depending on the user requirements. The priority levels are used to allow some lower priority traffic to still be sent even under high loading.

Bandwidth Control: Scheduling

The Email Queue Management pane in GateKeeper allows you to view currently pending email deliveries on a per-domain basis. From this panel, you can force a retry of selected domain delivery jobs, preview, bounce or delete individual messages, and a variety of other email queue management tasks.

Email queue management

You can monitor the amount of data going in and out of a particular adapter, by right-clicking on the adapter in the network tab in GateKeeper, and selecting <B>Properties</B> then the performance tab.

Adapter: Performance

WinGate's HTTP cache is a scalable and highly flexible HTTP/1.1 compliant cache. You may create multiple cache volumes (Enterprise license required), which may reside on local or networked disks. The Cache control policy item allows policy control over which requests may be stored or looked up from cache.

HTTP cache panel

WinGate needs a user database in order to be able to provide user-level security etc. In cases where the operating system that WinGate is installed on does not have a user database, WinGate has its own one. Alternatively if the OS WinGate is installed on does have a user database, or is part of a domain or Active Directory, then WinGate can synchronise and authenticate against that OS user database. This saves system administrators the pain of replicating the existing user databases on the network.

User database options

Similar to port redirection, but running as a proxy, the TCP and UDP mapping proxies allow you to map incoming connections through to pre-determined locations. The mapping proxies also allow you to specify per-user mappings, and also mappings that depend which dialup connection you are currently connected to.

TCP mapping proxies

WinGate can provide individual user credentials even when multiple users are connecting to WinGate from a Terminal Server.

Terminal services users

Kaspersky AntiVirus for WinGate allows the user to scan incoming and outgoing Web, FTP, POP3, and SMTP traffic for known viruses. The plugin also integrates with WinGate's scheduler service to obtain regular virus signature updates.

AntiVirus settings

The DHCP server is capable of running in a fully, semi-automatic or fully manual mode. This relates to the auto-creation of configuration information (scopes) when DHCP requests are received. In most cases, no user configuration of the DHCP server is required (unlike many other DHCP servers), however if required, the user still has the ability to override default settings (i.e. specify a different DNS server or default gateway to use).

DHCP Server: Mode

Adapters in the system can be configured for how they will be treated by WinGate. This allows the administrator to mark an interface as internal, external, or DMZ. Alternatively WinGate can automatically determine the most likely usage. This allows very flexible network configuration, and allows WinGate to adapt to changes in networks (i.e. if you unplug an adapter from one network and plug it into another, the usage may change).

Adapter usage configuration

WinGate's DNS client was written to provide advanced resolution capability independently of the OS DNS client. This also includes a DNS cache. DNS caching can greatly improve the response time for DNS lookups.

DNS client

This is where you configure which machines on your network are terminal servers (i.e. running MS Terminal Services, or Citrix, or even another proxy server). By entering an IP address in this list, the credentials are no longer inherited between sessions from this machine, which means each session has to establish its own credentials. This allows for individual user-level control in a terminal-services environment.

Multi-user machines

WinGate has a number of available options for SMTP message reception. These include various limits, as well as extra checks made for mail received from untrusted sources (i.e. unauthenticated, or received on an untrusted interface). The Open Relay Detection uses ORBS-style DNS RBL requests to verify sending servers. Spoofed-address blocking uses a DNS-based mechanism to determine whether the sending server is legitimately entitled to be delivering mail from the domain it claims to be. This allows for a great reduction in the amount of received unsolicited email (SPAM).

Email reception options

The DHCP server settings are the database of scopes and options associated with them. This is also where DHCP reservations are created, and global system options are set.

DHCP Server: Settings

WinGate allows you to specify additional restrictions on a per-email address basis, including message limits, attachment blocking, and copying of messages.

Per-address email restrictions

Normally a proxy request made by a client contains information about the end-server that the proxy must connect to. Requests that are typically made to a server do not contain this information, and are called Server Requests. WinGate can handle server requests in a variety of ways, including blocking it, or piping it through to a predetermined server. This can be used to host a WWW server behind your firewall, and still apply proxy rules to requests made to it from the Internet.

Server request handling

several WinGate services support WinGate plugins (including Kaspersky AntiVirus for WinGate, or PureSight for WinGate). These services are: SMTP server, POP3 Proxy, WWW Proxy, FTP proxy.

Service support for plugins

When a DHCP lease is assigned to a DHCP client, various options may be set. Options are able to be set on a global, or per-scope, or per-reservation level allowing a great deal of flexibility.

DHCP Server: Lease options

Services in WinGate can now be bound to any number of ports and interfaces, and support SSL connections, and TLS (where supported by the protocol). This allows the administrator to easily configure secure networks with encrypted connections. Additionally since the binding is based on policy, it reacts to changes in the network. The administrator no longer needs to change service configuration when their IP address changes (e.g. ADSL DHCP lease renewal), or when interfaces become available and unavailable (i.e. wireless networks).

Service bindings

WinGate can periodically poll any number of POP3 accounts and download any mail on them, sort it, and deliver it locally or remotely. The POP3 client supports a number of authentication mechanisms, and TLS connections.

POP3 email collection

WinGate allows you to centrally administer WinGate Client configuration. This means that a network using the WinGate client can be easily administered. The central configuration allows the administrator to specify on a per-user and per-application basis what will be allowed.

Central WGIC configuration

WinGate supports TLS connections to its SMTP and POP3 servers, and also for its POP3 collection client. Additionally WinGate supports a number of authentication mechanisms, allowing the administrator to easily secure their mail networks.

Email security options

WinGate parses all received emails for content, and allows you to specify file extensions which will be blocked by the system. This is useful to stop certain types of files which are commonly associated with email-borne viruses.

Email attachment blocking

WinGate's SMTP delivery mechanism allows you to override default delivery settings on a server-by-server basis. This allows you to specify authentication requirements for delivery to specific servers.

Delivery per-server configuration

In the WinGate 7 policy system, each policy is a user-defined sequence of decisions and actions. This gives customers complete control over policy evaluation, and enables the system to perform any policy task, including conditionally modifying requests, alerting administrators, running external tasks etc.

Flow-chart policy

The policies panel shows you all the policies in WinGate. This allows centralised management of policies for all types of event and event source.

Policies panel

The DHCP panel shows active DHCP leases.

DHCP Panel

WinGate DHCP services allow the definition of additional DHCP options (Enterprise license required). These options are useful for features such as proxy auto-detect, and can also be used for site-specified functions.

DHCP Definitions