|
|
[FAQ Main]
|
| What is the difference between the terms GTA Firewall and GNAT Box System Software? |
| GNAT Box System Software is the software (operating system) that powers all GTA Firewalls.
GTA Firewall refers to one of GTA's Internet security products which are either appliance or software based. The
GB-1000 and RoBoX are examples of GTA firewall appliances,
while the GB-Pro firewall is a software based system. |
[FAQ Main]
|
| Are GTA Firewall products ICSA certified? |
| Yes, ICSA has certified the GTA Firewall family powered by GNAT Box System Software. In 1995, GTA had one of the first firewalls certified by NCSA (National Computer Security
Association), now the ICSA, and has maintained certification since that time. The ICSA certification provides you with assurance that the firewall you purchase meets the stringent standards developed and maintained by this independent testing agency. |
[FAQ Main]
|
| How many user licenses are provided with each firewall product? |
All GTA firewalls have no restriction on the number of IP
address/nodes protected by the firewall. User license
limitations are based on the number of concurrent unique IP
addresses accessing the external network (typically the
Internet) through the firewall.
GB-1000 has an unlimited user license.
GB-Flash has an unlimited user license.
GB-Pro has an unlimited user license.
RoBoX-25 has a 25 concurrent user license.
RoBoX-10 has a 10 concurrent user license, upgradeable to 25. |
[FAQ Main]
|
| How much hard disk space does GB-Pro or GB-Flash require? |
None.
The GB-Pro is completely self-contained; it boots and runs
from a single 3.5" floppy diskette.
The GB-Flash is completely self-contained on a 16Mb compact
flash memory module; it boots and runs off this flash module.
Neither product requires the use of a hard drive. |
[FAQ Main]
|
| What hardware is required to run GB-Pro or GB-Flash Software? |
- Intel 486 or greater CPU
- ISA or PCI based system
- 16 Mb RAM min for GB-Pro; 64Mb RAM
for GB-Flash
- 3.5" 1.44Mb floppy disk drive
- IDE Hard Disk Controller (GB-Flash
Only)
- 2 supported network cards
- Parallel port
- Basic VGA display card
- Keyboard (for configuration only)
- Monitor (for configuration only)
Optional
- Additional network card for Private
Service Network
- Serial Port Com 1-4 (1645x/16550
UARTS)
- Async Modem (external or internal)
for PPP connection
- Async Modem for pager notification
- ISDN TA (external) with RS-232
interface for PPP connection
- ISDN TA (internal) if the card
appears as a COM port
|
[FAQ Main]
|
| What kind of network topographies does GNAT Box System Software support? |
10Mbps Ethernet
100Mbps Ethernet
FDDI (UTP, SAS fiber and DAS fiber)
Gigabit (both copper and fiber).
PPP (with both ISDN TA and async modems)
The GNAT Box System Software will also support cable
modems and xDSL devices attached to the
external network interface. |
[FAQ Main]
|
| Does the GNAT Box System Software support PPPoE connections? |
| Yes, all GTA Firewalls support PPPoE connections, except the
discontinued GB-100. |
[FAQ Main]
|
| How many concurrent connections does GNAT Box System Software support? |
Effective with GNAT Box System Software
version 3.3
GB-1000: 128,000 simultaneous
connections.
GB-Flash: 128,000 simultaneous
connections.
GB-Pro: 128,000 simultaneous
connections.
RoBoX: 10,000 simultaneous
connections.
For versions prior to 3.3, the GB-1000,
GB-Flash and GB-Pro support 32,000+
simultaneous connections. |
[FAQ Main]
|
| What types of applications does GNAT Box System Software support? |
GNAT Box System Software is transparent to standard TCP and
UDP applications. Generally most IP protocols will function
normally thorugh a GTA firewall operating in the NAT mode.
The GNAT Box System Software can operate in a non-NAT mode
(IP Pass Through) which may facilite the use of IP protocols
that don't function in the standard NAT mode.
GNAT Box System Software also supports difficult
applications that utilize multiple ports, dynamic ports or
require both inbound and outbound connections like:
FTP (normal and PASV)
RealAudio/RealVideo
CU-SeeMe
Microsoft PPTP
Microsoft NetShow
ICQ / AIM
Online Gaming
Net2Phone
Apple Quicktime Streaming
RTSP
Other application protocols
are constantly being added so please
check the Technology section of GTA?s
website http://www.gta.com
for updates. |
[FAQ Main]
|
| What is the standard network configuration of the GNAT Box System Software? |
| The GB-Pro, GB-Flash and RoBoX firewall systems are provided
with a license for three network interfaces. The GB-1000 is
licensed for 4 network interfaces.
Any of network interfaces can be configured to perform any
one of the following interface roles:
External - untrusted network, typically connect
to the Internet.
Protected - trusted network, typically your internal
network(s).
Private Service Network (PSN) - Also known as a
DMZ, where typically web, ftp, dns and other publically
acessed servers reside.
A typical configuration of a firewall running the GNAT Box
System software would include a network interface of each
type described above (External, PSN, and Protected).
The GNAT Box System Software provides tremendous flexibility
since none of the network interfaces have a dedicated role
and the administrator is free to configure each interface to
operate in any of the three roles (External, PSN or Protected).
If a system is configured to use a PPP connection, the
RS-232 interface attached to an Async modem or ISDN TA is
assigned the role of External network interface. Any of
the other network types are supported on the two remaining
network interfaces (Protected or PSN).
The Multi-port option (available for GB-Pro and GB-Flash)
provides a license that allows up to 16 network interfaces
to be installed in a single system. The Four port option
for the GB-1000 adds an additional four ports for a total of
eight.
Ordering Information
Multi-interface option for GB-Pro GBS-0000-77-003
Multi-interface option for GB-Flash GBF-0400-77-003
Four port expansion option for GB-1000 GBA-1000-77-003
For more information about how each of the network interface
types operate, see the Concepts
section in the Technology area of this web site. |
[FAQ Main]
|
| How do I control access to my network using GNAT Box System Software? |
| Filters are a facility that control
network access through and to the GNAT
Box System Software. Filter rules are
applied to all IP packets that are
received by or are desirous to pass
through the GTA Firewall. The GNAT Box
System Software supports three types of
filters: Remote Access Filters, Outbound
Filters, and IP Pass Through Filters.
The built-in implicit rule for the GNAT
Box System Software is, That
which is not expressly permitted is
denied. Therefore, if no
filters of any type were defined,
packets would not be allowed to flow to
or through (inbound and outbound) the
GTA Firewall. |
[FAQ Main]
|
| What if I need assistance with my GTA firewall? Does GTA offer support and upgrade contracts? |
GTA has a variety of support plans. If you are located in
North America please see the
Support
Options page for more details.
If you are not located in North America please contact your
local reseller or distributor. |
[FAQ Main]
|
| Do any of the GTA Firewall products support Content Filtering? |
| Yes. The GB-1000, GB-Flash, RoBoX and
GB-100 products offer content filtering
features. To access the content
filtering, annual licensing subscriptions
must be purchased. With your purchase of a subscription, GTA
will provide an activation code to enable content
filtering on your GTA firewall. |
[FAQ Main]
|
| Is there a high availablity feature for GTA firewalls? |
GTA's High Availablity option H2A provides full
time fail over capabilities to ensure that your network is
always protected and accessible. The High Availability
option is currently only available for the GB-1000 Firewall
Appliance.
More information about High Availablity - H2A can
be found in the product
section of this web site.
Ordering Information
High Availability Option, Single License GBH-0900-00-004 |
[FAQ Main]
|
| Does GTA offer a solution for mobile users who want to remotely connect into the office? |
| Yes. All of our products that support
IPSec with IKE will allow mobile VPN clients to
securely and remotely connect to the
firewall. Each of these products
includes a single concurrent license of
the GNAT Box Mobile VPN client.
Additional clients can be purchased to
increment the number of users. |
[FAQ Main]
|
| How is Network Address Translation implemented on the GNAT Box System Software? |
| The NAT facility used in the GNAT Box
System Software is always active and is
available in two forms: dynamic
translation and static translation. The
default NAT form is a dynamic
many-to-one scheme, in which all IP
addresses located on the Protected
Network (and all connected networks) and the PSN are
translated to
a single IP address. This single IP
address is the primary address of the
External Network Interface. The other
available form of NAT is a static
translation method, referred to in the
GNAT Box System Software as Mapping. The
Mapping facility allows the GNAT Box System
administrator to specify a static
mapping address scheme, such that a
given address or subnet is mapped to a
specific IP address assigned (aliased)
to the External Network Interface.
The GNAT Box System Software performs an
automatic many-to-one translation. All
packets passing through the GTA Firewall
with a destination somewhere on the
External Network (Internet) are
translated so that their source IP
address is that of the External Network
Interface's IP address. Simply put, all
packets appear to come from the External
Network Interface. When reply packets
return to the External Network Interface
of the GTA Firewall they are inspected,
validated and the translated back to the
address of the originating host on the
Protected Network. |
[FAQ Main]
|
| How do I allow someone on the Internet to access my web server? |
| The recommended method is to place your
web server on the GTA Firewall?s PSN.
Then create a tunnel from port 80 on the
External Network Interface on the GTA
Firewall to port 80 of your web server
on the PSN. The tunnel will only allow
connections to the port you specify, so
you only expose the services you desire.
If you are not on the Internet or have
some degree of trust of the External
Network you can create a Tunnel to your
web server on the Protected Network. In most cases, this is
not recommended.
Once again the Tunnel will only allow
access to the specified port, (service)
on the target host. |
[FAQ Main]
|
| How do I receive E-mail through a GTA Firewall? |
There are many ways to access email with
a GTA Firewall. Here are a few examples:
- External mail server
In this scenario the mail server is
external to the GTA Firewall. Since the
GTA Firewall is transparent to internal
users, a host on the Protected Network
can connect normally to the mail server
as it would on any network. Many PC/Mac
systems use POP3 protocol for receiving
email and SMTP for sending email.
- Mail server on PSN
Placing the mail server on the PSN
protects it from the External Network
except for receiving connections from
the external network for mail
deliveries. The mail server however is
completely accessible to the users on
the Protected Network, for sending and
receiving email. In this configuration a
Tunnel is created that allows a
connection to the mail server on the
PSN.
- Internal mail server
This configuration should be implemented
with caution especially when the
External Network is the Internet.
Although the mail server is only
listening for inbound mail deliveries,
any time you allow even the slightest
access from an un-trusted network you
are exposing your network to possible
unauthorized intrusion. In this
configuration a Tunnel is created that
allows a connection to the mail server
on the Protected Network.
|
[FAQ Main]
|
| What logging facility does GNAT Box System Software support? |
| The GNAT Box System Software supports the Unix syslog
logging facility. The syslog facility
can be configured on the GNAT Box System to
send logging information to a host
capable of receiving and processing
syslog data. The GNAT Box System sends:
unauthorized access attempts, system
notices, open connection, close
connection and error conditions to the
log host. The log priority level,
facility and information to be logged
are configurable.
If you would like to use a Win95/NT
system to receive remote logging data,
use the GNAT Box System remote log client. This
client is included in the GNAT Box System Software
installer package. It is also available
separately on the GNAT Box ftp server.
Also, starting with GNAT Box System
Software v3.3, the logging facilities
are in the WELF to allow for third party
analyses software. |
[FAQ Main]
|
| How does GNAT Box System Software address IP spoofing? |
| The GNAT Box System Software performs a
test to insure that packets are received
on the expected interface. This feature
looks up the route back to the source of
received IP packets. If there is no
route to the source available, or the
packet did not arrive on the expected
interface the packet is discarded. |
[FAQ Main]
|
| Does GNAT Box System Software protect against denial of service (DoS) attacks? |
| Yes, GNAT Box System Software provides
protection against denial of services
attacks such as: Ping of Death, smurf,
SYN flood, Land.c and Teardrop. |
[FAQ Main]
|
| Does GNAT Box System Software support pulling of DHCP network information? |
| GNAT Box System Software has support for
DHCP. DHCP is available on all network
interfaces. |
[FAQ Main]
|
| Does GNAT Box System Software have a DHCP server? |
Yes. The GNAT Box System Software* has a
built in DHCP server that can be
configured for multiple IP ranges on
multiple interfaces.
* (Excluding GNAT Box Pro)
|
[FAQ Main]
|
| Does GNAT Box System Software include Anti-Virus? |
| No. Putting Anti-Virus (AV) on the
firewall can become problematic. If
you?ve ever put AV on your workstation
you know that there is a decrease in
performance caused by the software. By
putting AV on a gateway device, such as
a firewall, the problem would be
compounded and cause a bottleneck on the
network.
The problem of AV can be solved in other
ways that provide a high level of
security while maintaining network
performance. A combination of AV
software on your mail server and AV
software on each individual machine on
your network is a very effective solution.
It is important to note that a firewall
is just one part of the equation for
network security. The best solution for
network security is a combination of
things including firewalls, anti-virus,
and a sound network security policy that
is strictly maintained by a network
administrator. |
[FAQ Main]
|
| Do GTA firewalls prevent spamming or relaying of email? |
Yes, the GNAT Box System Software has a
built in Email (SMTP) proxy facility.
The Email Proxy will only accept
email for recipients in specified domains.
The domains are either explicitly
specified manually in the domain list
and/or rely on the DNS MX records that
are assigned to the IP Address(es) on
the External NIC of the GTA Firewall.
SPAM email can be controlled with the built-in MAPS
facility. MAPS sm(Mail Abuse Prevention System) is a
collection of systems whose purpose is limiting the
transport of known-to-be-unwanted mass e-mail (SPAM). If you
would like more information about MAPSsm please visit the
MAPS sm home page at http://mail-abuse.org.
The GNAT Box system software provides space for four MAPS sm
sites, each of which can be selectively enabled/disabled.
Below is the list of default MAPS smsites by default only
the first two sites in the list are enabled. You can use all
the sites if you wish or replace any of the site with other
sites that you choose to use. |
[FAQ Main]
|
| Does the GNAT Box System Software support Network Time Protocol (NTP)? |
| Yes, the GNAT Box System Software
supports NTP, and has a built-in NTP
server on the GB-Flash, GB-1000 and
RoBoX systems. |
[FAQ Main]
|
| Do GTA Firewalls include a DNS server? |
| Flash based GTA Firewalls (GB-1000,
GB-Flash and RoBoX) have built-in DNS
server capabilities. |
[FAQ Main]
|
| Does GNAT Box System Software include gateway redundancy? |
| Yes, all GTA Firewalls support the
Gateway selector, which allows the user
to switch to a secondary Internet
connect if you primary route fails. |
[FAQ Main]
|
