SnapGear Glossary of Features
This features glossary reflects some of the SnapGear functionality. Note that not all features of the current firmware are listed nor are features available in all models or firmware revisions. Please view our Feature Chart to see which features apply to which models.
| Administration | Administrating SnapGear products is easy with both CLI (Command Line Interface) and web-based configuration options. For CLI administration various models allow you to enable the telnet or SSH protocol for direct management, or you can simply connect to the device via the inbuilt VPN. For web-based administration you can use any browser to manage the device. Some models allow connection via the secure https protocol, or alternatively you can use the VPN infrastructure inhererent in the appliances. Multiple administration user accounts keep accountability and access under control. |
|---|---|
| AES | AES - the Advanced Encryption Standard (AES) is a new Federal Information Processing Standard (FIPS) Publication that specifies a cryptographic algorithm for use by U.S. Government organizations to protect sensitive (unclassified) information. NIST also anticipates that the AES will be widely used on a voluntary basis by organizations, institutions, and individuals outside of the U.S. Government - and outside of the United States - in some cases. As of firmware revision 1.8 all applicable products contain AES support (128/196/256-bit) for operation with the IPSec VPN protocol. |
| Anti-Intrusion | Anti-Intrusion allows automatic blocking of probes and attacks, while logging suspicious activity. This system frustrates potential intruders by disable further network access making information gathering and port probes impossible. |
| Authentication | X.509v3 (aka PKI - Public Key Infrastructure) is supported to 512-bit, VeriSign, Entrust, and manual keying. Supported is IKE (Internet Key Exchange) / ISAKMP (Internet Security Association And Key Management Protocol). Also supported is RADIUS/TACACS+ authentication for ISP environments. SnapGear authentication is based upon industry-standard and widely commercially accepted protocols providing an assurance of interoperability and easier network infrastructure integration. For PPP services authentication such as PAP, CHAP, MS CHAPv2 are supported. |
| Bridging | Network bridging (802.1d protocol) is possible with SnapGear units allowing you to seamlessly interconnect remote networks as if they were physically joined. Spanning tree and transparent bridging modes supported. |
| DHCP | All SnapGear products include DHCP client and server. That means easy integration with an existing network infrastructure, or ready for deployment as a standalone network gateway. DHCP (Dynamic Host Configuration Protocol) is a means of managing TCP/IP addresses of computers on a network so that each machine has a unique and known address by assignment from a server. Thus SnapGear products can assign these addresses for you, or simply take an assigned address from a pre-existing server. |
| DHCP Relay | DHCP Relay agents are used to forward DHCP requests and replies between clients and servers when they are not on the same physical subnet. Relay agent forwarding is distinct from the normal forwarding of an IP router, where IP datagrams are switched between networks somewhat transparently. Relay Agents receive Dynamic Host Configuration Protocol (DHCP) messages and then generate a new DHCP message to send out on another interface. This is an advantage in distribution infrastructure environments or for MPLS services. |
| DNS | DNS (Domain Name Server) functionality is essential for any Internet-connected appliance. SnapGear adds value by providing:
|
| Fail-over / High Availability | Automatically fail-over between a broadband port and another broadband port (if fitted) or narrowband (internal or external modem on RS-232 port). Automatic fail-forward when service is restored on primary broadband / WAN port. |
| IP Address Configuration | SnapGear products support easy initial configuration options. Our appliances are able to start up as a DHCP client to integrate into existing network infrastructure, or you can choose to set the device with a known static IP address and optionally run a DHCP server on the appliance to manage your network addresses. |
| Basic IPSec | VPN - IPSec with full peer-to-peer as initiate or terminate; ESP, AH payloads; DES 56-bit, 3DES 168-bit ciphers; IKE, Diffie-Hellman key exchange; authentication up to 512-bit for RSA key signatures; aggressive mode; pre-shared secrets; hashes HMAC - MD5, SHA-1. IPSec is the Internet standard for the most secure VPN access SnapGear knows IPSec well. All of our IPSec software is fully standards compliant, peer-to-peer (making every SnapGear unit a full client as well as server) and will inter-operate with all major commercial VPN software - whether that be another Internet Appliance or the largest of corporate VPN servers. That means SnapGear products will not only integrate neatly with any existing infrastructure that you may have but also can form the backbone of your expanding network. |
| Advanced IPSec | VPN - IPSec with full peer-to-peer as initiate or terminate; ESP, AH payloads; DES 56-bit, 3DES 168-bit and AES 256-bit ciphers; IKE, Diffie-Hellman key exchange; authentication up to 2048-bit for RSA key signatures, Diffie-Hellman Groups (1, 2, 5) and Oakley Groups (14, 15, 16) to 4096-bits, X.509 certificates DER, PEM formats; multiple subnets; dynamic DNS IPSec support; aggressive mode; dead peer detection; compression (deflate / gzip type algorithm); pre-shared secrets; hashes HMAC - MD5, SHA-1; NAT traversal. IPSec is the Internet standard for the most secure VPN access SnapGear knows IPSec well. All of our IPSec software is fully standards compliant, peer-to-peer (making every SnapGear unit a full client as well as server) and will inter-operate with all major commercial VPN software - whether that be another Internet Appliance or the largest of corporate VPN servers. That means SnapGear products will not only integrate neatly with any existing infrastructure that you may have but also can form the backbone of your expanding network. SnapGear is always supporting the latest encryption technologies such as 3DES and AES to ensure that your VPN truly remains private. SnapGear appliances are the only products on the market to support dynamic end-points at both ends of a tunnel (using Dynamic DNS). That means complete flexibility of network topology without the constraints that your carrier or ISP lays down for fixed or non-static IP addressing. |
| Logging | All SnapGear appliances are capable of logging information both internally or to an external log server (such as is commonly found on Linux, Unix or other systems). Date and time is accurately stamped due to the highly accurate internal NTP service. |
| NetMeeting ALG | SnapGear's NetMeeting ALG (Application-Layer Gateway) allows clients on either side of the appliance to use NetMeeting via the H.323 protocol. |
| NTP | NTP (Network Time Protocol) is a readily available free Internet service which allows highly accurate network synchronization of clocks to atomic time. SnapGear products contain both a client and server so that local computers based on the LAN can synchronize their time also. |
| PPP / PPPoE | PPP - Point-To-Point Protocol is a standard mechanism for running TCP/IP protocols commonly used between a client and an ISP (Internet Service Provider) for dial-up and broadband services. In the case of xDSL technology the PPPoE protocol (Point-to-Point Protocol over Ethernet) is used. |
| PPTP | PPTP - Point-To-Point Tunneling Protocol (v2 client and server, MPPE 40 to 128-bit RC4 encryption, also pass-through mode) Point-To-Point Tunneling Protocol. Did you know that all Microsoft Windows operating systems already come with inbuilt PPTP clients? That means that only SnapGear offers VPN technology that is usable by "every man". In the past PPTP has been criticized for security weakness but Microsoft has long since corrected any problems, making PPTP "good enough" technology. SnapGear includes both client and server PPTP software so that any combination of computers and SnapGear units is possible to solve your secure communication needs. That means you can connect to an office remotely from your laptop just as securely from someone else's office as when you're on the road. Or you can combine two remote SnapGear units to form a VPN bridge to securely link two offices or more and all their network services. Our engineers are the experts when it comes to PPTP - we even wrote the definitive open source PPTP server implementation that is now used by hundreds of companies around the world. |
| RS-232 Serial Ports | SnapGear VPN Firewall Appliances have one or two serial ports, depending on the model, allowing you to attach additional peripherals such as modems. Suppose that your broadband Cable or ADSL provider has an outage - a SnapGear can dial-on-demand via a modem to keep essential data flowing. Or, with SnapGear RAS it's possible to dial directly into a SnapGear to manage the unit or for Internet access. |
| SSH | SSH (Secure SHell) is an encrypted terminal session protocol. Many SnapGear products contain bother the server (for remote clients to connect) as well as the client (allowing you to then connect onwards to another SSH server). SnapGear provides automatic authentication for trusted clients, secure login, encrypted sessions, bidirectional special-purpose tunnels, automatic boot-strap host key, Public Key Management (PKI), remote terminal and file commands, manual keying, login key generation support, and SSH certificate uploads. |
| SSL / HTTPS | SSL (Secure Sockets Layer) is the backbone of the Internet in terms of secure web-based access. Many SnapGear appliances support SSL through the standard secure HTTPS method of connection. Using https is a convenient and secure way of managing remote SnapGear appliances. |
| Stateful Firewall | The SnapGear certified Stateful Firewall protects against denial of service (DoS) and spoofing attacks along with many common intrusion attempts. Protection includes, but is not limited to, the following known attacks:
|
| Traffic Shaping / QoS | Traffic Shaping or QoS (Quality of Service) allows you to give priority to specific traffic and protocols such as interactive sessions or e-mail. This means that traffic that needs to be interactive and timely such as VoIP data will make it through quickly while less bandwidth and time critical traffic will yield flow. |