• Advanced, stateful packet inspection
  --Allow or deny traffic according to security policies
  --Thwart denial-of-service attacks

  Mask internal network structure (NAT)

• Detect and prevent intrusions (IPS)
• Control applications on the network
  
  --inventory applications and usage
  --block spyware
  --block instant messaging
  --block peer-to-peer traffic
  --allow/deny HTTP, FTP, SMTP commands

  Monitor/report network and user activity

  Resolve usernames for policy enforcement

  Access network virtually with Microsoft PPTP (VPN)

  Fault-Tolerant Capable

Advanced, Stateful Packet Inspection. Generally considered "state of the art" firewall technology, stateful packet inspection is a technology similar to that used by the industry-leading products. In addition to protecting resources on the network, this inspection protects against Denial of Service (DoS) attacks where the intent is to end user access to network resources.

Using configured security policies, Lightspeed Firewall actively inspects both inbound and outbound network traffic to determine whether or not the traffic is allowed. The Lightspeed Firewall security policies can be created to manage traffic by:

• user
• group
• IP address
• application
• DiffServ marking
• time of day
• URL
• more

Network Address Translation (NAT). Lightspeed Firewall can perform network address translation to mask the internal network structure from the outside world. All the LAN's PCs appear on the Internet with one public IP address. This way the address of a PC on your network is never transmitted on the Internet. This functionality also allows Lightspeed Firewall to be used with DSL and cable modems where the ISP has provided just one IP address.

Intrusion Detection/Prevention. Lightspeed Firewall monitors traffic flowing past the wire; inspects the traffic-whether packets or flows-for matches to known rule sets; and when there is a match takes whatever action you have specified. Lightspeed Firewall gets up-to-date intrusion prevention rules from the experts at Lightspeed Systems. For zero-hour attacks, a wizard allows you to add new intrusion prevention rules yourself.

Application-Layer Inspection. For granular access-control policies, Lightspeed Firewall inspects traffic at the application layer.

* All applications may be inventoried and usage recorded so that you know exactly what's running on your network. Any unwanted application may be stopped and banned network wide.

* Spyware, adware, and malware may be blocked using application permissions. All "good" applications on your network are given an appropriate set of permissions so that they may not be modified to behave in inappropriate or "virus-like" ways. Known "bad" applications have no permissions. Unknown applications are quarantined until reviewed by an administrator.

* Peer to peer (P2P) and instant messaging sessions may be categorically blocked since these are often accompanied by dangerous or illegal file attachments.

* Application-level proxies are included for many protocols including HTTP, FTP and SMTP so that specific commands within these protocols may be allowed or denied at the gateway level. For example, the FTP delete 'DELE' command can be blocked for all inbound connections from the Internet, quickly securing your files from deletion by unknown users.

Real-time and Recorded Statistics. Lightspeed Firewall includes detailed real-time and recorded stats that tell the network administrator the status of their network at any moment, or trends over days or weeks. Reports may be viewed from anywhere with a web browser and include the following:

• Firewall events
• Intrusion log
• Network activity by individual or group
• Network activity by IP address or range of addresses
• Network activity by type of traffic
• and much more

Username Resolution. Through username authentication and IP address resolution, reports display who is doing what on your network. This documented activity allows real-time enforcement of security and acceptable use policies.

VPN Support. Microsoft VPN point-to-point tunneling protocol (PPTP) is supported by a built-in proxy for both inbound and outbound PPTP connections.

Fault-Tolerant for Mission-Critical Networks. A pair of Lightspeed Firewall appliances installed on a network eliminates a single point of failure. The backup appliance constantly monitors the health of the active appliance and takes over all processing responsibilities if problems arise - transparent to the end user.