Special features
Complete protocol inspection
In contrast with packet filtering firewalls, Zorp handles network connections on the proxy level. Zorp ends connections on one side, and establishes new connections on the other; that way the transferred information is available on the device in its entirety, enabling complete protocol inspection. Zorp has inspection modules for over twenty different network protocols and can inspect 100% of the commands and attributes of the protocols. All proxy modules understand the specifications of the protocol and can reject connections that violate the standards.Unmatched configuration possibilities
The more parameters of a network connection are known, the more precise policies can be created about the connection. Complete protocol inspection provides an immense amount of information - giving Zorp administrators unprecedented accuracy to implement the regulations of the security policy on the network perimeter. The freedom in customization helps to avoid bad trade-offs between effective business-processes and the required level of security.Controlling encrypted channels
Zorp offers complete control over encrypted channels. The thorough inspection of embedded traffic can in itself reveal and stop potential attacks like viruses, trojans, and other malicious programs. This capability of the product provides protection against infected e-mails, or websites having dangerous content - even if they arrive in encrypted (HTTPS, POP3S, or IMAPS) channels. The control over SSH and SSL traffic makes it possible to separately handle special features of these protocols, like port- and x-forwarding. Furthermore, the technology gives control over which remote servers can the users access by verifying the validity of the server certificates on the firewall. That way the company security policy can deny access to untrusted websites having invalid certificates.Reacting to network traffic
Zorp can not only make complex decisions based on information obtained from network traffic, but is also capable of modifying certain elements of the traffic according to its configuration. This allows to hide data about security risks, and can also be used to treat the security vulnerabilities of applications protected by the firewall.Centralized management system
The easy-to-use, central management system provides a uniform interface to configure and monitor the elements used in perimeter defense: Zorp devices, content vectoring servers, as well as clusters of these elements. Different, even completely independent groups of Zorp devices can be managed from the system. That way devices located on different sites, or at different companies can be administered using a single interface.Content vectoring on the network perimeter
Zorp provides a platform for antivirus engines. Using Zorp's architecture, these engines become able to filter data channels they cannot access on their own. Zorp's modularity and over twenty proxy modules enables virus- and spamfiltering products to find malicious content in an unparalleled number of protocols, and their encrypted versions.Single Sign On authentication
Linking all network connections to a single authentication greatly simplifies user-privilege management and system audit. Zorp's single sign on solution is a simple and user-friendly way to cooperate with Active Directory. Existing LDAP, PAM, AD, and RADIUS databases integrate seamlessly with Zorp's authentication module. Both password-based and strong (S/Key, SecureID, X.509, etc.) authentication methods are supported.| Feature | Description | Benefit |
| Protocol compliance inspection | Zorp verifies that all passing traffic complies to the specifications of the respective protocol. | Protection from security risks resulting from erroneous applications and protocol-level attacks. |
| Transparency | No client-side modification is required to access the resources protected by the gateway. | Saves time and makes the centralized management of the network easier. |
| Complete application-level inspection | The Zorp gateway recognizes all commands and attributes of over 20 protocols. | Restricts access to protocol options and provides detailed information for making complex decisions on the gateway. |
| Controlling encrypted channels | Inspect protocols embedded into SSL and SSH | Protects from uncontrolled secure channels and automatically verifies certificates. |
| Content filtering | Content filtering of the network traffic in over 10 traditional and encrypted protocols, using the selected third party engines. | Virus and spamfiltering on the network perimeter results in reduced maintenance cost and increased security. |
| Advanced authentication | Supports for all major authentication methods and databases (LDAP, AD, Novell eDirectory, etc.) | Services protected by the gateway can require authentication. |
| Single Sign On authentication | Kerberos based authentication on the gateway. | Kerberos allows the user to authenticate only once to access all network services, including the ones protected by the gateway. |
| Configuration customizable using scripts | The elements configured from the graphical interface can be extended with customizations using the Python language. | Complex and accurate policies, including conditional decisions can be defined on the gateway. |
| A security policy without trade-offs | The detailed configuration possibilities enable the administrator to accurately implement the security policy of the company. | Threats of network attacks can be handled without reducing the effectiveness of business processes. |
| Software appliance | The installer installs a complete operating system before installing the application. | The modified Linux operating system provides a solid, secure base for the gateway application. |
| Highly optimized C code | Security and performance are in the focus of Zorp development. | The Zorp gateway can process large traffic, in spite of thoroughly inspecting the traffic. |
| Centralized management | All Zorp gateways on the network can be managed from a single management server. | Large, heavily segmented networks can be effectively and economically managed with Zorp. |
| High Availability support | Zorp gateways support high availability. | In case of hardware breakdown or other error the traffic is processed by a replacement system, providing continuous access to the services. |
| Load balancing | Zorp gateways can form LB clusters. | Several Zorp units can function as a single gateway to process very large network load. |
| Reacting to network traffic | Zorp's proxy modules can modify the attributes of the transferred protocol, as well as the transferred data itself. | Zorp can reduce the security risks resulting from misconfigured applications. |
