Gibraltar was developed specifically for small-sized to medium-enterprises and fulfils all demands on an up-to-date firewall package.
Gibraltar has evolved from a pure firewall to a powerful and reliable Universal Threat Management application.
The Gibraltar Firewall monitors all incoming and outgoing network connections and controls the entire network traffic. For this purpose, all incoming data packets are analyzed in respect to several different criteria. Depending on the firewall policies, data will alternatively be forwarded, rejected and/or logged. Firewall rules (policies) can easily be built depending on service, source and destination port, source and destination address, interface, protocol or MAC address.
Important firewall rules against dangerous DoS attacks (Denial of Service) and DDoS attacks (Distributed Denial of Service), like TCP SYN flood or ICMP flood, are preconfigured and activated per default.
Stateful Packet Inspection
Gibraltar is able to identify the state of an internet connection at any time. This is very important, because there is a difference of data packets which are initiating a connection and data packets which are answer packets to a previously initiated connection. This main feature of Gibraltar, which increases the security and simplifies the configuration, is called Dynamic Packet Filter or Stateful Packet Inspection.
Application Level Filtering (Deep Packet Inspection)
Using several powerful proxy servers, Gibraltar is not only able to analyze the network traffic in respect of formal criteria, but also to inspect and decode the content of the transferred data (payload). The proxy servers are capable of examining the traffic on application level (e.g. like an e-mail client). For this reason it is possible to check the traffic of important internet services against viruses and other dangerous content.
Restriction of P2P services
Gibraltar is able to restrict or prohibit file sharing using P2P (Peer2Peer) software like eDonkey or similar services. This is even possible, if those services are using basically permitted protocols and ports (e.g. HTTP).
Address Translation (NAT)
Gibraltar is able to translate internal IP addresses into public IP addresses. This is possible for static IP addresses (NAT) as well as dynamic IP addresses (masquerade). Incoming connections can be redirected to different destinations, depending on source and destination port, source and destination port, service and protocol. So it is also possible to pass on all incoming web requests to several different web servers (load balancing).
Simple operation
Gibraltar can either be installed and configured with the easy to use web based configuration tool (SSL) or directly on the system console (SSH). In addition to the comprehensive online help several configuration scenarios are available for the firewall administrator.
Logging and Monitoring
Gibraltar logs all relevant system events automatically and each network connection by request. Over and above, many different graphical reports are available.
 | New Products |
