Policy Tools
The same policy can be installed on several security engines at the same time. Fail-safe policy
installation with automatic rollback prevents policies that prevent management connections
from being installed. A policy snapshot is created each time a policy is uploaded to the engine.
The policy validation tool runs various types of validation checks, including, for example,
searches for duplicate rules and rules that can never match traffic. StoneGate 5.0 further
assists administrators with a rule counter tool that helps detect obsolete rules and optimize
rule order to enhance network and security performance.
In addition, rules can be created directly from logs for faster incident management.
IPsec VPN
VPNs in StoneGate Firewall/VPN are implemented according to the IPsec standard. In
StoneGate, there are two main types of VPNs:
• A VPN between two or more gateway devices that provide VPN access to several hosts in their
internal networks.
• A VPN between a gateway device at a site and a VPN client running on an individual computer,
such as the laptop of a travelling user, or a desktop PC at a home office.
Clustering and Multi-Link provide load balancing between nodes and networks links, as well as
the possibility to recover connections lost due to node or network link failure.