1. UserGate Getting Started. Introduction
This is the first article from the planned series of articles about the products of a domestic company. UserGate (LLC “Usergate”), which develops technologies to ensure the security of Internet access and user management and improve the quality of Internet access. The main office of UserGate is located in the Technopark of the Academgorodok of Novosibirsk; there are also offices in Moscow and Khabarovsk, which allows them to operate in all time zones of Russia. But first, we will tell you a little about the history of the development of this company:
The Russian company LLC “Usergate”, which produces solutions in the field of information security, has been working under the Entensys brand for a long time. They created products intended mainly for small and medium-sized businesses for the Windows operating system. Further, within the framework of an internal startup, the development of a new UGOS platform (usergate operation system) began. In 2013, the popular UserGate Web Filter was released on the basis of UGOS, which began to be used by the largest telecom operators and providers of public Wi-Fi access, higher and secondary educational institutions. In 2016, UserGate UTM was released – it was already an all-in-one system, i.e. comprehensive protection. Already in 2018, the development of its own hardware platforms began.
Thus, the development of the company is divided into three stages presented below:
Currently, UserGate has become a Next Generation Firewall solution and competes with foreign counterparts such as Check point, Fortinet, Cisco and others.
Now more about UserGate firewall:
UserGate firewalls are developed on the basis of its own operating system UGOS and are delivered either as a virtual image or as a ready-to-use hardware and software complex. The current version is UserGate 5.x. In the current 2020, the company plans to release a new version UserGate v.6where about 200+ new features are being prepared. They also expect to release Usergate Management Center for centralized management of all UserGate platforms without loss of management integrity (while the platform is managed via the web interface and CLI, UserGate UTM hardware platforms D, E and F are equipped with an IPMI (Intelligent Platform Management Interface) module, offer remote management and hardware monitoring). This year (2020), the Log Analyzer product (hereinafter LogAn) has already been released, which allows you to shift the processing of logs, reporting and processing of other statistical data to an external LogAn server, combine logs from several UserGate gateways for general analysis, increase the logging depth due to a larger storage size on LogAn servers, collect SNMP and analyze information from third-party devices. LogAn is supplied as a hardware and software complex (HAC, appliance) or in the form of a virtual machine image (virtual appliance) intended for deployment in a virtual environment.
It is planned to launch the Katun hardware accelerator for platforms D, E and F (more on the platform line below). The main purpose of the accelerator is to perform the most resource-intensive operations related to Internet traffic analysis, intrusion detection and other security functions. This accelerator will unload the main system. According to information from the UserGate website, the processor may have control tasks and some parts of the algorithm that have branches and cannot be parallelized.
The use of hardware accelerators provides a lot of obvious advantages, including:
- scalability – the total capacity of the system is determined by the number of installed homogeneous boards – such a solution is much more profitable than a set of heterogeneous platforms;
- there are no requirements for extremely high CPU performance, since the main “hard” work will be transferred to accelerators;
- better (compared to platforms on a closed architecture) security guarantees;
- complete control (as opposed to the “classical” system) over latency;
- low power consumption and heat dissipation, which is especially important for data centers;
- reduction in size;
- reducing the cost of equipment capable of processing traffic at high speeds.
UserGate software and hardware systems are represented by models C, D, E, F and X. The entire line has similar functions and differs in performance. In 2020, it is planned to update the X and C line (proprietary hardware platform), the next stage will be the D model, and the release of the updated E and F platforms should take place in 2021. Existing models are shown in the graph:
UserGate C SeriesThis series is represented by the C100 model. This gateway is suitable for small businesses, branches, POS systems, retail, educational enterprises due to its small size and price.
Performance:
Firewall Throughput, UDP (Mbps) | 2,000 |
Concurrent TCP sessions | 2,000,000 |
New sessions per second | 34,000 |
SSL Inspection (Mbps) | 70 |
Intrusion Detection System (IPS), (Mbps) | 800 |
Intrusion Detection System (IDS), span port, (Mbps) | 1,000 |
L7 Application Control, (Mbps) | 850 |
Streaming antivirus, (Mbps) | 200 |
Content filtering, (Mbps) | 200 |
Recommended number of users | up to 100 |
UserGate X series represented by gateway X1. This gateway is suitable for industrial and transport facilities in the open air and is designed to work in the harshest conditions: at temperatures from -40C to + 70C and relative humidity from 5% to 95%. The model has a compact size, weighs about 1 kg and is wall or DIN rail mountable.
Performance:
Firewall Throughput, UDP (Mbps) | 800 |
Concurrent TCP sessions | 2,000,000 |
New sessions per second | 10,000 |
SSL Inspection (Mbps) | ten |
Intrusion Detection System (IPS), (Mbps) | 50 |
Intrusion Detection System (IDS), span port, (Mbps) | 70 |
L7 Application Control, (Mbps) | 60 |
Streaming antivirus, (Mbps) | fifteen |
Content filtering, (Mbps) | fifteen |
Recommended number of users | up to 5 |
UserGate D series represented by two models D200 and D500. These models feature performance that can ensure the security of small and medium-sized enterprises with several hundred users (for medium-sized businesses, education, medicine, government agencies and large branches).
Performance:
Model | D200 | D500 |
Firewall Throughput, UDP (Mbps) | 18,000 | 20,000 |
Concurrent TCP sessions | 8,000,000 | 16,000,000 |
New sessions per second | 145,000 | 160,000 |
SSL Inspection (Mbps) | 400 | 750 |
Intrusion Detection System (IPS), (Mbps) | 1,600 | 2,000 |
Intrusion Detection System (IDS), span port, (Mbps) | 2,000 | 3,000 |
L7 Application Control, (Mbps) | 1,700 | 2 100 |
Streaming antivirus, (Mbps) | 1,500 | 2,000 |
Content filtering, (Mbps) | 1,500 | 2,000 |
Recommended number of users | up to 300 | up to 500 |
UserGate E series is represented by two models E1000, E3000 and is capable of solving tasks of protecting against all kinds of Internet threats in networks with a number of users up to a thousand or more. This series is intended for use mainly for large banks and factories, administrations, departmental divisions, large educational institutions.
Performance:
Model | E1000 | E3000 |
Firewall Throughput, UDP (Mbps) | 25,000 | 30,000 |
Concurrent TCP sessions | 16,000,000 | 16,000,000 |
New sessions per second | 170,000 | 182,000 |
SSL Inspection (Mbps) | 1,000 | 1,300 |
Intrusion Detection System (IPS), (Mbps) | 2 800 | 3900 |
Intrusion Detection System (IDS), span port, (Mbps) | 3900 | 4800 |
L7 Application Control, (Mbps) | 2 800 | 3900 |
Streaming antivirus, (Mbps) | 2 300 | 3300 |
Content filtering, (Mbps) | 2 300 | 3300 |
Recommended number of users | up to 1,000 | up to 3,000 |
UserGate F series… This series is represented by the F8000 model. It is suitable for large corporate networks, retail, data centers, higher education institutions, ministries.
Performance:
Firewall Throughput, UDP (Mbps) | 57,000 |
Concurrent TCP sessions | 48,000,000 |
New sessions per second | 448,500 |
SSL Inspection (Mbps) | 2,000 |
Intrusion Detection System (IPS), (Mbps) | 8,000 |
Intrusion Detection System (IDS), span port, (Mbps) | 14,000 |
L7 Application Control, (Mbps) | 8,000 |
Streaming antivirus, (Mbps) | 4,000 |
Content filtering, (Mbps) | 4,000 |
Recommended number of users | up to 10,000 |
The firewall can be deployed on a virtual infrastructure. At the same time, it supports work with any hypervisors such as VMware, Hyper-V, Xen, KVM, OpensStack, VirtualBox, as well as in cloud web services such as Amazon EC2 and Microsoft Azure. The functionality is equivalent to that provided by UserGate hardware systems.
UserGate platform provides numerous options for managing security functions. The main ones are:
- Advanced Threat Protection – ATP;
- anti-virus protection;
- control of Internet applications at the L7 level;
- email security;
- corporate firewall;
- guest portal;
- use in highly loaded systems;
- high availability and clustering;
- support of ACS TP (SCADA);
- the presence of an Internet gateway to control Internet access;
- intrusion detection and prevention system (IPS);
- control of mobile devices;
- secure publication of resources and services;
- SSL decryption;
- modern threat analysis (SOAR);
- Internet traffic control;
- user identification;
- virtual private network (VPN).
Key facts
If we talk about the development of the platform, then UserGate was one of the first vendors that implemented the ability to inspect TLS 1.3 traffic. In July 2020, it also provided the ability to decrypt TLS traffic at the gateway level if algorithms that support national GOST standards are used. This feature, in addition to standard SSL inspection, allows you to solve the problem when foreign browsers and operating systems do not want to accept GOST-compliant certificates.
Regarding the requirements of the legislation of the Russian Federation, it should be noted that at the moment Usergate satisfies them and since Usergate is a domestic company, it should be expected that firewalls will satisfy them in the future. For example, UserGate is certified by the FSTEC of Russia (certificate number 3905 dated 03/26/2018, valid until 03/26/2021) for the requirements for Firewalls (Class 4, profiles A and B) and Intrusion Detection Systems (Class 4), and also on the 4th level of trust.
The UserGate solution was also included in the Register of Russian Software (Registration number 1194). And in early September, the UserGate Log Analyzer product was added to the unified register of Russian programs for electronic computers and databases by order of the Ministry of Digital Development, Communications and Mass Media of the Russian Federation dated August 31, 2020.
You can find more detailed information about the product line and each of its elements on the UserGate page UserGate page, it also describes in detail the main functions on the UserGate platform. Solution Documentation… Knowledge bases for individual cases… Video materials on individual cases… Webinars and others on this youtube channel. There are also paid courses from TC Informzashita – multifunctional firewall UserGate 5 and multifunctional firewall UserGate 5. Advanced course…
Stay tuned for updates in our channels (Telegram, Facebook, VK, TS Solution Blog)!