UserGate Next-Generation Firewall (NGFW)

The main articles are:

• Firewall
• NGFW (Next Generation Firewall)

2024

UserGate NGFW 7.2

UserGate on December 17, 2024 announced the release of the next version of its flagship product - UserGate NGFW 7.2. The main goals of the release were: support for the UserGate FG platform with an FPGA-based hardware accelerator, development of UserID capabilities, as well as feature optimization and increased stability.

𝓲

UserGate

According to the company, the main feature of the UserGate NGFW 7.2 version is support for the UserGate FG platform with an FPGA (Field-Programmable Gate Array) hardware accelerator. It allowed to achieve optimal performance of the firewall with session status control (FW L3/L4) - 150 Gbps on UDP traffic with packets of 1518 bytes, and 90 Gbps on EMIX traffic. At the same time, the device is able to support 22,000,000 simultaneous TCP sessions and create 80,000 sessions per second. As part of version 7.2, UserGate FG can work with 10,000 firewall rules. The platform is made in the 1 RU form factor and has 16 SFP + 10 Gb/s interfaces and 2 100 Gb/s QSFP28 interfaces. Commercial deliveries of the device have already begun.

Another significant change in UserGate NGFW 7.2 was the expansion of the UserID function, which allows you to correlate users and associated network traffic.

Now you can get user information for UserID using Radius accounting, the part of the RADIUS protocol that allows you to collect, process and store information about user actions from certain LDAP directory groups. Also, user information for UserID can now be obtained from WEC (Windows Event Collector) servers, usually used by large organizations. To this end, a WEC agent was implemented for the UserID.

Other changes and fixes implemented in UserGate NGFW 7.2 include:

• Cluster
  • Fixed issue with possible cluster out of sync after upgrade.
  • Fixed an error when synchronizing a large number of IP addresses.
  • Fixed an error saving and synchronizing ME rules between cluster nodes when using nested lists.
  • Fixed synchronization error between cluster nodes after disconnection.
  • Fixed the long switch of the "master" role in the cluster in manual mode.
  • Optimized synchronization of lists and their content from UserGate Management Center to managed UserGate NGFW devices in the cluster.

• VPN
  • Optimized the stability of VPN connections.
  • Fixed VPN authentication (IKEv2) over RADIUS.
  • Fixed the import of tunnel VPN interfaces.
  • Fixed traffic labeling by user for VPN Site-to-Site.

• Rules
  • Optimized performance for more rules (> 10,000).
  • Optimized firewall rule validation in API.

• Proxy
  • Fixed reverse proxy operation.
  • Added ability to use SNMP Proxy in VRF.
  • Fixed operation of explicit proxy with reverse traffic at GET request.

• Other
  • More detailed creation error messages added. backup
  • The ability to display and reset authorized users is implemented.
  • It is possible to run UserID on each of the nodes of the UserGate NGFW cluster.
  • Fixed multicast and broadcast traffic through the L3 Bridge interface.
  • Added fan speed adjustment for UserGate C150.
  • Unified rules naming requirements in UserGate Management Center and UserGate NGFW.
  • More than 70 other changes and fixes.

The release of UserGate NGFW 7.2 is an important step for the implementation of our long-term product development strategy. As part of the work on the release of UserGate NGFW, about 70% of the resources of the UserGate development department were allocated to closing technical debt, correcting errors found and optimizing. To increase the quality of testing, the QA team set up and ran more than 4,000 automatic tests during the year. told Kirill Pryamov, UserGate NGFW Development Manager

UserGate NGFW 7.2 distributions and documentation are already available on the official UserGate resources and are available to customers and partners of the company.

Integrating UserGate NGFW v7 with Netopia Firewall Compliance Platform

The Russian company-developer of solutions for monitoring and control of network equipment Netopia and the Russian developer of the ecosystem of information security solutions UserGate carried out technological integration of their products. This was announced on August 15, 2024 by representatives of UserGate.

The Netopia Firewall Compliance network security control and attack vector calculation platform was integrated with the domestic UserGate (NGFW) firewall.

Technology integration has optimized the sharing of company products and reduced the number of misconfiguration incidents.

During the tests, UserGate specialists provided API for export data the configuration of the domestic firewall UserGate (NGFW) version 7. Netopia engineers were responsible for deploying attacks the Netopia Firewall Compliance network security control and vector calculation platform.

The coordinated work of the two companies made it possible to solve the issues of managing security policies and determining critical assets. This will simplify the NGFW import substitution process for Russian customers.

Compatibility of UserGate Next-Generation Firewall 6.1.9 with ALD Pro 2.2.1 and Brest virtualization 3.2

Astra Group and UserGate on May 15, 2024 announced the certification of the next generation firewall UserGate Next-Generation Firewall 6.1.9 (NGFW) as part of the Ready for Astra technology partnership program. The experts conducted a series of tests and made sure that the product works correctly in a single circuit with the latest updates to the Brest 3.2 secure virtualization platform and the software complex for managing ALD Pro 2.2.1 domain objects - Astra Group solutions in demand on the market.

UserGate Next-Generation Firewall combines intrusion detection with a firewall to provide a high level of security for networks of all sizes and sizes with maximum visibility of security events. Various delivery options, such as a hardware and software complex, a virtual image and SECaaS (Security as a Service), open up a wide range of possibilities for embedding INFORMATION SECURITY the -function NGFW in the IT customer's architecture. The product is included registers of the Ministry of Digital Development in both certified tools and information protection FSTEC of Russia meets the requirements of the fourth level of trust.

Confirming the compatibility of UserGate Next-Generation Firewall with ALD Pro virtualization "Brest" and gives customers confidence that the selected security tools will be able to work correctly in their information systems. This is very important in terms of reliability and continuity. business processes The vectors for the development of information security solutions are directly related to the trends of everything - and ITindustries we always strive to meet the needs of the market. We adapt to customers' business needs and protect their infrastructures and data in the environment and with the tools they use. Our company is open to cooperation, we will test as many demanded products as possible and, if necessary, refine and optimize our ON devices and devices for customer tasks, "said UserGate Ivan Chernov Development Manager.

The number and variety of threats to IT systems is constantly growing, so it is necessary to establish the correct operation of the security tools that organizations use in conjunction with domestic infrastructure solutions. This will allow you to most effectively use the functionality of technological stacks and ensure their stable functioning. We thank our colleagues at UserGate for their active cooperation, appreciate the company's attention to this issue, and plan to continue to interact. Our cooperation in terms of testing product compatibility is a guarantee that the most modern, reliable and convenient information security solutions will always be available to end users, "said Alexey Trubochev, Director of the Astra Group Support Department.