WinGate VPN - Virtual Private Networking made easy!


wingate vpnEver caught yourself working late at the office thinking "if only I could access my work machine from home I would be there now?" Ever been on the road with your laptop wishing you could access company files, even print out documents on your company printer? Do you have a need to securely transfer files from one place to another, without people having to learn how to use complex file transfer applications?

If you answered yes to any of the above questions, you could be in need of a Virtual Private Networking (VPN) solution. VPN solutions have been available for some time, but up until now, you had to be a networking genius to make it work.

Now there is a VPN solution that anyone can use.

When we were designing WinGate VPN, we looked around at a number of other products. Most were very difficult even for us to set up, let alone someone who isn't a network expert. We decided that most of the configuration of a VPN shouldn't have to be such a burden, and should be done automatically. Most people just want the thing to actually work, and be able to trust it. Yet they don't want to sacrifice flexibility or features either.

In a very short space of time, WinGate VPN allows you to connect your networks together, whether they be office LANs, or a home PC, or a laptop on a modem, so they can share data safely and securely. Using state of the art security protocols and tunnelling technologies, WinGate VPN will make sure that you can participate in a remote network, almost as easily as if you were plugged into the same hub. Depending on individual set up, users can access common local area networking features such as file and directory exploring, mapping drives and even participation in LAN games.

WinGate VPN

Easy to set up

Whether you are running WinGate VPN as a stand-alone system, or integrated with an existing WinGate installation, WinGate VPN is one of the most easily configured virtual private networking products available today. Set up in a matter of minutes, WinGate VPN can utilize most Internet connection types such as modems, wireless, ISDN or ADSL to create a secure private networking environment across the Internet. It will even work through your corporate firewall or NAT/DSL router or both!

Built-in Firewall

Since you will be connected to the Internet, WinGate VPN also comes with a built-in firewall to protect each end-point of the VPN. WinGate VPN also comes complete with real time monitoring, showing details of all VPN connections that are in progress, and the current status of the VPN tunnels. With a point and click style Network window, administrators have total control over each part of the communication process, and can easily check that the VPN is operating properly at a moments notice.

Extra support for MS Networking

WinGate VPN makes it easier to browse using network neighbourhood across your VPN without having to set up and configure expensive MS server platforms or WINS servers. UDP relay broadcasting makes all your networks look like they are on the same physical network segment.

Industrial-Strength Security

WinGate VPN uses industry-standard and trusted SSL connections and X.509 certificates to connect and validate your VPN users. It uses 128 bit Twofish-encrypted data tunnels to provide the security and speed you want. With various licensing options for different networking structures WinGate offers the flexibility you require.

WinGate VPN is ideal for:

  • Companies who need secure inter-office networking.
  • Home users who wish to set up a secure peer-to-peer connection between remote PCs.
  • Home or Mobile workers, who require a secure environment to connect to the office from remote locations.

WinGate VPN Features

Easy to Configure

WinGate VPN was designed with ease of use in mind. With a simple step by step setup, and easy to configure connection process, Administrators can have their Virtual Private Network up and running within a matter of minutes when compared to more expensive VPN solutions. Whether as a stand alone install or with integrated with WinGate's proxy server, the Wingate VPN is flexible enough to suit your remote networking needs.

Simultaneous VPN Hosting

Depending on the type of licence in use, administrators can configure their WinGate VPN server to host more then one VPN at a time. This allows individual VPN's between remote offices in a company to communicate independently so that confidential data connections are made with remote users that they are intended for.

Routing Control

With support for RIP version 2, WinGate VPN provides a list of published routes in use by each end of the VPN so that administrator can isolate traffic and routing issues with a minium of fuss. WinGate VPN has also been designed to run seamlessly behind NAT translated firewalls that are commonly found on DSL and broadband routers.

Full Internet Connection Support

WinGate VPN will utilize almost all types of Internet connection methods. Connection types such as dialup modem, cable modem, ISDN, DSL (ADSL, XDSL), satellite, T1 and T3 are supported so that regardless of what Internet connection hardware solution you are using, you are still able to take advantage of all the benefits offered by WinGate VPN.

Live Activity Screen

WinGate VPN allows you to keep an eye on all VPN activity. With a point and click gui, Administrators can monitor and control nodes that have joined the VPN, examine the status of the tunnels, and can test connectivity between workstations from each remote LAN. The displaying of published routes and error reporting make connectivity and tunnel problems a breeze for administrators to diagnose and fix.

Fully-encrypted Data Tunnels

Using a VPN involves encrypting data prior to sending it through the Internet, and decrypting it at the receiving end. The WinGate VPN provides an additional layer of security, by encrypting not only the data being sent, but also the network addresses that are sending and receiving the data. This is achieved using the widely-respected 'Twofish' encryption algorithm, with 128-bit encryption keys.

Extra Support for Local Area Networking

WinGate VPN makes it easier to browse using network neighbourhood across your VPN without having to set up and configure expensive MS server platforms or WINS servers. Built in UDP relay broadcasting, and Netbios enumeration support, makes all your VPN connected networks look like they are on the same physical network segment, allowing users access to common networking features such as directory exploring and mapping drives.

Fully Functional Firewall

The WinGate VPN provides a solid implementation of firewall technologies - such as packet filtering, and port security. This affords you the most power and flexibility when configuring both VPN and network security. TCP/UDP packets are filtered before they come close to reaching your network.

Flexible Participation

Each WinGate VPN sever configuration can be set to either not to participate in a VPN, particpate, or allow workstations on the Local Network behind the WinGate VPN server to particpate. This allows administrators the flexability to maintain control over what resources connecting VPN nodes are able to access.

Industry Standard X509 Certificates

The WinGate VPN uses X509 certificates to identify the VPN server when connecting. This type of certificate is the most widely accepted format for public key certification. Directory authentication in X509 can be performed using either secret-key or public-key techniques; the latter is based on public-key certificates. The X509 standard is supported by a number of protocols, including PEM, PKCS, S-HTTP, and SSL.

Features - Security

Features related to security

Stateful packet-level firewall

WinGate's ENS component provides for a number of features at the packet level. Because of where the WinGate ENS driver hooks into the networking subsystem of your computer, it sees all incoming packets before Windows itself does. This means WinGate's firewall can protect your system by blocking access to ports that you specify.

The firewall also is stateful in that it maintains a database of all connections through the system, and knows which state they are in. This allows WinGate to block certain attacks that other non-stateful firewalls cannot.

Additionally the firewall in WinGate can also harden your system against certain attacks on ports that you need to leave open for external access. For example if you are running a public web server, or mail server on the same machine as WinGate, the firewall can provide SYN flood protection and a number of other protective mechanisms.

AntiVirus settingsSupport for Antivirus data scanning

WinGate includes support for several plug-in components which are available separately. These data scanning components allow you to scan content passing through WinGate proxies. One component is an AntiVirus plugin, called Kaspersky AntiVirus for WinGate (KAVWG). The AntiVirus technology in this plugin is licensed from the well-respected Kaspersky Labs.

Several proxies and services in WinGate support scanning content for viruses using this plugin, these are:

  • The SMTP server. This scans all received mail, and mail retrieved using POP3 collection
  • The WWW proxy. This scans files as they are downloaded to your browser, and can detect not only files containing viruses (i.e. infected EXEs or ZIP files), but also iFrame exploits, and common attacks against web browsers.
  • The POP3 Proxy. If you collect your email from a POP3 server on the Internet through WinGate's POP3 Proxy, you can also scan the email as it is being retrieved for viruses.
  • The FTP proxy. Files being downloaded or uploaded can be scanned for viruses.

Service support for pluginsIf a file fails scanning because it contains a virus, it is placed in WinGate's quarantine, where it may be released by the system administrator.

Application execution control

With a lot of todays network attacks coming from within the corporate LAN, be it from an employee unwittingly receiving virus infected emails, or deliberately running malicious applications; controlling what occurs on your network is all important.

Central WGIC configurationWinGate, in conjunction with the WinGate Internet Client (WGIC), allows remote client lockdown to prevent undesirable applications from running.

Whenever a program on a client machine loads up, if it uses any sort of networking that uses Windows Sockets, and attempts to make a socket connection, the WinGate Internet Client will intercept it, and check with WinGate if the program is allowed to run or not. WinGate can be configured to give a variety of responses, ranging from allowing the program to have global internet access, to not even be able to run on the local client machine.

DMZ Support

WinGate allows you to define interfaces as being connected to certain types of network:

  • Internal network (i.e. your LAN)
  • External network (i.e. the Internet)
  • a de-militarized zone (DMZ)

Adapter usage configurationThis provides the capability to set up a DMZ connected to any interface specified by you as being of that type.

A network connected to a DMZ interface in WinGate is protected from the Internet, and also firewalled from Internal Interfaces. You have separate control over which ports are available from the Internet, but the key difference between a DMZ interface, and an Internal interface, is that packets going from the DMZ to the Internet are not address translated (NAT is not performed), therefore the machines on the DMZ must have public IP addresses.

Secure connections (SSL access to proxies)


Syn cookies allow WinGate to control a session of packets before they are allowed to even enter the port by keeping track of valid Ack requests from a host on the Internet, so that bogus packets (which can be used in a Network attack called a SynFlood type of attack) will have less chance to penetrate WinGate's defences.
This option is not ticked by default to allow for maximum application session compatibility and should only be implemented by administrators who are experienced with TCP session mechanisms.

WinGate Proxy Server

WinGate Proxy Server

WinGate Proxy Server is a sophisticated integrated Internet gateway and communications server designed to meet the control, security and communications needs of today's businesses. In addition to a comprehensive range of features, WinGate Proxy Server's license options provide you the flexibility to match your needs to your budget, whether you need to manage an enterprise, small business, or home network.

Key Functions

WinGate Proxy Server allows you to:

  • Provide secure and managed Internet access for your entire network via a single or multiple shared internet connections
  • Enforce advanced and flexible access-control and acceptable use policies
  • Monitor usage in real time, and maintain per-user and per-service audit logs.
  • Stop viruses, spam and inappropriate content from entering your network
  • Provide comprehensive internet and intranet email services.
  • Protect your servers from internal or external threats.
  • Improve network performance and responsiveness with web and DNS caching
  • Ease administration burdens on your internal networks.

Key Benefits

Using WinGate Proxy Server to actively manage the use of your Internet and network resources can provide many benefits, including:

  • Improved Employee productivity through reduced time wastage
  • Reduced time and resources required to maintain network integrity
  • Reduced Employer liabilities
  • Improved efficiency, responsiveness and reliability of network access

Internet Sharing

WinGate Proxy Server will share most types of Internet connection, allowing multiple users to simultaneously surf the web, retrieve their email, or use other internet programs, as if they were directly connected to the Internet. Whether it is a simple dialup modem or high speed fibre, WinGate Proxy Server can help to make the most out of the connection. WinGate Proxy Server supports a wide variety of Internet protocols, allowing applications such as Web browsers, messaging software, FTP and SSL. WinGate Proxy Server also supports DirectPlay Internet games and Real Time Streaming Audio/Video.

Control Internet Access

With WinGate Proxy Server's user database and policies, administrators can limit and control user access to the Internet. With logging, auditing, and a real time activity and history viewer, detailed records of user activities can be easily examined. This makes WinGate Proxy Server ideal for companies, schools, Internet cafes or any environment where Internet access needs to be monitored closely.

Built-in Security

WinGate Proxy Server comes with a built-in packet-inspecting firewall. Your network safety can be further enhanced with optional plug-in components, available seperately, which will scan incoming data for viruses, or filter out inappropriate content in web traffic. Read how WinGate Proxy Server has helped some of the 750,000 + registered customers to make the most of their Internet connection.

Features - Reliability

Features related to improving system reliability

Internet gateway monitoring

WinGate can monitor gateway machines on the same ethernet segment. By using a periodic ARP request, WinGate learns of failures to gateway machines. Upon such failures, WinGate marks that gateway as unusable, and the gateway selection features and connection failover features will (depending on your configuration) switch over to an alternative connection.

Administrators can specify different schemas for failover on a per-service basis, allowing for instance the WWW Proxy to fail over to one circuit, but email to fail over to a different backup circuit.

The unavailable gateways are still monitored, so if they become re-available, they will be used again.

Automatic system reconfiguration

Gateway usageInternet connection failover

In conjunction with Gateway Monitoring, but also handling dialup connections, the Connection failover features in WinGate are flexible and comprehensive.

Should an internet connection become unavailable, either by virtue of a dialup connection failing to connect, or an internet gateway becoming unavailable, then the administrator can set up policy for how to fail over to another connection. This policy may be set on a per-service basis in WinGate, and concerning dialup connections there is a global precedence of connections that may also be applied.

This allows for instance the WWW Proxy to fail over to one circuit, but email to fail over to a different backup circuit in the event of a failure in connectivity.

The unavailable gateways are still monitored, so if they become re-available, they will be used again

Server redundancy options

Normally options for server redundancy are limited. Apart from the obvious hardware redundancy options, if you choose to deploy and use the WinGate Internet Client on your networks, then you have a further opportunity to provide fail-over services in the event of a system crash.

By deploying the WinGate Internet Client, then installing several WinGate servers (whether they each have a connection, or share connections), then if one server becomes unavailable, the automatic discovery mechanism used by the WinGate Internet Client will kick in and find the fall-back server.

This allows the client machines to maintain access to the Internet even though the main gateway may have been disabled.