Special Modules

Create an application portal for customers or employees, provide VPN connectivity and make internal applications over e.g. MS-RDP or Citrix® XenApp available, integrate with backend Kerberos domains, control in- or outbound data, integrate securely with external SOAP webservices, add session recording, protect the server keys with Hardware Storage Modules or integrate with Splunk® solutions.

Airlock WAF software modules extend the base installation in an easy and flexible way for supporting additional business needs. And keep it secure.

The functionality of some modules might be integrated in the Airlock WAF (depending on product release).


SSL VPN Service Module

The SSL VPN module provides a secure connection for non-HTTP traffic such as MS-RDP (Microsoft® terminal server), Citrix® ICA, SMTP, POP3, MAP, Telnet, SSH etc. This module protects the secure transfer of any TCP based traffic and protects it with authentication and high grade encryption. It allows secure remote access for employees, partners or clients. No additional client software or client configuration is required, the access can be initiated from within any computer via browser. The SSL VPN Service Module integrates into an existing Airlock WAF authentication.


AMF Filter Module

The Airlock AMF Filter module is an ICAP service that can be linked to Airlock. It enables validation of access attempts to AMF against whitelist and blacklist rules before passing them on to the back-end server. By using the Airlock AMF Filter module, one can ensure that only formally valid and correct AMF requests are delivered to the back-end system.


Secure Session Transfer (SST)

The SST module is used for integrating 3rd party applications to Airlock user sessions. It creates and securely controls a persistent session cookie, that can be accessed from 3rd party applications. The persistent cookie is invalidated when the user logs out or closes the browser window.


Session Recording

Session recording solution by Qumram® which offers a cutting-edge Big Data platform for recording, archiving and analyzing all customer interactions in the online world with guaranteed legal compliance. Airlock WAF, being the central gateway to your applications, is the ideal place for integrating the Qumram® interceptor, easily covering all applications with a single installation.


Application Portal

The application portal module allows to create portal sites for integrating external and internal applications, all realized by leveraging the Airlock ecosystem.

The application portal can show different applications depending on the assigned roles of the current user. This makes it possible to use the same entry page (portal) for different users/user groups such as employees, partners or customers. It is even possible to create a custom application portal by using the Airlock portal API.

The application portal fits into the Airlock eco system by using the same underlying role model as in Airlock/IAM. This means the user sees only the applications he has access to. Additionally it benefits from the filtering, URL encryption and form protection provided by Airlock.

Logo, title, icons etc. can be changed via properties files. Look and feel settings can be enhanced/adjusted by changing the related custom JSP, JS and CSS files. Look and feel can be switched by using themes.

The application portal is implemented as a Java servlet running in any Java compatible servlet container. The Java servlet specification must be 2.5 or higher.


Hardware Storage Module Support (HSM)

A HSM is a dedicated trusted hardware storage module which is attached to a server for protecting sensitive credentials like certificates or encryption keys. The credentials never leave the HSM and cannot be copied even if the server would be compromized.

The Airlock HSM module allows the integration of the network attached SafeNet Luna SA® from Gemalto®.


Kerberos Agent

This module allows the use of Kerberos tickets for integrating with a Kerberos based authentication infrastructure. Perfect for client certificate or token based authentication enforcement.


SOAP/XML Validator

This module allows to securely integrate external SOAP web services or XML content without worrying for malicious XML content. XML content or web services are validated and filtered through SOAP WSDL or XML files. The advantage of this white list approach is that only known and valid content is allowed through the Airlock WAF, while unknown or not valid content is filtered out. It is also very efficient as the white list approach frees the user to update the filter with an eternally growing black list.
The SOAP and XML filters are attached through ICAP. The SOAP and XML filters are standard Java servlets, and can be deployed on every Java servlet compatible container like Apache® Tomcat®, IBM® WebSphere®, BEA® WLS® etc.

Note: Airlock needs the ICAP capability (ICAC module) in order to use SOAP or XML filters. Note: Unknown embedded binaries in the payload cannot be verified with the SOAP/XML filter and should be filtered out right away or treated separately on an ICAP server.


ICAP Bundle Module

The ICAP module allows to attach external add-on filters from 3rd parties. Incoming requests will be checked by e.g. an anti-virus scanner or other services like confidential data leakage detection through the ICAP interface.

This module allows to integrate external filters for any traffic, which is a must have for securely handling incoming payloads or for a secure approach of a SOA type of service integration.


Operations App for Splunk®

The Airlock Operations App for Splunk® integrates Airlock logs seamlessly with Splunk® environments and comes with built-in dashboards for common Airlock use cases. 3 versions: 0-2GB, 0-10GB, 0-50GB.

Please use below contact form for any questions, comments or product inquiries.


This page contains copyright material from ©Ergon Informatik AG. Other products or trademarks mentioned are the property of their respective owners.