bastion

Highlights

  • Bastion Reverse and forward proxy server
  • Available on Windows and Linux
  • High scalability and throughput
  • Filters any HTTP & SIP based protocol
  • Easily deployed with any secure gateway/firewall

SphereShield’s Bastion is a lightweight, extensible and highly scalable reverse proxy server solution, focused on content filtering and access control for HTTP(S) traffic.  

Bastion forwards traffic to back-end servers such as Skype for Business or internal websites. However, by employing a pluggable filtering architecture, it can be easily extended to support any kind of filtering through filter modules. Native filters are written in C++ but integration with modules written in other languages are also supported.  

Bastion supports session/SSL termination/offloading, and End-to-End encryption. Bastion can run on both Windows and Linux platforms. 

Bastion can run as a reverse or forward proxy and mobile agent applications are offered for forward proxy deployments. 

Scalable Event-Driven Architecture

Bastion is designed as an event-driven server using asynchronous I/O which uses multi-threading to respond to requests. This significantly reduces the overhead compared to thread-driven synchronous I/O architectures. 

Accordingly, the event-driven architecture greatly enhances scalability, allowing Bastion to handle a higher number of concurrent TCP connections compared to process- or thread-driven reverse proxy servers. 

Bastion can operate on both HTTP requests and responses. Requests and responses can be blocked, modified or left as is (if no filtering is required). Since Bastion offers maximum HTTP protocol compatibility (beyond the common web usage subset), it can be used to filter almost any HTTP-based protocol, such as Skype for Business traffic. 

Powerful Extensibility

Bastion’s core purpose is to offer a powerful platform for custom traffic filters. These filters can be easily created to provide custom security and functionality capabilities.

Agat’s impressive expertise and experience in designing business traffic solutions for a wide variety of purposes allow the company to efficiently tailor solutions according to business needs.

The Bastion Reverse Proxy is available with filters that provide MFA, MDM secured conditional access, DOS and Account Lockout protection and much more for a range of enterprise services, such as Microsoft Skype for Business, Exchange and Teams.

Forward proxy agents for mobile

SphereShield offers the ability to forward traffic from mobile to Bastion using mobile agents. The SphereShield agents are available for iOS and Android and support PAC file configuration to forward specific traffic that is needed to be controlled by the business while allowing the rest of the traffic to go through directly to the service.