The MailGuard Bastion is a messaging firewall that allows the exchange of messages between networks of differing security levels or differing security policies. MailGuard Bastion operates as a stand-alone system providing a bi-directional messaging firewall for both X.400 and SMTP/MIME e-mail traffic.
MailGuard Bastion is based upon the Trusted Solaris operating system (itself assured to ITSEC E3/F-B1 and E3/F-C2) and is provided as a turnkey system utilising Sun SPARC hardware.
Messages that need to pass between the networks connected by MailGuard Bastion may only flow through the trusted processes of the application and labelled operating system. No other forms of communication are permitted between the networks, thus providing assurance of network separation.
MailGuard Bastion maintains separate channels for message flow between networks allowing different policies to be applied in each direction, to the extent that all message traffic can be blocked in one direction. An audit trail of all message traffic is maintained.
MailGuard Bastion offers a protected environment (or DMZ) into which modules can be introduced to perform specific inspection and filtering, filtering based on sensitivity labels or digital signature verification. When correctly configured, the architecture of MailGuard Bastion is such that these modules need not be subject to ITSEC evaluation.