• To restrict access define filter groups with DNS names, IP addresses and TCP port (optional).
• Wildcards can be used. Multiple groups are allowed.
• Filter groups can be enabled and disabled by timers.
• Complex timer schemas with date, time and weekdays can be specified

• Multiple ApplicGate instances with proxy functionality can be cascaded. Now the first ApplicGate can send multiple CONNECT commands to route through the network.
• This can be combined with TLS encryption and authentication by client certificates.
• This schema is protocol independent and any protocol based on TCP can be used

• Full data logging can be enabled and the logged data can be seen via the web interface of ApplicGate.
• To log https traffic in clear text the TLS data stream must be decrypted (man-in-the-middle).
• The necessary web server certificates are generated on the fly.
• Prerequisite is a signing certificate (“CA certificate”) that will sign all generated certificates.
• This signing certificate can be generated by e.g. a PowerShell command easily.
• The clients accessing the ApplicGate proxy must trust this signing certificate. Otherwise the web browser will issue an error or warning message.

Specific targets can be excluded from decryption. Exclusion is necessary if the target web server requests a certificate from the client.

• Any ApplicGate routing entry can have up to two different IP addresses used as source address for outgoing connections.
• If two addresses are configured one address must be an IPv4 address and the other must be an IPv6 address.
• Dependent on the type (address family) of the target address the matching source address will be chosen.