Skip to content

Version 10.2


This is an old version. We strongly recommend upgrading your appliance to the latest version to ensure optimal performance and security.

Upgrading to the latest version provides enhanced security features, bug fixes, and overall improvements, safeguarding your system against potential vulnerabilities.

Features & Improvements

Secure Socket Tunneling Protocol (SSTP)

AXS Guard extends its offering of remote access solutions with support for the Microsoft Secure Socket Tunneling Protocol (SSTP), a VPN service that provides a mechanism to transport PPP traffic over an SSL/TLS channel.

SSL and TLS are cryptographic protocols designed to provide communications security over a computer network.

The use of SSL/TLS over TCP port 443 allows SSTP clients to pass through virtually all firewalls and proxy servers, except for authenticated web proxies.

The SSTP server can be configured to enforce strong authentication, which is capable of blending different authentication factors and/or types for increased security.

The AXS Guard reverse proxy manages the SSTP server as a separate application, allowing administrators to share the same external IP address and port with other applications and services.

See the official Microsoft documentation for additional information about SSTP.


The AXS Guard documentation is constantly updated to reflect the various changes and improvements in the software and the product as a whole. Documents are available in the PDF and HTML format.

The following manuals have been added or updated:

  • AXS Guard PKI Guide

  • AXS Guard SSTP Guide

  • AXS Guard Reverse Proxy Guide

The following KB articles have been added or updated:

  • Terminal Server Setups

  • HTTP Authentication Methods


Microsoft SSTP VPN Support

MS-SSTP (Microsoft Secure Socket Tunneling Protocol) is a VPN protocol which is developed by Microsoft. It implements PPP over HTTPS (SSL), so traffic can easily traverse firewalls and proxies.

CA Certificate Export Option

If the SSTP server certificate is signed by the AXS Guard CA, the CA certificate must be exported and added as a trusted root CA on each Windows SSTP client in order for connections to succeed. A new button has been added for this purpose.

OATH Support for Remote Desktop Gateway Back-ends

The Remote Desktop Gateway (RDG) reverse proxy back-end now supports authentication with OATH-based tokens, such as Google and Microsoft Authenticator apps.

The following authentication methods are available:

  • OATH (default)


  • OATH or DIGIPASS (to facilitate migration)

  • AXS Guard password

  • Back-end password (LDAP)

OATH is supported for all RDG implementations, such as RPC over HTTP (prior to Windows 8), RDG (Windows 8 or later) and the Microsoft Remote Desktop App (Android, iOS and Windows).