Oneshield: technical characteristics

Network Security:
  
- Stateful Packet Firewall
- Demilitarized Zone (DMZ)
- Intrusion Detection
- Multiple Public IPs
- Traffic Shaping

-- VoIP/SIP support
- Malformed Packet Protection
- Portscan Detection
- DoS and DDoS Protection
- SYN/ICMP Flood Protection
- Anti-Spoofing Protection

Enterprise IDS:

- Fully Web Managed Intrusion Detection System
- Integrated with the largest Networks of 0Days Threats in the world
- Ajax Instant Log Web Interface for instant alerting of Intrusion Attempts

Web Security:

- HTTP & FTP proxies
- Anti-virus (100.000+ patterns)
- Transparent Proxy support
- Content Analisys/Filtering
- URL Blacklist
- Authentication: Local, RADIUS, LDAP, Active Directory
- NTLM Single Sign-On
- Group Based Access Control

Mail Security:

- SMTP & POP3 proxies
- Anti-spam with Bayes, Pattern, SPF, Heuristics, Black- and White-lists support
- Anti-virus (100.000+ patterns)
- Transparent Proxy support
- Spam Auto-Learning
- Transparent Mail Forwarding (BCC)
- Greylisting

VPN Concentrator:

- True SSL/TLS VPN (OpenVPN)
- IPSEC
- Encryption: DES, 3DES, AES 128-, 192-, 256-bit
- Authentication: Pre-Shared Key, X.509, Certification Authority, Local
- PPTP Passthrough
- Native VPN Client for MS Windows, MacOSX and Linux

Hotspot Security:

- Captive Portal
- Wired/Wireless support
- Pre-/Post-paid and free Tickets
- Integrated RADIUS service
- Connection Logging
- No additional software/hardware required

Management:

- Easy Web-based Administration (SSL)
- Secure Remote SSH/SCP Access
- Serial Console
- Centralized Management through Endian Network (SSL)

High Availability:

- Multi-Node Appliance Cluster
- Hot Standby (active/passive)
- Load Balancing (active/active)
- Node Data Synchronization

WAN Failover:

- Automatic WAN Uplink Failover
- Monitoring of WAN Uplinks
- VPN Failover

Network Address Translation:

- Static NAT (Port Translation)
- One-to-One NAT
- IPSec NAT Traversal
 
Routing:

- Static Routes
- Source Based Routing
- Destination Based Routing
 
Logging/Reporting:

- Instant Log Viewer (AJAX based)
- Detailed User Based Web Access Report
- Network/System/Performance Statistics
- Syslog (Local or Remote)
 
Updates and Backup:

- Centralized Updates through Oneshield Eurotech Network
- Anti-virus Definitions
- URL Blacklist Definitions
- Scheduled Automatic Backup
- Encrypted Backups via E-mail
- Instant Recovery/Backup to USB-Stick
 

Oneshield Security: technical innovations

Web Interface

 • Completely redesigned web interface
 • Many usability enhancements

Enhanced management of WAN/RED connections

 • Support for multiple uplinks
 • Multiple IPs/networks on each WAN/RED interface
 • Uplink monitoring with automatic failover (ISP failover)
 • Load balancing of multiple internet connections
 • Easy editing/management of uplinks
 • Support for new uplink types: UMTS, PPTP
 
Networking

 • VLAN support (IEEE 802.1Q trunking)
 • Policy Routing: routing based on user, interface, mac, protocol or port

Port Forwarding / NAT
 
 • Multiple uplink support, allowing different rules per uplink
 • Port Forwarding of traffic coming from VPN endpoints
 • Source NAT management
 • Option for rule based Logging
 
System Access
 
 • External Access has now been enhanced and renamed to System Access
 • Fine grained management of permissions regarding access to the system from LAN, WAN, DMZ
 and VPN endpoints
 • Default policy for firewall/system access is now set to DENY
 • Firewall services automatically define ports required for their proper function, but access can be
 restricted
 • Support for ICMP protocol
 
Outgoing Firewall
 
 • Support for ICMP protocol
 • Handling of multiple sources/ports/protocols per Rule

Zone Firewall

 • DMZ Pinholes has been enhanced and renamed to Zone Firewall
 • Fine grained filtering of local network traffic
 • Rules based on zones, physical interfaces, MAC addresses
 • Support for ICMP protocol
 • Handling of multiple sources/ports/protocols per rule

Intrusion Detection
 
 • New version of High Performance IDS with reduced RAM usage and enhanced performance
 • Support for inline intrusion detection
 
High Availability

 • Multi-Node Appliance Cluster
 • Hot Standby (active/passive)
 • Automatic Node Data Synchronization
 • Process monitoring/watchdog

HTTP Proxy

 • Time based access control with multiple time intervals
 • Group based web access policies
 • Zone based operation mode: transparent, authentication or no authentication

Content Filter
 
 • Better handling of content filter categories
 • Enhanced performance
 
SMTP Proxy

 • Enhanced performance
 • Optional setting for Smarthost port
 • Additionally secures SMTP traffic coming from VPNs (Roadwarrior and      Gateway2Gateway) 
DNS Proxy
 • Route specific domains to a custom DNS
 
Secure Hotspot
 
 • Better account listing, with pagination, sorting and search
 • Per user and global bandwidth limiting
 • MAC-address based user accounts
 • User accounts import/export per CSV
 • Single-click ticket generation (Quick ticket)
 • Automatic client network configuration (support for DHCP and static IP)
 • Enhanced user/client portal
 • Generic JSON-API for external accounting and third party integration (like Hotel Management
 Software)
 • Support for multiple network interfaces
 
OpenVPN

 • X.509 and 2 factor based authentication
 • Pushing of DNS settings to clients
 • Pushing of global or per client routes
 • Support for NATed VPN endpoints
 • Support for VPN over HTTP Proxy
 • Automatic connection failover
 • Every VPN endpoint is resolvable through DNS (vpn.<username>.domain)
 
Oneshield VPN Client

 • Downloadable from Oneshield Network
 • Works with Windows (Vista, XP, 2000), MacOSX, Linux
 • Multiple connections at once
 • Encrypted configuration profiles
 • PSK, X509 based and 2 factor authentication
 • Runs as service and allows unprivileged users to start a connection
 • Can start the connection automatically on boot / on user logon
 • Supports openvpn server fallback, when primary server fails

IPSEC

 • Rewrite of the base
 • Added debugging possibilities
 • Ipsec on orange
 • Default MTU can be overridden
 • Simplified GUI by removing Side (Left/Right) configuration and swapped completely to

Local/Remote labeling

 • added ID fields
 • Added Dead Peer Detection options
 
Instant Log Viewer

 • Realtime log viewer with filtering and highlighting
 • Displays all the logfiles you are interested in at the same time

Logs
 
 • Every service supports remote logging
 • Daily log rotation

Backup
 
 • Zero-configuration backups to USB stick: just plug in a USB stick to backup
 • Restore a from any USB stick
 
Support
 
 • One click to access to Oneshield Support Team and Managed Security Services
 • Integrated ticketing support