Oneshield Security UTM Pro
Accessories
|
SKU: Utm Pro maintenance
|
|
Description
With Zero Day vulnerabilities and Security Research support provided by WabiSabiLabi Swiss Laboratory, Oneshield UTM is the Next Generation Security Appliance, remotely managed, for high end IT Corporate Security
Oneshield UTM Pro is the most complete Unified Threat Management (UTM) solution of the industry, integrating application level filtering, antivirus, antispam, content, filter VPN Server (VPN concentrator) and one of the most complete and up to date Intrusion Detection Systems on the market in one single network
Oneshield is a Unified Threat Management (UTM) Network Appliance Device that protects the Network and the entire IT of mid-sized to large organization, improving the quality of connectivity while at the same time offering all the essential Security Services and contents suited to the modern, always on corporations, with an easy to use interface.
The Oneshield software incorporates, among its main features, a wide range of components including Stateful Inspection Firewall, Enterprise IDS, Antivirus e Antispam HTTP, POP e SMTP, Antivirus HTTP e FTP, VPN Concentrator, Content Filter and ready to use Managed Security Services.
With "In The Box" Managed Security Services (MSS), Telemonitoring and Teleconfiguration Services provided by Oneshield Certified Partners in multiple languages, Oneshield UTM is not only a piece of hardware, but a service module ready to work with your organization.
Online Wiki Manual
Technical
Rack Mounted - 1GB RAM - 80GB Double HD - 4x1Gbit- Core Duo CPU
Oneshield Security UTM Technical Features
Network Security:
- Stateful Packet Firewall
- Demilitarized Zone (DMZ)
- Intrusion Detection
- Multiple Public IPs
- Traffic Shaping
- VoIP/SIP support
- Malformed Packet Protection
- Portscan Detection
- DoS and DDoS Protection
- SYN/ICMP Flood Protection
- Anti-Spoofing Protection
Enterprise IDS:
- Fully Web Managed Intrusion Detection System
- Integrated with the largest Networks of 0Days Threats in the world
- Ajax Instant Log Web Interface for instant alerting of Intrusion Attempts
Web Security:
- HTTP & FTP proxies
- Anti-virus (100.000+ patterns)
- Transparent Proxy support
- Content Analisys/Filtering
- URL Blacklist
- Authentication: Local, RADIUS, LDAP, Active Directory
- NTLM Single Sign-On
- Group Based Access Control
Mail Security:
- SMTP & POP3 proxies
- Anti-spam with Bayes, Pattern, SPF, Heuristics, Black- and White-lists support
- Anti-virus (100.000+ patterns)
- Transparent Proxy support
- Spam Auto-Learning
- Transparent Mail Forwarding (BCC)
- Greylisting
VPN Concentrator:
- True SSL/TLS VPN (OpenVPN)
- IPSEC
- Encryption: DES, 3DES, AES 128-, 192-, 256-bit
- Authentication: Pre-Shared Key, X.509, Certification Authority, Local
- PPTP Passthrough
- Native VPN Client for MS Windows, MacOSX and Linux
Hotspot Security:
- Captive Portal
- Wired/Wireless support
- Pre-/Post-paid and free Tickets
- Integrated RADIUS service
- Connection Logging
Management:
- Easy Web-based Administration (SSL)
- Secure Remote SSH/SCP Access
- Serial Console
- Centralized Management through Endian Network (SSL)
High Availability:
- Multi-Node Appliance Cluster
- Hot Standby (active/passive)
- Load Balancing (active/active)
- Node Data Synchronization
WAN Failover:
- Automatic WAN Uplink Failover
- Monitoring of WAN Uplinks
- VPN Failover
Network Address Translation:
- Static NAT (Port Translation)
- One-to-One NAT
- IPSec NAT Traversal
Routing:
- Static Routes
- Source Based Routing
- Destination Based Routing
Logging/Reporting:
- Instant Log Viewer (AJAX based)
- Detailed User Based Web Access Report
- Network/System/Performance Statistics
- Syslog (Local or Remote)
Updates and Backup:
- Centralized Updates through Oneshield Eurotech Network
- Anti-virus Definitions
- URL Blacklist Definitions
- Scheduled Automatic Backup
- Encrypted Backups via E-mail
- Instant Recovery/Backup to USB-Stick
Oneshield Security UTM Technical Innovations
Web Interface
• Completely redesigned web interface
• Many usability enhancements - Enhanced management of WAN/RED connections
• Support for multiple uplinks
• Multiple IPs/networks on each WAN/RED interface
• Uplink monitoring with automatic failover (ISP failover)
• Load balancing of multiple internet connections
• Easy editing/management of uplinks
• Support for new uplink types: UMTS, PPTP
Networking
• VLAN support (IEEE 802.1Q trunking)
• Policy Routing: routing based on user, interface, mac, protocol or port
Port Forwarding / NAT
• Multiple uplink support, allowing different rules per uplink
• Port Forwarding of traffic coming from VPN endpoints
• Source NAT management
• Option for rule based Logging
System Access
• External Access has now been enhanced and renamed to System Access
• Fine grained management of permissions regarding access to the system from LAN, WAN, DMZ
and VPN endpoints
• Default policy for firewall/system access is now set to DENY
• Firewall services automatically define ports required for their proper function, but access can be
restricted
• Support for ICMP protocol
Outgoing Firewall
• Support for ICMP protocol
• Handling of multiple sources/ports/protocols per Rule
Zone Firewall
• DMZ Pinholes has been enhanced and renamed to Zone Firewall
• Fine grained filtering of local network traffic
• Rules based on zones, physical interfaces, MAC addresses
• Support for ICMP protocol
• Handling of multiple sources/ports/protocols per rule
Intrusion Detection
• New version of High Performance IDS with reduced RAM usage and enhanced performance
• Support for inline intrusion detection
High Availability
• Multi-Node Appliance Cluster
• Hot Standby (active/passive)
• Automatic Node Data Synchronization
• Process monitoring/watchdog
HTTP Proxy
• Time based access control with multiple time intervals
• Group based web access policies
• Zone based operation mode: transparent, authentication or no authentication
Content Filter
• Better handling of content filter categories
• Enhanced performance
SMTP Proxy
• Enhanced performance
• Optional setting for Smarthost port
• Additionally secures SMTP traffic coming from VPNs (Roadwarrior and Gateway2Gateway)
DNS Proxy
• Route specific domains to a custom DNS
Hotspot
• Better account listing, with pagination, sorting and search
• Per user and global bandwidth limiting
• MAC-address based user accounts
• User accounts import/export per CSV
• Single-click ticket generation (Quick ticket)
• Automatic client network configuration (support for DHCP and static IP)
• Enhanced user/client portal
• Generic JSON-API for external accounting and third party integration (like Hotel Management
Software)
• Support for multiple network interfaces
OpenVPN
• X.509 and 2 factor based authentication
• Pushing of DNS settings to clients
• Pushing of global or per client routes
• Support for NATed VPN endpoints
• Support for VPN over HTTP Proxy
• Automatic connection failover
• Every VPN endpoint is resolvable through DNS (vpn..domain)
Oneshield VPN Client
• Downloadable from Oneshield Network
• Works with Windows (Vista, XP, 2000), MacOSX, Linux
• Multiple connections at once
• Encrypted configuration profiles
• PSK, X509 based and 2 factor authentication
• Runs as service and allows unprivileged users to start a connection
• Can start the connection automatically on boot / on user logon
• Supports openvpn server fallback, when primary server fails
IPSEC
• Rewrite of the base
• Added debugging possibilities
• Ipsec on orange
• Default MTU can be overridden
• Simplified GUI by removing Side (Left/Right) configuration and swapped completely to Local/Remote labeling
• added ID fields
• Added Dead Peer Detection options
Instant Log Viewer
• Realtime log viewer with filtering and highlighting
• Displays all the logfiles you are interested in at the same time
Logs
• Every service supports remote logging
• Daily log rotation
Backup
• Zero-configuration backups to USB stick: just plug in a USB stick to backup
• Restore a from any USB stick
Support
• One click to access to Oneshield Support Team and Managed Security Services
• Integrated ticketing support
