Advanced State full Firewall integrated with L7 Application Control, Intrusion Prevention, SSLVPN, IPSec VPN, Web filtering, Users Authentication functionalities.

Shield UTM20 appliances comes with four 1Gbps LAN ports & two 1Gbps WAN ports, One auxiliary console port & One USB port.

Firewall

• State full Firewall with connections tracking capabilities
• Dynamic/Static NAT, Port forwarding
• Prevention of DOS, DDOS & IP Spoofing
• Bandwidth Control
• Multicast Forwarding
• TCP Syn Cookies
• MAC Filtering
• QOS/Diffserv marking
• Content Filtering - Blocking Java/ActiveX/Proxy/Cookies
• L7 Application Control with 70+ protocols support
• Transparent Firewall/Routed Firewall mode
• Use of Policy Objects for Firewall/NAT Policies Configuration
• Support for multiple firewall zones & zone based security policies
  

Intrusion Prevention

• Snort 2.9 based Intrusion Prevention enabling both Signature based Detection and Detailed Protocol Decoders.
• Support for Automatic Signature Updates
• Support for Custom Signatures with Intuitive signature configuration wizard
• Supporting the signatures from Emerging threats/Snort VRT
  

SSLVPN

• OpenVPN based SSLVPN Solution - Access Gateway Mode & P2P Mode Support
• Locally managed SSLVPN Client Profiles
• Two factor Authentication enabling Password/Certificates based Authentication for SSLVPN Clients
• Use of Pre shared Keys/Certificates for P2P Authentication
• TCP/UDP Based Tunnels
• AES/DES/BF/CAST5/RC2 Encryption
• Traffic compression
• Tunnel All Traffic mode support on the client side.
• Supporting up to 20 VPN Clients
• Support for Mobile VPN Clients
• Easy to use VPN User Profiles/P2P Policies Configuration.
  

IPSec

• Tunnel/Transport Mode
• IKE Exchange - Main/Aggressive/Base mode
• DES/3DES/Blowfish/Cast128/AES Encryption
• MD5/SHA Digest
• Pre shared Keys/Certificates Authentication
• IKE/Diffe Hellman Group
• AH/ESP Support
• IPSec/PFS Group Support
• Traffic Compression
• Dead Peer Detection
  

Web Filtering

• Web filtering with Squid Proxy – Support for URLs/Regular expression based Filtering
• Categories based Filtering with URL Blacklist service
• Users/User Groups based Web filtering Policies
• SSL Proxy
• Explicit/Transparent Proxy mode support
• Limiting Http connections per Network/Users/User Groups
• Filtering based on Web request/response size
• SSL Control
• Digest Based Authentication for locally managed Users
• Web Caching with USB Based Storage
• Localization Support for Web filtering Blocking Pages.

Network

• DHCP
• DNS
• Static Routes
• Virtual IP
• DDNS
• VLAN/801.q
• Dual WAN with Wan Failover/Load Balancing (Only Available in SMB
• Firewall Zones/Port Mapping
• PPPoE/xDSL Support

Device Management

• WebUI accessible via SSL
• SSH CLI Access
• NTP
• SNMP v1/v2/v3 Support
• Syslog
• Provision to update firmware via WebUI
• Factory Reset
• Diagnostic Utilities
• Certificates Management for Web Proxy/SSLVPN/IPSec Services
  

Reports

• Log viewer for accessing Syslog logs/Security Alerts
• Firewall Connections Monitoring
• DHCL Clients Status
• VPN Connections Monitoring
• Graphical reports on System Resources Usage/FW Connections Monitoring/IPS Alerts
• Web filtering Reports

A Session Border Controller(SBC) is used to control VoIP signaling and media streams. SBC is responsible for setting up, conducting, and tearing down calls. SBC allows owners to control the types of call that can be placed through the networks and also overcome some of the problems caused by firewalls and NAT for VoIP calls. A common location for a stand-alone SBC is a connection point, called a border, between a private local area network (LAN) and the Internet. SBC polices real-time voice traffic between IP network borders ensuring your private network is robustly secure and fully manageable.

• SBC is enabled with DPI Packet Inspection on VOIP traffic, supporting the Signatures for Key Malwares/Vulnerabilities observed in SIP Deployments like Extensions Enumeration DoS and Password Cracking. Supporting Open Source PBXs like Asterisk, FreeSwitch, TrixBox.
• Handles the SIP-NAT issues observed in the common VOIP deployments.
• Topology-hiding function is to prevent customers or other service providers from learning details about how the internal network is configured, or how calls being placed through the SBC are routed.

Basic Functions

• Eliminates bad VoIP signaling and media protocol at the network boundary.
• Built-in firewall which can controls IP Addresses/Port based Filtering, DOS/DDOS Attacks, IP Blacklist & NAT. It opens pinhole in the firewall to allow VoIP signaling and media to pass through.
• Media bridging, which may include Voice over IP and Fax over IP.
• Roaming Extension for Internal SIP PBX.
• Support for SIP Outbound/Inbound Trunk and policies to route the calls.
• DTMF Support for RFC2833/INBAND/SIP INFO
• Can handle simultaneous calls from 10 to 60 channels (Including Media Transcoding and Encryption)
• Easy GUI Configuration and call statistics.

Advanced Features

• Eliminates bad VoIP signaling and media protocol at the network boundary.
• Built-in firewall which can controls IP Addresses/Port based Filtering, DOS/DDOS Attacks, IP Blacklist & NAT. It opens pinhole in the firewall to allow VoIP signaling and media to pass through.
• Media bridging, which may include Voice over IP and Fax over IP.
• Roaming Extension for Internal SIP PBX.
• Support for SIP Outbound/Inbound Trunk and policies to route the calls.
• DTMF Support for RFC2833/INBAND/SIP INFO
• Can handle simultaneous calls from 10 to 60 channels (Including Media Transcoding and Encryption)
• Easy GUI Configuration and call statistics.