Shield Firewall is an Open source Unified Threat Management solution that targets the security needs for Home / SOHO / and SMB segments. The solution provides an Advanced State full Firewall integrated with L7 Application Control, Intrusion Prevention, SSLVPN, IPsec VPN, Web filtering, and User Authentication functionalities. The unified security policies management layer of Shield enables users to manage their security needs with ease!
- Ensuring the internet access in secured way
- Filtering on unintended web content & applications. ( Example: Prevent users from visiting Malicious websites, Age restricted media contents, block the undesired content from Facebook, Phishing urls )
- Single point of protection on Malware control
- Application aware Stateful Firewall with Full-fledged NAT support
- Enabling VPN access with easy to deploy true SSLVPN.
- Web filtering & Internet usage control
- Easy to deploy Single Solutions for Firewalling/Malware Control/Content filtering/VPN/IP Management/Internet usage limiting.
- Data leak Prevention.
- Enhanced Productivity with controlling the undesired Internet usage.
- Enabling secure connectivity between branch offices, Roaming users.
- Network segregation with effective firewall policy enforcements.
- Deep packet Inspection & Applications usage identification & Analysis
- Policy objects based easy to manage unified firewall policies.
- Secured Cloud Access.
- State full Firewall with connections tracking capabilities
- Dynamic/Static NAT, Port forwarding
- Prevention of DOS, DDOS & IP Spoofing
- Bandwidth Control
- Multicast Forwarding
- TCP Syn Cookies
- MAC Filtering
- QOS/Diffserv marking
- Content Filtering - Blocking Java/ActiveX/Proxy/Cookies
- L7 Application Control with 70+ protocols support
- Transparent Firewall/Routed Firewall mode
- Use of Policy Objects for Firewall/NAT Policies Configuration
- Support for multiple firewall zones & zone based security policies
- Snort 2.9 based Intrusion Prevention enabling both Signature based Detection and Detailed Protocol Decoders.
- Support for Custom Signatures with Intuitive signature configuration wizard
- Supporting signatures from Emerging threats/Snort VRT(TALOS)
- OpenVPN based SSLVPN Solution - Access Gateway Mode & P2P Mode Support
- Locally managed SSLVPN Client Profiles
- Two factor Authentication enabling Password/Certificates based Authentication for SSLVPN Clients
- Use of Pre-shared Keys/Certificates for P2P Authentication
- TCP/UDP Based Tunnels
- AES/DES/BF/CAST5/RC2 Encryption
- Traffic compression
- Tunnel All Traffic mode support on the client side
- Support for Mobile VPN Clients
- Easy to use VPN User Profiles/P2P Policies Configuration.
- Tunnel/Transport Mode
- IKE Exchange - Main/Aggressive/Base mode
- DES/3DES/Blowfish/Cast128/AES Encryption
- MD5/SHA Digest
- Pre-shared Keys/Certificates Authentication
- IKE/Diffe Hellman Group
- AH/ESP Support
- IPSec/PFS Group Support
- Traffic Compression
- Dead Peer Detection
- Web filtering with Squid Proxy . Support for URLs/Regular expression-based Filtering
- Category-based Filtering with URL Blacklist Freeware service
- Users/User Groups based Web filtering Policies
- SSL Proxy
- Explicit/Transparent Proxy mode support
- Limiting Http connections per Network/Users/User Groups
- Filtering based on Web request/response size
- SSL Control
- User Authentication
- Localization Support for Web filtering Blocking Pages
- Captive Portal
- DHCP
- DNS
- Static Routes
- Virtual IP
- DDNS
- VLAN/801.q
- Multiple Firewall Zones/Port Mapping
- PPPoE Support
- WebUI accessible via SSL
- NTP
- SNMP v1/v2/v3 Support
- Syslog
- Provision to update firmware via WebUI
- Factory Reset
- Diagnostic Utilities
- Certificates Management for Web Proxy/SSLVPN/IPSec Services
- Log viewer for accessing Syslog logs/Security Alerts
- Firewall Connections Monitoring
- DHCL Clients Status
- VPN Connections Monitoring
- Graphical reports on System Resources Usage/FW
- Connections Monitoring/IPS Alerts
- Web filtering Reports
- Linux Netfilters/IPTables
- Conntrack tools
- Snort
- OpenVPN
- Strongswan
- Squid Web Proxy
- SquidGuard URL Redirector
- Freeradius
- ISC Dhcp
- Openssl
- L7 Filters