securing everything - endian firewall everything endian utm network security solutions endian...
TRANSCRIPT
Securing everyThingwww.endian.com
Securing everyThingThe Simplest and Most Secure UTM Available
Network Security: All-in-one full UTM hardware,
software and virtual appli-ances.
BYOD & Hotspot: Provide secure and simple Internet access for guests
and coworkers.
Quick & Easy Setup: Get your network protected
in a matter of minutes.
Endian Network Endian’s centralized management portal
About EndianFounded in Appiano, Italy in 2003 by a team of experienced network specialists and security enthusiasts. Endian’s goal is clear: Develop the world’s most powerful and easy-to-use Open Source Unified Threat Management system. With over 1.7 million users of the Community Edition and thousands of installations of the professional product in over 50 countries, Endian continues to deliver on its mission!
The number of Internet-connected devices is growing at an incredible rate every day in both the business and consumer markets. Endian understands that each of these appliances becomes exposed to millions of potential threats the minute it’s connected.
Our solution set is unique in that it can provide a com-prehensive security layer combined with a unique level of simplicity within the IoT industry. This can offer a tremendous value to businesses in terms of protecting their employees and users as well as enabling the cre-ation of new service and support platforms that can save costs and drive revenue.
Endian‘s mission is to protect global communication networks and provide secure information access to anyone.
We help companies meet these challenges by providing an appliance- based architecture for network protection and for network management that is easy to buy, easy to own and easy to use.
Securing everyThingwww.endian.com
Endian UTM Network Security Solutions Endian security appliances are easy to use, all-in-one products: no extra module has to be added to guarantee maximum protection to your network. In order to offer to our customers even more, an advanced hotspot service is included in every appliance. Endian gateways are available as hardware, software or virtual appliances.
Hardware Appliance
A complete range of specifically desi-gned appliances integrating our UTM software for everyone’s security needs, from branch offices and industrial faci-lities to large networks.
Virtual Appliance
Protect your virtual networks and inf-rastructure in seconds. Support for all leading virtualization paltforms (VMware, Xen/XenServer, Hyper-V, KVM).
Software Appliance
Turn your favorite or existing hardware into a full-featured Endian UTM appli-ance. Scale your hardware resources up or down to suite your business network needs.
Unified Threat Management (UTM)
A Unified Threat Management (UTM) appliance is an all-inclusive product able to deliver multiple security fuctionalities within one single system. This approach allows to centrally manage all the needed services, inclu-ding firewall, IPS/IDS, VPN, web and mail security.
Endian UTM HighlightsUsing Endian UTM, your setup time is only a matter of minutes and with our intuitive web-based interface you can greatly reduce your network management time and costs. Protect and connect your network so you can get back to focusing on your business.
Wi-Fi and Bring Your Own Device (BYOD)
Are you getting the most from your WIFI or guest networks? Endian’s Hotspot solution can help protect those networks and offer valuable Internet access-all while maximizing their potential value to your business. Utilizing the Hotspot, you can collect user information and manage your guest network traffic so that your business can benefit from those resources.
Centralized Management and Updates
Endian Network is a free cloud-based, centralized management portal for se-cure remote access to all your Endian hardware, software and virtual applian-ces. This unified solution allows you to access, monitor, update and upgrade your Endian appliances. A simple setup process and user-friendly web interfa-ce make managing, selling and supporting Endian a breeze.
Secure Remote Access
Business happens everywhere and you need a solution to allow your business to stay connected and be protected from network threats. Our UTM solution provides both secure site-to-site and remote access (road warrior) connectivi-ty options that are sure to meet your needs. In addition, our solution delivers strong access control and encryption which can help minimize data loss and/or inappropriate access.
Application Control
Take control of the network by properly managing time-wasting, high band-width or non-business applications like Skype, WhatsApp, Dropbox, Facebook, Twitter and over 150 more. Endian makes it simple to manage applications on your network with just a few clicks, increasing productivity has never been easier.
Securing everyThingwww.endian.com
Mail and Web Security
Protect your employees from web and email threats like viruses, malware, phishing, spam and even policy violations and in the process increase produc-tivity. Complete web security provides over 100+ million categorized URL and domains. Flexible web policies allow you to build rules based on users, groups, date, time and much more. Our email filtering stops spam and viruses in their tracks and keeps your mail servers and users protected.
Live Network Monitoring and Reporting
Do you know what’s happening on your network? Can you identify what users are doing and which applications they are using? If not, your business could be losing valuable time and money. Our solution provides intuitive real-time and historical traffic monitoring along with management reports including web, email, security activity and more.
Event Management
The event notification engine was completely rewritten from the ground up to provide more advanced features and all new notification capabilities. Now you can keep track of things like IPsec and SSL VPN user activity (login/logout), errors and much more. In addition, we’ve added multiple notification options that include the ability to be notified via email or SMS or even have the system run a custom script upon an event occurring.
Advanced Content Security
Advanced Content Security is a powerful security bundle designed to enhance Endian’s malware signature database for more comprehensive threat awareness. It includes: CYREN URL Filtering that by using predictive detection technology, can recognize harmful sites before users are exposed to them, CYREN Anti-Spam that makes Endian able to respond to email threats within a couple of seconds while delivering the lowest false positives rate possible and Panda Anti-Virus, which helps Endian to provide maximum anti-virus protection .
Choose Endian UTM if you need:
• All-In-One UTM hardware, software or virtual appliances
• Reduce network management time and costs with our simple web interface
• Central management platform to monitor and access all your UTM devices
Endian UTM Mini 25The ideal network security solution for small businesses and remote branch office loca-tions takes a step forward. The new set and forget Endian gateway is built on a comple-tely new platform and has double the power of the previous generation.
UTM Mini 25 WiFiThis product offers a complete set of UTM features including a powerful hotspot soluti-on that when utilized with our WIFI option makes this the only SMB solution you need to connect and protect your small business network.
Highlights Mini 25• 4 Ethernet Ports• 2 GB RAM• 8 GB CFast Flash Memory• Desktop Appliance• WIFI Upgrade Available
Highlights Mini 25 WiFi• Complete Hotspot Integ-
ration• Up to 4 Configurable WiFi
Networks• WPA & WPA2 Personal/
Enterprise Authentication• Standards 802.11 a/b/g/n• Support for 2.4 or 5 GHz• 2x2 MIMO Antennas
Securing everyThingwww.endian.com
Endian UTM Mercury 50Conceived to handle the processing of heavy Internet traffic, emails and VPN connec-tions to branch offices, the Mercury 50 is the ideal scalable solution to support your network growth.
This high-performance appliance provides Endian’s best-in-class security features to midsize organizations. The complete set of Unified Threat Management functionalities in combination with advanced hotspot gives you the most comprehensive features available.
Endian UTM Mercury 100Fast, flexible and easy to use. The Mercury 100 guarantees high security standards combined with the globally recognized Endian Hotspot technology.
Application level filters, anti-virus, anti-spam, web filtering, VPN functionality and much more create a complete and reliable shield for your network from all internal and exter-nal threats.
Highlights• 5 Ethernet Ports• 2 GB RAM• 320 GB Hard Disk• Desktop Appliance
Highlights• 6 Ethernet Ports• 4 GB RAM• 2x320 GB Hard Disk• LAN-Bypass• Rack 1U
Endian UTM Macro 250 and 500Large organizations and distributed enterprises often experience critical security issu-es. To constantly keep the protection at a high level the support of a reliable hardware appliance is needed.
The Macro 250 and 500 offer integrated security services such as stateful inspection firewall, VPN, gateway anti-virus, anti-spam, web and email content filtering as well as a powerful hotspot in a single product.
Endian UTM Macro 1000 and 2500Discover the new powerful Endian appliances equipped with twice the memory and the latest multi-core processor technology to boost your network performance.
The Macro 1000 and 2500 are the ideal gateways to manage and filter the traffic of the most demanding networks. These high-performance hardware appliances are specially conceived to offer a great combination of performance and protection to large enterprises.
Highlights• 8 Ethernet Ports• 4 / 8 GB RAM• 2x320 / 2x500 GB Hard Disk• LAN-Bypass• Rack 1U
Highlights• 10/18 Ethernet Ports• 16/32 GB RAM• 2x500/2x1000 GB Hard Disk• LAN-Bypass• Rack 2U• 2x 10Gigabit SFP+ (optional)
Securing everyThingwww.endian.com
Endian UTM Hardware Comparison
Performance
Mini 25 Mini 25 WiFi Mercury 50 Mercury 100 Macro 250 Macro 500 Macro 1000 Macro 2500
Firewall Throughput 1.5 Gbit/s 2 Gbit/s 3.5 Gbit/s 5.5 Gbit/s 10 Gbit/s 20 Gbit/s 30 Gbit/s
VPN Throughput (IPsec & SSL) 120 Mbit/s 155 Mbit/s 320 Mbit/s 900 Mbit/s 1.4 Gbit/s 2.5 Gbit/s 4 Gbit/s
IPS Throughput 150 Mbit/s 200 Mbit/s 350 Mbit/s 1.5 Gbit/s 2.2 Gbit/s 3.5 Gbit/s 6 Gbit/s
Antivirus Throughput (Proxy) 175 Mbit/s 210 Mbit/s 600 Mbit/s 1.8 Gbit/s 3.1 Gbit/s 4.5 Gbit/s 7 Gbit/s
Web Security Throughput 400 Mbit/s 500 Mbit/s 1.2 Gbit/s 5 Gbit/s 6 Gbit/s 10 Gbit/s 20 Gbit/s
Concurrent Sessions 300,000 300,000 500,000 1,500,000 2,500,000 2,500,000 5,000,000
Max Concurrent Hotspot Connections 30 Unlimited Unlimited Unlimited Unlimited Unlimited Unlimited
HardwareMini 25
Mini 25 WiFi Mercury 50 Mercury 100 Macro 250 Macro 500 Macro 1000 Macro 2500
Case Desktop Desktop Rack 1U Rack 1U Rack 1U Rack 2U Rack 2U
Dimensions (mm) 44x 225 x 150 44x 272 x 195 44 x 430 x 260 44 x 430 x 400 44 x 430 x 400 88 x 430 x 580 88 x 430 x 580
Weight 1.19 kg 2 kg 5 kg 8 kg 8 kg 19 kg 19 kg
Memory 2 GB 2 GB 4 GB 4 GB 8 GB 16 GB 32 GB
Storage 8 GB CFast Flash Memory 320 GB HDD 2x 320 GB HDD
Raid2x 320 GB HDD
Raid2x 500 GB HDD
Raid2x 500 GB HDD
Raid2x 1 TB HDD
Raid
Networking
4x Gigabit Ethernet
Wi-Fi 802.11 a/b/g/n (opti-
onal)
5x Gigabit Ethernet
6x Gigabit Ethernet
8x Gigabit Ethernet
8x Gigabit Ethernet
10x Gigabit Ethernet
2x 10Gigabit SFP+ (optional)
18x Gigabit Ethernet
2x 10Gigabit SFP+ (optional)
LAN Bypass - 1 Pair 2 Pairs 4 Pairs 4 Pairs 4 Pairs 8 Pairs
Power Supply 40W External 45W External 65W Internal 250W Internal 250W Internal 2x 460W Inter-nal Redundant
2x 460W Inter-nal Redundant
Cooling Fanless Fans Fans Fans Fans Fans Fans
LCD Display - - Yes Yes Yes Yes Yes
VGA Yes Yes Yes Yes Yes Yes Yes
Hardware Warranty Included in maintenance
Included in maintenance
Included in maintenance
Included in maintenance
Included in maintenance
Included in maintenance
Included in maintenance
Certifications FCC/CE/RoHS FCC/CE/RoHS FCC/CE/RoHS FCC/CE/RoHS FCC/CE/RoHS FCC/CE/RoHS FCC/CE/RoHS
Software SolutionsTurn any PC into a Unified Threat Management Appliance
The software appliance is ideal for those who are looking to leverage existing hardware (x86_64) for their networking and security needs. The product functionality is identical to our hardware appliances so no tradeoffs required.
The Endian UTM Software Appliance offers the same technology that resides in the Endian Unified Threat Management (UTM) hardware appliances, thus making it possible to turn any PC into a full featured security appliance. Unleash the power of Endian UTM using your preferred hardware to enable comprehensive security for your whole network infrastructure. Integrated security services such as stateful inspection firewall, VPN, gateway anti-virus, anti-spam, Web security, and e-mail content filtering offer granular protection in a single system, hence reducing management time and costs.
System RequirementsCPU Intel x86_64 compatible / 1GHz minimum (dual-core 2 GHz recommended)
Multi-Processor Symmetric Multi-Processor (SMP) support included
RAM 1 GB minimum (2 GB recommended)
Disk SCSI, SATA, SAS or IDE disk is required (8GB minimum 20GB recommended)
Software RAID For software RAID1 (mirroring) two disks of the same type are required (capacity can be different)
Hardware RAID SCSI and SAS RAID systems and controllers are supported
CD-ROM An IDE, SCSI or USB CDROM drive is required for installation (not required after installation)
Network Cards Most common Network Interface Cards are supported including Gigabit and fiber NICs
Monitor Keyboard Only required for the installation but not for configuration and use
Operating System Endian UTM includes a hardened Linux-based Operating System
Virtual Cloud SolutionsSecure and Protect your Virtual Infrastructure
Protect your virtual infrastructure from any potential threat with Endian’s cutting-edge network security! Whether you are securing your internal virtual business environment, running a world-class hosting or colocation facility, or providing cloud services – the Endian UTM Virtual Appliance can provide superior network security to protect your virtual infrastructure from any potential threats.
System RequirementsCPU Intel x86_64 compatible / 1 GHz minimum (dual-core 2 GHz recommended)
Multi-Processor Symmetric Multi-Processor (SMP) support included
RAM 1 GB minimum (2 GB recommended)
Disk Support for full virtualization and paravirtualization / 8GB minimum (20 GB recommended)
CD-ROM Physical and virtual drives as supported by the hypervisor
Network Cards Support for full virtualization and paravirtualization
Operating System Endian UTM includes a hardened Linux-based Operating System
Hypervisors
Securing everyThingwww.endian.com
Endian NetworkEndian’s free centralized management platform
Endian Network is a free cloud-based, centralized management portal for secure remote access to all your Endian hardware, software and virtual appliances. This unified soluti-on allows you to access, monitor, update and upgrade your Endian appliances. A simple setup process and a user-friendly web interface will help you in managing, selling and supporting Endian products.
Highlights• Real-time status update of
your appliances• Remote access • Centralized updates and
upgrades• Remote support
Endian Network:
• Check the status of your appliances and verify that the maintenance is active
• Let Endian technical support remotely access your machines
• Download upgrades and security updates in a single click
Securing everyThingwww.endian.com
© 2
016
Endi
an S
pa. S
ubje
ct to
cha
nge
with
out n
otic
e. E
ndia
n an
d En
dian
UTM
are
trad
emar
ks o
f End
ian
Spa.
All
othe
r tra
dem
arks
and
regi
ster
ed tr
adem
arks
are
the
prop
erty
of t
heir
resp
ectiv
e ow
ners
.Endian UTM FeaturesNetwork Security• Stateful packet firewall• Application control (including
Facebook, Twitter, Skype, WhatsApp and more)
• Demilitarized zone (DMZ)• Intrusion detection and prevention• Multiple public IP addresses• Multiple WAN• NEW Quality of service and band-
width management• SNMP support• VoIP/SIP support• SYN/ICMP flood protection• VLAN support (IEEE 802.1Q trunking)• DNS proxy/routing• Anti-spyware• Phishing protection
Web Security• HTTP & FTP proxies• HTTPS filtering• Transparent proxy support• URL blacklist• Authentication: Local, RADIUS, LDAP,
Active Directory• NTLM single sign-on• Group-based and user-based web
content filter• Time based access control with
multiple time intervals• Panda cloud-based anti-virus• Cyren URL filter• SafeSearch enforcement
Mail Security• SMTP & POP3 proxies• Anti-spam with bayes, pattern
and SPF• Heuristics, black- and whitelists
support• Anti-virus• Transparent proxy support• Email quarantine management• Spam auto-learning• Transparent mail forwarding (BCC)• Greylisting• Cyren anti-spam• Panda cloud-based anti-virus
WAN Failover• Automatic WAN uplink failover• Monitoring of WAN uplinks• Uplink types: Ethernet (static/DHCP),
PPPoE, PPTP• NEW Support for UMTS/GPRS/3G
USB dongles
User Authentication• Active Directory / NTLM• LDAP• RADIUS• Local
Virtual Private NetworkingIPsec• Encryption: Null, 3DES, CAST-128,
AES 128/192/256-bit, • Blowfish 128/192/256-bit, Twofi-
sh 128/192/256-bit,• Serpent 128/192/256-bit,
Camellia 128/192/256-bit• Hash algorithms: MD5, SHA1, SHA2
256/384/512-bit, AESXCBC• Diffie Hellman modes: 1, 2, 5, 14, 15,
16, 17, 18, 22, 23, 24• Authentication: pre-shared key (PSK),
RSA keys• X.509 certificates• IKEv1, IKEv2• Dead Peer Detection (DPD)• NAT traversal• Compression• Perfect Forward Secrecy (PFS)• VPN Site-to-Site• VPN Client-to-Site (roadwarrior)• L2TP user authentication• XAUTH user authenticationOpenVPN• Encryption: DES, 3DES, AES
128/192/256-bit, CAST5, Blowfish• Authentication: pre-shared key, X.509
certificates• Support for VPN over HTTP Proxy• PPTP passthrough• VPN client-to-site (roadwarrior)• VPN client for Microsoft Windows
and Apple OS X• Possibility of multiple logins per user• VPN failover• Multiple server support• Support for mobile devices
(Android, iOS)VPN Portal for Clientless Connections*• Web-based access to internal
resources• Configurable portal page• Support for multiple destinations• Destination-based authentication• SSL offloadingUser Management & Authentication• Unified user management for Open-
VPN, L2TP, XAUTH, VPN Portal• Group management• Integrated certificate authority• External certificate authority support• User password and certificate
management• Multiple authentication servers (local,
LDAP, Active Directory, RADIUS)• Fully integrated one-time password
(OTP) support
BYOD / Hotspot*• Configurable captive portal• NEW Use your website as portal
(SurfNow Button)• Free access to allowed sites
(walled garden)• Wired / wireless support• Integrated RADIUS service• Connection logging• Bandwidth limiting based on user,
ticket or global settings• Social login (Facebook, Google)• NEW Social Enabler (sharing on
social networks)• MAC-address based user accounts• Configurable multiple logins per user• User accounts import/export via CSV• User password recovery• Automatic client network
configuration (support for DHCP and static IP)
• Fully integrated accounting• Generic JSON API for external
accounting and third party integration
• Instant WLAN ticket shop (Smart-Connect)
• Single-click ticket generation (Quick ticket)
• SMS/e-mail user validation and ticketing
• Pre-/postpaid and free tickets• Time-/traffic-based tickets• Configurable ticket validity• Terms of Service confirmation• MAC address tracking for free
hotspots• Cyclic/recurring tickets (daily, weekly,
monthly, yearly)• Remember user after first
authentication (SmartLogin)• Multi-location setup through
master/satellite configuration**• External authentication server (Local,
LDAP, Active Directory, RADIUS)
Network Address Translation• Destination NAT• Incoming routed traffic• One-to-one NAT• Source NAT (SNAT)• IPsec NAT traversal
Routing• Static routes• Source-based routing• Destination-based routing• Policy-based routing (based on inter-
face, MAC address, protocol or port)
Bridging• Firewall stealth mode• OSI layer 2 firewall functionality• Spanning tree• Unlimited interfaces per bridge
High Availability• Hot standby (active/passive)• Node data/configuration synchroniz-
ation (not for BYOD/Hotspot)
Event Management• More Than 30 Individually Configura-
ble Events• Email Notifications• SMS Notifications• Powerful Python Scripting Engine
Logging and Reporting• Reporting dashboard• Detailed system, web, email, attack
and virus reports• Live network traffic monitoring
(powered by ntopng)• Live log viewer• Detailed user-based web access re-
port (not in Mini 10 and Mini 10 WiFi)• Network/system/performance
statistics• Rule-based logging settings (firewall
rules)• Syslog: local or remote• OpenTSA trusted timestamping
Extra Services• NTP (Network Time Protocol)• DHCP server• SNMP server• Dynamic DNS
Management / GUI• Centralized management through
Endian Network (SSL)• Easy Web-Based Administration
(SSL)• Multi-language web-interface
(English, Italian, German, Japanese, Spanish, Portuguese, Chinese, Russi-an, Turkish)
• Secure remote SSH/SCP access • Serial console
Updates and Backups• Centralized updates through Endian
Network• Scheduled automatic backups• Encrypted backups via email• Instant recovery / Backup to USB
stick (Endian Recovery Key)
* Not in UTM Software 10, UTM Virtual 10, UTM Mini 10, UTM Mini 10 WiFi ** Master functionality not in UTM Mini 25, UTM Mini 25 WiFi and UTM Mercury 50