Appliance with multi-functions as: Core router, NGFW, Load balance, SD-WAN, Captive portal
There are numerous threats that you encounter on a daily basis and some of them you may not even be aware of. Most prominent issues are probably privacy issues, such as stealing of sensitive information and bank/credit card fraud.
ITServing® ITS-2000RF includes most of the features available in expensive commercial firewalls, and more in many cases. It brings the rich feature set of commercial offerings with the benefits of open and verifiable sources.
ITServing® ITS-2000RF give users, developers and businesses a friendly, stable and transparent environment. This will make it the most widely used open source security platform. The project’s name is derived from open and sense and stands for: “Open (source) makes sense.”
ITServing® ITS-2000RF Core Features
The feature set of ITS-2000RF includes high-end features such as forward caching proxy, traffic shaping, intrusion detection and easy OpenVPN client setup.
| Traffic Shaper Traffic shaping is the control of computer network traffic in order to optimise or guarantee performance, lower latency, and/or increase usable bandwidth by delaying packets that meet certain criteria. More specifically, traffic shaping is any action on a set of packets (often called a stream or a flow), which imposes additional delay on those packets such that they conform to some predetermined constraint (a contract or traffic profile). Traffic shaping within ITS-2000RF is very flexible and is organised around pipes, queues and corresponding rules. |
Captive portal Captive Portal allows you to force authentication, or redirection to a click through page for network access. This is commonly used on hot spot networks, but is also widely used in corporate networks for an additional layer of security on wireless or Internet access. ITServing® ITS-2000RF unique template manager makes setting up your own login page an easy task. ITServing® ITS-2000RF with Voucher Manager, Template Management, Zone Management, Bandwidth Management, Real Time Reporting. |
| Built-in reporting and monitoring tools System Health offers a dynamic view on RRD data gathered by the system. It allows you to dive into different statistics that show the overall health and performance of the system over time. Netflow is a monitoring feature, invented by Cisco, it is implemented in the FreeBSD kernel with ng_netflow (Netgraph). Since Netgraph is a kernel implementation it is very fast with little overhead compared to softflowd or pfflowd. Netflow captures complete packet flows including source, destination ip and port number. ITS-2000RF supported: System Health, the modern take on RRD Graphs, Packet Capture, Netflow, ntopng (plug-in). |
Stateful inspection firewall A stateful firewall is a firewall that keeps track of the state of network connections (such as TCP streams, UDP communication) traveling across it. The firewall is programmed to distinguish legitimate packets for different types of connections. Only packets matching a known active connection will be allowed by the firewall; others will be rejected”. ITS-2000RF can filter traffic on source, destination, protocol and port on number (TCP/UDP); Bridge interfaces and filter traffic between them, even allowing for an IP-less firewall. Granular state table control Adjustable state table size, ability to limit traffic per rule based on simultaneous connections, states per host & new connections per second as well as define state timeout and state type. |
| High Availability & Hardware Failover The Common Address Redundancy Protocol or CARP allows for hardware failover. Two or more firewalls can be configured as a failover group. If one interface fails on the primary or the primary goes offline entirely, the secondary becomes active. If the primary firewall becomes unavailable, the secondary firewall will take over without user intervention. Utilising this powerful feature of ITS-2000RF creates a fully redundant firewall with automatic and seamless fail-over. While switching to the backup network connections will stay active with minimal interruption for the users.ITS-2000RF supported: Automatic failover, Includes configuration synchronization & synchronized state tables, Moving virtual IPs |
Intrusion Detection and Inline Prevention The inline IPS system of ITS-2000RF is based on Suricata and utilises Netmap to enhance performance and minimize cpu utilisation. This deep packet inspection system is very powerful and can be used to mitigate security threats at wire speed. ITS-2000RF has integrated support for ET Open rules. The ETOpen Ruleset is an excellent anti-malware IDS/IPS ruleset that enables users with cost constraints to significantly enhance their existing network-based malware detection. ITS-2000RF rulesets over 200K rules for alerting and dropping. ITS-2000RF supported: Built-in support for Emerging Threats rules, simple setup by use of rule categories, scheduler for period automatic updates. |
| Forward Caching Proxy It reduces bandwidth and improves response times by caching and reusing frequently-requested web pages. ITS-2000RF has extensive access controls and makes a great server accelerator. It included: Transparent mode supported, Blacklist support. |
Support for plugins ITS-2000RF is equipped with a reliable and secure update mechanism to provide weekly security updates. A plugin mechanism can be used to install additional packages and customisations as ITS-2000RF included: Ntopng, OpenDNS, Moit, Redis, Universal Plug and Play... |
| Backup & Restore Better safe than sorry, always keep an up to date backup of your configuration. It’s easy with ITS-2000RF. Automatic backups of configuration changes make it possible to review history and restore previous settings. Upload your configuration backup file and restore it with ease. ITS-2000RF supports encrypted cloud backup of your configuration with the option to keep backups of older files (history). For this purpose Google drive support has been integrated into the user interface. |
Virtual Private Network A virtual private network (VPN) extends a private network across a public network, such as the Internet. It enables a computer to send and receive data across shared or public networks as if it is directly connected to the private network, while benefiting from the functionality, security and management policies of the private network. ITS-2000RF was supported by VPN technologies: IPsec, OpenVPN, WireGuard, OpenConnect, Tinc, Stunnel, Zerotier. |
Versatile - Fully featured
All features can be used from within the easy to use graphical interface, equipped with a build-in search feature for quick navigation. Protecting your network has never been this easy with features such as; the integrated intrusion prevention system and two-factor authentication for safely connecting mobile users.
| Businesses Protect your business network and secure your connections. From the stateful inspection firewall to the inline intrusion detection & prevention system everything is included for free.Use the traffic shaper to enhance network performance. |
Schools Limit and share available bandwidth evenly amongst students and utilise the category based web filtering to filter unwanted traffic such as adult content and malicious websites. It is easy to setup as no additional plugins nor packages are required. |
| Remote Offices/ Branches & SOHO The integrated site to site VPN (IPsec or SSL VPN) can be used to create a secure network connection to and from your remote offices. Enjoy the easy configuration and online searchable documentation with simple how-to type of articles to get you started, quickly. Pluggable support is offered for ZeroTier, Tinc as well as Wireguard. |
On the road Even on the road ITS-2000RF is a great asset to your business as it offers OpenVPN and IPSec VPN solution with road warrior support and two-factor authentication. The easy client exporter make configuring your OpenVPN SSL client setup a breeze. |
| Hotels ITS-2000RF offers a captive portal to control (and advertise over splash page) guest internet access for a limited duration. Vouchers can easily be created via the graphical user interface. |
Security as a Service (SECaaS) On the other hand, ITServing® provide convenient and flexible services for bussineses who do not want network on-site build. So they can use ITServing® SECaaS service which will paid monthly. |
Saving cost for business from 60%-80%
ITServing® ITS-2000RF Cyber Security Topology
