ViPNet Office Firewall
New product
ViPNet Office Firewall is a software firewall designed for small and medium-sized companies.
ViPNet Office Firewall is a software firewall designed for small and medium-sized companies. It allows you to protect the local network from any attacks from the Internet, and also provides the ability to flexibly control access to Internet resources and the organization of virtual local area networks.
Capabilities:
Dynamic and Static Network Address Translation (NAT)
Dynamic network address translation allows multiple internal clients to work under one external IP address. Static translation of network addresses is also implemented, which allows the server on the internal network (for example, mail server, web server, FTP server) to be published on the external network (Internet). Network address translation is also available for protocols other than TCP, UDP, ICMP.
FTP protocol support
Implemented automatic opening of ports required for the operation of FTP clients.
Web Filtering
Implemented blocking of pop-up windows, advertising banners, interactive elements (Flash-animation) and personalizing user elements (Referrer and Cookie).
Network Address Translation Autocomplete (NAT)
You can specify parameters that will be used as default values when new translation rules are added. AutoComplete settings can also be set automatically.
Anti-spoofing
For each network interface, you can assign a range of valid IP addresses to block packets with the wrong sender address. Thus, it is possible to prevent network attacks, which consist in changing the IP address of the sender to an IP address from the trusted network (spoofing).
Filtering local and transit IP packets at the addresses of the recipient and the sender
You can filter local and transit IP packets at the addresses of the recipient and the sender. In previous versions, the filtering was performed only at the external address of the packet (the recipient or the sender, depending on the direction of the packet).
Filtering IP broadcast packets to source addresses
You can filter broadcast IP packets at the addresses of specific senders.
Network filters on schedule
Implemented the possibility of applying filter rules according to a pre-defined schedule, which allows you to flexibly manage and limit the costs of paying communication channels.
Applying network filters in the specified order
The conditions for the execution of filters are checked in the specified order, which eliminates the conflict of addresses in the filters.
The system of detection of attacks (IDS)
This system blocks the most common network attacks (WinNuke, Land, Teardrop, Ssping, Tear2, NewTear, Bonk, Boink, Dest_Unreach, UDP flood, Ping flood, OOBnuke, etc.) by constantly monitoring incoming and outgoing traffic for attacks ;
The IP packet log with the account of a pair of addresses and network address translation (NAT)
Displays a pair of addresses and various new flags (in particular, NAT features), as well as new event codes. It supports automatic archiving of logs and export of data to html or Excel format.
Create multiple configurations and quickly switch
Implemented the ability to create various configurations with the settings of the program and quickly switch between them.
The main advantages of the program:
Support for an unlimited number of network adapters;
Support for various ways to connect to the network - home networks, Stream (CJSC MTU-Intel), conventional modem connection, wireless communication technologies (GPRS, Wi-Fi);
Built-in application control for detecting and limiting the network activity of "spyware" programs;
Required input of the program password when entering the operating system;
Using drag-and-drop in the program interface to move filters;
The ability to quickly block network traffic and the desktop computer;
Support for SIP protocol for automatically opening ports required for SIP-clients that support VoIP telephony.
Availability of a version certified by the FSB to meet the requirements for firewall-type devices of the 4th class of protection.
Typical variants of using ViPNet Office Firewall:
- Protection of the local network from attacks from the Internet - ViPNet Office Firewall allows you to protect the local network from intruders who do not just scan your gateway server, but also try to penetrate your local network. To do this, it is sufficient to install the external network adapter of the server (connected to the Internet) into the "Boomerang" mode ( "Stealth ").
- Controlling access to Internet resources from the local network - In addition to protecting against Internet attacks, ViPNet Office Firewall allows you to prohibit the work with the Internet from certain computers on the local network whose users do not need such access for business purposes or allow individual computers to work on the network only with certain Services, for example, mail servers. In this case, it is enough to specify filters for IP addresses of computers or ranges of addresses and specify that traffic from these addresses should be blocked or allowed.
- Organization of virtual networks and DMZ - ViPNet Office Firewall supports an unlimited number of network adapters and for each network adapter you can specify your mode and your filters. Due to this, it is possible to split two or three local networks, for example, so that from the first network to the second access was opened, and vice versa - no (or only to certain computers access would be allowed). It is also possible to organize a so-called "demilitarized zone" (DMZ), in which to place servers that are open for access from the Internet. In this case, outgoing traffic from DMZ to local networks connected to other internal adapters can be completely blocked.
- Organization of virtual networks and DMZ - ViPNet Office Firewall supports an unlimited number of network adapters and for each network adapter you can specify your mode and your filters. Due to this, it is possible to split two or three local networks, for example, so that from the first network to the second access was opened, and vice versa - no (or only to certain computers access would be allowed). It is also possible to organize a so-called "demilitarized zone" (DMZ), in which to place servers that are open for access from the Internet. In this case, outgoing traffic from DMZ to local networks connected to other internal adapters can be completely blocked.
- Organization of virtual networks and DMZ - ViPNet Office Firewall supports an unlimited number of network adapters and for each network adapter you can specify your mode and your filters. Due to this, it is possible to split two or three local networks, for example, so that from the first network to the second access was opened, and vice versa - no (or only to certain computers access would be allowed). It is also possible to organize a so-called "demilitarized zone" (DMZ), in which to place servers that are open for access from the Internet. In this case, outgoing traffic from DMZ to local networks connected to other internal adapters can be completely blocked.
- Organization of virtual networks and DMZ - ViPNet Office Firewall supports an unlimited number of network adapters and for each network adapter you can specify your mode and your filters. Due to this, it is possible to split two or three local networks, for example, so that from the first network to the second access was opened, and vice versa - no (or only to certain computers access would be allowed). It is also possible to organize a so-called "demilitarized zone" (DMZ), in which to place servers that are open for access from the Internet. In this case, outgoing traffic from DMZ to local networks connected to other internal adapters can be completely blocked.
- Organization of virtual networks and DMZ - ViPNet Office Firewall supports an unlimited number of network adapters and for each network adapter you can specify your mode and your filters. Due to this, it is possible to split two or three local networks, for example, so that from the first network to the second access was opened, and vice versa - no (or only to certain computers access would be allowed). It is also possible to organize a so-called "demilitarized zone" (DMZ), in which to place servers that are open for access from the Internet. In this case, outgoing traffic from DMZ to local networks connected to other internal adapters can be completely blocked.
- Organization of virtual networks and DMZ - ViPNet Office Firewall supports an unlimited number of network adapters and for each network adapter you can specify your mode and your filters. Due to this, it is possible to split two or three local networks, for example, so that from the first network to the second access was opened, and vice versa - no (or only to certain computers access would be allowed). It is also possible to organize a so-called "demilitarized zone" (DMZ), in which to place servers that are open for access from the Internet. In this case, outgoing traffic from DMZ to local networks connected to other internal adapters can be completely blocked.
- Organization of virtual networks and DMZ - ViPNet Office Firewall supports an unlimited number of network adapters and for each network adapter you can specify your mode and your filters. Due to this, it is possible to split two or three local networks, for example, so that from the first network to the second access was opened, and vice versa - no (or only to certain computers access would be allowed). It is also possible to organize a so-called "demilitarized zone" (DMZ), in which to place servers that are open for access from the Internet. In this case, outgoing traffic from DMZ to local networks connected to other internal adapters can be completely blocked.
- Organization of virtual networks and DMZ - ViPNet Office Firewall supports an unlimited number of network adapters and for each network adapter you can specify your mode and your filters. Due to this, it is possible to split two or three local networks, for example, so that from the first network to the second access was opened, and vice versa - no (or only to certain computers access would be allowed). It is also possible to organize a so-called "demilitarized zone" (DMZ), in which to place servers that are open for access from the Internet. In this case, outgoing traffic from DMZ to local networks connected to other internal adapters can be completely blocked.
Capabilities:
Dynamic and Static Network Address Translation (NAT)
Dynamic network address translation allows multiple internal clients to work under one external IP address. Static translation of network addresses is also implemented, which allows the server on the internal network (for example, mail server, web server, FTP server) to be published on the external network (Internet). Network address translation is also available for protocols other than TCP, UDP, ICMP.
FTP protocol support
Implemented automatic opening of ports required for the operation of FTP clients.
Web Filtering
Implemented blocking of pop-up windows, advertising banners, interactive elements (Flash-animation) and personalizing user elements (Referrer and Cookie).
Network Address Translation Autocomplete (NAT)
You can specify parameters that will be used as default values when new translation rules are added. AutoComplete settings can also be set automatically.
Anti-spoofing
For each network interface, you can assign a range of valid IP addresses to block packets with the wrong sender address. Thus, it is possible to prevent network attacks, which consist in changing the IP address of the sender to an IP address from the trusted network (spoofing).
Filtering local and transit IP packets at the addresses of the recipient and the sender
You can filter local and transit IP packets at the addresses of the recipient and the sender. In previous versions, the filtering was performed only at the external address of the packet (the recipient or the sender, depending on the direction of the packet).
Filtering IP broadcast packets to source addresses
You can filter broadcast IP packets at the addresses of specific senders.
Network filters on schedule
Implemented the possibility of applying filter rules according to a pre-defined schedule, which allows you to flexibly manage and limit the costs of paying communication channels.
Applying network filters in the specified order
The conditions for the execution of filters are checked in the specified order, which eliminates the conflict of addresses in the filters.
The system of detection of attacks (IDS)
This system blocks the most common network attacks (WinNuke, Land, Teardrop, Ssping, Tear2, NewTear, Bonk, Boink, Dest_Unreach, UDP flood, Ping flood, OOBnuke, etc.) by constantly monitoring incoming and outgoing traffic for attacks ;
The IP packet log with the account of a pair of addresses and network address translation (NAT)
Displays a pair of addresses and various new flags (in particular, NAT features), as well as new event codes. It supports automatic archiving of logs and export of data to html or Excel format.
Create multiple configurations and quickly switch
Implemented the ability to create various configurations with the settings of the program and quickly switch between them.
The main advantages of the program:
Support for an unlimited number of network adapters;
Support for various ways to connect to the network - home networks, Stream (CJSC MTU-Intel), conventional modem connection, wireless communication technologies (GPRS, Wi-Fi);
Built-in application control for detecting and limiting the network activity of "spyware" programs;
Required input of the program password when entering the operating system;
Using drag-and-drop in the program interface to move filters;
The ability to quickly block network traffic and the desktop computer;
Support for SIP protocol for automatically opening ports required for SIP-clients that support VoIP telephony.
Availability of a version certified by the FSB to meet the requirements for firewall-type devices of the 4th class of protection.
Typical variants of using ViPNet Office Firewall:
- Protection of the local network from attacks from the Internet - ViPNet Office Firewall allows you to protect the local network from intruders who do not just scan your gateway server, but also try to penetrate your local network. To do this, it is sufficient to install the external network adapter of the server (connected to the Internet) into the "Boomerang" mode ( "Stealth ").
- Controlling access to Internet resources from the local network - In addition to protecting against Internet attacks, ViPNet Office Firewall allows you to prohibit the work with the Internet from certain computers on the local network whose users do not need such access for business purposes or allow individual computers to work on the network only with certain Services, for example, mail servers. In this case, it is enough to specify filters for IP addresses of computers or ranges of addresses and specify that traffic from these addresses should be blocked or allowed.
- Organization of virtual networks and DMZ - ViPNet Office Firewall supports an unlimited number of network adapters and for each network adapter you can specify your mode and your filters. Due to this, it is possible to split two or three local networks, for example, so that from the first network to the second access was opened, and vice versa - no (or only to certain computers access would be allowed). It is also possible to organize a so-called "demilitarized zone" (DMZ), in which to place servers that are open for access from the Internet. In this case, outgoing traffic from DMZ to local networks connected to other internal adapters can be completely blocked.
- Organization of virtual networks and DMZ - ViPNet Office Firewall supports an unlimited number of network adapters and for each network adapter you can specify your mode and your filters. Due to this, it is possible to split two or three local networks, for example, so that from the first network to the second access was opened, and vice versa - no (or only to certain computers access would be allowed). It is also possible to organize a so-called "demilitarized zone" (DMZ), in which to place servers that are open for access from the Internet. In this case, outgoing traffic from DMZ to local networks connected to other internal adapters can be completely blocked.
- Organization of virtual networks and DMZ - ViPNet Office Firewall supports an unlimited number of network adapters and for each network adapter you can specify your mode and your filters. Due to this, it is possible to split two or three local networks, for example, so that from the first network to the second access was opened, and vice versa - no (or only to certain computers access would be allowed). It is also possible to organize a so-called "demilitarized zone" (DMZ), in which to place servers that are open for access from the Internet. In this case, outgoing traffic from DMZ to local networks connected to other internal adapters can be completely blocked.
- Organization of virtual networks and DMZ - ViPNet Office Firewall supports an unlimited number of network adapters and for each network adapter you can specify your mode and your filters. Due to this, it is possible to split two or three local networks, for example, so that from the first network to the second access was opened, and vice versa - no (or only to certain computers access would be allowed). It is also possible to organize a so-called "demilitarized zone" (DMZ), in which to place servers that are open for access from the Internet. In this case, outgoing traffic from DMZ to local networks connected to other internal adapters can be completely blocked.
- Organization of virtual networks and DMZ - ViPNet Office Firewall supports an unlimited number of network adapters and for each network adapter you can specify your mode and your filters. Due to this, it is possible to split two or three local networks, for example, so that from the first network to the second access was opened, and vice versa - no (or only to certain computers access would be allowed). It is also possible to organize a so-called "demilitarized zone" (DMZ), in which to place servers that are open for access from the Internet. In this case, outgoing traffic from DMZ to local networks connected to other internal adapters can be completely blocked.
- Organization of virtual networks and DMZ - ViPNet Office Firewall supports an unlimited number of network adapters and for each network adapter you can specify your mode and your filters. Due to this, it is possible to split two or three local networks, for example, so that from the first network to the second access was opened, and vice versa - no (or only to certain computers access would be allowed). It is also possible to organize a so-called "demilitarized zone" (DMZ), in which to place servers that are open for access from the Internet. In this case, outgoing traffic from DMZ to local networks connected to other internal adapters can be completely blocked.
- Organization of virtual networks and DMZ - ViPNet Office Firewall supports an unlimited number of network adapters and for each network adapter you can specify your mode and your filters. Due to this, it is possible to split two or three local networks, for example, so that from the first network to the second access was opened, and vice versa - no (or only to certain computers access would be allowed). It is also possible to organize a so-called "demilitarized zone" (DMZ), in which to place servers that are open for access from the Internet. In this case, outgoing traffic from DMZ to local networks connected to other internal adapters can be completely blocked.
- Organization of virtual networks and DMZ - ViPNet Office Firewall supports an unlimited number of network adapters and for each network adapter you can specify your mode and your filters. Due to this, it is possible to split two or three local networks, for example, so that from the first network to the second access was opened, and vice versa - no (or only to certain computers access would be allowed). It is also possible to organize a so-called "demilitarized zone" (DMZ), in which to place servers that are open for access from the Internet. In this case, outgoing traffic from DMZ to local networks connected to other internal adapters can be completely blocked.
Related Products
-Fusion.jpg)
