Endian UTM Hardware Appliance
A complete range of specifically designed appliances integrating our UTM software for the security needs of everyone, from branch offices to medium and large networks.
EndianOS UTM
At the core of the Endian ecosystem is EndianOS which powers the entire Secure Digital Platform. A security focused operating system built to provide the complete networking, security and connectivity stack in an intuitive and easy to operate solution.
Networking
| Network zone isolation and policy support |
| Support for up to 32 internal network zones |
| Multiple WAN |
| Quality of service and bandwidth management |
| Advanced TCP window scaling |
| Support for untagged VLAN traffic |
| Bonding mode configuration (UI) |
| NTP (Network Time Protocol) |
| DHCP server |
| DHCP relay support |
| SNMP server |
| Dynamic DNS (DDNS) |
| NAT (Network Address Translation) |
| Static NAT |
| Dynamic NAT |
| PAT (Port Address Translation) |
| IP Masquerading |
| Full Cone NAT |
| IPsec NAT traversal |
| Routing |
| Static routes |
| Source-based routing |
| Destination-based routing |
| Policy-based routing |
| Bridging |
| Unlimited interfaces per bridge |
| Transparent bridge mode |
| OSI layer 2 firewall functionality |
| Spanning tree |
Network Security
| Intrusion Detection & Prevention |
| Deep packet inspection technology to detect or block advanced threats |
| IDS Mode offers high performance threat detection |
| IPS Mode offers powerful security to block threats in real-time |
| Create security policies using threat categories |
| Large signature database (over 20k signatures) |
| Support for uploading custom signatures |
| Application & DNS Security |
| Deep packet application inspection and identification |
| Block by application control (incl. Facebook, Twitter, Skype, WhatsApp...) |
| DNS proxy filters network traffic for malware |
| DNS proxy and routing ensures DNS security |
| DNS-based phishing protection |
| Firewall |
| Geo-IP firewall filtering (block/allow traffic by country) |
| Time-based firewall rules (day of week / time of day) |
| Support for VoIP/SIP |
| DoS & SYN/ICMP flood protection |
Web Security
| HTTP/HTTPS Proxy |
| Multiple proxy modes: transparent, non-transparent and transparent bridge |
| HTTPS proxy modes: decryption or URL-based (no decryption) |
| Support for proxy whitelists and blacklists |
| Cache management capabilties |
| Support for upstream proxy server |
| Security Features |
| HTTP, HTTPS, FTP URL and antivirus filtering |
| Easily block inappropriate, time-wasting or malware sites using filtering categories |
| Build complex access policies based on time, mime-type, useragent and more |
| Bitdefender URL filtering engine |
| Bitdefender anti-malware engine |
| SafeSearch enforcement |
| User Management & Authentication |
| Authentication methods include: Local, RADIUS, LDAP, Active Directory |
| Support for NTLM single sign-on |
| Group-based and user-based web access policies and filtering |
Mail Security
| SMTP/POP3 Proxy |
| Support for transparent and non-transparent proxy |
| Bi-directional SMTP filtering (inbound and outbound) |
| Block files by filetype (extensions) |
| Advanced inbound/outbound mail routing |
| Support for Delivery Status Notification (DSN) |
| Support for smart host delivery (mail relays) |
| Security Features |
| Anti-spam with bayes, pattern and SPF |
| Dual spam detection engines (with auto learning) |
| Anti-virus email filtering and quarantine |
| Support for multiple RBLs (real-time blacklists) |
| Support for greylisting |
| Bitdefender Anti-spam Engine |
| Bitdefender Anti-malware Engine |
| Email Quarantine Management |
| Web-based quarantine monitoring and management |
| SPAM quarantine notification options |
Virtual Private Networking
| IPsec |
| VPN Site-to-Site: Pre-Shared Key and X.509 certificate |
| VPN Remote Access (Roadwarrior): L2TP, XAuth, or Raw IPsec |
| Remote access platform support: iPhone/iPad (iOS), Android, Mac OS X, Windows |
| Support for modern encryption algorithms |
| Support for modern hashing algorithms |
| Support for Diffie Hellman (DH) mode selection |
| Support for IKEv1, IKEv2 |
| Dead Peer Detection (DPD) |
| NAT traversal |
| Perfect Forward Secrecy (PFS) |
| Compression |
| OpenVPN |
| VPN Site-to-Site: Pre-Shared Key, X.509 certificate or both |
| VPN Remote Access (Roadwarrior) |
| Endian SSL VPN client: Mac OS X, Windows |
| Support for mobile SSL VPN: iPhone/iPad (iOS), Android |
| Support for multiple SSL VPN server instances |
| Support for VPN over HTTP Proxy |
| Support for bridged or routed server configuration |
| Support for VPN failover |
| Push DNS, network routes and domain suffix information to clients |
| Control client-to-client communication |
| VPN Portal (Reverse Proxy) |
| Provision secure access to internal HTTP/HTTPS resources |
| Configurable portal page |
| Support for multiple destinations |
| Destination-based authentication |
| SSL offloading |
| User Management & Authentication |
| Authentication methods include: Local, RADIUS, LDAP, Active Directory |
| Unified user/group management for OpenVPN, L2TP, XAUTH, VPN Portal |
| Integrated support for one-time password (OTP) |
| Integrated certificate authority |
| External certificate authority support |
| User password and certificate management |
| Support for Let’s Encrypt certificates |
BYOD / Hotspot
| Configurable captive portal |
| Use your website as portal (SurfNowButton)S) |
| Free access to allowed sites (walled garden) |
| Wired / wireless support |
| Integrated RADIUS service |
| Connection logging |
| Bandwidth limiting based on user, ticket or global settings |
| Social login (Facebook, Google) |
| Social Enabler (sharing on social networks) |
| MAC-address based user accounts |
| Configurable multiple logins per user |
| User accounts import/export via CSV |
| User password recovery |
| Automatic client network configuration (support for DHCP and static IP) |
| Fully integrated accounting |
| Generic JSON API for external accounting and third party integration |
| Instant WLAN ticket shop (SmartConnect) |
| Single-click ticket generation (Quick ticket) |
| SMS/e-mail user validation and ticketing |
| Pre-/postpaid and free tickets |
| Time-/traffic-based tickets |
| Configurable ticket validity |
| Terms of Service confirmation |
| MAC address tracking for free hotspots |
| Cyclic/recurring tickets (daily, weekly, monthly, yearly) |
| Remember user after first authentication (SmartLogin) |
| Multi-location setup through master/satellite configuration |
| External authentication server (Local, LDAP, Active Directory, RADIUS) |
| Feature supported in high availability |
Redundancy & Backup
| High Availability |
| Support for clustering up to 3 devices together in active-passive mode |
| Easy web-based UI for quick HA setup (with feedback) |
| Node data/configuration synchronization (not for BYOD/Hotspot) |
| WAN Failover |
| Create failover policies between available WAN interfaces |
| Support for unlimited WAN interfaces (based on interface availability) |
| Automatic failback support |
| Backup & Recovery |
| Easily backup and restore appliance configurations |
| Support for storing backups on attached USB stick |
| Customizable options to determine backup contents |
| Create schedule backups: daily, weekly or monthly |
| Send scheduled backups via email |
General Management
| Event Management |
| Setup event notifications for device and user events |
| Support for email and SMS notifications |
| Create custom scripts to be triggered by event |
| Custom scripts powered by Python scripting engine |
| Device Management |
| Easy and secure web-based UI for managing appliance |
| Full command-line access via SSH or serial console |
| Web console provides serial console over secure web UI |
| One-click to enable secure remote appliance support |
| Centralized, secure access to any Endian appliance via Endian Network |
| Multi-language support: English, Italian, German, Japanese, Spanish, Portuguese, Chinese, Russian, Turkish |
| Software Management |
| Easy web UI for managing software updates |
| Schedule automatic software update checks and notifications |
| Centralized, secure software updates/upgrades via Endian Network |
Logging and Reporting
| Network Awareness |
| View real-time network activity and bandwidth |
| Discover top user activity, applications, bandwidth consumption and more |
| Reporting |
| View reports for all major system features |
| Detailed system, web, email, attack, virus and user reports |
| Real-time log analysis with live log viewer |
| Detailed user-based web access report |
| Network, system and performance statistics |
| Logging |
| Web-based log viewer for system, services and VPN logging |
| Rule-based logging settings (firewall rules) |
| Support for local or remote syslog logging |
| OpenTSA trusted timestamping |
Edge Computing
| Docker Engine and CLI included |
| Enables hybrid/remote applications or micro-services |
| Requires much less hardware and software resources than full-machine virtualization |
| Reduce network latency and provide offline access to remote applications |
| Increased application portability and faster software development and delivery |
Read More
Endian UTM Virtual Appliance
Protect your virtual networks and infrastructure in seconds. Support for all the leading hypervisor-based virtualization platforms (VMware, Xen/XenServer/KVM).
Endian UTM Software Appliance
Turn your favorite or existing hardware into a full-featured Endian UTM appliance. Scale your hardware resources up or down to suite your business network needs.
