EndianOS UTM

At the core of the Endian ecosystem is EndianOS which powers the entire Secure Digital Platform. A security focused operating system built to provide the complete networking, security and connectivity stack in an intuitive and easy to operate solution.


Network zone isolation and policy support
Support for up to 32 internal network zones
Multiple WAN
Quality of service and bandwidth management
Advanced TCP window scaling
Support for untagged VLAN traffic
Bonding mode configuration (UI)
NTP (Network Time Protocol)
DHCP server
DHCP relay support
SNMP server
Dynamic DNS (DDNS)
NAT (Network Address Translation)
Static NAT
Dynamic NAT
PAT (Port Address Translation)
IP Masquerading
Full Cone NAT
IPsec NAT traversal
Static routes
Source-based routing
Destination-based routing
Policy-based routing
Unlimited interfaces per bridge
Transparent bridge mode
OSI layer 2 firewall functionality
Spanning tree

Network Security

Intrusion Detection & Prevention
Deep packet inspection technology to detect or block advanced threats
IDS Mode offers high performance threat detection
IPS Mode offers powerful security to block threats in real-time
Create security policies using threat categories
Large signature database (over 20k signatures)
Support for uploading custom signatures
Application & DNS Security
Deep packet application inspection and identification
Block by application control (incl. Facebook, Twitter, Skype, WhatsApp...)
DNS proxy filters network traffic for malware
DNS proxy and routing ensures DNS security
DNS-based phishing protection
Geo-IP firewall filtering (block/allow traffic by country)
Time-based firewall rules (day of week / time of day)
Support for VoIP/SIP
DoS & SYN/ICMP flood protection

Web Security

Multiple proxy modes: transparent, non-transparent and transparent bridge
HTTPS proxy modes: decryption or URL-based (no decryption)
Support for proxy whitelists and blacklists
Cache management capabilties
Support for upstream proxy server
Security Features
HTTP, HTTPS, FTP URL and antivirus filtering
Easily block inappropriate, time-wasting or malware sites using filtering categories
Build complex access policies based on time, mime-type, useragent and more
Bitdefender URL filtering engine
Bitdefender anti-malware engine
SafeSearch enforcement
User Management & Authentication
Authentication methods include: Local, RADIUS, LDAP, Active Directory
Support for NTLM single sign-on
Group-based and user-based web access policies and filtering

Mail Security

Support for transparent and non-transparent proxy
Bi-directional SMTP filtering (inbound and outbound)
Block files by filetype (extensions)
Advanced inbound/outbound mail routing
Support for Delivery Status Notification (DSN)
Support for smart host delivery (mail relays)
Security Features
Anti-spam with bayes, pattern and SPF
Dual spam detection engines (with auto learning)
Anti-virus email filtering and quarantine
Support for multiple RBLs (real-time blacklists)
Support for greylisting
Bitdefender Anti-spam Engine
Bitdefender Anti-malware Engine
Email Quarantine Management
Web-based quarantine monitoring and management
SPAM quarantine notification options

Virtual Private Networking

VPN Site-to-Site: Pre-Shared Key and X.509 certificate
VPN Remote Access (Roadwarrior): L2TP, XAuth, or Raw IPsec
Remote access platform support: iPhone/iPad (iOS), Android, Mac OS X, Windows
Support for modern encryption algorithms
Support for modern hashing algorithms
Support for Diffie Hellman (DH) mode selection
Support for IKEv1, IKEv2
Dead Peer Detection (DPD)
NAT traversal
Perfect Forward Secrecy (PFS)
VPN Site-to-Site: Pre-Shared Key, X.509 certificate or both
VPN Remote Access (Roadwarrior)
Endian SSL VPN client: Mac OS X, Windows
Support for mobile SSL VPN: iPhone/iPad (iOS), Android
Support for multiple SSL VPN server instances
Support for VPN over HTTP Proxy
Support for bridged or routed server configuration
Support for VPN failover
Push DNS, network routes and domain suffix information to clients
Control client-to-client communication
VPN Portal (Reverse Proxy)
Provision secure access to internal HTTP/HTTPS resources
Configurable portal page
Support for multiple destinations
Destination-based authentication
SSL offloading
User Management & Authentication
Authentication methods include: Local, RADIUS, LDAP, Active Directory
Unified user/group management for OpenVPN, L2TP, XAUTH, VPN Portal
Integrated support for one-time password (OTP)
Integrated certificate authority
External certificate authority support
User password and certificate management
Support for Let’s Encrypt certificates

BYOD / Hotspot

Configurable captive portal
Use your website as portal (SurfNowButton)S)
Free access to allowed sites (walled garden)
Wired / wireless support
Integrated RADIUS service
Connection logging
Bandwidth limiting based on user, ticket or global settings
Social login (Facebook, Google)
Social Enabler (sharing on social networks)
MAC-address based user accounts
Configurable multiple logins per user
User accounts import/export via CSV
User password recovery
Automatic client network configuration (support for DHCP and static IP)
Fully integrated accounting
Generic JSON API for external accounting and third party integration
Instant WLAN ticket shop (SmartConnect)
Single-click ticket generation (Quick ticket)
SMS/e-mail user validation and ticketing
Pre-/postpaid and free tickets
Time-/traffic-based tickets
Configurable ticket validity
Terms of Service confirmation
MAC address tracking for free hotspots
Cyclic/recurring tickets (daily, weekly, monthly, yearly)
Remember user after first authentication (SmartLogin)
Multi-location setup through master/satellite configuration
External authentication server (Local, LDAP, Active Directory, RADIUS)
Feature supported in high availability

Redundancy & Backup

High Availability
Support for clustering up to 3 devices together in active-passive mode
Easy web-based UI for quick HA setup (with feedback)
Node data/configuration synchronization (not for BYOD/Hotspot)
WAN Failover
Create failover policies between available WAN interfaces
Support for unlimited WAN interfaces (based on interface availability)
Automatic failback support
Backup & Recovery
Easily backup and restore appliance configurations
Support for storing backups on attached USB stick
Customizable options to determine backup contents
Create schedule backups: daily, weekly or monthly
Send scheduled backups via email

General Management

Event Management
Setup event notifications for device and user events
Support for email and SMS notifications
Create custom scripts to be triggered by event
Custom scripts powered by Python scripting engine
Device Management
Easy and secure web-based UI for managing appliance
Full command-line access via SSH or serial console
Web console provides serial console over secure web UI
One-click to enable secure remote appliance support
Centralized, secure access to any Endian appliance via Endian Network
Multi-language support: English, Italian, German, Japanese, Spanish, Portuguese, Chinese, Russian, Turkish
Software Management
Easy web UI for managing software updates
Schedule automatic software update checks and notifications
Centralized, secure software updates/upgrades via Endian Network

Logging and Reporting

Network Awareness
View real-time network activity and bandwidth
Discover top user activity, applications, bandwidth consumption and more
View reports for all major system features
Detailed system, web, email, attack, virus and user reports
Real-time log analysis with live log viewer
Detailed user-based web access report
Network, system and performance statistics
Web-based log viewer for system, services and VPN logging
Rule-based logging settings (firewall rules)
Support for local or remote syslog logging
OpenTSA trusted timestamping

Edge Computing

Docker Engine and CLI included
Enables hybrid/remote applications or micro-services
Requires much less hardware and software resources than full-machine virtualization
Reduce network latency and provide offline access to remote applications
Increased application portability and faster software development and delivery

Endian UTM Hardware Appliance

A complete range of specifically designed appliances integrating our UTM software for the security needs of everyone, from branch offices to medium and large networks.

Read More

Endian UTM Virtual Appliance

Protect your virtual networks and infrastructure in seconds. Support for all the leading hypervisor-based virtualization platforms (VMware, Xen/XenServer/KVM).

Read More

Endian UTM Software Appliance

Turn your favorite or existing hardware into a full-featured Endian UTM appliance. Scale your hardware resources up or down to suite your business network needs.

Read More