Firewall ATP & UTM
System Health and Reporting
Over time, firewall may retain legacy settings that may impact performance, security, and reliability. Health checks ensure that firewalls are configured to best practices. Checks disk usage, memory usage, license, contract, users, anti-spoofing, global properties and assigned policies. virtual private network A virtual private network secures public network connections and in doing so it extends the private network into the public network such as internet. With a VPN you can create large secure networks that can act as one private network.
Businesses
Protect your business network and secure your connections using OpenVPN or IPsec. From the stateful inspection firewall to the inline intrusion detection & prevention system everything is included. Use the traffic shaper to enhance network performance and prioritise you voice over ip above other traffic. Backup your configuration to the cloud automatically, no need for manual backups anymore!
School Networks
Limit and share available bandwidth evenly amongst students and utilise the category based web filtering to filter unwanted traffic such as adult content and malicious websites. Its easy to setup as no additional plugins nor packages are required. Teach about security or use our development documentation to show how an Model Viewer Controller works. You and your students are invited to join the effort and Fortress Fire community!
Remote Offices & SOHO
Utilise the integrated site to site VPN (IPsec or SSL VPN / OpenVPN) to create a secure network connection to and from your remote offices. Enjoy the easy configuration and online searchable documentation with simple how-to type of articles to get you started, quickly.
Hotels & Campings
Hotels and campings usually utilise a captive portal to allow guests (paid) access to internet for a limited duration. Guests need to login using a voucher they can either buy or obtain for free at the reception. Fortress Fire has a build-in captive portal with voucher support and can easily create them on the fly.
✓ QoS ✓ 2FA ✓ OpenVPN ✓ IPSec ✓ CARP ✓ Captive Portal ✓ Proxy ✓ Webfilter ✓ IDPS ✓ Netflow ✓ and More!
Modern User Interface
The modern user interface offers a great user experience with multi language support, build-in help and quick naviagtion with the searchbox. Shown is the fast search navigation option.
Stateful Firewall
A stateful firewall is a firewall that keeps track of the state of network connections (such as TCP streams, UDP communication) traveling across it. Fortress Fire offers grouping of Firewall Rules by Category, a great feature for more demanding network setups.
Fortress Fire Firewall Aliases & GeoLite Country Database
Managing firewall rules have never been this easy. By using Aliases you can group mulitple IP’s or Host into one list, to be used in firewall rules. Additionally IP or Hostnames can be fetched from external URLs, examples are DROP (Do Not Route Or Peer), Abuse.ch’s Ransomware tracker and the build-in Maxmind GeoLite2 Country database.
Fortress Fire Traffic Shaper
Traffic shaping within Fortress Fire is very flexible and is organised around pipes, queues and corresponding rules. The pipes define the allowed bandwidth, the queues can be used to set a weight within the pipe and finally the rules are used to apply the shaping to a certain package flow. The shaping rules are handled independently from the firewall rules and other settings.
Fortress Fire Two-Factor AUthentication 2FA
Two-factor authentication also known as 2FA or 2-Step Verification is an authentication method that requires two components, such as a pin/password + a token. Fortress™ Fire offers full support for Two-factor authentication ( 2FA ) throughout the entire system utilizing Google Authenticator.
Supported 2FA services include:
Fortress Fire Graphical User Interface Captive Portal Virtual Private Networking – OpenVPN & IPsec Caching Proxy Fortress™ Fire Captive Portal
Captive Portal
Captive Portal allows you to force authentication, or redirection to a click through page for network access. This is commonly used on hot spot networks, but is also widely used in corporate networks for an additional layer of security on wireless or Internet access.Fortress™ Fire offer most enterprise features including Radius and voucher support.
Fortress Fire VPN – Virtual Private Network – IPsec & OpenVPN GUI
Fortress Fire offers a wide range of VPN technologies ranging from modern SSL VPN’s to well known IPsec as well as older (now considered insecure) legacy options such as L2TP and PPTP. Site-to-Site and road warrior setups are possible and with the integrated OpenVPN client exporter, the client can be configured within minutes. Looking for a IPsec or OpenVPN GUI, you just found something better!
Fortress Fire High Availability & Hardware Failover
Fortress Fire utilises the Common Address Redundancy Protocol or CARP for hardware failover. Two or more firewalls can be configured as a failover group. If one interface fails on the primary or the primary goes offline entirely, the secondary becomes active. Utilising this powerful feature of Fortress Fire creates a fully redundant firewall with automatic and seamless fail-over. While switching to the backup network connections will stay active with minimal interruption for the users.
Fortress Fire Webfiltering
The caching proxy offered by Fortress Fire is fully featured and includes category based webfiltering, extensive Access Control Lists and can run in transparent mode. The proxy can be combined with the traffic shaper to enhance user experience. Integration with most professional Anti-Virus solutions is possble trough the ICAP interface.
On-Prem & Cloud Based Web App Firewall (WAF)
Setup in just minutes with our simple web interface Unprecedented Protection From Hackers Application, network, DNS and infrastructure level attack protection PCI Certified Web Application Firewall Guards against data theft, malicious bot traffic and backdoor threats Most Comprehensive DDoS Protection Protects from all types of XaaS application attacks. Protects against the most critical web application security risks, such as SQL injection, cross-site scripting, illegal resource access, remote file inclusion and other threats. Guards against newly discovered vulnerabilities to prevent disruption to your application and improve website performance.
Most Comprehensive DDoS Protection Service
Works for single sites as well as multi-gigabit deployments with thousands of sites Automatic mitigation of all network, application and protocol layer DDoS attacks launched at websites and web applications. DNS Protection automatically identifies and blocks attacks seeking to target DNS servers Blanket Infrastructure protection for all types of services (UDP/TCP, SMTP, FTP, SSH, VoIP, etc.)
Fortress Fire Intrusion Detection & Prevention
The inline IPS system of Fortress Fire is based on Suricata and utilises Netmap to enhance performance and minimize cpu utilisation. This deep packet inspection system is very powerful and can be used to mitigate security threats at wire speed. Integrated support for ET Open rules. The ETOpen Ruleset is an excellent anti-malware IDS/IPS ruleset that enables users with cost constraints to significantly enhance their existing network-based malware detection. Integrated SSL Blacklist (SSLBL) A project maintained by abuse.ch. The goal is to provide a list of “bad” SSL certificates identified by abuse.ch to be associated with malware or botnet activities. SSLBL relies on SHA1 fingerprints of malicious SSL certificates and offers various blacklists. Intergrated Feodo Tracker Feodo (also known as Cridex or Bugat) is a Trojan used to commit ebanking fraud and steal sensitive information from the victims computer, such as credit card details or credentials. At the moment, Feodo Tracker is tracking four versions of Feodo.
Fortress Fire SSL fingerprinting
The IPS option to allow user defined rules include the option for SSL fingerprinting. With this option SSL communication can be blocked at the inital connection attempt by dropping the SSL key exchange.
Fortress Fire configuration history
Better safe than sorry, always keep an up to date backup of your configuration. It’s easy with Fortress Fire. History Automatic backups of configuration changes make it possible to review history and restore previous settings. Backup Easily download a backup from within the GUI and store on a safe place. Encrypt the backup with a strong password and make plain text unreadable for unauthorised persons. Restore Upload your configuration backup file and restore it with ease. Fortress Fire Netflow Analyser Insight Reporting & Monitoring Fortress Fire offers many options for reporting and monitoring the system, these include: System Health A modern take on RRD graphs with the option to zoom in and export data. Netflow Exporter Use your favorite netflow analyser to see most active users, interfaces, ports & applications. Fortress Fire also offers an integrated Netflow analyser without the need for additional plugins or tools, similar to what you may find in high-end commercial products.
Fortress Fire firmware update & plugins
Firmware & Plugins Offering a robust firmware upgrade path to react on emerging threats in a fashionable time; Fortress Fire is equipped with a reliable and secure update mechanism to provide weekly security updates. A plugin mechanism can be used to install additional packages and customizations.
► Easy User Interface
► Stateful Firewall
► Traffic Shaper
► Two-Factor Authentication ( 2FA )
► Captive Portal
► Virtual Private Network
► High Availability CARP
► Filtering Caching Proxy
► Inline Intrusion Prevention
► Multi-WAN Load Balancing
► High Performance TCP/HTTP Load Balancer
► Full Mesh VPN routing using Tinc
► Support for Virtual Installs
► Netflow Exporter
► Network Flow Monitoring
► Built-in Reporting & Analysis
► Plugin Support